Apple Hides Account Info in DRM-Free Music

Alvis Dark writes "Apple launched iTunes Plus earlier today, the fruit of its agreement with EMI to sell DRM-free music. What they didn't say is that all DRM-free tracks have the user's full name and account e-mail embedded in them. Is this to discourage people from throwing the tracks up on their favorite P2P platform? 'It would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." This is not to say that Apple is going to get into the copyright enforcement business. What Apple and indeed the record labels want to watch closely is, will one user buy music for his five close friends?'"

American laws do not apply outside the US

[Rix]

It's perfectly legal for me to buy a CD and make copies for all of my friends, and it would be just as legal for me to do the same with these files.

jhymn?

[gEvil (beta)]

Correct me if I'm wrong, but isn't this exactly how jhymn and other similar programs leave your files? IIRC, jhymn will remove the DRM from the file, but still leave your AppleID, etc in the file. It seems that the only people complaining about this are the ones who want to pirate music.

Re:So?

[99BottlesOfBeerInMyF]

What happens when your computer or mp3 player gets stolen and 6 months later there's files all over the p2p nets with your name on them. How could you prove you weren't the one that put them on there in the first place?

First, why would you have to prove that you did not put them there? Your name on them is not proof that you did, and if you can show that a device that may have had the files was stolen you'll walk unscathed from even a civil suit.

This whole thing seems a bit weird to me. Apple's license forbids them from sending the data back to headquarters for analysis to catch casual pirates. They've been including this data in all the files they've sent for a long time. This is in the mp4 format so nothing stops a freeware program from erasing or changing them. Heck I can grab your e-mail address from a dozen places now and add it to mp4 files on P2P networks. That doesn't prove you put them there.

So, it is 100 times easier to grab these files from P2P for purposes of piracy than it is to steal a player or get them some other way. Who is planning on uploading files they have purchased anyway? That's just dumb.

Re:The advantage then of buying real CD's

[MontyApollo]

Your first two paragraphs are pretty much wrong. Some people seem to think giving their songs to friends is fair use, but that is not the case and the media industry has historically fought against even the existance of blank recording media and recorders. Selling used CD comes under fire often as well. Garth Brooks had some publicity a while back trying to stop it. There was some story recently about some state trying to regulate it even.

Re:Just strip it out

[profplump]

It's actually pretty trivial, because they are in no way tied to the audio data -- there's just another atom in the MP4 wrapper that contains your name and email address. It can be removed without impacting a single byte of audio data.

I don't understand why this is a story at all -- every song sold from iTMS has these same markings, since day 1. All the old tools from decrypting old-style iTMS songs include a provision for removing this data, and I suspect that bit still works on the new-style files.

Re:More details, please

[Anonymous Coward]

They "hide it" in that it's in a pair of MPEG-4 Atoms called 'user' (iTMS username; your E-mail address) and 'name' (the name with which you signed up to the store) rather than in the normally accessible metadata that iTunes will let you edit. It has been like this since the iTMS opened, so I don't get what the big deal is.

This is exactly what the HYMN Project would do by default, too. It was specifically designed to leave your user information in the files. The assumption was that if you're using HYMN legitimately, that you wouldn't mind taking ownership of the files you have decrypted.

Bill Gates, LOLZ

[The Bungi]

Lame offtopic fanboy "jokes" aside, that is precisely why Apple won't be using this information to track anything.

On the other hand, the files might be watermarked in other ways, obviously more difficult to detect.

Of course it's entirely possible that Apple has actually decided to use this information in some way, which will affect mostly non-technically inclined people who are unaware of the tagging. And would be supremely stupid.

Imagine if they managed to trace back all those Bruce Wayne Campbell [andrejkoymasky.com] tracks in your collection? Oh the humanity.

Re:American laws do not apply outside the US

[sdo1]

Apparently the dude lives on an abandoned sea fort off the cost of England.

-S

Re:Trivial to remove

[nsayer]

Ironically, Apple doesn't even sell a one-button mouse anymore [apple.com]. All they sell is the *4* button "mighty mouse" in a wired and wireless version.

