Apple Hides Your Account Info in DRM-free Music

GO TO ADMIN PANEL > ADD-ONS AND INSTALL VERTIFORO SIDEBAR TO SEE FORUMS AND SIDEBAR

zerock

New member
Joined
May 10, 2003
Messages
445
Points
0
Age
40
Location
PR
Website
www.edgarrodriguez.com
It was kinda obvious the atom would be there, no complains in that. Besides preventing p2p sharing, i dont think that's the only reason its there.
 

Daveoc64

New member
Joined
Jun 6, 2004
Messages
317
Points
0
Location
Bristol, UK
It's always been there. I don't see why they wouldn't keep putting it in.

It's a deterrent for some people to stop them sharing.

I don't think they will spy on people like that article is hinting at.
 

kornchild2002

New member
Joined
Feb 21, 2004
Messages
12,203
Points
0
Location
Cincinnati
I too don't think they will spy on people, that borders the legality of online purchases (unless it is stated in Apple's EULA for iTunes which is too damned long to read). I am sure personal information is there to prevent people from illegally sharing their music over P2P or torrent clients.
 

deathsolitude

New member
Joined
Apr 18, 2005
Messages
63
Points
0
Age
34
Location
Canada
Daveoc64 said:
It's always been there. I don't see why they wouldn't keep putting it in.

It's a deterrent for some people to stop them sharing.

I don't think they will spy on people like that article is hinting at.
Ditto.

People who are complaining about it are just secretly whining about not being able to "share" their music with strangers on file sharing programs.
 

Daveoc64

New member
Joined
Jun 6, 2004
Messages
317
Points
0
Location
Bristol, UK
I should clarify that I don't agree with:

"That said, it would be trivial for iTunes to report back to Apple, indicating that "Joe User" has M4As on this hard drive belonging to "Jane Userette," or even "two other users." "

I have different named files on this computer - more than one person uses it. They can't monitor that sort of data.
 

AngryCherub

New member
Joined
May 31, 2007
Messages
10
Points
0
Location
West Chelsea, Manhattan
Initially, I thought, that's as it should be. But the more I consider it, I think it's kind of a pain in that I have to think about my music library now as a liability. For example, I have a copy of my whole library at work that I occasionally update with the new songs I've ripped or bought from home. In the past, I never had to worry about somebody taking them because they either did not have identifying info or they were unplayable m4p files. Now I am actually worried about all the people who have rights on my machine at work; what if they copied some of my music? Even if they didn't mean to share it, p2p programs usually make EVERYTHING available. I feel like in situations where I do not have total control over my machine it is no longer a good idea to be listening to my music. And that kind of sucks.

And should I now be paranoid about letting anyone use my computer? For example, when I go out of town, I usually leave my computer on for the pet-sitter who stays in my apartment so he can have Net access. Now I have to stop that? Or worry about blocking access to my music collection?

There are other implications beyond just one's own desire to share music.
 

Code Monkey

New member
Joined
Jun 24, 2004
Messages
5,213
Points
0
Location
Midstate New York
AngryCherub said:
There are other implications beyond just one's own desire to share music.
True, but I give it less than a week before there'll be a drag'n'drop utility that will strip the atom with your identifying info out of the files. When it was possible to de-DRM m4p files (that you had a valid license for) with certain DCMA violating utilities, there was the option to strip the ID atom, so without any actual DRM, it should be cake for someone who knows what they're doing to write such a utility.

While I plan to support their choice to sell DRM free files, I won't be allowing them any chance to trace them on principle. They can embed my personal info in such files when I have to present my driver's license to buy a CD (with enforced registration), otherwise it's just more needless stupidity on their parts.
 

bdb

On the B side of life
Joined
Sep 24, 2004
Messages
4,223
Points
0
Age
62
Location
Portland, OR
deathsolitude said:
People who are complaining about it are just secretly whining about not being able to "share" their music with strangers on file sharing programs.
...and if you don't like being watched 24 hours a day, you must be a criminal.
 

Germansuplex

New member
Joined
Jul 10, 2006
Messages
1,060
Points
0
I don't necessarily like it, but I totally understand it. Plus, it might not even be Apple's fault. It's probably at the demand of the record companies in order to let iTunes sell DRM-free music.
 
Joined
Nov 15, 2004
Messages
13,238
Points
36
Age
48
Location
Toronto, Canada
Website
www.ilounge.com
Well, consider also that the embedding of the information may have more practical purposes... iTunes 7 introduced the new "transfer purchases" feature that allows you to "reverse-sync" content from your iPod back to your iTunes library, as long as it's going to a computer that is also authorized for the same account.

