Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Privacy Media Music

Privatunes Anonymizes iTunes Plus 176

Posted by CmdrTaco
from the i-don't-know-if-anonymizes-is-a-word dept.
njondet writes "French-law.net reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."
This discussion has been archived. No new comments can be posted.

Privatunes Anonymizes iTunes Plus

Comments Filter:
  • by daveschroeder (516195) * on Wednesday June 27, 2007 @08:40AM (#19662175)
    From their site:

    5 reasons to erase private information from my legally acquired iTunes Plus library:

    Yeah. A name and email address. On an electronic file that you purchased. In name and email address fields in the clear. How...wrong.

    1. Am I still a child who needs his pencilcase and schoolbag tagged with my name?

    Utterly irrelevant to the discussion.

    2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

    It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

    3. I just have a thing for privacy. Is it dirty?

    No, but it's dirty when you think everything is automatically an "invasion of privacy".

    4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

    How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

    What if the EU mandates a system for returns and refunds someday from the iTunes store? Wouldn't your account name and email be an easy way for normal individuals to return songs? And before anyone says, "Well, it should be encrypted, then," can you honestly look at me with a straight face and tell me you wouldn't be even more upset that Apple was including unknown personal information, encrypted, in each song bought from iTunes? If it's there at all, it's actually preferable that it's plaintext, because then there are simple ways to remove it without anyone being able to claim that you're breaking some law for removing encrypted information or some other ridiculous thing.

    "But it shouldn't be there in the first place."

    I know, this is the part is a difficult situation since it is mandatory for all persons on earth to purchase from only the iTunes store. If only Apple didn't force you to buy no-DRM songs from iTunes.

    Oh, wait...

    5. I thought good customer-seller relationship ment something like... how do they say, "trust' ?

    Why do you assume that an electronic item you purchased yourself from the iTunes store having your name and email address embedded in internationally standardized MPEG-4 atoms intended exactly for that purpose somehow equates to lack of "trust"? "Trust" to do what?

    I thought the main argument against DRM was so that we could use our files anywhere we wished, on any device we wished. Now we can. Sure, it has your name and email address in it. It's not hidden. It's not a secret. It doesn't matter if most normal users don't realize this. It's still not hidden, nor is it a secret. Most "normal users" don't "realize" a lot of things.

    And from the summary:

    However, the claim that this software is perfectly legal will surely be tested.

    Tested by whom or what? For what purpose?

    The software is perfectly legal. Why is this even in doubt? It's a file with no DRM, and you're removing text that is IN THE CLEAR, IN PLAINTEXT in the file that YOU BOUGHT. Removing it by ANY MECHANISM is perfectly legal in any jurisdiction I can think of.

    No DRM means just that: no DRM. No encryption. No reverse engineering. No DMCA provisions. Etc.

    If you want to make an anonomyzing tool, great. But don't puff it up to be more than it is.

    Again, my favorite quote that sums up the stupidity of the outrage over a name and email address being in a file you purchased, from a Gartner analyst:
    • Re: (Score:3, Insightful)

      by sqldr (838964)
      Mod parent up. Apple extends a hand of trust to its users, and some idiot comes along and deliberately screws up the one argument I had against DRM:

      * I'm not trying to steal/share it, I just want to be in control of it.

      I was quite happy to put my name in there if it's enough to keep the music producers happy.
    • He's not trolling or attempting to incite a flamewar. He's making several perfectly valid points about the knee-jerk reactions to Apple's DRM-less iTunes files.
      • Actually, I'd say he's trolling and trying to incite a flamewar by making valid points about the knee jerk reactions to the Apple embedding peronal information in DRM-less files downloaded from their store. This is slashdot, after all.

        And, quite honestly, unless the intent is to track the propagation of the files across the internet and be able to identify the source of the propagation, there's no realy reason to include the information - especially in plaintext. My take is that if you care about it, you s
    • Re: (Score:3, Insightful)

      by Red Flayer (890720)

      The software is perfectly legal. Why is this even in doubt?