All that's left are the uni-button skating rinks on their laptops, but I can't imagine that they're going to stay that way much longer. Besides, those can use gestures for scrolling and what not.

Re:I wonder

[chefmonkey]

No. You can't.

http://en.wikipedia.org/wiki/Lossy_data_compressio n [wikipedia.org]

Re:the acid test

[The One and Only]

iTunes actually lets you gift specific tracks to other people from the store itself. They just sign in and download the tracks you bought for them.

Re:The advantage then of buying real CD's

[Anonymous Coward]

If you remove those two atoms ('name' and 'user'), the file will play just fine. This is effectively Apple using a pin lock on the front door rather than a deadbolt. "Keeps the honest people honest" and all that.

Even better, they've been doing exactly this ever since the iTunes Music Store opened. The HYMN Project was specifically designed to leave your user information in the file. The idea was that if you are stripping the crypto for legitimate purposes (backups, interoperability, etc.), you wouldn't mind having your name attached to the decrypted files.

This is the very definition of not-news. It's like that guy on Full Disclosure earlier this month who was going on about how Macs clamp the output of 'ps -aux' to the terminal width and how this prevents users from seeing the full process name. The 'w' flag was probably added before that clown was born.

Re:Apple, Sony, Microsoft..

[Andy Dodd]

I agree. Who cares?

The only people this affects are those who use the file in an illicit manner (distributing it on P2P). It's not like DRM where it punishes legit users significantly, often forcing them to piracy just for the sake of compatibility.

Oh, and it's nothing new. The old DRMed files had it too. In fact, back in the days of PyMusique and whatever that program was that stripped Apple DRM after the fact (as opposed to PyMusique not applying it in the first place), neither program did anything about this identification data because unlike the DRM, there was no legit reason to remove it. It's always been there, albeit in many cases encrypted.

Re:Lame acid test

[dangitman]

You're just regurgitating the age-old "Why should I worry about this draconian law? I'm not a criminal." argument.

How so? This itunes thing is not a law, it's a product. And it can hardly be considered draconian.

Buying a music file means that you buy a music file. Not a music file with extra unwanted information that might violate my privacy.

No, buying a music file means buying the music file you are offered. Sometimes that means DRM, sometimes that means a watermark. You don't have to buy it if you don't want to.

I certainly won't do business with Apple is any way, shape, or form.

Good for you. But what's wrong with people choosing to buy this, knowing what they are getting? How does that harm you? How is it draconian? It's just business. If the market rejects it, then Apple will fail. Not to mention that software companies have been doing this and much worse for years, including such things as "dongles" for protection - and in some cases, licenses that include a clause that allows the company to audit your business. Yet you don't hear much outrage over that. But for some reason, a simple of ownership on an almost disposable audio file is more heinous than all of those software protection methods. Even though it won't suddenly break your audio file like DRM can, or cost your business thousands of dollars if it fails, like dongles or audits can.

So?

[jht]

Are the songs, in fact, DRM-free?
Yes.

Are they at a higher bitrate as advertised?
Yes.

Is there any physical restriction on what you can do with them?
No.

When you buy a DRM-free song, are you buying a "share them with teh intarweb" license?
No.

Is there a whole batch of metadata in the songs you buy from iTunes, protected or not?
Yep.

Nothing to see here, move along.

Re:Just like a used car

[timster]

4 point at the bottom? The headline is a lie -- there's nothing "hidden" about this. The summary info in iTunes displays the account info for each file.

Truth is, somebody decided long ago that they'd use this sort of nonsense to criticize what's really an industry-changing development. I don't know how you possibly see it as underhanded. The file has some informational tags... duh.

you're still breaking the law

[DreadSpoon]

But do I email a couple of my friends some songs or burn them onto a CD and say "Here, check out this great band I just discovered." Yes.

