Apple embeds user data in iTunes Plus songs – So What?

You’d think we had started a war. Cory Doctorow, who I respect for his EFF work, has gone off the deep end calling iTunes 7.2 a “downgrade”. CNET quotes:

Songs available on iTunes Plus reveal users’ personal information. Privacy group suspects Apple goofed.

First off, did anyone think Apple was going to just sell plain raw bit unencrypted files? Come on!

Secondly, this is not an invasion of privacy at all. Songs don’t reveal any personal information. Giving those songs to others and having them hack out the data reveals your personal information. Keep your songs to yourself!

I am sick and tired of people who think they should be able to freely give purchased content away to others. Apple and EMI have gone out on a big limb and an even larger experiment. If sales plummet, guess what? The RIAA will be in SEE! PIRACY! mode and we’ll all go back to the dark ages.

I believe in privacy, I really do. However, Apple embedded your personal information in content that only you should have is no different than them saving your email address in a Mail application preferences.

So they didn’t tell people they were doing it? So what? Don’t pirate music and you won’t get burned.

Now you can back up this wonderful new iTunes Plus music and if the iTunes Music Store ever dies, it will still play. This is a huge benefit to users and those bitching about this are like little kids who got their Star Wars vehicle for XMAS but didn’t get each and every action figure. Its childish and this is exactly the kind of rigidness the RIAA and MPAA use to slap us with ridiculous restrictions.

Cory – Thanks for your work in pressuring companies to ditch DRM. Now back off. Have a drink. Take a nap. Go on vacation.

Update

From Wired:

“There’s absolutely no reason that it had to be embedded, unencrypted and in the clear,” said Fred von Lohmann, a senior intellectual property attorney at the Electronic Frontier Foundation. “Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner.”

Good! They’ll know where to return it. I know people who engrave their email address on the back. Now when the stolen iPod is recovered, I can prove its mine. Its not like the meth addict who stole it is going to need my email address, they already have it.

Gosh these guys.

62 comments

  1. Bravo! That’s the best rebuttal to this nonsense that I’ve read yet. People really are silly sometimes.

  2. The iTunes plus thing is great. I’m supporting EMI with some purchases.

  3. 100% right on!

    The outcry about this is embarrassing for those complaining. How many consumers personalize the things they buy?

    Furthermore how many software installations does everyone have that require your name or e-mail or both in order to use it and and embed it in the product.

    As long as the product doesn’t share this information with anyone but myself and my computer, who cares?

  4. At last… a reasonable response to this utter bullsh*t circulating the web…

    So, files on my computer contain my email address. Erm… yeah… so does every email in my inbox or outbox. So does virtually every applications’ registration info. So do a bunch of my documents. Oh, and I tag all my photos with my email address in the IPTC data.

    Whoop-de-fricken-doo.

  5. Thank you for saying that, GeeksRUs. I’ve had just about enough of Doctorow’s posturing and the EFF’s FUD. A period of silence would be nice.

  6. For the price, it certainly is a downgrade from CDs. How would you feel if, when you went to buy a CD the person at the counter asked for your personal info so they could embed it in the tracks?

  7. Rodney,

    That is an interesting argument but I think it skips over history. When CDs came out, you couldn’t copy a song (except out to tape) and you certainly could not copy a CD. You could GIVE it away and as a tangible medium that is fine and dandy.

    Apple’s EULA says you cannot give the songs to anyone else. That part is well understood and never debated. Thus, because it is so easy to duplicate the songs, I am fine with them embedding data, encrypted or in the clear.

    Now to your argument of buying a CD – Lets call this CD 2.0. A new format that is totally backwards compatible but at the time of purchase they take your email address and name and burn you a CD, which has songs that can be ripped, and the CD has my data on it, on the CD and in each song.

    The problem with that argument is that I have bought something tangible and under fair use, I can give it away, or even sell it, as long as I don’t keep a copy. Apple’s EULA does not allow that. I knew that when I bought the songs.