      Because US courts have ruled that a service provided for the purpose of breaking copyright is liable for civil damages (see Napster, et al). While anonymization services are theoretically not there to encourage copyright violation, it could be argued that this is exactly the purpose of this software -- a lot would fall to how the software is advertised.

      As for this being illegal, note that copyright protection applies to media regardless of whether

      • by Blakey Rat (99501)
        It would be a looong stretch to say that because Apple and/or the RIAA added your name and email address to a file, they now have copyright protection over your name and email address. You're also making the same assumption of the original article that the purpose of adding that information was to prevent copyright infringement... maybe Apple was just filling up the name and email fields that already existed in the file format because they have a thing for completion. No court in the land.
        • Re: (Score:3, Interesting)

          by Red Flayer (890720)
          I think you misunderstand my point. It's not that Apple/RIAA et al now have copyright on your name, what is relevant is the copyright on the media.

          You're also making the same assumption of the original article that the purpose of adding that information was to prevent copyright infringement...

          What Apple/RIAA et al intended by adding the user data to the media file is immaterial. What matters is the intent of the company that wrote the software to strip the data. If they intended to facilitate illegal d

          • by Blakey Rat (99501)
            Fair enough, you obviously know more about the law than I do. But the fact remains that the service this software provides is stupid and pointless, so if they get sued out of existence it doesn't really matter, does it?
            • Well, two issues that I think are of concern:

              1. It's a french company, I'd hate to see American law used as justification for a company overseas to get destroyed.

              2. It would further cement the undue influence the media cartels have over the US judicial system. It's a little more tenuous than Grokster, but a suit against Privatunes could be upheld, in which case there is further precedent for anyone connected in any way at all to copyright violations to be held liable.

              One little step at a time, that's h
          • Re: (Score:3, Insightful)

            by MattW (97290)
            You're not a lawyer, but you play one on Slashdot?

            Give me a break.

            Napster facilitated infringement, because it built lists of files people had available for transfer and facilitated connections between users, and made them searchable. Napster HAD a substantial noninfringing use, and that's where intent came in; courts believed that Napster was intended to facilitate infringement.

            This file stripping does not facilitate file trading. You can already trade the file just as easily without stripping atoms which
            • This file stripping does not facilitate file trading. You can already trade the file just as easily without stripping atoms which would identify you.

              Yet it facilitates illegal file trading (i.e., infringement) by making the file all but untraceable -- note how it is marketed specifically for sharing music. This reduces the risk of being caught, hence facilitating infringement. The case CAN be made -- and thus it WILL be made, and I think it has a rather good chance of success.

              I wholeheartedly disagree wi

      • by Pofy (471469)
        >Because US courts have ruled that a service provided for the purpose
        >of breaking copyright is liable for civil damages (see Napster, et al).

        And here I thought that the program came from France on a French website talking about French issues for French people and then you bring up US laws... Oh well.
        • Sure, because a program made in France is impossible to use in the US. And because Slashdot is (like it or not) a US-centric site.
          • by Pofy (471469)
            So a French site that turns to French Speaking French people should make sure all and any of its information is correct and relevant for every country in the world? Just because this is a US site doesn't mean that someone commenting on something in another country and argue about what is said on such a page is correct or not based on US laws which was the point I made. It is quite irrellevant. The Original poster commented on the French information which obviously is about Frnech law, so it is quite irrelle
    • Re: (Score:2, Insightful)

      "4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister??? "

      But surely this software proves how easy it is to change such details anyway...there's no reasonable way you can use a plain text, easily changed header as evidence for any prosecution...otherwise I could load up a load of songs with people I don't like and stick them on P2P.

      • Re: (Score:3, Insightful)

        by Afecks (899057)

        there's no reasonable way you can use a plain text, easily changed header as evidence for any prosecution

        Who said prosecutors are reasonable? It seems you are a little too idealistic. The attitude "justice will prevail" is a good one to have but fairly stupid to rely solely on that without protecting yourself.