And that's still breaking the law. If this makes it easier to catch you, so be it. Don't break the damn law. If you want your friends to hear the song, then you have many valid choices:

(a) iTMS has a song preview, which have definitely affected by purchase decisions
(b) point them to Imeem.com or a site like it
(c) tell them to quit being cheap asses and pay the $1 for the song
(d) play the song the next time they're over

Plenty of options that don't make you a criminal.

digital copies, RAM, and copyright law

[DreadSpoon]

Any copy - and I mean ANY copy - made in use on a computer counts as a copy in terms of copyright law.

pop quiz: did you know that it's illegal to run a binary of a program you have on your hard-drive unless you are given permission from the copyright holder? It has been ruled that the copy from the hard-disk to system memory counts as a copy in terms of copyright law. Lame? Yup. Still legally valid? According to the federal courts, sure is.

Further reading on the topic:

http://digital-law-online.info/lpdi1.0/treatise20. html [digital-law-online.info]

Re:More details, please

[ucblockhead]

It is craftily hidden in the "Summary" pane of the "Get info" dialog. (Available only to hackers who can figure out how to right click on the song and choose "Get Info", further obscured by making it the pane that first comes up.)

DRM-less for $0.99 + the cost of a blank CD

[harley3k]

The way I have always freed my tracks from DRM was to buy them on iTunes, immediately burn a CD (onto a handy CD-RW disk), then iTunes immediately recognizes the audio-CD and asks me if I want to "import" it. I have my import preferences set to MP3, and iTunes even asks me if I want to replace the existing DRM tracks with the MP3s I am ripping.

No $.30 upcharge, or DRM hassles...iTunes practically coaches you on how to do it. The CD-RW disk can be reused many times, so there isn't even a cost. Or even if you use a regular CD, it's good to have a hardcopy audio CD of the albums you buy anyway.

The whole process takes almost no time at all.

-h

Re:The advantage then of buying real CD's

[quacking duck]

The DRM-free AAC files now available from iTunes are 256 kbps, not 128.

Re:The advantage then of buying real CD's

[statusbar]

Sorry, the code is gone. It really is quite simple, you can do it in GIMP if you want. Remember that jpeg encodes on 8x8 blocks. See http://en.wikipedia.org/wiki/JPEG [wikipedia.org] ...Any common brightness offset in this 8x8 block is called the "DC Offset". Changes to the DC offset for an 8x8 block will survive JPEG compression nicely. Yes it can be visible, depending on how much dc offset you apply; Try it out with GIMP yourself.

Of course, any jpeg rotation/skew/stretch/shrink WILL destroy your hidden data.

--jeffk++

Re:Much ado about nothing... AAC itself is --LIAR!

[Anonymous Coward]

LIAR!

You must work for Microsoft.

AAC is a 100% open non-Apple audio standard codified by the ISO (all countries)

AAC (Advanced Audio Coding) is one of the audio compression formats defined by the MPEG-2 standard.

Have you ever heard of MPEG 2 audio ?

MP3 (MPEG-1 Layer 3) is provably less quality than MPEG 2 AAC

That is why Apple chose it.

Apple did not ger to a market cap this week of over 103 billion dollars and thus the 52nd largest company in america by being idiots.

Even Microsoft market cap this week is under 3 times the size of apple.

Read abook sometime and quit being a liar-troll

Re:Mod me up please!!

[TheRaven64]

It's called "Open Firmware" and -- unlike EFI -- is a widely-supported open standard.

Note that this is `widely supported' as in 'supported by a lot of platforms' not 'supported by a lot of systems.' To my knowledge, there is no OpenFirmware implementation for x86. OpenBIOS has started, but not finished. Since they went to Intel to get a complete solution (motherboard, chipset, and CPU), writing their own firmware would have been somewhat counterproductive.

That said, I'll take OpenFirmware over EFI any day of the week.

Re:Mod me up please!!

[GaryPatterson]

Amit Singh has something to say on this...

http://www.osxbook.com/book/bonus/chapter10/tpm/ [osxbook.com]

There are no guarantees, but it's not looking like Apple is keen to enforce the TPM on Mac users.