This feature doesn't seem to work for the non-DRM "iTunes Plus" tracks at this point, but we also have no way of knowing whether that's an oversight in iTunes 7.2 (ie, a bug), or intentional on Apple's part. Certainly if it was their intention to allow for this kind of reverse-sync, the identifying information would go a long way to enforcing the ability to only reverse-sync your music back to your own library, since it's extremely unlikely iTunes would ever offer this feature carte-blanche, any more than they do right now for your own "ripped" CDs.

I otherwise honestly have no opinion on this whatsoever. I'm not in the least bit surprised that the identifying info is still there, and at this point I don't particularly care. I'm the sort of person who regularly packet-sniffs what type of information is leaving my computer anyway, so you can bet that if there's any indication that Apple is using this information, both myself and 500 other "hackers" will find out about it, and you'll see it all over the news.

People who are paranoid about computers "phoning home" or companies like Apple and/or Microsoft tracking your activities have absolutely no idea how the Internet works, nor how many people there are out in the world who would just love to get their 15 minutes of fame by finding such a little hidden packet.... and no company will dare start transmitting significant encrypted payloads, since that in and of itself just increases the suspicion on other people's part.
 

Hank Reardon

New member
Joined
Jun 2, 2007
Messages
3
Points
0
bdb said:
...and if you don't like being watched 24 hours a day, you must be a criminal.
Exactly. One needn't be up to no good to object to Big Brother keeping tabs. Just another reason to simply continue buying CD's and ripping them myself.
 

tdefriez

New member
Joined
Jun 2, 2007
Messages
3
Points
0
SO let me get this right...

I download an item for a cost. The vendor embeds my details in the item. What are the issues?
- If I share the file the vendor can track me (not an issue unless I put the file on P2P server). No worries in my case as I believe (and life has taught me no such thing as a free lunch) and I don't hang out on such sites.
- Spammers can reverses hacks the content on P2P servers so I could end up with more spam (not an issue unless I put the file on P2P server). Again no worries in my case as same as one above
- Someone 'steals' the file and I can now prove it mine and recover (provided the supplier believes me and the e-mail is easy to find). I now am better protected if I can prove the file is stolen not 'donated'

So why should I worry as a legal user who refuses P2P approaches to getting music and only shares with his direct family?

PS: I have over 1000 CD's and several hundred LP's so I've always prefered to support art (I admit some commercial sources make more than their artist but..)
 

HappyPills

New member
Joined
Sep 8, 2006
Messages
70
Points
0
bdb said:
...and if you don't like being watched 24 hours a day, you must be a criminal.

The day anyone in the government wants to watch me 24/7, they will get a 24/7 view of my naked.
 

enjoilax

New member
Joined
Feb 17, 2004
Messages
6,758
Points
0
Location
my house
tdefriez said:
I download an item for a cost. The vendor embeds my details in the item. What are the issues?
- If I share the file the vendor can track me (not an issue unless I put the file on P2P server). No worries in my case as I believe (and life has taught me no such thing as a free lunch) and I don't hang out on such sites.
- Spammers can reverses hacks the content on P2P servers so I could end up with more spam (not an issue unless I put the file on P2P server). Again no worries in my case as same as one above
- Someone 'steals' the file and I can now prove it mine and recover (provided the supplier believes me and the e-mail is easy to find). I now am better protected if I can prove the file is stolen not 'donated'

So why should I worry as a legal user who refuses P2P approaches to getting music and only shares with his direct family?

PS: I have over 1000 CD's and several hundred LP's so I've always prefered to support art (I admit some commercial sources make more than their artist but..)
One flaw: no one will ever 'steal' it as you have to make it available for someone to take it.
 

Code Monkey

New member
Joined
Jun 24, 2004
Messages
5,213
Points
0
Location
Midstate New York
enjoilax said:
One flaw: no one will ever 'steal' it as you have to make it available for someone to take it.
Right, because absolutely no one has files on their work computer or a family computer where multiple people have access. Heck, for that matter, nobody has ever had their iPod stolen or otherwise lost.

For obvious reasons, I should make sure sensitive files are secure, but music is not sensitive, and when I have to rights protect audio files because Apple has engineered ease of prosecution into their files, then all they're doing is passing the buck for digital rights management to me.

With or without user complicity, some of these files are going to wind up places their original license holder never expected.
 