        According to your logic, we should just let the system take it's course. Eventually after we get sued for distributing copyrighted music, spend money on lawyers and miss work to fight a legal battle, justice will prevail.

        Now who's being unreasonable?

    • by djupedal (584558) on Wednesday June 27, 2007 @09:21AM (#19662685)
      The issue isn't 'what' Apple's process involves, it is 'how' Apple has to date failed to apply an otherwise seemingly transparent privacy policy [apple.com] by telling users about it. Apple states their policy has not been updated since 12.2004 - they need to simply add verbiage explaining that certain basic (personal) information tags are routinely created and embedded withing EVERY song in your iTunes library. Disclosure - transparency - fair...simple. Done.

      BTW...if you wish to strip said info for whatever reason, these are the atoms you need to target:
      • (apID)
      • (cprt)
      • (iods)
      • Not every song, just the songs purchased from the iTMS. For the great majority, that's only a tiny fraction of their library.
    • by Blakey Rat (99501)
      When this crap first came out, I saw that Gartner quote. And my first reaction was, "do these morons realize that iTunes syncs your address book by default? And your own address is in your address book?" Why would the thief have to extract the music file from the iPod (something that isn't trivial for the layman) and go through all the effort of finding the ID3 tags and reading the name, when they could just get the *address* from the iTunes interface?

      Not to mention, if he's worried about a stolen iPod, ima
    • by ScriptedReplay (908196) on Wednesday June 27, 2007 @11:37AM (#19664613)
      To get this out of the way, I'll say that while I don't necessarily approve this program as the answer, I agree that privacy concerns exist with the currently-embedded metadata. Now, to your post.

      2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

      It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.


      To quote your previous line - utterly irrelevant to the argument. WTF has gratitude to do with privacy here? FWIW I think this is one of the places were his list makes something of a point and by an interesting coincidence you're being disingenuous about it. Perchance it's more difficult to refute than the dumb arguments? [In more detail, in case you were actually honest about trying to refute the point, let's expand on it: second sale doctrine allows resale; DRM made the resale worthless, which is OK with SSD, but no-DRM changed that. Now, assuming I do resell - pennies for a dollar is good enough for some - I no longer have control over what the new owner does with the track. Assume they have the 6yr-old step-sister that puts it on p2p and lawsuit-happy RIAA finds it and sues me. Now, I might prevail if I get to prove that I no longer own the track, but that will be tedious at best. And since the case can be viewed as a honest one, I doubt I'd get them to pay attorney fees. So it makes sense to try and prevent such a development, don't you think? Here's 2 that says you would have had a better argument questioning the legality of selling the anonymized version of the file instead of the original.]

      4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

      How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?


      Well, you certainly look like you have an agenda here. While I don't agree with this argument from the "she did it, her guardian is responsible for not explaining things to her" perspective I don't see you making a valid argument either. Who cares what the 'official' reason is? could be "so that faerie pixies know where to come and make it sound better when you listen to the file" for all I care. If past behavior shows anything is that a system that can be used for a corporation's profit will be. Any argument that a RIAA lawyer can bring to court will be brought - why, look at what they used so far, something like "metadata says you purchased this song" is positively incriminating by comparison. And again, what changed is that a 'stolen' track now can be actually useful for whoever steals it without any reprocessing (which would have stripped most of metadata anyway) so the risk of your info making it on p2p is higher. And about standing up in court, you seem to conveniently forget that the likes of RIAA don't much care how valid their argument in court is if they can threaten you with an expensive lawsuit that in itself will make you settle. Please wake up to the 21st century paradigm shift in lawsuit strategy - you don't need a valid argument to win, only enough money compared to the other guy. Reminds me of the winning strategy for coin-flipping games, actually.

