iTunes Songs Don't Have DRM, But They Contain Your Email Address
from the two-steps-forward-one-step-back dept
Apple got a lot of press last week when it announced that it was going to remove the DRM from songs it sold through the iTunes Music Store. That’s a great thing in itself, since it removes the barriers legitimate customers faced in playing back music they purchased on the device of their choice. But details are coming out, and it’s not all good news: the songs are watermarked (via Slashdot) with the email address of the iTunes account used to purchase them. This is certainly better than DRM, but it’s still not great. The biggest issue is that it links files to a particular consumer — which will likely lead to the RIAA using the watermarks to attempt to “prove” that people actively shared songs and sue them. It seems inevitable that the label cartel will attempt to use the marks to inflict liability on users if music bearing their email address appears online. Which is great, until a person’s iPod gets stolen and the music ripped from it, or a friend grabs music off of somebody’s hard drive without their knowledge. The RIAA’s legal strategy has been based on flimsy evidence; removing the DRM but adding watermarks simply gives them another way to “prove” people shared music they purchased online, even though the marks won’t actually prove anything.
Filed Under: drm, email address, itunes
Companies: apple
Comments on “iTunes Songs Don't Have DRM, But They Contain Your Email Address”
Is It In the Agreement?
If Apple does not clearly disclose this in their iTunes user agreement, they could be in violation of privacy laws. Then again, this IS Apple, and they do whatever they damned well please, ‘cuz they can get away with it.
As an aside...
Wonder where in the tag they are putting this info. It used to be very simple to circumvent Fair Play for music in iTunes… simply burn a CD (or virtual CD with something like Noteburner) and then re-rip the burned CD… DRM was gone. If they put this info in a tag field, it should be fairly simple to get rid of it.
Re: As an aside...
If they put this info in a tag field, it should be fairly simple to get rid of it.
As mentioned, the songs are watermarked, not tagged, with the email address.
Re: Re: As an aside...
Yes, the story said watermarked. But the story was wrong. They are simply tagged. The internet is full of software for editing/deleting these tags already (as Apple has included this information since the iTMS first opened; this isn’t a new development from removing DRM).
Re: As an aside...
Export the track to mp3, load it back up to iTunes, watermark is gone
Re: Re: As an aside...
Along with some of the quality. You didn’t mention that.
One step back?
The object here is to prevent piracy without inconveniencing the consumer. In listening to a song, or putting it on multiple devices, you have no problems, and yet are you really that likely to start seeding a torrent in which every song contains your email address. It may not be the ideal solution, but we’re far better off this way. Besides, there is little reason to believe that at some point, someone will be able to strip out the watermarking altogether. At least this way, the consumer isn’t completely screwed just for buying legit music.
Re: One step back?
Whoops. That should read “There’s is little reason to believe that at some point, someone won’ be able to strip out the watermarking altogether.”
Re: One step back?
Stripping out e-mail would be trivial, but worthless. What you want to do is replace them with e-mail addresses of the rich and influential, ie: senators sons, presidents daughters, Mojo Nixon, etc. Once enough of them get a feel of the shaft, we’ll finally see a change in the world.
Re: Re: One step back?
This sir is an EXCELLENT idea! I think I will get iTunes for the sole purpose of seeding torrents re-watermarked to Richard Nixon. That’ll show those RIAA scum!
Re: Re: One step back?
Won’t help. The RIAA is careful to avoid going after the rich and influential.
Like I said, they’ll never feel the shaft. The RIAA targets those less able to defend themselves.
Witch Hunt
Like all great persecutions in history no doubt the music industry will chase, capture and even burn at the stake some of the music sharing heretics. Thus in time they will face an undeniable truth, music will never be a privilege of the few as it is born in the masses for the masses.
On the face of it, this is far better than DRM. It no longer negatively impacts the person who actually pays money for their music and punishes them more than a “pirate” would be (at least not in any direct way).
