Update: Looks like this post is subject to experimental problems… just disregard it, but I’ll leave it up so people can try it out on their own files if they’d like.
Original Post: Ars Technica (and The Unofficial Apple Blog) found the Apple’s “DRM-Free” files contained the AppleID of the user that purchased them. That’s a little spooky because it means that DRM-Free files you buy on Apple can be tied back to you, unlike MP3s you rip from your own CD collection. However, adding identifiers to MP3s is not the big story:
The big story is that if a user tries to erase or zero-out the identifier in the DRM, the file is disabled. This was tested and verified by a member of Dave Farber’s (Distinguished CS Prof at CMU) Interesting People mailing list. The direct text of the experimental proof:
I tested:
- downloading the “free song of the week” (DRM free)I found:
- my AppleID
- my name (as part of my billing address under my account)I did not find any other information associated with my account,
e.g., I did NOT find:
- my email address
- my street, city, state, or zip code
- my phone numberWhen I zeroed out the AppleID and name above, the song would no longer
play
- iTunes was happy trying, but acted like the file was
corrupt, and played only a half a second or so.Conclusion: “free song of the week” is not DRM-free
The behavior of disabling files simply because the user wants remove their personal information from the file is blatantly DRM. It is needlessly restrictive (nothing about playing an MP3 on a computer technically requires your personal information), and Jobs should not be advertising that iTunes Plus files are DRM-Free because it’s simply untrue.
And why are you upset about this???
Few reasons:
1) False advertising. Steve is getting a big group hug from the blogosphere for eliminating DRM, when it’s simply untrue.
2) Privacy. Nothing about playing an MP3 should require releasing personal information. What if I had to sign my name on CDs when I bought them? Totally lame.
3) False lawsuits. People are going to crack this DRM (just like every other DRM has been cracked). A simple, rudimentary crack would involve inserting a fake AppleID, or someone else’s AppleID. When those cracked files hit the net, the RIAA & Co. will sue the owner of the AppleID in the file. I’ll bet wildly large sums of money that they will finger the wrong culprit on many occasions due to cracked DRM. And, courts will never hear a word about it because the VAST majority of these shit lawsuits are settled for the $5,000 ransom notes included with the subpoena.
4) Secrecy. If a watchmaker is going to engrave my name in a watch before he sells it to me, then he should ask me first. If it’s a necessary condition for sale, he should tell me so. Same goes for Apple. Apple should be publicly stating during the checkout process that this engraving is occurring. I tried it buying the “free song of the week”today, and there is no disclosure to engraving in the checkout process. “Shhhhh… spying on users doesn’t work if you tell them you’re doing so!” Security through obscurity is weak and deserves to be exposed.
I take from your comment you either A) don’t care and genuinely wonder why I do or B) assume I am upset because I want to pirate these songs. If “A” then I’d be happy to debate these points and keep the discussion going. If “B” then I doubt these points will have any effect on your opinion.