Forgot your password?
typodupeerror
Music Media Privacy Your Rights Online

Apple Hides Account Info in DRM-Free Music 669

Posted by ScuttleMonkey
from the tabs-keeping-tabs dept.
Alvis Dark writes "Apple launched iTunes Plus earlier today, the fruit of its agreement with EMI to sell DRM-free music. What they didn't say is that all DRM-free tracks have the user's full name and account e-mail embedded in them. Is this to discourage people from throwing the tracks up on their favorite P2P platform? 'It would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." This is not to say that Apple is going to get into the copyright enforcement business. What Apple and indeed the record labels want to watch closely is, will one user buy music for his five close friends?'"
This discussion has been archived. No new comments can be posted.

Apple Hides Account Info in DRM-Free Music

Comments Filter:
  • Just like a used car (Score:3, Interesting)

    by Pojut (1027544) on Wednesday May 30, 2007 @05:19PM (#19327837) Homepage
    There is always a little line written in 4 point at the bottom.
    • by timster (32400) on Wednesday May 30, 2007 @06:34PM (#19329197)
      4 point at the bottom? The headline is a lie -- there's nothing "hidden" about this. The summary info in iTunes displays the account info for each file.

      Truth is, somebody decided long ago that they'd use this sort of nonsense to criticize what's really an industry-changing development. I don't know how you possibly see it as underhanded. The file has some informational tags... duh.
      • Re: (Score:3, Insightful)

        by timmarhy (659436)
        stop just a minute and ask yourself honestly - would you defend this if it was MS? no? didn't think so. that does for the rest of you.
    • by BorgCopyeditor (590345) on Wednesday May 30, 2007 @11:21PM (#19332107)
      "The large print giveth, and the small print taketh away."
  • by DaveWick79 (939388) on Wednesday May 30, 2007 @05:21PM (#19327851)
    Is that you can buy them and give them to your friends, whereas the music download sites seem to be headed toward preventing you from letting anyone else play your purchase.
    • by furball (2853) on Wednesday May 30, 2007 @05:26PM (#19327963) Journal
      How does having my name associated with a file I paid for prevent my friends from playing my purchase?
      • Re: (Score:3, Insightful)

        by DaveWick79 (939388)
        If my name and itunes account info start showing up on music all over P2P sites, the evil RIAA may come knocking on my door.

        Or for that matter, if I've got music my friend gave me in my library and itunes locks me out because I might be pirating music. It just depends on how much sucking up to the RIAA that Apple does.
        • by aichpvee (631243) on Wednesday May 30, 2007 @05:34PM (#19328109) Journal
          So what happens when you just replace the name and email address? Or blank it out? Does the file not play? At best this might discourage casual copying or allow them to "punish" those who do it. It pretty obviously won't discourage anything, since they're not making it known and most "casual" copiers won't even know their name and email address are in the file. Serious "pirates" (AAAAAARRRR) will just replace the names anyway. Or rip from a CD like they do now anyway. How is this even news?
          • by M. Baranczak (726671) on Wednesday May 30, 2007 @06:06PM (#19328661)
            A smart P2P client should be able to strip out the identifying tags automatically. Not that I would ever advocate copyright infringement, just hypothetically speaking.
            • by Anonymous Coward on Wednesday May 30, 2007 @08:38PM (#19330703)
              This comment is probably a bit late for anyone to read, but a REALLY smart P2P client would strip any identifying tags and replace them with the details of RIAA executives
            • Re: (Score:3, Insightful)

              by catwh0re (540371)
              Better still, your P2P client could strip them out and put in someone elses name and details.

              Meanwhile this isn't actually a change from the current iTunes DRM music which also holds your details inside. I don't think people should be particularly worried, unless they have intentions to massively distribute the music they purchase - there isn't much of an issue of their name being inside their files. We all know the "professional" piracy types will strip this stuff out anyway.