Joined
Nov 15, 2004
Messages
13,238
Points
36
Age
48
Location
Toronto, Canada
Website
www.ilounge.com
While I don't entirely disagree with what you're saying about the privacy considerations, I think it's needlessly paranoid to assume that somebody who had their music library casually pilfered is going to be the subject of any kind of meaningful prosecution.

I'm not suggesting that the RIAA and its ilk wouldn't use that information to attempt to intimidate folks if a whole whack of music with their name on it showed upon a P2P site, but the grounds to actually make any kind of a real case over it is going to be pretty unlikely unless there are many other substantive grounds upon which to build a case. Such grounds would include things like definitive evidence that the person whose name is on those files actually engages in the active distribution of copyrighted content, and for that matter, definitive evidence that the songs really came from that person... The atom containing that information can technically be added by anybody, and based on what I've seen thus far there is no kind of digital signature in these files to authenticate that it was the iTunes Store that tagged it.

Stranger things have happened in civil cases, of course, but I think this particular one has a very low probability of happening, even if the RIAA were to try and enforce it.

After all, most software packages have already had activation keys and serialization for a long time, and despite the loud noises that the SPA has been making for years about how widespread and rampant piracy is, you don't see too much evidence of anybody tracing back serial numbers and activiation keys found on Torrent sites or going after the original businesses that purchased that software.

I can't say I necessarily like the idea of the embedded information, but it's not a new idea in general, and nor do I think it's a particularly draconian measure on anybody's part. The value is likely more based on precluding people from sharing either via P2P or selling pre-loaded iPods as a selling point than it is on the hopes that anybody could ever do anything with that information.

There's a psychological factor about having your name tagged into something that will make people think twice about giving it away freely to the world at large, and that is probably the main reason for this, not any kind of expectation that they could ever use this information for anything.
 

Code Monkey

New member
Joined
Jun 24, 2004
Messages
5,213
Points
0
Location
Midstate New York
jhollington said:
I'm not suggesting that the RIAA and its ilk wouldn't use that information to attempt to intimidate folks if a whole whack of music with their name on it showed upon a P2P site, but the grounds to actually make any kind of a real case over it is going to be pretty unlikely unless there are many other substantive grounds upon which to build a case.
That's kind of the point. The RIAA has only actually *won* a very small number of cases regarding file sharing. However, they've had thousands and thousands pay them about $4,000-$5,000 a head solely because of intimidation. Just because the RIAA is mostly a paper tiger, either outright ignore their request or insist on taking them to court and the most likely result for you is... nothing at all, doesn't mean the potential risk to the end user isn't there.

Unless the intent is to ease prosecution and/or intimidation, there is no reason for the embedded information to make any sense to anyone but Apple (e.g. a hash key or encrypted identification) along with a privacy disclosure that they will only reveal your personal information upon subpoena.
 
Joined
Nov 15, 2004
Messages
13,238
Points
36
Age
48
Location
Toronto, Canada
Website
www.ilounge.com
Incidentally, to demonstrate how easy it is to rip out some of this data for those who don't want it there....

Go obtain a copy of AtomicParsley (http://atomicparsley.sourceforget.net) for your platform of choise.

Go to a command prompt, and run AtomicParsley against any of your iTunes Plus tracks with the following parameters:

Code:
atomicparsley trackname.m4a --manualAtomRemove "moov.udta.meta.ilst.apID" --manualAtomRemove "moov.udta.meta.ilst.purd" -W
The two atoms of concern here are:

apID -- Your actual iTunes Store account ID (ie, "jhollington")
purd -- The date of purchase of the track in question

The -W parameter just tells AtomicParsley to overwrite the existing file, rather than creating a new temporary file, so the changes will be reflected in your iTunes library the next time you open the file.

The only tag that's a bit harder to get rid of is the actual "Name" tag, as it still seem to be buried in the old DRM header section of the track (outside of the normal iTunes tags or even the udta user data section). However, if you wanted to take the draconian approach, AtomicParsley can easily strip out ALL tags from your M4A file, which will definitely get rid of your name in the process.

Alternatively, you can find your name embedded in the track in clear text, so a binary editor could also be used to clear it out.

Again, I expect that we'll see apps out there within a few days that will take care of this for the average user. Further, as far as I can tell there is nothing in the iTunes Store Terms of Use that say you can't remove this information.
 

Hank Reardon

New member
Joined
Jun 2, 2007
Messages
3
Points
0
Just curious. Does anyone know if the info is carried over if you burn the purchased tracks to CD then rip back to mp3?
 
Top