  8. BS !!! You can be 100% honest, not pirat music and get burnt !!! Simple: I give a song to a friend/colleague, he/she posts it on Peer to Peer. I am LIABLE.

    Now when I buy a BOOK, or a CD, it’s mine: I give it away if I want to. I can resell it etc. Why should it be any different with eContent ??? Maybe I have bought music, which I don’t quite like after all, or bought a whole album but just want to keep 3 song: WHY AM I DEPRIVED OF MY BASIC RIGHTS TO GIVE AWAY SOMETHING I HAVE LEGALLY ACQUIRED ??? If you acceopt that.. where does it stop ? Once I’ve listened to an audiobook, watched season pass on iTunes, maybe I don’t want to watch it 100 times ! I’d rather give it to someone else who likes it and THIS IS NOT PIRACY. Finally, all the “So-what’ comments come from rich brats in rich countries who can afford 99c/song… So many people around the world want to listen to audibooks, watch shows/movies in English, and would pay if the price was proportional to their income… Take Thailand, where 300$/month is a good salary: why do rich brats get access to 99cents music and yet feel they have the right to be moralistic about piracy issues ??? Rules and Ethics are distinct thimngs: GET A CLUE !

  9. Alex,

    Thanks for your comment. Please read my comments again.

    “BS !!! You can be 100% honest, not pirat music and get burnt !!! Simple: I give a song to a friend/colleague, he/she posts it on Peer to Peer. I am LIABLE.”

    The Apple iTunes Music Store EULA (End User License Agreement) states that you cannot give/sell the songs away. You agreed to that by clicking “I Agree”

    No BS involved.

  10. Alex,

    It’s perfectly reasonable that digital content be different than physical media – simply because it is intangible. The moment you can make exact duplicates of a product and distribute them any way you like, the whole concept of exclusive ownership becomes very gray. Consequently, as Steve stated, Apple simply has you agree not to give away or sell any songs that you purchase.

    As for the economics you stated – that is a completely different issue. The fact that some people may not afford music that I can afford does not make them justified in being held to any other moral standard. If you can’t afford it, don’t buy it. Plain and simple.

  11. I have no problem with this… however I really wish that apple announced this somewhere… I personally do not care, it’s just that now so many people are saying “apple is trying to trick us!”, even though this information can be easily accessed by right clicking on a track and selecting get info… stupid people getting angry at apple!

  12. You know… I check Digg regularly to be informed about whats latest in the tech world. I feel very sad that this childish, inflammatory rant is what got dug 921 times (at time of posting). Very sad indeed… I hope these kinds of loud obnoxious zealot posts aren’t what qualifies as news, woe is the future if it is. Anyway, I couldn’t care less… I don’t support companies using DRM, thats why I’m Apple and Vista (even Microsoft) free.

    I hope Digg raises its standards in future…

  13. Good article – I’ve been thinking exactly the same thing. I even remember before this happening people arguing for doing it this way instead of DRM as a way of discouraging illegal sharing. Now Apple do the smart thing and follow up on the idea, people bitch and moan.

    Alex – I think the price of the tracks is an entirely different matter. I agree the music is still too expensive (and it’s worse here in Aus, just for a basic DRM’d track it’s AU$1.69, which is US$1.40). Now that you can get DRM free 256k albums it’s plausible I’ll buy some music from iTunes, but it’s still overpriced so unlikely.

    “WHY AM I DEPRIVED OF MY BASIC RIGHTS TO GIVE AWAY SOMETHING I HAVE LEGALLY ACQUIRED ???”

    If you bought distribution rights to the music, you would have the right to give it away. But with an iTunes track, you haven’t bought that. You’ve bought the license to have a copy for yourself, that’s all. As far as I’m aware, the license doesn’t include the ability to transfer ownership to someone else. Embedding user data in the track is a way of enforcing this part of the license – if you don’t like it the license is what you have an issue with, not what they’re doing with the file.