              Also Apple aren't suicidal, I d

          • by Lockejaw (955650) on Wednesday May 30, 2007 @06:10PM (#19328737)
            It sounds like this instance isn't very well-hidden, but watermarks can be pretty clever. They may have some secret checksum-like formula to identify properly marked files, and I've heard of a system where common watermark removal methods still end up fingering at least one of the collaborators.
            In any case, if you happen to notice that your copy of $SONG and your friend's copy have different checksums, take a closer look at them: chances are they're watermarked. A bit of work can identify the bits that hold the extra info. It's also very difficult to make a watermark that can survive a format shift (especially when compression is involved). So, actually, working with friends may help you here.
          • by Anonymous Coward on Wednesday May 30, 2007 @06:19PM (#19328933)
            If you remove those two atoms ('name' and 'user'), the file will play just fine. This is effectively Apple using a pin lock on the front door rather than a deadbolt. "Keeps the honest people honest" and all that.

            Even better, they've been doing exactly this ever since the iTunes Music Store opened. The HYMN Project was specifically designed to leave your user information in the file. The idea was that if you are stripping the crypto for legitimate purposes (backups, interoperability, etc.), you wouldn't mind having your name attached to the decrypted files.

            This is the very definition of not-news. It's like that guy on Full Disclosure earlier this month who was going on about how Macs clamp the output of 'ps -aux' to the terminal width and how this prevents users from seeing the full process name. The 'w' flag was probably added before that clown was born.
          • by daeg (828071) on Wednesday May 30, 2007 @07:33PM (#19330021)
            1. Download music your arch nemesis listens to and has downloaded.
            2. Replace your name with his name in the file.
            3. Accidentally leak the files onto P2P networks.

            Woops. I missed the ??? and Profit!!! steps in there.
        • by Maxo-Texas (864189) on Wednesday May 30, 2007 @05:53PM (#19328469)
          Or if your mp3 player or laptop are stolen.
          • Re: (Score:3, Interesting)

            by foniksonik (573572)
            File a police report stating that your mp3 player or laptop was stolen which included your vast collection of music in digital form. Voila. Now they'll have to go the extra mile to prove that it was you (via an ip address or whatnot) that made the file available and not the thief....

            Like any stolen good which could involve you vicariously in a crime, you should report it.

        • by blackest_k (761565) on Wednesday May 30, 2007 @07:24PM (#19329913) Homepage Journal
          The problem I see with water marking with someones account info is it assumes the purchase is for the account holder.

          lets take a guy at university buys a number of tracks for his girl friend for her ipod.
          5 years later they broke up moved to different parts of the world maybe she or the new man in her life decides to share the tracks p2p and then the RIAA comes knocking on the door.

          so they take his IPod and find probably a lot of music not registered to his account or not marked at all.
          whats the balance of probability that he pirated some of them.
          Can he defend himself in court or does he take the RIAA's offer.

          I am disappointed apple should choose to do this, and I can't see why anyone would put themselves in such a legally risky position buying from Itunes.
          • by feijai (898706) on Wednesday May 30, 2007 @07:55PM (#19330271)

            The problem I see with water marking with someones account info is it assumes the purchase is for the account holder.

            lets take a guy at university buys a number of tracks for his girl friend for her ipod.

            Wait, wait, wait. Do you know if giving music, not fixed in a tangible medium (like a CD), is legal? These tracks are licensed, not sold. So are you just complaining that Apple's actions make it less convenient for you to perform a possibly illegal act?
            • by hweimer (709734) on Thursday May 31, 2007 @02:44AM (#19333499) Homepage
              Do you know if giving music, not fixed in a tangible medium (like a CD), is legal? These tracks are licensed, not sold. So are you just complaining that Apple's actions make it less convenient for you to perform a possibly illegal act?

              In countries like Germany this is perfectly legal (unless you break a copy protection scheme). There, Apple's behavior might even be a violation of privacy laws.
        • Re: (Score:3, Insightful)

          by eclectic4 (665330)
          You can't play stolen music? Darn.

          The only time iTunes "locks you out" is when you attempt to play a song purchased on the iTMS somewhere else. It asks you for the password of the purchaser (you can have that song registered on 5 different machines, each year). Most people wouldn't need their music on 5 different machines a year, but for those that do, just burn the songs and RIP, DRM gone.

