Privatunes Anonymizes iTunes Plus 176
njondet writes "French-law.net
reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched
Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com
explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."
A little self-important and misguided... (Score:5, Insightful)
5 reasons to erase private information from my legally acquired iTunes Plus library:
Yeah. A name and email address. On an electronic file that you purchased. In name and email address fields in the clear. How...wrong.
1. Am I still a child who needs his pencilcase and schoolbag tagged with my name?
Utterly irrelevant to the discussion.
2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).
It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.
3. I just have a thing for privacy. Is it dirty?
No, but it's dirty when you think everything is automatically an "invasion of privacy".
4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???
How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?
What if the EU mandates a system for returns and refunds someday from the iTunes store? Wouldn't your account name and email be an easy way for normal individuals to return songs? And before anyone says, "Well, it should be encrypted, then," can you honestly look at me with a straight face and tell me you wouldn't be even more upset that Apple was including unknown personal information, encrypted, in each song bought from iTunes? If it's there at all, it's actually preferable that it's plaintext, because then there are simple ways to remove it without anyone being able to claim that you're breaking some law for removing encrypted information or some other ridiculous thing.
"But it shouldn't be there in the first place."
I know, this is the part is a difficult situation since it is mandatory for all persons on earth to purchase from only the iTunes store. If only Apple didn't force you to buy no-DRM songs from iTunes.
Oh, wait...
5. I thought good customer-seller relationship ment something like... how do they say, "trust' ?
Why do you assume that an electronic item you purchased yourself from the iTunes store having your name and email address embedded in internationally standardized MPEG-4 atoms intended exactly for that purpose somehow equates to lack of "trust"? "Trust" to do what?
I thought the main argument against DRM was so that we could use our files anywhere we wished, on any device we wished. Now we can. Sure, it has your name and email address in it. It's not hidden. It's not a secret. It doesn't matter if most normal users don't realize this. It's still not hidden, nor is it a secret. Most "normal users" don't "realize" a lot of things.
And from the summary:
However, the claim that this software is perfectly legal will surely be tested.
Tested by whom or what? For what purpose?
The software is perfectly legal. Why is this even in doubt? It's a file with no DRM, and you're removing text that is IN THE CLEAR, IN PLAINTEXT in the file that YOU BOUGHT. Removing it by ANY MECHANISM is perfectly legal in any jurisdiction I can think of.
No DRM means just that: no DRM. No encryption. No reverse engineering. No DMCA provisions. Etc.
If you want to make an anonomyzing tool, great. But don't puff it up to be more than it is.
Again, my favorite quote that sums up the stupidity of the outrage over a name and email address being in a file you purchased, from a Gartner analyst:
Unbelievable. (Score:4, Insightful)
So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.
So do I actually care that my info is in the file header? Hell no! It's my goddamn file, it should have my goddamn name on it! And if I wanted to go breach some copyright, I'd at least have the stones to strip the info myself. How fricking lazy do you have to be?
When I wanted DRM-free music, I wanted it because I fricking hated not being able to listen to my damn music wherever the hell I wanted to without jumping through hoops. I've got that, and that's all I care about. Far as I'm concerned the service is fine (though a bit pricey).
Re:A little self-important and misguided... (Score:3, Insightful)
* I'm not trying to steal/share it, I just want to be in control of it.
I was quite happy to put my name in there if it's enough to keep the music producers happy.
Freely share? (Score:4, Insightful)
Seriously, while this software may be considered legal, there is little reason to use it unless you are planning to share your music or are deathly afraid of someone stealing your iPod or computer.
Of course, if you are afraid of someone stealing your iPod, what security measures do you use against someone stealing your wallet? Are all your credit cards and your photo ID without your name?
Re:Unbelievable. (Score:3, Insightful)
My iPod has no identification markings... if I lose it, I write it off as a loss. It's an expensive habit, but I'm more paranoid than most. The only pictures I have on it are inside a knoppix encrypted disk. This is breakable with enough time (it's only AES-128) but I am comfortable that anyone stealing my iPod either doesn't have the knowledge/power to do this, or is already onto me for whatever I've done and I'm screwed anyway... so all you can see on my iPod at this point is an encrypted image file, and all my music. My music has all my info pushed into it and I have to expend a significant effort to strip this information out (not really a problem for me, because I consider it a good use of time for the sake of that extra level of security), whereas something transparently doing it for me makes it a LOT easier to acheive this level of privacy. Something like jhymn [hymn-project.org] is quite useful, but its one step more than will potentially be needed by the end-user.
