Apple Hides Account Info in DRM-Free Music

Alvis Dark writes "Apple launched iTunes Plus earlier today, the fruit of its agreement with EMI to sell DRM-free music. What they didn't say is that all DRM-free tracks have the user's full name and account e-mail embedded in them. Is this to discourage people from throwing the tracks up on their favorite P2P platform? 'It would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." This is not to say that Apple is going to get into the copyright enforcement business. What Apple and indeed the record labels want to watch closely is, will one user buy music for his five close friends?'"

Trivial to remove

[schnikies79 (788746)]

You can right click on the file and convert it to mp3, which would erase all tracks.

This shouldn't matter anyway.

Re:Trivial to remove

[vertinox (846076)]

You can right click on the file and convert it to mp3, which would erase all tracks.

Its not trivial if you have a one button mouse! ;)

Re:Trivial to remove

[evanbd (210358)]

Apple has a two-button mouse, they just hid one of the buttons on the keyboard...

Re:Trivial to remove

[nsayer (86181)]

Ironically, Apple doesn't even sell a one-button mouse anymore [apple.com]. All they sell is the *4* button "mighty mouse" in a wired and wireless version.

All that's left are the uni-button skating rinks on their laptops, but I can't imagine that they're going to stay that way much longer. Besides, those can use gestures for scrolling and what not.

How long till it's spoofed?

[twitter (104583)]

Someone needs to write a program that inserts Bill Gates name and email address into the tags. Only he has enough money to pay of the MAFIAA.

Watermarks.

[twitter (104583)]

the files might be watermarked in other ways, obviously more difficult to detect.

Yeah, that's one of the reasons you should never trust non free software.

the acid test

[crayz (1056)]

Apple puts this metadata in all the iTMS songs. Unless you're actually planning to break the law by sharing the songs, I don't see what the problem is. In fact this issue seems like a good way to distinguish between those who are against DRM because it restricts their rights to legally use their music, and those who actually just want to pirate music but use rights-based DRM arguments as an cover

Apple isn't keeping tabs on anyone, and it would be trivial to remove this data from your songs. But the question remains why anyone feels violated by this

Re:the acid test

[needacoolnickname (716083)]

...this issue seems like a good way to distinguish between those who are against DRM because it restricts their rights to legally use their music, and those who actually just want to pirate music but use rights-based DRM arguments as an (sic) cover

Excellent point. So sad you will be yelled at for 40 posts and be called an Apple Fanboy.

Re:the acid test

[Buelldozer (713671)]

Sounds like a variant of "If you've done nothing wrong then you've nothing to fear!" to me.

Re:the acid test

[qortra (591818)]

DISCLAIMER, to all you Apple fanboys, I'm not trying to defame your deity here; I'm merely isolating one statement of the parent's to critique it.

Unless you're actually planning to break the law by sharing the songs, I don't see what the problem is.

Ugh, Terrible Terrible logic. Consider the following statements.

"The government should be allowed to search people's home on a whim, because if they are law abiding citizens, they shouldn't mind the government searching through their stuff."
"People should not be allowed to take the fifth because if they are law abiding citizens, they should have not reason to hide information."

Privacy is actually important: saying anything of the form "people don't need privacy 'x' if they don't plan to break the law" is almost always a mistake.

Re:the acid test

[Threni (635302)]

> Unless you're actually planning to break the law by sharing the songs,

Or buying them for a friend, or have had your PC/MP3 player stolen, or sold the songs on after you bought them, or had your PC/Wireless router hacked and files stolen...yeah, apart from that you should be ok.

Re:the acid test

[kebes (861706)]

Apple isn't keeping tabs on anyone... But the question remains why anyone feels violated by this

Well I would argue that Apple is, indeed, keeping tabs on people. Whether or not they use that power for good or evil is another question altogether. Then again, it's not just Apple that we have to worry about. The world is more complex than that.