      I won't repeat the argument for your 'rebuttal' to the Gartner analyst quote. You should have gotten the drill by now - and if not it would be pointless repetition anyway. What I would like is some link to back up your claim that no steganography is used - for a guy who revels in placing links all over his posts that one is conspicuously absent. Mind you, I'm not asserting it's untrue, but I will beg to be excused if I won't take only your word for it.
    • I generally agree with you, the owners name being tagged to the file is a fair compromise between the interests of the labels and the interests of the customer. It's parallel to the serial number on a gun: If you are only ever going to use it legally you can forget that it is there. If you file it off, you are doing so to allow for misuse.
    • by Jesus_666 (702802) on Wednesday June 27, 2007 @03:13PM (#19667695)
      "Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner."

      ..............

      Wow. Just, wow. I don't even know how to respond to that.


      You don't see the problem? Okay, let's think through a little scenario here.

      Someone steals your iPod. Because of the owner tags, they now have your e-mail address and name. Using Google and Google Maps, they locate your home and plan on breaking in. However, since your last name is Schroeder, which sounds German, they will assume that as a German you are automatically dangerous, so they'll get some guns to shoot back in case you charge at them with a rifle. Now, there's the issue of the German Shepherd - it doesn't have the name for no reason; the assumption that an armed and dangerous German has an equally dangerous guard dog as well is not far-fetched. So they need some fast guns to keep the fast-moving combat-trained canine in check. However, in order to pay for the MAC-10s the gangsters have to indebt themselves to the local mob, which means that now they're desperate. It is worth it, of course, since someone like you who can afford to express his taste with an iPod will obviously have a home full of high-quality A/V equipment and various expensive pieces of art. On the other hand, someone with possessions as prized as yours will invest in state-of-the-art security, possibly including armed and trained security personnel. As some puny machine pistols won't help them in this case and it was you who started this arms race when you gave those overzealous rent-a-cops guns and let them play cowboy on your property it's time to bring out the big guns just to pay you a lesson. So they also go to the Russian mob and acquire some Soviet-era RPG-29s, AK-47s and a T-72 main battle tank, hoping they can breach your defenses before you get to launch that V2 your father hid in the back yard in the 1940s. Just in case, they will also try to bring a General Electric M134 Minigun.

      What started as a simple iPod theft has escalated into a full-scale war just because Apple had to tag your music with your name and you think everything's handy-dandy? I wouldn't want to live in your neighbourhood - the smoking, charred remains of it.


      Escalation: It's not just for privileges.
  • Unbelievable. (Score:4, Insightful)

    by SatanicPuppy (611928) * <Satanicpuppy@@@gmail...com> on Wednesday June 27, 2007 @08:41AM (#19662187) Journal
    This just pisses me off. Who really cares besides people who just want to immediately dump the file straight to a filesharing network? So it's got my name and email embedded in the file? So what? Apparently unlike a lot of people who are interested in this service, I'm not planning on sending the files to anyone, and if I burn someone a mix CD, the info will be stripped when it's converted to CDA anyhow.

    So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

    So do I actually care that my info is in the file header? Hell no! It's my goddamn file, it should have my goddamn name on it! And if I wanted to go breach some copyright, I'd at least have the stones to strip the info myself. How fricking lazy do you have to be?

    When I wanted DRM-free music, I wanted it because I fricking hated not being able to listen to my damn music wherever the hell I wanted to without jumping through hoops. I've got that, and that's all I care about. Far as I'm concerned the service is fine (though a bit pricey).
    • by niceone (992278) * on Wednesday June 27, 2007 @08:46AM (#19662253) Journal
      They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

      I have avoided that problem by engraving "Anonymous Coward" on mine.
    • Re:Unbelievable. (Score:5, Interesting)

      by UbuntuDupe (970646) * on Wednesday June 27, 2007 @08:52AM (#19662317) Journal
      My question is, why encode their name and all, like that? Why not put some random number in, and then have some table that only Apple has, that matches that number to their information? Or would that be just as bad from the privacy standpoint? "Hey, someone might steal my iPod, extract the random number from the file, break into Apple's database, look up my information, and then have all the information they need to use my now-canceled credit cards or report me for illegally-shared files."
      • Re:Unbelievable. (Score:5, Insightful)

        by Telvin_3d (855514) on Wednesday June 27, 2007 @10:03AM (#19663249)
        Why? Because then people would be up in arms about apple tracking them based on some secret hidden number embedded in their songs. hackers woudl make big announcements about having located the secrect customer ID number and everyone would bash them for including it in the first place. And I would be replying to someone on /. who was asking "well, if they wanted to keep track of who had bought what, why didn't they just include the name or e-mail in plain text or something?"
      • by sl3xd (111641) *
        My question is, why encode their name and all, like that?

