James.Cridland.net

James Cridland's blog

Where radio and new platforms collide. With beer.

« Screw it, let’s do it | Blog index | Buy Google keywords to get over Google’s freshness »

OMG! Apple’z DRM-free music spies on me!

Posted on Saturday, June 2nd, 2007 at 9:39am. #

If you pay 99p instead of 79p for your EMI download from iTunes, you get something special.

You get the music in double the quality - 256k instead of 128k. The music apparently sounds cleaner and more vibrant.

You also get the music without any Digital Rights Management. So you can copy it, move it around, play it on one of those nice new thin Sony Walkman nano-a-likes, etc.

And, as the Electronic Freedom Foundation have discovered, you also get those tracks embedded with your name, your email address, and possibly many other things too.

This, to me, makes perfect sense. They’ve stripped the DRM so that you can, for example, burn the tracks onto CD, or move them to your other player, play them on your mobile phone - a wealth of possibilities denied to us with DRM-protected files. However, they’ve not stripped the DRM to allow people to stick them on the internet for everyone to download or to share around the office; hence the embedded user information.

ArsTechnica appears to be fuming about this.

I don’t understand why.

Tags: , , | Permalink | Comments RSS | Leave a response, or trackback.

One comment

Nick Piggott said at June 2nd, 2007 at 11:34am

I partially agree with the concerns. The identification of the user in the file seems to be fairly plain-text and simple to extract, so there must be concerns that people’s specific personal information is being stored in such an insecure way in a file that is going to be on portable devices which are themselves liable to theft.

I’m really surprised that Apple have done this in such a cack-handed way. I’d already suggested (http://www.nick.piggott.name/blog/2007/04/emi-drm-and-itunes.html) that Apple might watermark tracks to identify the individual, but I thought they might at least have stretched to using a pseudo-random code injected into the body of the file that would be extremely hard to extract unless you already had the originating key. The security then would have been more than acceptable (in fact, I’d venture that a simple analysis of the file in a hex editor wouldn’t have revealed anything unusual at all), and the music industry would have achieved their goal of being able to trace leaks back to individuals.

Leave a comment

This website's Gravatar enabled (that's the pictures on the right)

To prove you're human, type the two words below into the box provided.

These are my personal views and not those of the BBC | Full disclosure | FAQ | Contact me | More Cridland stuff at www.cridland.netMade in the UK