On the other hand, it really does depend on what happens with this information. Not only could this watermark be faked (thus implicating innocent consumers), but it also introduced perils similar to identity theft. If your iPod or laptop gets stolen, and the music collection therein uploaded to a P2P network, you could find yourself the subject of a massive lawsuit with great difficulty in proving your innocence. There’s no defence other than “I lost my equipment and I didn’t do it”, and no marginally intelligent thief isn’t going to use that defence even if they’re guilty.
So, it’s a slight step up, but still horrible for the privacy of legitimate consumers or at the very least a small obstacle as they strip out the watermark. Which actually still makes a FLAC download from a P2P network more desirable than actually paying money to iTunes…
Another Angle...
This doesn’t just have to be a way to punish someone that publishes a file up via Torrent/P2P. It can be a way to punish someone that has songs on their system, iPod, whatever that are watermarked/id to someone that has absolutely no relation to them. In short, it can be used to prove that you stole the music.
It can also be used by iPods and similar devices to block music watermarked with someone’s else id. That way you can’t share the music with a friend….
Sure sounds like DRM to me! Maybe nicer DRM, but DRM nonetheless.
Freedom
Re: Another Angle...
That’s a dangerous path to go down, though. First of all, there are a lot of PCs that are shared. If you have a laptop in a college dorm, or a few different iTunes accounts for different countries (which is quite possible), or even several family members sharing a PC, should you really be a target for lawsuits? Technical restrictions (one email address per iPod) would prevent a family or housemates from sharing music, thus killing a promotional mechanism and reducing the value of music.
This is why DRM, or even pseudo-DRM in this case, sucks. The people actually pirating would almost certainly get non-iTunes sourced files, or those with watermarks stripped out. The only people to suffer, yet again, are the people who actually pay for their music.
Re: Another Angle...
Kevin Bacon Game. Person A was in contact with Person B, who was in Contact with Person C, who was in turn.. in contact with Kevin Bacon. I don’t have to know person A, where the file started. I just have to know person C.
Re: Another Angle...
“In short, it can be used to prove that you stole the music.”
As has been repeated here over and over, downloading or sharing music is not stealing, it is (possible) copyright violation. Stop drinking the RIAA’s sweetened, fruit-flavored drink.
“It can also be used by iPods and similar devices to block music watermarked with someone’s else id.”
No, it couldn’t. That would, in fact, require your music to be tied specifically to your device, which is the definition of DRM. Since none of the current players would support this format of DRM, it would not work. Plus, what would be the point of dropping one DRM format to replace it with a weaker one?
Re: Re: Another Angle...
“Plus, what would be the point of dropping one DRM format to replace it with a weaker one?”
Marketing and PR.
“Since none of the current players would support this format of DRM, it would not work.”
Update the software/firmware.
drm spam
forget being sued. what about spam? spammers could scour bittorrents for music, isolate every email address from every song and send music related spam to all these addresses. remember, these are legitimate emails tied to a credit card and real itunes account so these are gold to spammers.
Re: drm spam
Good point. This feature is getting to be exploited by phishers with spoof iTunes websites.
Re: drm spam
“…these are legitimate emails tied to a credit card and real itunes account…”
ANY email address is probably tied to a credit card and some online account. So what?
What are they going to do without an actual card number?
Re: Re: drm spam
Not true at all. The odds that any randomly generated email address is actually tied to a credit card is vanishingly small.
It’s called “phishing”. Look it up.
Re: drm spam
Why would your purchased music be on a torrent site anyway sans theft? Theft of regularly purchased music would represent a minority of pirated music anyway
can you resell the song that you bought to someone else?
My brother-in-law's address
Like DRM, the watermark will eventually be circumvented. When it is, I not only want to remove my email address, I want to be able to insert my brother-in-law’s.