        News flash: Putting the name & email of the person who bought it into the iTunes song isn't some bolt from the blue. Apple has always put the name and email address in every iTunes download, from the first day the iTunes Music store opened in 2003. It's not a secret, nor is it something new and/or specific to iTunes Plus songs. It has always been there.

        A stolen iPod has the name and email address of its owner on it if that iPod had any song do
    • Re: (Score:3, Insightful)

      Ok, here's my take on it:

      My iPod has no identification markings... if I lose it, I write it off as a loss. It's an expensive habit, but I'm more paranoid than most. The only pictures I have on it are inside a knoppix encrypted disk. This is breakable with enough time (it's only AES-128) but I am comfortable that anyone stealing my iPod either doesn't have the knowledge/power to do this, or is already onto me for whatever I've done and I'm screwed anyway... so all you can see on my iPod at this point is an
      • This is breakable with enough time (it's only AES-128)

        Ummm... While AES-128 is indeed breakable with "enough time", (as are all encryption schemes other than a one-time pad), I don't think you will be around long enough to really care. Even at 2^64 operations a second, It would still take an average of 2^63 seconds to crack, or about 200 billion years.

        I would worry more about someone infecting your machine with a key-logger (hardware logger since you use Knoppix) or torturing you until you give it up.

        • It depends on the key. In OS X, for instance, File Vault uses AES-128, but it generates the key from a hash of the password. If you use a long pass-phrase, then it's fairly secure. If you use an 8-character alpha-numeric password then you dramatically reduce the search space required to brute-force it.
          • I'm not big on cryptography, and I know it would take a while, but what are those computations in terms of CPU ticks? (Dare I say it) Can we beowulf and get them faster? What about the VAtech cluster? Could it do anything with it in time? There are so many variables in this, to tell me its a few billion years is a bit vague, so could I please have some clarification.

            Thanks.
    • Someone steals my iPod and they'll be able to figure out my name?!?
      Someone steals your iPod/hacks your computer/whatever and spreads the music on p2p networks, prompting the RIAA to sue you to hell and back (if they have closed Gitmo by then, that is).
      • If someone steals my wallet I'll be in for far more bother than that. 5 credit cards, my bank account numbers, my drivers license, my insurance card which conveniently contains my SSN, actual money, my big ass list of systems passwords which are "encrypted" but which an intelligent person could read if they put their mind to it because SOME of the passwords were designed by morons.

        Hell, if they start sharing my music, I'd have a better chance of catching the bastard!
    • by ghoti (60903)
      Exactly. It's like claiming that having your name and date of birth in your passport is a privacy issue.

      This is the kind of reaction that will make the music industry reconsider this whole DRM-free thing, and certainly hurt other companies' moves in that direction. And it shows what's really behind a lot of that anti-DRM rhetoric.
    • Re: (Score:3, Insightful)

      by MC Negro (780194) *
      Excellent post, BTW.

      So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" eng

    • I'm not sure why it would piss you off that someone has released a free (as in beer, but soon to be released with source code, according to their website) app to clean out a couple of personal details in your music files? You don't have to download it or use it, but some people might want to. Not necessarily so that they can share the files on the Internet or anywhere else, but just for their own piece of mind. Atomic Parsley, which can be used to edit the metadata in mp4/aac files, has already had this
      • Strawman. Obviously I am out to steal your privacy and deny you encryption, because the ridiculous outrage attendant on some easily removed metadata pisses me off. Grow up. I never even suggested it should be shut down, that's just your read on the situation.