What if you lose your iPod and someone posts all your files on P2P networks? What if someone steals it? Even if "my iPod was stolen" is a valid legal defense, this still means that you are opening yourself up to legal threats (and costs) by using watermarked songs. Moreover, I don't like the idea of a portable device having thousands of internal copies of my real name and email address. (Yes, my wallet contains that information and a whole lot more--but I would still be bothered by the additional risk I incur when carrying around yet more personal information stored in a high-theft item.)

I don't know if people should feel "violated" by this watermarking of non-DRM tracks (after all, it is a whole lot better than fully-DRMed tracks)... but I do think there is some cause for concern even with watermarking. (Even for people fully compliant with the law.)

Re:the acid test

[kimvette (919543)]

But what if you no longer wish to own that track (you got sick of it, or bought the wrong track, or whatever) and decide to exercise your right of first sale and transfer ownership of that one (1) copy of the track to someone else? You are certainly allowed to do that, and it is NOT copyright infringement. It doesn't even fall under Fair Use because you are transferring ownership of a legally-purchased artistic work, just as you would a CD, vinyl record, book, or VHS tape. Also, what if you buy a bunch of tracks off of iTunes for your friend for his or her birthday, burn them to CD (destroying your local copies of course, even though it may otherwise fall just inside of Fair Use) and give them to your friend? It's a gift; ownership was transferred LEGALLY. However, the record companies will cry foul because Jane Doe will be seen playing tracks purchased by Joe Sixpack.

Re:American laws do not apply outside the US

[Fizzl (209397)]

Atleast in Finland we pay outrageous prices for blank media so that we could legaly make copies of music.
Funny enough, I think it's still illegal to copy music. It's a weird situation. But Teosto and Gramex are the evil brothers of copyright.
Those are the local RIAA. I'm member of both and it's not even easy to resign from them. I tried once but was told to mail in my resign letter in certain time frame when they "process such requests". Surprisinlgy enough, I never remembered to do it at that certain time. I think they have a ton of guys like me who have like one registered demo tape from their teens. Atleast they can boast to have beeelliyons of members whose intellectual property they are protecting.
Oh yeah. If I register a song with them, I'm not allowed to even publish it on my web page anymore without paying royalties. Royalties which should be paid to me ofcourse. In reality all the small guys pennies will go to a common pool which will be divided to the artists "fairly" based on other visibility. eg. The big artists take the 2 cents which would be rightfully mine!

I don't have a problem with it

[aunchaki (94514)]

This doesn't really bother me. I buy music and don't give it away, which is as it should be. TANSTAAFL!

This is exactly what DRM should be.

[casualsax3 (875131)]

The whole point of DRM is to stop people from pirating it. If your name is attached to it I'd say that's a pretty good deterrent. Beyond that, you can download the music, burn it, transfer it from your home PC to your office PC - you can do what you want with it... the only restriction is that you can't illegally share it online. It's focusing on punishing people who share music illegally, while at the same time not hassling the end users who just want to use their music. This is exactly what DRM should be.

More details, please

[Tom (822)]

I'd like a few more details, please.

Do they "hide" it in the files, or put it into the comment fields? There's a difference there, especially if you want to accuse them of underhand dealings.

The article is also pretty crappy on the suggestion to convert to MP3. Why should I do that? A simple binary find&replace will be faster, safer and result in no quality loss or recoding troubles.

So a little more info on this before painting anyone as a devil would be cool.

Beats the hell out of DRM.

[Kadin2048 (468275)]

I find it a little hard to get worked up over this. I don't find the idea of watermarking particularly offensive, as long as it's not done in such a way as to degrade the content (which all "analog preservable" watermarking does), and it's not part of a DRM scheme (e.g. 'no copy' flag). Watermarking that only identifies a user and can be used to track down someone sharing files after the fact ... I can live with that.