I don't advocate piracy of any kind, namely because anyone pirating my software is preventing me from getting paid that little bit extra (and it *is* only a little bit), but its not just piracy that is causing the DRM removal trend.
Re:Unbelievable. (Score:4, Insightful)
Re:A little self-important and misguided... (Score:3, Insightful)
As for this being illegal, note that copyright protection applies to media regardless of whether or not it's DRM'd. Just because it's DRM-free doesn't mean it's in the public domain, and it can certainly be argued that a tool primarily used to evade detection by those breaking the law is illegal.
Regardless of how we feel about it, all the outrage in the world doesn't change the facts of how the US legal system handles those who encourage a clearly illegal action.
Re:It's proof of purchase for future lossless upgr (Score:4, Insightful)
Non-issues and real issues (Score:5, Insightful)
Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?
Re:A little self-important and misguided... (Score:2, Insightful)
But surely this software proves how easy it is to change such details anyway...there's no reasonable way you can use a plain text, easily changed header as evidence for any prosecution...otherwise I could load up a load of songs with people I don't like and stick them on P2P.
Re:A little self-important and misguided... (Score:5, Insightful)
BTW...if you wish to strip said info for whatever reason, these are the atoms you need to target:
Re:France folks, FRANCE (Score:3, Insightful)
This is sure to get us somewhere (Score:5, Insightful)
Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.
Apple finally gives nerds what they've been shouting for--higher-quality DRM-free songs--and this is how the community responds? By anonymizing purchased music so people can pirate it? These guys are class-A asshats.
Last month's revelations that the DRM-free files on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns.
How is someone supposed to steal the name and e-mail address from songs you aren't passing around to all of your buddies and the Internet? Oh, wait. Hasn't the Apple ID info been inside iTunes tracks since the beginning of the iTMS, anyway?
Re:Unbelievable. (Score:3, Insightful)
It's really disappointing to me that Apple's efforts as a de facto liaison for legal online music sales are frequently met with criticism by people who seem to want something for nothing. I'm especially annoyed by people who insist on calling this kind of information tracking "DRM" - it really dilutes the term, and IMHO, diminishes from the serious issues associated with real DRM. Digg is rife with idiots whining about how Apple just needs to "trust" their users and how this sort of tracking "violates" their "privacy" (READ: Hinders their ability to indiscriminately share without any consequences).
For a lot of these people, the issue of FairPlay and DRM was never about playing their music under Linux or on their iRiver or whatever other legitimate issues DRM presented. It was about DRM doing exactly what it was designed to do - prevent mass-distribution of copyrighted material to non-licensees. So these people latched onto the anti-DRM movement as a means to an end. I submit to the community that we should NOT let these freeloaders taint the efforts made to solve legitimate issues with DRM. They will never be satisfied with Apple's or anyone elses efforts to address our concerns until iTMS sells all music in lossless FLACs at $.01/Megabyte with a personal liability waiver and distribution rights to 1000 of their closest Internet pals - and even then, they'll still torrent music, "just to see if I like it".
I never - in a million years - thought we'd see major label catalog, DRM-free music. And now some dweebs are giving RIAA execs ammo because they don't want to be held responsible for their actions. To said dweebs, please just go download your music with a torrent. You're ruining this for the rest of us. Oh yeah, and for the love of Christ, come off that "BUT WOT IF MY SISTAR SHAREZ IT ON P2P?? THEN WOTT??!?!" bullshit. Chances are, if you're savvy enough to care about the "privacy" associated with user data embedded into a binary file, you're savvy enough to take the precautions necessary to prevent your sister/roommate/friend from mass-distributing your music library.
Re:Unbelievable. (Score:5, Insightful)
Re:Unbelievable. (Score:3, Insightful)
Re:A little self-important and misguided... (Score:1, Insightful)
And asking "why not?" is outrageously arrogant. It is none of your fucking business why I don't want my email on things. Stop harassing me about that which I consider private.