        What makes me angry are the people who have the sheer audacity to be pissed off that their DRM-free music has their fricking name on it. Not in it, not watermarked to it, no, just on it. It's the single biggest industry concession in the history of comm
        • by drinkypoo (153816)

          What makes me angry are the people who have the sheer audacity to be pissed off that their DRM-free music has their fricking name on it. Not in it, not watermarked to it, no, just on it. It's the single biggest industry concession in the history of commercial online file distribution, and it's a damn good one, a good faith effort.

          I don't patronize iTunes, but I find the labeling offensive, because there is no fucking point. It's easily removed, obviously, so it clearly provides no substantial benefit. In r

    • Privacy isn't the real concern in itself.

      The main concern I've had is that if someone finds my lost iPod or steals it, copies the files off of it and file shares it. Given the RIAA's propensity of suing people with only circumstantial evidence of file sharing, it's not really a risk I want to take, and I don't want them to find files "linking" me to trading that I didn't do.
  • If you want to upgrade your 256 kbit/s AAC to lossless in a couple of years then leave the proof of purchase IN your iTunes Plus tracks. It enables iTunes to tell that you bought the track from iTunes Store. If you use this app on your iTunes Plus tracks you will be buying lossless for full price like a newbie.

  • France folks, FRANCE (Score:4, Informative)

    by rueger (210566) * on Wednesday June 27, 2007 @08:51AM (#19662301) Homepage
    IANAFL* but here come a 100 comments and criticisms based entirely on sketchy understandings of American copyright law, none of which have any relevance in France.


    * I Am Not A French Lawyer
    • by Aladrin (926209)
      Yes, because software and websites made in France can only be accessed from there, and therefore would only be of interest to the French. Good catch.

      How the hell did this get modded 'informative'? 'Interesting' or 'Under-rated' I could grudgingly admit that some people might find it, but 'informative'??
      • Yes, because software and websites made in France can only be accessed from there, and therefore would only be of interest to the French.

        Your sarcasm is noted and appreciated for its just value.

        But you seem to want the whole world to adopt and enforce US copyright and contract law...

        Beef.

        • by Aladrin (926209)
          Want that? Good Lord, no! I want the opposite. I want Copyright Law to be sane everywhere. So far, it's seems to be sane -nowhere-.

          I'm not against providing a bit of assurance to creators. But anything more than a few years is absolutely ridiculous. On the other hand, no copyright is just as ridiculous.
    • Re: (Score:3, Insightful)

      by aadvancedGIR (959466)
      IANAFL either, but from a french perspective, our copyright laws look so close to yours they were probably plagiarized.
    • Absolutely correct.

      The Ratiatum explanation http://www.ratiatum.com/news5257_EXCLUSIF_Privatu n es_pour_supprimer_les_espions_d_iTunes_Plus.html [ratiatum.com] is more pertinent that those quotes from http://www.privatunes.com/ [privatunes.com] that Apple Fanboy DaveSchroeder quotes in his first post (though I admit that the Ratiatum text is still less than elegant).

      Remembering that this discusses the case of a hypothetical French consumer, the most pertinent facts are:

      • if I download for a fee a file from iTunes, then I have bought it
    • You seem pretty confident about that. I'm not sure, but it seems possible to me that by selling its product in the US, the company establishes sufficient contacts for the US courts to assert jurisdiction.
  • Freely share? (Score:4, Insightful)

    by MMC Monster (602931) on Wednesday June 27, 2007 @08:52AM (#19662319)
    Freely share downloaded music from iTunes? Did they abolish copyright law in France? I had no idea!

    Seriously, while this software may be considered legal, there is little reason to use it unless you are planning to share your music or are deathly afraid of someone stealing your iPod or computer.

    Of course, if you are afraid of someone stealing your iPod, what security measures do you use against someone stealing your wallet? Are all your credit cards and your photo ID without your name?
    • Freely share downloaded music from iTunes? Did they abolish copyright law in France? I had no idea!