The difference to me is that it's not trying to stop someone from doing something illegal, before they even do it. That I find very offensive, and is the whole point of DRM. I believe that the computer should let you do anything you damn well please, even if it's illegal, but that you should take the consequences later. Trading DRM for watermarking would be a huge step up, since the watermarking really doesn't affect anyone who isn't putting their tracks on P2P networks. However, we also need to realize that watermarks can't be viewed as inherently trustworthy -- what's to keep me from framing you by putting your account information on a bunch of music and then sharing it? Practically, I'm not sure how useful watermarking really is. But if it's the price for getting rid of DRM -- which treats everyone like criminals, regardless of whether they're doing anything illegal or not -- it's OK by me.

I Don't Care

[Otter Escaping North (945051)]

Some will be pissed about this - there will be wailing and gnashing of teeth. Personally, I don't care if they put my name in the file.

I want DRM-free media. I've wanted it for a long time. I want to play my music where I want, how I want, on as many devices as I want. And the whole time I've wanted that - it's never been so I can give it away to people on the internet. No one who wants to pursue this as a way of doing business is going to believe any differently.

I love buying my music via downloads. I wish I could do that with movies (not the 320x240 video iPod stuff - I mean movies for my TV), but I run Linux, I have a non-iPod player, so I need platform-independent, DRM free media.

They want to put my name in it? Go ahead. I'm not putting it out in the wild - and with any properly run computer - accidental release shouldn't be likely either.

my only question

[Lord Ender (156273)]

Does the license under which I "buy" these DRM-free songs permit me to strip this personally-identifiable information from the songs?

jhymn?

[gEvil (beta) (945888)]

Correct me if I'm wrong, but isn't this exactly how jhymn and other similar programs leave your files? IIRC, jhymn will remove the DRM from the file, but still leave your AppleID, etc in the file. It seems that the only people complaining about this are the ones who want to pirate music.

Replacing the watermark to frame somebody else

[dmeranda (120061)]

The concept of using a watermarking technique is itself much better than any sort of DRM. But if the watermark is not correctly cryptographically tied into the song, then it is probably quite easy to forge watermarks. What this means is that it would be possible to still distribute thse songs (illegally) but have it appear as if somebody else did it. This is probably worse than having no watermark at all.

Of course, technically, forgeable watermarks should carry no legal weight, and should be useful for nothing more than casual marketing analysis. But we all know how things like the courts, BSA, RIAA, and so forth work. "Hey, this song found on xxxxx P2P service has your name on it! You must be guilty. Here's notice of our lawsuit, or you can settle for $100000 per song." I see a lot more innocent grandmothers getting sued in the future.

The same thing could actually be used for other file formats. Want to write a Word document outlining your plans to rob the bank; be sure to "steal" somebody else's GUID out of one of their documents and replace the one in yours. Now you've got a better shot at deniability of wrongdoing.

Cool

[hurfy (735314)]

An easy way for me and my 1,203,382 roommates to keep track of what belongs to who ;)

Re:The advantage then of buying real CD's

[furball (2853)]

How does having my name associated with a file I paid for prevent my friends from playing my purchase?

Re:The advantage then of buying real CD's

[aichpvee (631243)]

So what happens when you just replace the name and email address? Or blank it out? Does the file not play? At best this might discourage casual copying or allow them to "punish" those who do it. It pretty obviously won't discourage anything, since they're not making it known and most "casual" copiers won't even know their name and email address are in the file. Serious "pirates" (AAAAAARRRR) will just replace the names anyway. Or rip from a CD like they do now anyway. How is this even news?

Re:The advantage then of buying real CD's

[M. Baranczak (726671)]

A smart P2P client should be able to strip out the identifying tags automatically. Not that I would ever advocate copyright infringement, just hypothetically speaking.

Re:The advantage then of buying real CD's

[by Anonymous Coward]

This comment is probably a bit late for anyone to read, but a REALLY smart P2P client would strip any identifying tags and replace them with the details of RIAA executives

Re:The advantage then of buying real CD's

[Lockejaw (955650)]

It sounds like this instance isn't very well-hidden, but watermarks can be pretty clever. They may have some secret checksum-like formula to identify properly marked files, and I've heard of a system where common watermark removal methods still end up fingering at least one of the collaborators.
In any case, if you happen to notice that your copy of $SONG and your friend's copy have different checksums, take a closer look at them: chances are they're watermarked. A bit of work can identify the bits that hold the extra info. It's also very difficult to make a watermark that can survive a format shift (especially when compression is involved). So, actually, working with friends may help you here.