  14. Alex,

    STFU you little whiney bitch, . . . it’s because the book you gave a friend cannot be invisibley duplicated, instantley to the entire world, you fucktard. A material product can be held and accounted for, your suck a choad

  15. I think that arguing over what Apple has done is a moot point. Someone who purchases music online chooses a vendor to purchase from and if they do not agree with the terms of the purchase they either (i) refrain from purchasing or (ii) purchase from somewhere else. The original article states that other provides do not embed this data – so if it is a big enough problem for you, go buy from someone else.

    HOWEVER, i do have a problem with Apple’s non-disclosure of this practice. In a sense, Apple has nullified it’s own EULA by not notifying the purchaser of what appears to be an important part of the deal. The question is: if a reasonable person knew or ought to have known that apple was embedding this information in a music file would the purchaser have changed his or her decision? Maybe some would, maybe some wouldn’t, but nonetheless this disclosure was important enough to make READILY KNOWN to a purchaser at the time of purchase (including it in passing on line 13,249 in the EULA isn’t sufficient in my opinion). That, i have a problem with.

    I have to disagree with your comment about this not being an invasion of privacy, simply because a reasonable purchaser may not be aware that by purchasing this file his/her personal information is now embedded in the file. Be it an email address, a phone number, a name, we cannot be the ones to draw the line for an individual as to what is and what is not important.

    In this case Apple has crossed the line by not getting any sort of approval from or giving notice to the user. As far as i’m concerned, Apple could put your credit card number, a personal photo, or whatever they want in those files; however, that information must be disclosed plainly and you must have the ability to make a decision as to whether you would purchase the product under these conditions. In this case, it appears that Apple has taken the decision making power out of the consumers’ hands and that is what i have a problem with.

    (All i’ve read on this issue was this post, the comments, and the main article it links to, so if i’m way off base or missing important facts it’s a result of a lack of due dilligence and i apologize)

  16. @Rodney and Alex: I always used to write my name and email inside CD covers and books I bought, and it never stopped me from reselling them, giving them to a library, etc.

    You can give your unencrypted AAC files to ONE PERSON legally, if you delete them. The fact that your name and email is embedded is no privacy breach unless your benefactor didn’t have this information already (unlikely). But if you share this content on P2P, you aren’t “giving away something you legally acquired,” you are distributing multiple copies of something you only have a license to make copies of for yourself.

    As for prices proportional to income, that’s just commie “from each…to each” BS. If you can’t afford something like a music file or a software application, you have no right to make someone give it to you freely. Make your own music, install Linux, and quit your bitching.

    Give me an argument about third-world drug prices and I’ll meet you halfway, but there’s a big difference between life-saving AIDS medication and some poor slob in the desert feeling depressed because he doesn’t have 99 cents to watch the season finale of Desperate Housewives.

  17. @Rodney and Alex: I always used to write my name and email inside CD covers and books I bought, and it never stopped me from reselling them, giving them to a friend or a library, etc.

    EULA aside, the Right of First Sale says you can give your unencrypted AAC files to ONE PERSON legally, if you delete them, when you tire of them. The courts have already sided with consumers on this issue w/r/t DVDs, CDs, and software licenses, I don’t expect AAC files to play out any differently.

    The fact that your name and email is embedded is no privacy breach unless your benefactor didn’t have this information already (unlikely). But if you share this content on P2P, you aren’t “giving away something you legally acquired,” you are distributing multiple copies of something you only have a license to make copies of for yourself.

    As for prices proportional to income, that’s just commie “from each…to each” BS. If you can’t afford something like a music file or a software application, you have no right to make someone give it to you freely. Make your own music, install Linux, and quit your moaning.

    Give me an argument about third-world drug prices and I’ll meet you halfway, but there’s a big difference between life-saving AIDS medication and some poor slob in the desert feeling depressed because he doesn’t have 99 cents to watch the season finale of Desperate Housewives.

  18. Music was around for years before the internet, and will be around as long as people are around.

    Music just ain’t music unless it is shared.

    I couldn’t care less about the music business, and a true lover of music, musician or otherwise, couldn’t either.