          And don't forget, Apple had to do this to allow these songs to be available for download. If it was up to Apple, all
        • Re: (Score:3, Insightful)

          by 644bd346996 (1012333)

          If my name and itunes account info start showing up on music all over P2P sites, the evil RIAA may come knocking on my door.

          Why does that matter? The music is still DRM-free, so you have full fair-use capabilities. The personal info is only a privacy concern if you are giving away the music willy-nilly (also known as pirating). When you consider that the info is (or soon will be) trivially removable, this can't be used against consumers who are obeying the law. It will also be very difficult for this to be used against consumers who only pirate a few songs for friends.

          This is not an Orwellian measure. It is a completely justifi

        • by McFadden (809368) on Wednesday May 30, 2007 @09:11PM (#19330981)
          Anyone who puts a file with their id embedded in it onto a bittorrent site deserves eveything that they get.

          I'm no shill for the RIAA, but I think people would be wise to avoid putting paid-for DRM-less files on any P2P network. For years, people have harked on about how they object paying for DRM'd files, and that the main objection is the restriction of personal rights. Now a record company has released it's catalogue in a non-DRM format. If these files start cropping up on The Pirate Bay, it just demonstrates what a crock of shit the "restriction of rights" argument always was. People just want music for free.

          Flood the P2P networks with these files, and it just gives strength to the RIAA's argument. To an extent, they can justifiably turn around and say "we gave you what you asked for, and you still abused it." Furthermore, it's hardly likely to encourage other record companies to follow suit. Granted the prices are too high, and you still can't get a high enough bitrate, but they've made a move more-or-less in the right direction. We need to show a bit of restraint, otherwise this little experiment will just be terminated by the rights owners and we'll be back at square one.
          • Re: (Score:3, Insightful)

            by l3v1 (787564)
            we gave you what you asked for, and you still abused it

            Well, maybe it's just me, but I fail to see how the RIAA has given you or us anything at all in this case.

        • Apple and the copyright owners don't want you to buy the music and put into the pirated-music sharing networks. (That's different from sharing copies or mix tapes with a couple of friends; it's the mass distribution that they're most worried about.)

          Putting your email address into music that you download means that if you put it on a large pirated-music sharing network, then anybody there can see your email address. So not only can the RIAA's lawyers send you nastygrams asking for $3000, but all those Nige

      • Re: (Score:3, Insightful)

        by hpavc (129350)
        Its not a prevention mechanism, it never claimed to be. Just like a license plate doesn't prevent a car from speeding.
    • by Vicissidude (878310) on Wednesday May 30, 2007 @05:40PM (#19328217)
      Giving the songs to five of your friends has never been the problem. They haven't really cared much if you made a mix tape or mix CD and given them away to people you know. You certainly have the right to do that and no one has really tried to stop that. In fact, they encourage that by distributing blank media and recording hardware.

      Even selling used CDs hasn't come under fire. There are plenty of record stores that buy and sell CDs.

      No, the problem has been uploading the songs to some P2P network and allowing millions of your "friends" to download the song. That is what they're really trying to stop. The difference between the five and the million has to do with the numbers. You are likely to have five friends, not a million. Five copies don't hurt the companies, but a million copies do. That never came up before since you would never buy a million blank CDs to copy and pass around to complete strangers.
      • by MontyApollo (849862) on Wednesday May 30, 2007 @05:48PM (#19328353)
        Your first two paragraphs are pretty much wrong. Some people seem to think giving their songs to friends is fair use, but that is not the case and the media industry has historically fought against even the existance of blank recording media and recorders. Selling used CD comes under fire often as well. Garth Brooks had some publicity a while back trying to stop it. There was some story recently about some state trying to regulate it even.
    • [Real CDs] you can buy them and give them to your friends

      So long as you don't rip them with iTunes. A violation of trust is a something that sticks with the violator. Fool me once, shame on you. Fool me twice, shame on me.

  • by sehlat (180760) on Wednesday May 30, 2007 @05:21PM (#19327855)
    music always know where to find you.
  • Trivial to remove (Score:5, Insightful)

    by schnikies79 (788746) on Wednesday May 30, 2007 @05:21PM (#19327869)
    You can right click on the file and convert it to mp3, which would erase all tracks.

