Apple iTunes Plus Borders on Spyware
Wed May 30, 2007 10:26PM EDT
See Comments (41)
Well, I figured something like this would happen. I've written previously about Apple's gracious offer to let you pay an extra 30 cents each for tracks without DRM, but now something more sinister is afoot: When you buy those tracks, it turns out they are tagged with your iTunes user name and your email address.
The iTunes Plus store opened today to mixed reviews and lots of bugs, but it wasn't long before Ars Technica took a look under the hood of those files. And there it is: your account data, for the world to see. (Old, DRM'ed iTunes files contain account info too, but they're useless to file sharers.)
The privacy implications here are enormous. This is obviously a ploy to keep DRM-free files from ending up on file sharing networks (and to make it brainlessly easy to sue those who do share their music), but the reality is far worse than that. Clever P2P users will simply delete the data in the files and go on sharing the music. More clever ones will forge different email addresses and account names into the music, then share the files. It won't be long before the first RIAA subpoena is delivered to someone on the basis of a forged email address found in an iTunes track. Maybe it'll be you. It'll be up to you to prove you didn't download the track in question.
Sorry to be the bearer of doomsaying news, but there's just no reason that Apple needs this information embedded in music files. There's nothing to be gained from it and everything to be lost, as the last thing digital music needs is more bad press. But here's yet another reason to avoid these tracks. (In related news, no one seems to be able to tell the difference in quality vs. the old 99-cent tracks, anyway.)
Also, I'll let you know when someone delivers a utility to strip personal info from iTunes tracks. I figure it'll be a week or two at the most.
Comments on Apple iTunes Plus Borders on Spyware
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by middlenamefrank on Thu Sep 3, 2009 7:19PM EDT Report Abuse
From what I've read, it seems like the data is pretty easily read (i.e. it's not encrypted or anything), which should make it easy to modify as well. I say iPod users (which doesn't include me, for reasons including iTunes' use of DRM) should universally spoof the email address to "SJobs@apple.com". That way, if they ever try to prosecute people, we can always ask why they aren't pursuing their own people.
-
3 Posted by hmjulien3 on Thu Sep 3, 2009 4:19PM EDT Report Abuse
Ugh...I'm nauseous. It just doesn't end.
-
4 Posted by binaryspiral77 on Thu Sep 3, 2009 3:08PM EDT Report Abuse
Uh, this isn't new. Every single one of your DRM'ed files has your name and email address embedded. If you use jhymn or other drm stripping software - it scrubs your info from the tracks also. But then again - the ones we can see are most likely decoys to keep us from looking deeper in the code. I don't share music - I just like to keep my options open if my iPod dies, I don't want to be forced into buying another one. I paid for the darn music.
-
5 Posted by scifiterx on Thu Sep 3, 2009 9:08PM EDT Report Abuse
Wouldn't spyware insinuate it sends information back? Since I've seen absolutely no evidence it does. I'd say it's more of an involuntary receipt meaning it sits on your machine and does nothing but can look incriminating to the stupid repair tech who is nosing around your playlist when he's supposed to be fixing stuff (possibly to pirate the stuff for himself).
-
6 Posted by fjmeckel on Thu Sep 3, 2009 4:00PM EDT Report Abuse
"No one seems to be able to tell the difference in quality"??? OK, maybe nobody is listening to the music on anything but an iPod in a loud environment with stock earphones. I have been waiting for this for a while. I have not been buying much at $0.99 because it was compromised music. I don't care if the tracks carry my data. I don't share them. Why should legitimate users care if their tracks carry that personal information any more than if their shirts are embroidered with their initials? If you plan on staying legal, there is no problem whatsoever with this system.
-
7 Posted by dale7106@sbcglobal.net on Thu Sep 3, 2009 3:34PM EDT Report Abuse
Big Brother=Apple? hmmmmmm Always thought it would be the government.
-
8 Posted by andyam6 on Thu Sep 3, 2009 2:54PM EDT Report Abuse
hahah i can see it now.....apple accidentally sues self after hacker groups use emails of apple employees
-
9 Posted by markmountain1 on Thu Sep 3, 2009 7:08PM EDT Report Abuse
Does it remain when the track is burned to disc?
-
10 Posted by s_dincolo on Thu Sep 3, 2009 9:53PM EDT Report Abuse
But your allowed to use p2p sharing assuming you allready own a copy of the songs in question. So its preventing legal users there rights to share there music. I have never liked apple though, so its no big deal to me. I think its funny they enjoy shooting them selfs in the foot.
1 Posted by gecampbell on Thu Sep 3, 2009 4:07PM EDT Report Abuse
It's not exactly "there for the world to see" unless you (illegally) provide your music to someone else.