It's a tag, not a watermark
I’m unable to verify this, because I’ve not used iTunes, ever, but based on the comments on this Tuaw post, this isn’t a watermark, but simply an mp4 tag. Also, it can easily be removed by using a tag editor like AtomicParsley
Re: It's a tag, not a watermark
isn’t a watermark, but simply an mp4 tag
Agreed. I think text of the TechDirt post should be corrected to replace the word “watermark”. I understand that there may be no absolute definition of a digital watermark, but I think most tech people would agree that it’s not a tag. Else why have separate terms?
When I hear the word watermark in reference to digital files, I think of something that permeates most if not all of the actual digital content itself, not just that it’s in the file’s header somewhere. In fact, if you can see something by opening a digital file in Notepad, I’d say that by definition, it’s not a watermark.
And just because you can’t see your e-mail address in iTunes (but you can in Notepad), it doesn’t mean that it’s a watermark. I don’t know what kind of tagging that AAC uses, but with ID3, you can have a frame in a tag that stores only digital information.
Again, I think the Techdirt post should be corrected. It’s misleading it its current form.
Good Direction
This is a real step in the right direction. The problem with DRM, etc. is that it prevents consumers from taking advantage of “fair use” – that is being able to move songs to other devises, make personal copies, make a few copies for your buddy or girlfriend. Music on the net changed all this because you could distribute/post to tens of thousands at a time. By using a watermark, consumers can now argue that under ‘Fair Use’ I have made/shared a limited number of copies of something I personally own… the song. If RIAA can go and find thousands of people with that song and the same watermark, then they have a legal case – but the good part here is the legal burden is now on them, not the customer (unless the purposely post to a internet distribution. To address the ‘what if it’s stolen’ – Given all postings have a recorded IP address, the consumer could argue it’s not from their machine (yes there’s ways around this but again, an indepth review of a person’s past practices, tech knowlege, etc would be enough to say it probably was or was not done by the consumer).
Finally – privacy is a true concern. The eamil should be encoded not as a raw email, but using a proprietary text hashing algorythm (a program that converts text strings into alpha-numeric sequences). That way – spammers, other users, etc. would not be able to access it – and of course hacking the encoding would be illegal since it would be Apple’s proprietary code. Also – if one’s email changes, then Apple should be able to link the 2 codes so it’s clear that the music is all owned by the same person.
so – I think it’s a promising direction for this stuff…
Re: Good Direction
You either have no idea how the RIAA operates or are shilling for them. The RIAA uses lawsuit threats to induce people who can’t afford to defend themselves to settle even if they are innocent.
You’re sounding more and more like an RIAA shill. The fantasy that IP addresses correspond to individuals is a favorite one of the RIAA (and MPAA).
Now the idea that that would prevent its being cracked is really ridiculous.
Unfortunately, that promise is rather dark.
Good Direction
You raise valid points – but they I think they could be addressed under the current legal definition of ‘fair use’.. ie, use by family memebers. Shared PCs I don’t think would be an issue… it’s like a shared CD player… anyone can play their CD it it – but someone owns the CD. If a college roomate takes your songs off your iTunes account, then it’s either ‘fair use’ because he’s a friend and you said go-ahead or he’s stealing your song in the same way he could steal your CD (I lost lots of CDs in college to roommates at the end of semester). Also if someone has several accounts, Apple should be able to link those so we know it’s all the same person who owns that music.
I’m not saying this is a perfect solution, but a step in the right direction as consumer rights must be balenced against copyright holder rights. It’s going to take a long time to get to a viable solution.
Paying for Tunes
If you pay for tunes you should suffer 🙂
Cptn. Bly
Re: Paying for Tunes
If you steal you should suffer more.
Too bad no one has found an effective treatment for parasites.
Re: Re: Paying for Tunes
I believe he was talking about copyright infringing songs, not stealing other stuff.
Dorms
“If you have a laptop in a college dorm … should you really be a target for lawsuits?”
If you have a roommate or someone else in your dorm rumaging through your laptop and posting your files online… let’s just say you probably have other problems to deal with.
Re: Dorms
Then you sure don’t need any more.
Not a Surprise or Big Deal
As has been said everywhere, the songs ALWAYS have had the email address of the account that made the purchase. Its part of the Agreement. Its really not a Big Deal privacy wise either as its ONLY your email.