Re:The advantage then of buying real CD's

[by Anonymous Coward]

If you remove those two atoms ('name' and 'user'), the file will play just fine. This is effectively Apple using a pin lock on the front door rather than a deadbolt. "Keeps the honest people honest" and all that.

Even better, they've been doing exactly this ever since the iTunes Music Store opened. The HYMN Project was specifically designed to leave your user information in the file. The idea was that if you are stripping the crypto for legitimate purposes (backups, interoperability, etc.), you wouldn't mind having your name attached to the decrypted files.

This is the very definition of not-news. It's like that guy on Full Disclosure earlier this month who was going on about how Macs clamp the output of 'ps -aux' to the terminal width and how this prevents users from seeing the full process name. The 'w' flag was probably added before that clown was born.

Re:The advantage then of buying real CD's

[daeg (828071)]

1. Download music your arch nemesis listens to and has downloaded.
2. Replace your name with his name in the file.
3. Accidentally leak the files onto P2P networks.

Woops. I missed the ??? and Profit!!! steps in there.

Re:The advantage then of buying real CD's

[Maxo-Texas (864189)]

Or if your mp3 player or laptop are stolen.

Re:The advantage then of buying real CD's

[blackest_k (761565)]

The problem I see with water marking with someones account info is it assumes the purchase is for the account holder.

lets take a guy at university buys a number of tracks for his girl friend for her ipod.
5 years later they broke up moved to different parts of the world maybe she or the new man in her life decides to share the tracks p2p and then the RIAA comes knocking on the door.

so they take his IPod and find probably a lot of music not registered to his account or not marked at all.
whats the balance of probability that he pirated some of them.
Can he defend himself in court or does he take the RIAA's offer.

I am disappointed apple should choose to do this, and I can't see why anyone would put themselves in such a legally risky position buying from Itunes.

Re:The advantage then of buying real CD's

[feijai (898706)]

The problem I see with water marking with someones account info is it assumes the purchase is for the account holder.

lets take a guy at university buys a number of tracks for his girl friend for her ipod.

Wait, wait, wait. Do you know if giving music, not fixed in a tangible medium (like a CD), is legal? These tracks are licensed, not sold. So are you just complaining that Apple's actions make it less convenient for you to perform a possibly illegal act?

Re:The advantage then of buying real CD's

[hweimer (709734)]

Do you know if giving music, not fixed in a tangible medium (like a CD), is legal? These tracks are licensed, not sold. So are you just complaining that Apple's actions make it less convenient for you to perform a possibly illegal act?

In countries like Germany this is perfectly legal (unless you break a copy protection scheme). There, Apple's behavior might even be a violation of privacy laws.

Re:The advantage then of buying real CD's

[McFadden (809368)]

Anyone who puts a file with their id embedded in it onto a bittorrent site deserves eveything that they get.

I'm no shill for the RIAA, but I think people would be wise to avoid putting paid-for DRM-less files on any P2P network. For years, people have harked on about how they object paying for DRM'd files, and that the main objection is the restriction of personal rights. Now a record company has released it's catalogue in a non-DRM format. If these files start cropping up on The Pirate Bay, it just demonstrates what a crock of shit the "restriction of rights" argument always was. People just want music for free.

Flood the P2P networks with these files, and it just gives strength to the RIAA's argument. To an extent, they can justifiably turn around and say "we gave you what you asked for, and you still abused it." Furthermore, it's hardly likely to encourage other record companies to follow suit. Granted the prices are too high, and you still can't get a high enough bitrate, but they've made a move more-or-less in the right direction. We need to show a bit of restraint, otherwise this little experiment will just be terminated by the rights owners and we'll be back at square one.