      Well, seeing as the current law stems from an absinthe dream Victor Hugo had... On a more serious note, it's perfectly legal in most European countries to share music with a few friends, the exact number varies from country to country. Now, you mail a friend a copy of a song, he sends it on and suddenly the local version of the RIAA tears you a new, roomy, asshole. It's all fun and games until information gets on the loose, isn't it?

  • What's not "private" about files stored on your own hard drive? Everyone else's drive is beyond the boundaries of fair use, so they won't ever show up there, right?
    • But what happens when you "accidentally" dump your whole music folder to a p2p network...Why, someone might sue you, just because you infringed on their copyright! Typical Apple! They hate everyone but big business!

      Blah blah blah. This shows you who is really in it because they hate the inconvenience of DRM, and who is just too stupid to figure out how to share music with easily cracked DRM on it.
    • by Dog-Cow (21281)
      Either it really is a Powerbook, in which case you wouldn't bother "correcting" anyone, or it's really a Macbook Pro. As the latter is more likely, you are just a fucking asshole that is so married to a fucking marketing term that your life has absolutely no meaning what so ever.
  • by richardtallent (309050) on Wednesday June 27, 2007 @09:11AM (#19662547) Homepage
    I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.

    Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?
    • by Dog-Cow (21281)
      It might not be nice, but it's not illegal for AT&T to peek at traffic going over their network(s). The illegal bit comes with sharing it with the Government, as the Government is supposed to require a warrent for this type of thing. I do agree that it's morally reprehensible in any event.
    • Do you right your email address in your books too?
      • Uhm, yes, actually. If I lose a book somewhere, the finder has a way to contact me.

        My web site URI, home address, email addresses, and phone numbers are all published. I'm not a celebrity, so I don't consider these "private" information.

        If iTunes were storing biometric information, passwords, SSN, etc. in the files, that's a problem, but this is equivalent to writing your name on a CD or engraving it on some piece of equipment you might resell someday.
    • by eth1 (94901)
      The difference between having your name in an mp3 that you sell, and having your name in a book that you sell is that with the book, it's rather obvious that it's the original copy. Not so with the mp3. How do you know the guy you sell it to won't put it up for sharing? You'll be the one that gets sued.
      • by gsslay (807818)
        Oh God, this is just so ridiculous a line of argument.

        Hands up here one person who has sold on an MP3 then deleted the original. Let's not even start worrying about whether it's legal. C'mon. Let's get an idea of the size of this previously unheard of second-hand market in MP3s.

        ........ Anyone? .....

        As I thought. No-one. So this nonsense whining about the dangers of your email address being passed onto some third party and thereafter onto the P2P world is one enormous pile of steaming BS. It's all

  • by Mikey-San (582838) on Wednesday June 27, 2007 @09:29AM (#19662791) Homepage Journal
    Note: The following comments are made without any knowledge of French DRM, privacy, or consumer laws. As a result, this post isn't commentary on legalities. Just idiocy.

    Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.

    Apple finally gives nerds what they've been shouting for--higher-quality DRM-free songs--and this is how the community responds? By anonymizing purchased music so people can pirate it? These guys are class-A asshats.

    Last month's revelations that the DRM-free files on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns.

    How is someone supposed to steal the name and e-mail address from songs you aren't passing around to all of your buddies and the Internet? Oh, wait. Hasn't the Apple ID info been inside iTunes tracks since the beginning of the iTMS, anyway?

    • by TubeSteak (669689)

      Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.
      If that quote didn't include the word "share" would you still have a problem with it?

      Because AFAIK, trading digital files is no different than trading pokemon cards or pogs.
      • Re: (Score:3, Informative)

        by jb.hl.com (782137)
        trading digital files is no different than trading pokemon cards or pogs.

        I'll bite. Trading (copyrighted) movies, games, music etc is different from trading Pokemon and Pogs for the simple reason that Pokemon and Pogs are sold with the explicit intention that they be traded and spread across a wide audience. CDs, DVDs and games generally aren't.