Easy to get around, just re-record it and voila, no drm
http://record-online-media.com/Record-iTunes-Radio-Stations-onto-your-iPod.asp
That's life
Watermarking is NOT DRM. Most things we buy are “watermarked”; it’s called a serial number. If someone steals my registered firearm and it latter gets used in a crime, guess what? The police will be paying me visit and if I haven’t reported it stolen, I’ve got a lot of explaining to do. Is it fair? No, but that’s life. If someone steals my car and uses it as a get-away car at a bank robbery, same situation. Do a better job keeping your stuff from getting stolen (and take appropriate action if it is stolen) and you won’t be in that situation.
Re: That's life
Watermarking is NOT DRM. Most things we buy are “watermarked”; it’s called a serial number.
A product, like a digital file or a gun, may have a unique identifier like a GUID or a serial number. I don’t think anyone would be surprised about this nor would there be any controversy if that’s all we’re talking about here. But this is not just an identifier of the item itself, but direct link back to the purchaser.
If someone steals my registered firearm and it latter gets used in a crime, guess what? The police will be paying me visit and if I haven’t reported it stolen, I’ve got a lot of explaining to do.
The key word is “registered”. The fact that guns have serial numbers isn’t controversial in that linking them to a specific owner (i.e. registration) isn’t mandatory. But in effect, that’s what the iTunes policy does by adding the e-mail address to the file, making a direct link to the purchaser.
Is the purchaser e-mail frame in a tag the same thing as DRM. No, not really. Is it watermarking? No, and to call it watermarking I think is misleading. But are people freaked out when they find out that their personal information is stored in a digital file? Of course.
Re: That's life
Is it fair? No, but that’s life.
Lots of things in life are unfair but that doesn’t make them any more acceptable.
Not ideal
But it is still better than a DRM… But not by much.
Watermarks, hmm?...
Do these “Watermarks” somehow stay embedded in the WAV file that results from burning a CD? Because unless they do, I don’t see a problem at all.
You Can Put Lipstick on a Pig ...
… but it’s still a pig. 😛
Oh, good – so if you hack someone else’s computer, copy their MP3’s and post them on torrent – THEY get in trouble instead! What a good idea!!
How long before...
… someone edits a song to put the email address of an RIAA lawyer in an iTunes song uploaded as part of a torrent? Now THAT would be an interesting counter if it ever made it to court.
Re: How long before...
RIAA lawyer? Why aim so low.
I was going to make my own post, but instead I shall reply to yours, we should all do this and insert the email addys of the RIAA Chief officers. Their whole board. Now THAT would be funny.
3 line Python script
Run this in a loop accross all your mp3s:
import re
mp3_contents = open( “test.mp3” ).read( )
mp3_contents.replace( re.findall( “w+@w+.w+”, mp3_contents ).pop( ), “stevejobs@apple.com” )
RIAA will see you in court Steve Jobs 🙂
The tags used are below, and they are easily removable… this is not a huge privacy problem, just a minor one. If you aren’t hosting your music on an open server, you shouldn’t be too worried about these.
Losing your iPod… and having these tags in it, are MORE LIKELY to get you your iPod returned to you than to get you targeted by a fake lawsuit or hackers.
Purchased By: Real-Name
Account Name: Email-Address
This isn't new
It’s been this way for years, since iTunes+ was first introduced.
Why,. that's no moon!
Neither a watermark nor hidden
A digital watermark is usually a unique identifier that is embedded in the actual content of a file such that it is hidden within the content of the file itself (in this case, the music) and cannot be easily removed.
In the case of iTunes Plus songs, neither of these are true. The e-mail address is not embedded within the music content. It is a standard mp4 tag. Any tag editor can be used to change or remove it.
Also, the tag is not “hidden”. If you open iTunes and view the information about a track, iTunes itself shows you that the e-mail address is there.
Using the term “watermark” makes it sound much more nefarious than it actually is.