Re:The advantage then of buying real CD's

[StikyPad (445176)]

My licence plate is an anchor, you insensitive clod.

Re:The advantage then of buying real CD's

[Vicissidude (878310)]

Giving the songs to five of your friends has never been the problem. They haven't really cared much if you made a mix tape or mix CD and given them away to people you know. You certainly have the right to do that and no one has really tried to stop that. In fact, they encourage that by distributing blank media and recording hardware.

Even selling used CDs hasn't come under fire. There are plenty of record stores that buy and sell CDs.

No, the problem has been uploading the songs to some P2P network and allowing millions of your "friends" to download the song. That is what they're really trying to stop. The difference between the five and the million has to do with the numbers. You are likely to have five friends, not a million. Five copies don't hurt the companies, but a million copies do. That never came up before since you would never buy a million blank CDs to copy and pass around to complete strangers.

Re:The advantage then of buying real CD's

[MontyApollo (849862)]

Your first two paragraphs are pretty much wrong. Some people seem to think giving their songs to friends is fair use, but that is not the case and the media industry has historically fought against even the existance of blank recording media and recorders. Selling used CD comes under fire often as well. Garth Brooks had some publicity a while back trying to stop it. There was some story recently about some state trying to regulate it even.

Re:The advantage then of buying real CD's

[jpetts (208163)]

the media industry has historically fought against even the existance of blank recording media and recorders

You spelt "hysterically" wrong...

Re:The advantage then of buying real CD's

[vux984 (928602)]

I am not the person you responded to, but that's a good question.

I can't vouch for "illegal" (IANAL) but can I ask why you don't think it's wrong?

The answer is simply, because I 'bought it' and its 'mine'. I don't need anyone's 'by your leave' if I lend or give my other possessions to my friends, why should a song be any different!?

If I buy a song, it should be unequivocably ok to transfer ownership of it to someone else when I'm done with it, or to lend it to them however I see fit to. Are we agreed?

Ok... so what makes a song different from my hedge clippers? Well.. if my friend has them I don't.

Ok... so how about I make a hedge clipper server, so that when my friend isn't using my clippers he puts them back in my clipper server, and he can take them back whenever he needs them. So as long as my friend and I aren't clipping at the same time we effectively both have access to the clippers, almost whenever we want them. If I did that, it would be perfectly legal right... nobody would accuse me of stealing the clippers.

Why not allow that for songs? The song server is easy to setup, since we already have this internet, and I don't have to figure out a way of teleporting objects around like I do for clippers.

But since the songs can be trivially copied, why not just make a duplicate instead of setting up a song server. Sure you and your friend might accidently listen to it at the same time, but in reality 99% of the time nobody will be using it...so the 2 minutes of overlapping use on Friday march 22nd 2007 shouldn't really be a deal breaker should it?

Now, sure I could extend that song server idea to a million people, and it starts breaking down. In the clipper example for example, it would still be legal, but the clipper collisions would occur at a frightful rate, and most people wouldn't get the clippers when they wanted them. Additionally, with the constant use the clippers would break pretty fast.

In the case of songs, faces a similiar problems - the collision rate would be too high. But at least the digital copy is effectively indestructible... but another issue arises out of copyright law:

Copyright law covers far more than just merely copying. In fact 'making copies' on its own is pretty benign all things concerned. If all people did was fill their own hard drives with copies, the industry really wouldn't give 2 shits about it. Its only when you start encroaching on the other elements of copyright that real problems occur -- things like public distribution, broadcasting, etc. Making something available to a few friends doesn't amount to 'public distribution' or 'public broadcasting'... p2p sharing DOES.

So it really is a completely different ballgame.

You got that motto wrong :)

[GoodbyeBlueSky1 (176887)]

"There's an old saying in Tennessee - I know it's in Texas, probably in Tennessee - that says, fool me once, shame on...shame on you. Fool me...you can't get fooled again."
--The Decider, 2002

Re:And the Irony is

[ZorinLynx (31751)]

It's especially irritating when you own more than one computer. I have two macs, and I'm the only user of both of them. Why should I have to buy software twice just to use it on both of my machines?