        Not to mention, since when did anyone you know "trade" MP3s (as in send someone a music file, then delete their copy)?
  • ...at whoever thinks this eliminates all traces of your identity from a file. Your info could be encoded 50 different ways in the file, and if this app only scrubs 49 of them before you send the file to your friends on BitTorrent -- and seriously, what other point is there to this? -- then you're still hosed.

    • by brunascle (994197)
      unlikely. i'm pretty sure in an earlier article, someone posted a link to some guy that compared the media portion of the same file purchased twice, with two accounts, from iTunes plus (anyone have the link?). they were identical, so there's no steganography involved. the only other way is the metadata, and people looking at the metadata will find anything else that's hidden there.

      it's pretty easy to check. diff file1 file2. if there was anything else fishy in the files, i'm sure we wouldve heard about i
  • by vtkstef (97506) * on Wednesday June 27, 2007 @09:55AM (#19663127)
    the method name is CleanAppleM4aPersonalData(). Here is an example on how to use it:

    #!/usr/bin/perl
    ##
    # A N O N C P . P L
    #
    # a script that takes the unix cp file specification options
    #
    # perl anoncp.pl source_file target_file
    # perl anoncp.pl source_file ... target_directory
    #
    # which reads the source file(s) and copies them to the
    # destination stripped of all the user identification gunk
    # that apple adds on iTunes "DRM free" songs
    #
    # NB: make sure you install the latest version of the
    # most excellent Audio::M4P::QuickTime perl module.
    ##

    use strict;
    use warnings;

    use Carp;
    use File::Basename;

    use Audio::M4P::QuickTime;

    my $usage = q{
    usage:
            perl anoncp.pl source_file target_file
            perl anoncp.pl source_file ... target_directory
    };

    @ARGV >=2 || croak "not enough files specified", $usage;

    my $destDN = pop(@ARGV);
    my $destFN = $destDN if (! -d $destDN && @ARGV == 1);

    $destDN = dirname($destFN) if( $destFN);

    -d $destDN || croak $destDN, ": is not a directory", $usage;
    (-r $destDN && -w _) || croak $destDN, ": cannot access ", $usage;

    $destDN =~ s{ (?new( file => $m4aFN);
            $qt->FindAtom("mp4a") || croak "$m4aFN: not a mpeg 4 file\n\t";

            $qt->CleanAppleM4aPersonalData();

            $toFN = $destFN ? $destFN : $destDN . basename($m4aFN);
            $qt->WriteFile($toFN);
    }

    0;

  • by dpbsmith (263124) on Wednesday June 27, 2007 @10:11AM (#19663355) Homepage
    ...so that when the jackbooted RIAA thugs break down my door at 3 a.m. in the morning I can point to the embedded ID as proof of ownership.
  • Privatunes is aimed at guaranteeing the privacy of users but also rights as consumers to freely share and trade the songs they have purchased.
    Lack of DRM doesn't magically give you the right to "freely share and trade". May as well call it Piratunes.

  • The only problem with Apple including the name and email address in purchased music is that the iTunes UI won't let me filter on it for smart playlists! It's really useful information, and I want to be able to _use_ it to automatically separate the music that my wife buys from the music that I buy.
  • ...call them "privateers."
  • by Peter Eckersley (66542) on Wednesday June 27, 2007 @06:33PM (#19669839) Homepage
    The current version of Privatunes blanks out the name and Apple ID/email fields from iTunes Plus files, but it doesn't remove all of the fields that Apple, or a litigant subpoenaing Apple, could use to identify a user. There are two of those, marked sign and chtb, which I posted about here [eff.org].

    There are some other differences between copies of a track purchased by different users, but they're only a byte or three here and there. Probably still worth blanking. vbindiff on *nix (or a similar hexdiff program for other platforms) will show you these fields.
    • One other small point...

      Privatunes overwrites the name and email fields using blank space characters (0x20), but the field that contains the name is 0x00s. So it's still possible to see the length of the name and email fields.

      I don't think they'll be able to fix the email length leak without re-calculating the offsets in the chtb table.

No one gets sick on Wednesdays.

Working...