Re: Neither a watermark nor hidden
I’m curious, how do you know that there are not invisible watermarks in addition to the visible tags? As I understood it, the tags were just a visible warning and the watermark was buried.
Re: Re: Neither a watermark nor hidden
The way you can tell if there *is* a hidden watermark is to take a couple of copies of the same song purchased by different people and compare them at the bit level. Where are the differences? If the only differences are in the tags, there’s no watermark on the content. (I don’t know for sure that anyone has done this test, but given the amount of discussion of this topic – which is *not* new – and the ease of testing, it would astound me if no one has.)
BTW, those wringing their hands on this issue might consider that Apple is being pretty open about this by putting obvious ID’s in the tags. Suppose there was tag with the purchase date and time. Seems harmless and few people would mention it – but that ties back trivially in Apple’s databases to the account that purchased the song.
Replace it with the email address od the RIAA!
.
“I bought a song as a present for their birthday — just like I used to do with CDs.”
“I bought/sold the song at a music swap/used-music meetup.”
“I received the song as a gift.”
“My laptop was stolen … or lost for days, and I just got it back from the airport lost-and-found.”
Hey. how long before anyone automates a little hack tool that puts the email address of the RIAA president into every song on your computer for you?
Hahahahah.
.
While I agree with many of the points of the previous posters, I think they’ve all missed something.
If the objective of Apple (or RIAA) is to get people to pay for music, then this fails with the technically savvy, informed users. In fact, whether or not it is a watermark or tag, this now makes purchasing music from iTunes even less desirable than pirating it.
Now if you pay for music, and then either inadvertently or purposefully share it with someone else, it is even easier for RIAA to track you down. In fact, this may even allow them to “prove” damages – all they have to do is download the version with your email address from thousands of people and can “prove” damages in court.
Before, all they could “prove” was that they downloaded the single song from you, but not actually “prove” distribution. Now it seems like they can make a much better case for distribution – and hold you liable for thousands of downloads of a single track.
Why download at all?
Solutions:
– CD
– Vinyl
– SACD
– DVD audio
– Live music
DRM, Watermark, Tag, Crappy Bitrate, Corrupted HDD
All are solved, and the music sounds better too 😀
how to remove drm from iTunes
Removing-drm is your first choice to remove drm from wmv.wma and iTunes music and movie files in a legal way .Anyone who buys DRM protected movies and
music from iTunes and Windows media center wants to enjoy DRM protected media with their digital players, but it is not easy to find an all-in-one DRM removing solution http://fast-remove-drm.blogspot.com/
I’ve purchased a bunch of music from iTunes and have enjoyed listening to them on my computer. But my portable music player is not an Apple iPod, so I can’t take my songs with me. I know that I can burn it but I don’t have a cd burner on my computer so I need a different method. Is there any way I can get around this unfair restriction and transfer my iTunes music to MP3 player.
Yes,if you met the same question,please follow this tutorial: http://www.removing-drm.com/player-tips/transfer-itunes-music-to-mp3.html
this sounds not all good news for us,after all you know it is better than before now.
my friend recommend me use drm media converter before.
wow ,this is good news for our customer ,but is is a bad news for publisher. i used to use drm removal program to remove the drm protected from iTunes, coz i do not want to pay the same music twice
This was a actually fantastic post. In theory I?d like to write like this also ? taking time and genuine effort to make a good post? but what can I say? I procrastinate alot and never seem to get something carried out.drm remover.
iTunes has two types of music: music DRM-free from iTunes Plus; music copy-protected with digital rights management (DRM). All the iTunes music is encoded in AAC (Advanced Audio Coding) with file extension of .m4a(non-DRM 256Kbps) and .m4p(DRM-protected 128Kbps).drm removal
MS DRM PK APPLE DRM
Microsft wmv drm also is frustrating. just remove them
can i share my purchased music from itunes with my friends then? remove wmv drm
thanks for sharing this nice passage
Make this comment the first word
Make this comment the last word