Comments on: OMG! Apple’z DRM-free music spies on me! http://james.cridland.net/blog/omg-applez-drm-free-music-spies-on-me/ From a radio futurologist - where broadcast radio and new platforms collide. Thu, 09 Feb 2012 09:26:44 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Nick Piggott http://james.cridland.net/blog/omg-applez-drm-free-music-spies-on-me/comment-page-1/#comment-13810 Nick Piggott Sat, 02 Jun 2007 11:34:31 +0000 http://james.cridland.net/blog/2007/06/02/omg-applez-drm-free-music-spies-on-me/#comment-13810 I partially agree with the concerns. The identification of the user in the file seems to be fairly plain-text and simple to extract, so there must be concerns that people's specific personal information is being stored in such an insecure way in a file that is going to be on portable devices which are themselves liable to theft. I'm really surprised that Apple have done this in such a cack-handed way. I'd already suggested (http://www.nick.piggott.name/blog/2007/04/emi-drm-and-itunes.html) that Apple might watermark tracks to identify the individual, but I thought they might at least have stretched to using a pseudo-random code injected into the body of the file that would be extremely hard to extract unless you already had the originating key. The security then would have been more than acceptable (in fact, I'd venture that a simple analysis of the file in a hex editor wouldn't have revealed anything unusual at all), and the music industry would have achieved their goal of being able to trace leaks back to individuals. I partially agree with the concerns. The identification of the user in the file seems to be fairly plain-text and simple to extract, so there must be concerns that people’s specific personal information is being stored in such an insecure way in a file that is going to be on portable devices which are themselves liable to theft.

I’m really surprised that Apple have done this in such a cack-handed way. I’d already suggested (http://www.nick.piggott.name/blog/2007/04/emi-drm-and-itunes.html) that Apple might watermark tracks to identify the individual, but I thought they might at least have stretched to using a pseudo-random code injected into the body of the file that would be extremely hard to extract unless you already had the originating key. The security then would have been more than acceptable (in fact, I’d venture that a simple analysis of the file in a hex editor wouldn’t have revealed anything unusual at all), and the music industry would have achieved their goal of being able to trace leaks back to individuals.

]]>