    A friend asks me for a song, I will give it to them. Now Apple is the new Big Brother of music? This whole thing sucks.

    Screw them. Screw them all.

  19. i totally agree, in any cases, user always complane and wine of anything, but hay , it’s 256k. and those who wine , just go to limewire or p2p and downlaod what ever u used too.

  20. End of argument, this is not new.

    Your information is also in encrypted AAC files; it always was.

    Why complain now?

  21. Jimbo A friend asks me for a song, I will give it to them.

    Good for you. Now, why don’t you do that with your name proudly embedded in the files, would’ya and stop bitching.

  22. Why people keep worrying about someone buying a song on iTunes and then sharing it on p2p networks?? Come on… If you’re on a P2P network, why the hell would you buy a song from iTunes if you could get that for free there first of all? You wanna help apple to get into music business perhaps?

    Then, what’s the probable scenario we will face: I steal someone-who-I-don’t-like mp3 files which actually contains its username and etc embedded, then I upload it to a P2P network, and suddenly the RIAA send the troops out to put that guy down, bing! The best part is: after the file is uploaded and kept online by other persons, you don’t have to stay online, so your IP address will not be known. How hard can that be for me to do it this days? Barely not hard at all, a backdoor program on victim’s computer and it’s done. A unsecure chroot-escalable webserver and done. Hey-can-I-use-your-computer-for-a-minute and it’s done. Hacking a neighbour wifi connection, accessing his computer’s shared folders and upload his songs using his IP address, how about that? I know you guys never had a neighbour like this…

    Now you’ve gotta watch out for your music files just like you have to worry about your credit card number, it’s secret and etc…

    We all know they’re worried about people uploading itunes bought songs on p2p networks, but since they’re selling a worsened versions of the songs, it’s best to keep with the p2p downloaded one… Then we’ve got back to 0.

  23. There was a study recently that showed those very religious or political, when shown info supporting the ‘other side’s’ argument were using a different part of their brain when evaluating that message. They used their emotional wiring rather than there rational wiring (paraphrasing) and therefor were incapable of seeing the facts in front of them. This all just looks like apple zealots (I know I used to be one too) defending a ridiculous point of view with there emotions rather than their rational side (ya sure flame me). Embedding private information without telling you is wrong anyway you cut it. The outcry is proportional, not as bad as what happened with Sony and the rootkit (since that was alot worse then what aple has done), but still a fair outcry IMHrationalO.

    Everyday 100,000s of people take music CDs out from their local libraries, they do whatever they want with the digital data on that CD (no different than the digital data from iTunes (except of course it is better quality on the CD), yet our public libraries which have all the info on us as we take out a CD, don’t try and do the RIAA bidding by infringing on our privacy with our private data. Why is apple?

  24. You call that a rebuttal? I hear only ranting in the background. Music ARTISTS make the majority of their profit through shows and make minimal returns (out of what a person has to pay) from purchased music.

    There’s no need for the big companies acting as greedy money-mongering whores, who eventually lead an artist by the nose to ruining his/her/their music.

    Acquiring music through pirating (arrrrrr!) hurts the record companies. That is a respectable goal for anyone, to hurt corporations that are only vestigial remnants of greed ruining art.

    Lastly, I enjoy music because it is an Art. I want to appreciate it as an Art. Music should be shared as any of the Arts should be shared, so that society can enjoy and benefit from it. Not so most of society can be forced to pay so no respectable members of society benefit or enjoy it without paying a price.

  25. Stop being such whiny little Apple bitches. Just because put “so what” in the title, doesn’t make the matter any less important for consumers. Were you also saying so what when Sony’s CD rootkit was revealed?

  26. Good! They’ll know where to return it.

    They just STOLE it you retard, why would they want to return it ?

  27. I just gave out my email adress to reply here that I agree, but now all my personal data is out because the geeksrus-website knows my email adress and that I came here through Digg… NNNNNooooooooooooooooooooooooooo!!!!!!