    This shouldn't matter anyway.
  • the acid test (Score:5, Insightful)

    by crayz (1056) on Wednesday May 30, 2007 @05:22PM (#19327885) Homepage
    Apple puts this metadata in all the iTMS songs. Unless you're actually planning to break the law by sharing the songs, I don't see what the problem is. In fact this issue seems like a good way to distinguish between those who are against DRM because it restricts their rights to legally use their music, and those who actually just want to pirate music but use rights-based DRM arguments as an cover

    Apple isn't keeping tabs on anyone, and it would be trivial to remove this data from your songs. But the question remains why anyone feels violated by this
    • Re:the acid test (Score:5, Insightful)

      by needacoolnickname (716083) on Wednesday May 30, 2007 @05:25PM (#19327957)

      ...this issue seems like a good way to distinguish between those who are against DRM because it restricts their rights to legally use their music, and those who actually just want to pirate music but use rights-based DRM arguments as an (sic) cover


      Excellent point. So sad you will be yelled at for 40 posts and be called an Apple Fanboy.
    • Re:the acid test (Score:5, Insightful)

      by Buelldozer (713671) <cliff@gind u l i s . n et> on Wednesday May 30, 2007 @05:31PM (#19328063)
      Sounds like a variant of "If you've done nothing wrong then you've nothing to fear!" to me.
    • It's perfectly legal for me to buy a CD and make copies for all of my friends, and it would be just as legal for me to do the same with these files.
    • Re:the acid test (Score:5, Insightful)

      by qortra (591818) on Wednesday May 30, 2007 @05:36PM (#19328159)
      DISCLAIMER, to all you Apple fanboys, I'm not trying to defame your deity here; I'm merely isolating one statement of the parent's to critique it.

      Unless you're actually planning to break the law by sharing the songs, I don't see what the problem is.

      Ugh, Terrible Terrible logic. Consider the following statements.

      "The government should be allowed to search people's home on a whim, because if they are law abiding citizens, they shouldn't mind the government searching through their stuff."
      "People should not be allowed to take the fifth because if they are law abiding citizens, they should have not reason to hide information."

      Privacy is actually important: saying anything of the form "people don't need privacy 'x' if they don't plan to break the law" is almost always a mistake.
      • What Privacy? (Score:3, Insightful)

        by bill_mcgonigle (4333) *
        Privacy is actually important: saying anything of the form "people don't need privacy 'x' if they don't plan to break the law" is almost always a mistake.

        Right, but that's not what we're talking about. Your songs with your embedded tags aren't made public. Your privacy isn't being violated.
        • Re: (Score:3, Insightful)

          by qortra (591818)
          How do you know your privacy isn't violated? Whimsically tagging all your stuff with your ID could absolutely invade your privacy. Consider that sometimes people's stuff gets stolen (or otherwise illicitly obtained). Suppose that you, Bill McGonigle, are downloading pornographic AACs as you so often do. Also suppose that a flash drive or CD (or some other non-owner-identifiable media) of yours containing those AACs is stolen. Now, somebody out there knows what you're listening to (the REALLY nasty stuf
          • Re: (Score:3, Insightful)

            by bill_mcgonigle (4333) *
            Hey, where do you get AAC Porn?!!! :)

            Sure, theft is a possible leak source, I'll grant you that. Somebody could also break into my house and steal my bank statements, but one doesn't usually fault the bank for putting your account number and balance on your bank statement as a privacy violation.
          • Re:What Privacy? (Score:4, Insightful)

            by tm2b (42473) on Wednesday May 30, 2007 @10:45PM (#19331759) Journal

            How do you know your privacy isn't violated? Whimsically tagging all your stuff with your ID could absolutely invade your privacy. Consider that sometimes people's stuff gets stolen
            Uh. That's ... a pretty far reach and you need much longer arms.