Most shareware doesn't seem to be locked to the specific machine, and none of the software I use has had this problem yet, but if I ever come across something I want and the seller insists on my buying two copies to use on my computers, he won't get a single dollar from me.

-Z

Re:Apple, Sony, Microsoft..

[vertinox (846076)]

I dunno... Finger printing a media file ain't even close to a root kit on the evil scale.

Re:Apple, Sony, Microsoft..

[no_opinion (148098)]

Why should I be outraged? Why do I care if my name is in a file that I purchased? Please explain.

Re:Apple, Sony, Microsoft..

[Andy Dodd (701)]

I agree. Who cares?

The only people this affects are those who use the file in an illicit manner (distributing it on P2P). It's not like DRM where it punishes legit users significantly, often forcing them to piracy just for the sake of compatibility.

Oh, and it's nothing new. The old DRMed files had it too. In fact, back in the days of PyMusique and whatever that program was that stripped Apple DRM after the fact (as opposed to PyMusique not applying it in the first place), neither program did anything about this identification data because unlike the DRM, there was no legit reason to remove it. It's always been there, albeit in many cases encrypted.

Re:So?

[99BottlesOfBeerInMyF (813746)]

What happens when your computer or mp3 player gets stolen and 6 months later there's files all over the p2p nets with your name on them. How could you prove you weren't the one that put them on there in the first place?

First, why would you have to prove that you did not put them there? Your name on them is not proof that you did, and if you can show that a device that may have had the files was stolen you'll walk unscathed from even a civil suit.

This whole thing seems a bit weird to me. Apple's license forbids them from sending the data back to headquarters for analysis to catch casual pirates. They've been including this data in all the files they've sent for a long time. This is in the mp4 format so nothing stops a freeware program from erasing or changing them. Heck I can grab your e-mail address from a dozen places now and add it to mp4 files on P2P networks. That doesn't prove you put them there.

So, it is 100 times easier to grab these files from P2P for purposes of piracy than it is to steal a player or get them some other way. Who is planning on uploading files they have purchased anyway? That's just dumb.

Re:I wonder

[chefmonkey (140671)]

No. You can't.

http://en.wikipedia.org/wiki/Lossy_data_compressio n [wikipedia.org]

Re:Just like a used car

[timster (32400)]

4 point at the bottom? The headline is a lie -- there's nothing "hidden" about this. The summary info in iTunes displays the account info for each file.

Truth is, somebody decided long ago that they'd use this sort of nonsense to criticize what's really an industry-changing development. I don't know how you possibly see it as underhanded. The file has some informational tags... duh.

Re:Mod me up please!!

[stuboogie (900470)]

"For example, there is no crappy MS "activation" crap with OS X. I could use my OS X install DVD's and install OS X on any number of Macs, no questions asked, and most importantly, no crappy "activation"."

There is a good reason for the difference between Apple and MS (in relation to how they control their respective OS): Apple makes OS X to run on their hardware ONLY. Therefore, if you are installing on ANY Mac, they have already made their money from the hardware. Remember, they are a hardware company.

MS, on the other hand, makes an OS that runs on ANY PC. They don't sell the hardware, so they try to make sure you have purchased the software. That's where they make their money.

You have to look at the reason why each company chooses to implement DRM or any other form of IP control.

you're still breaking the law

[DreadSpoon (653424)]

But do I email a couple of my friends some songs or burn them onto a CD and say "Here, check out this great band I just discovered." Yes.

And that's still breaking the law. If this makes it easier to catch you, so be it. Don't break the damn law. If you want your friends to hear the song, then you have many valid choices:

(a) iTMS has a song preview, which have definitely affected by purchase decisions
(b) point them to Imeem.com or a site like it
(c) tell them to quit being cheap asses and pay the $1 for the song
(d) play the song the next time they're over

Plenty of options that don't make you a criminal.