  28. Some of you are missing the point. The reason these tracks are DRM free is to enable you to put them on any device you own. Its to make things easier for you. All of my music is DRM free but I don’t see why peopkle are complaining that this data is embedded into the track. Why not just burn a CD and rip it again like before if you want to give it away or share it. Thsisi business and some minimum protection for EMI and Apple must exist. If that protection is a few bits of info that I can erase by simplty burning a CD or transcoding in another app, whats the big deal about? Its not like they are somehow monitoring your activities because they already know what you bought, when you bought it and if you use iTunes they know what your browsing before you’ve bought it. Its true, Alex you are a whining bitch. Sonys Rootkit was a hardware measure, this iTunes method is a software (just) precaution easily circumvented just like full DRM

  29. Why do you guys keep comparing to the sony rootkit? This info is info you guys leave on every site you visit including this one when you post. It does not have the potential of giving other people access to your computer, it gives away your email and name, so what? Also its only if you share the music you download that anyone else will see the info. Yes the stolen ipod case has some merit, but hey if they stole you ipod they probably also stole the backpack or wallet with the business cards you readily hand out to anyone who feel like taking it.

    Also the Library argument on CDs, is quite thin. Do you think Libraries pay the same for a CD as you and me? Atleast here where I live the libraries pay premium (for the record companies) prices for CDs exactly because people can do whatever they want with them.

    I truly think this is a storm in a glass of water.

    Just dont share your files and let people run off with your ipod and you should be good

    Rasmus Lauridsen Randers, Danmark

  30. Arrrg me sense fresh booty ahead!!!! arrrrg no more copy restrictions ,polly and i think today is a good day to be a pirate!avast yee!!!

  31. This is a mistake the same mistake they’ve been makeing for a while, they treat music lovers as criminals.

    This “Ok but we have our eye on you” is loaded with mistrust. This assumes guilt. These are customers, supposedly valuable, and in any other context they are.

    This is about control, power not economics. No one is competing for your dollar, they are trying to control you. Where is the free market on this issue? If I had the choice between information embedded and not, I would choose not.

    The sad truth is that the stolen product is still more desireable than the legitimate one. Sad.

  32. This is just encouraging new ways for the RIAA to go after alleged infringement. This isn’t about apple caring if you copy it anymore but the RIAA’s ability to produce lawsuits which there will be no facts for.

  33. Yes this article is totally a giant rant. Hey, on another note.. you know what you could also do? By music from places that don’t embed anything into your song files. By DRM FREE and support the artist, not the label.

  34. If piracy is the concern, there are more subtle ways to embed a unique identifier than ones name an email address. Apple dropped the ball in that sense.

  35. Sony’s rootkit caused serious problems in the operations of computers. It also installed an application on your PC that you weren’t aware of. This prevented ripping the audio to your computer for FAIR USE on other devices.

    Comparing Sony’s rootkit to Apple’s embedding your username and e-mail address in the music file is utterly stupid and is a completely invalid comparison.

  36. @Jimbo: You are a douchbag.

    “Now Apple is the new Big Brother of music?”

    C’mon. You CAN still share your DRM-free iTunes songs with your friends. Just know that your personal information is contained in the file. iTunes and Apple do NOT check to see if you’ve done this.

    How is this Big Brother, you ass?

  37. So, I guess you don’t mind if I go digging through your garbage to get all of your receipts then?

  38. Umm, your account info has been in iTunes purchases from day one. Nothing has changed here.

    If you don’t want your personal details embedded in a song, use a fake account. Purchase iTunes gift cards so as to not use your credit card. This ain’t rocket science folks.

  39. Step one copy the drm free music from any of your computers via a backdoor or physical access step two upload, step three watch mayhem.

    Interesting things happen when an attempt is made to force ideals / specific morals upon the masses .

    aside from which, how hard can it be to strip out the info …….

  40. Whatever: If you are addressing me, no, because I shred them. Those have more information tied to my home than my email address and name. My name you can find from a number of free sources.

Comments are closed.