            It's like saying it's violating your privacy to have your name on your credit cards, because your wallet might be stolen.
    • Re:the acid test (Score:5, Interesting)

      by Threni (635302) on Wednesday May 30, 2007 @05:38PM (#19328191)
      > Unless you're actually planning to break the law by sharing the songs,

      Or buying them for a friend, or have had your PC/MP3 player stolen, or sold the songs on after you bought them, or had your PC/Wireless router hacked and files stolen...yeah, apart from that you should be ok.
      • Re: (Score:3, Informative)

        iTunes actually lets you gift specific tracks to other people from the store itself. They just sign in and download the tracks you bought for them.
    • Re:the acid test (Score:5, Insightful)

      by kebes (861706) on Wednesday May 30, 2007 @05:40PM (#19328223) Journal

      Apple isn't keeping tabs on anyone... But the question remains why anyone feels violated by this
      Well I would argue that Apple is, indeed, keeping tabs on people. Whether or not they use that power for good or evil is another question altogether. Then again, it's not just Apple that we have to worry about. The world is more complex than that.

      What if you lose your iPod and someone posts all your files on P2P networks? What if someone steals it? Even if "my iPod was stolen" is a valid legal defense, this still means that you are opening yourself up to legal threats (and costs) by using watermarked songs. Moreover, I don't like the idea of a portable device having thousands of internal copies of my real name and email address. (Yes, my wallet contains that information and a whole lot more--but I would still be bothered by the additional risk I incur when carrying around yet more personal information stored in a high-theft item.)

      I don't know if people should feel "violated" by this watermarking of non-DRM tracks (after all, it is a whole lot better than fully-DRMed tracks)... but I do think there is some cause for concern even with watermarking. (Even for people fully compliant with the law.)
      • Re: (Score:3, Insightful)

        by LWATCDR (28044)
        Actually it seems very useless to me.
        If you wanted to do this you could.
        1. Encode a 64-bit ID number that is linked to your iTunes account. Who would notice 8 bytes in the header of each file.
        2. Encode it in the LSB of the first 64 or last 64 bytes of the song.

        Frankly this is anything but hidden.
    • Re: (Score:3, Funny)

      by goldspider (445116)
      "Unless you're actually planning to break the law by sharing the songs, I don't see what the problem is."

      +1 Defending Apple
      -1 Contradicting Prevailing Slashdot Groupthink

      What's a mod to do??
  • by aunchaki (94514) on Wednesday May 30, 2007 @05:23PM (#19327903) Homepage
    This doesn't really bother me. I buy music and don't give it away, which is as it should be. TANSTAAFL!
  • by casualsax3 (875131) on Wednesday May 30, 2007 @05:24PM (#19327921)
    The whole point of DRM is to stop people from pirating it. If your name is attached to it I'd say that's a pretty good deterrent. Beyond that, you can download the music, burn it, transfer it from your home PC to your office PC - you can do what you want with it... the only restriction is that you can't illegally share it online. It's focusing on punishing people who share music illegally, while at the same time not hassling the end users who just want to use their music. This is exactly what DRM should be.
  • by Tom (822) on Wednesday May 30, 2007 @05:24PM (#19327927) Homepage Journal
    I'd like a few more details, please.

    Do they "hide" it in the files, or put it into the comment fields? There's a difference there, especially if you want to accuse them of underhand dealings.

    The article is also pretty crappy on the suggestion to convert to MP3. Why should I do that? A simple binary find&replace will be faster, safer and result in no quality loss or recoding troubles.

    So a little more info on this before painting anyone as a devil would be cool.
    • Re: (Score:3, Informative)

      by ucblockhead (63650)
      It is craftily hidden in the "Summary" pane of the "Get info" dialog. (Available only to hackers who can figure out how to right click on the song and choose "Get Info", further obscured by making it the pane that first comes up.)
  • by Kadin2048 (468275) * <slashdot@kadin.xoxy@net> on Wednesday May 30, 2007 @05:24PM (#19327939) Homepage Journal
    I find it a little hard to get worked up over this. I don't find the idea of watermarking particularly offensive, as long as it's not done in such a way as to degrade the content (which all "analog preservable" watermarking does), and it's not part of a DRM scheme (e.g. 'no copy' flag). Watermarking that only identifies a user and can be used to track down someone sharing files after the fact ... I can live with that.