Re:A little self-important and misguided... (Score:4, Insightful)
To quote your previous line - utterly irrelevant to the argument. WTF has gratitude to do with privacy here? FWIW I think this is one of the places were his list makes something of a point and by an interesting coincidence you're being disingenuous about it. Perchance it's more difficult to refute than the dumb arguments? [In more detail, in case you were actually honest about trying to refute the point, let's expand on it: second sale doctrine allows resale; DRM made the resale worthless, which is OK with SSD, but no-DRM changed that. Now, assuming I do resell - pennies for a dollar is good enough for some - I no longer have control over what the new owner does with the track. Assume they have the 6yr-old step-sister that puts it on p2p and lawsuit-happy RIAA finds it and sues me. Now, I might prevail if I get to prove that I no longer own the track, but that will be tedious at best. And since the case can be viewed as a honest one, I doubt I'd get them to pay attorney fees. So it makes sense to try and prevent such a development, don't you think? Here's 2 that says you would have had a better argument questioning the legality of selling the anonymized version of the file instead of the original.]
Well, you certainly look like you have an agenda here. While I don't agree with this argument from the "she did it, her guardian is responsible for not explaining things to her" perspective I don't see you making a valid argument either. Who cares what the 'official' reason is? could be "so that faerie pixies know where to come and make it sound better when you listen to the file" for all I care. If past behavior shows anything is that a system that can be used for a corporation's profit will be. Any argument that a RIAA lawyer can bring to court will be brought - why, look at what they used so far, something like "metadata says you purchased this song" is positively incriminating by comparison. And again, what changed is that a 'stolen' track now can be actually useful for whoever steals it without any reprocessing (which would have stripped most of metadata anyway) so the risk of your info making it on p2p is higher. And about standing up in court, you seem to conveniently forget that the likes of RIAA don't much care how valid their argument in court is if they can threaten you with an expensive lawsuit that in itself will make you settle. Please wake up to the 21st century paradigm shift in lawsuit strategy - you don't need a valid argument to win, only enough money compared to the other guy. Reminds me of the winning strategy for coin-flipping games, actually.
I won't repeat the argument for your 'rebuttal' to the Gartner analyst quote. You should have gotten the drill by now - and if not it would be pointless repetition anyway. What I would like is some link to back up your claim that no steganography is used - for a guy who revels in placing links all over his posts that one is conspicuously absent. Mind you, I'm not asserting it's untrue, but I will beg to be excused if I won't take only your word for it.
Re:A little self-important and misguided... (Score:3, Insightful)
Who said prosecutors are reasonable? It seems you are a little too idealistic. The attitude "justice will prevail" is a good one to have but fairly stupid to rely solely on that without protecting yourself.
According to your logic, we should just let the system take it's course. Eventually after we get sued for distributing copyrighted music, spend money on lawyers and miss work to fight a legal battle, justice will prevail.
Now who's being unreasonable?
Re:A little self-important and misguided... (Score:3, Insightful)
Give me a break.
Napster facilitated infringement, because it built lists of files people had available for transfer and facilitated connections between users, and made them searchable. Napster HAD a substantial noninfringing use, and that's where intent came in; courts believed that Napster was intended to facilitate infringement.
This file stripping does not facilitate file trading. You can already trade the file just as easily without stripping atoms which would identify you. The fact that stripping atoms anonymizes files, making it harder to hold someone accountable for placing the files on a P2P network is incredibly peripheral compared to Napster, which was a tool specifically built to enable people to index and copy files efficiently.
It's also fairly irrelevent whether these files find their way onto P2P networks; they're almost certainly all there. As long as CDs are sold, their contents will be on P2P networks.
Re:...is this clear? (Score:3, Insightful)
That would kind of seem to go without having to be stated. If my bank updates their policy and mails me a copy my name and address are necessary parts of doing that. It seems silly to me that I might open their letter and find that in their policy they took the pains to point out that they might include my name and address on correspondence mailed to me when doing such is required by the post office in in order for them to know where to deliver the aforementioned correspondence.
They might also want to note that sometimes the bank teller might greet me by name, if he or she recognizes me.
If this is the direction business transparency is going we seem to have pushed things to ridiculous lengths.
Re:A little self-important and misguided... (Score:1, Insightful)