    The difference to me is that it's not trying to stop someone from doing something illegal, before they even do it. That I find very offensive, and is the whole point of DRM. I believe that the computer should let you do anything you damn well please, even if it's illegal, but that you should take the consequences later. Trading DRM for watermarking would be a huge step up, since the watermarking really doesn't affect anyone who isn't putting their tracks on P2P networks. However, we also need to realize that watermarks can't be viewed as inherently trustworthy -- what's to keep me from framing you by putting your account information on a bunch of music and then sharing it? Practically, I'm not sure how useful watermarking really is. But if it's the price for getting rid of DRM -- which treats everyone like criminals, regardless of whether they're doing anything illegal or not -- it's OK by me.
  • I Don't Care (Score:5, Insightful)

    by Otter Escaping North (945051) <otter.escaping.n ... com minus distro> on Wednesday May 30, 2007 @05:29PM (#19328025) Journal

    Some will be pissed about this - there will be wailing and gnashing of teeth. Personally, I don't care if they put my name in the file.

    I want DRM-free media. I've wanted it for a long time. I want to play my music where I want, how I want, on as many devices as I want. And the whole time I've wanted that - it's never been so I can give it away to people on the internet. No one who wants to pursue this as a way of doing business is going to believe any differently.

    I love buying my music via downloads. I wish I could do that with movies (not the 320x240 video iPod stuff - I mean movies for my TV), but I run Linux, I have a non-iPod player, so I need platform-independent, DRM free media.

    They want to put my name in it? Go ahead. I'm not putting it out in the wild - and with any properly run computer - accidental release shouldn't be likely either.

  • my only question (Score:4, Insightful)

    by Lord Ender (156273) on Wednesday May 30, 2007 @05:32PM (#19328085) Homepage
    Does the license under which I "buy" these DRM-free songs permit me to strip this personally-identifiable information from the songs?
  • jhymn? (Score:5, Informative)

    by gEvil (beta) (945888) on Wednesday May 30, 2007 @05:39PM (#19328213)
    Correct me if I'm wrong, but isn't this exactly how jhymn and other similar programs leave your files? IIRC, jhymn will remove the DRM from the file, but still leave your AppleID, etc in the file. It seems that the only people complaining about this are the ones who want to pirate music.
  • by dmeranda (120061) on Wednesday May 30, 2007 @05:47PM (#19328339) Homepage
    The concept of using a watermarking technique is itself much better than any sort of DRM. But if the watermark is not correctly cryptographically tied into the song, then it is probably quite easy to forge watermarks. What this means is that it would be possible to still distribute thse songs (illegally) but have it appear as if somebody else did it. This is probably worse than having no watermark at all.

    Of course, technically, forgeable watermarks should carry no legal weight, and should be useful for nothing more than casual marketing analysis. But we all know how things like the courts, BSA, RIAA, and so forth work. "Hey, this song found on xxxxx P2P service has your name on it! You must be guilty. Here's notice of our lawsuit, or you can settle for $100000 per song." I see a lot more innocent grandmothers getting sued in the future.

    The same thing could actually be used for other file formats. Want to write a Word document outlining your plans to rob the bank; be sure to "steal" somebody else's GUID out of one of their documents and replace the one in yours. Now you've got a better shot at deniability of wrongdoing.
  • Cool (Score:5, Funny)

    by hurfy (735314) on Wednesday May 30, 2007 @05:50PM (#19328399)
    An easy way for me and my 1,203,382 roommates to keep track of what belongs to who ;)
  • by precogpunk (448371) on Wednesday May 30, 2007 @06:14PM (#19328825) Journal
    Quit being so paranoid. It's there so if you lose your MP3s whoever finds them knows where to return them!
  • So? (Score:3, Informative)

    by jht (5006) on Wednesday May 30, 2007 @06:32PM (#19329169) Homepage Journal
    Are the songs, in fact, DRM-free?
    Yes.

    Are they at a higher bitrate as advertised?
    Yes.

    Is there any physical restriction on what you can do with them?
    No.

    When you buy a DRM-free song, are you buying a "share them with teh intarweb" license?
    No.

    Is there a whole batch of metadata in the songs you buy from iTunes, protected or not?
    Yep.

    Nothing to see here, move along.

Remember: use logout to logout.

Working...