Privatunes Anonymizes iTunes Plus

njondet writes "French-law.net reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."

A little self-important and misguided...

From their site:

5 reasons to erase private information from my legally acquired iTunes Plus library:

Yeah. A name and email address. On an electronic file that you purchased. In name and email address fields in the clear. How...wrong.

1. Am I still a child who needs his pencilcase and schoolbag tagged with my name?

Utterly irrelevant to the discussion.

2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

3. I just have a thing for privacy. Is it dirty?

No, but it's dirty when you think everything is automatically an "invasion of privacy".

4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

What if the EU mandates a system for returns and refunds someday from the iTunes store? Wouldn't your account name and email be an easy way for normal individuals to return songs? And before anyone says, "Well, it should be encrypted, then," can you honestly look at me with a straight face and tell me you wouldn't be even more upset that Apple was including unknown personal information, encrypted, in each song bought from iTunes? If it's there at all, it's actually preferable that it's plaintext, because then there are simple ways to remove it without anyone being able to claim that you're breaking some law for removing encrypted information or some other ridiculous thing.

"But it shouldn't be there in the first place."

I know, this is the part is a difficult situation since it is mandatory for all persons on earth to purchase from only the iTunes store. If only Apple didn't force you to buy no-DRM songs from iTunes.

Oh, wait...

5. I thought good customer-seller relationship ment something like... how do they say, "trust' ?

Why do you assume that an electronic item you purchased yourself from the iTunes store having your name and email address embedded in internationally standardized MPEG-4 atoms intended exactly for that purpose somehow equates to lack of "trust"? "Trust" to do what?

I thought the main argument against DRM was so that we could use our files anywhere we wished, on any device we wished. Now we can. Sure, it has your name and email address in it. It's not hidden. It's not a secret. It doesn't matter if most normal users don't realize this. It's still not hidden, nor is it a secret. Most "normal users" don't "realize" a lot of things.

And from the summary:

However, the claim that this software is perfectly legal will surely be tested.

Tested by whom or what? For what purpose?

The software is perfectly legal. Why is this even in doubt? It's a file with no DRM, and you're removing text that is IN THE CLEAR, IN PLAINTEXT in the file that YOU BOUGHT. Removing it by ANY MECHANISM is perfectly legal in any jurisdiction I can think of.

No DRM means just that: no DRM. No encryption. No reverse engineering. No DMCA provisions. Etc.

If you want to make an anonomyzing tool, great. But don't puff it up to be more than it is.

Again, my favorite quote that sums up the stupidity of the outrage over a name and email address being in a file you purchased, from a Gartner analyst:

Re:A little self-important and misguided...

The issue isn't 'what' Apple's process involves, it is 'how' Apple has to date failed to apply an otherwise seemingly transparent privacy policy [apple.com] by telling users about it. Apple states their policy has not been updated since 12.2004 - they need to simply add verbiage explaining that certain basic (personal) information tags are routinely created and embedded withing EVERY song in your iTunes library. Disclosure - transparency - fair...simple. Done.

BTW...if you wish to strip said info for whatever reason, these are the atoms you need to target:

• (apID)
• (cprt)
• (iods)

Re:A little self-important and misguided...

To get this out of the way, I'll say that while I don't necessarily approve this program as the answer, I agree that privacy concerns exist with the currently-embedded metadata. Now, to your post.

2. I bought the damn tune, but someday I may want to sell it (hey, how is it more stupid that selling old CDs ?).

It's not "more stupid" than anything. And since Apple is the first entity that's even allowing this possibility at all with mainstream music from mainstream labels on any meaningful scale, I guess I must not recognize your gratitude.

To quote your previous line - utterly irrelevant to the argument. WTF has gratitude to do with privacy here? FWIW I think this is one of the places were his list makes something of a point and by an interesting coincidence you're being disingenuous about it. Perchance it's more difficult to refute than the dumb arguments? [In more detail, in case you were actually honest about trying to refute the point, let's expand on it: second sale doctrine allows resale; DRM made the resale worthless, which is OK with SSD, but no-DRM changed that. Now, assuming I do resell - pennies for a dollar is good enough for some - I no longer have control over what the new owner does with the track. Assume they have the 6yr-old step-sister that puts it on p2p and lawsuit-happy RIAA finds it and sues me. Now, I might prevail if I get to prove that I no longer own the track, but that will be tedious at best. And since the case can be viewed as a honest one, I doubt I'd get them to pay attorney fees. So it makes sense to try and prevent such a development, don't you think? Here's 2 that says you would have had a better argument questioning the legality of selling the anonymized version of the file instead of the original.]

4. How the heck do I know it's not gonna be shared on P2P networks by my 6 year old step sister???

How do you know the reason the name and email address is there is for tracking file sharers? How do you even know that would stand up in court? Why does everyone assume that's the reason it's there? Has it occurred to you that this might have been a concession to the labels to make them "feel good", or any number of other reasons? Has it occurred to you that since name and email address have always been included in all purchases from the iTunes store that, uh, maybe nothing has changed?

Well, you certainly look like you have an agenda here. While I don't agree with this argument from the "she did it, her guardian is responsible for not explaining things to her" perspective I don't see you making a valid argument either. Who cares what the 'official' reason is? could be "so that faerie pixies know where to come and make it sound better when you listen to the file" for all I care. If past behavior shows anything is that a system that can be used for a corporation's profit will be. Any argument that a RIAA lawyer can bring to court will be brought - why, look at what they used so far, something like "metadata says you purchased this song" is positively incriminating by comparison. And again, what changed is that a 'stolen' track now can be actually useful for whoever steals it without any reprocessing (which would have stripped most of metadata anyway) so the risk of your info making it on p2p is higher. And about standing up in court, you seem to conveniently forget that the likes of RIAA don't much care how valid their argument in court is if they can threaten you with an expensive lawsuit that in itself will make you settle. Please wake up to the 21st century paradigm shift in lawsuit strategy - you don't need a valid argument to win, only enough money compared to the other guy. Reminds me of the winning strategy for coin-flipping games, actually.

I won't repeat the argument for your 'rebuttal' to the Gartner analyst quote. You should have gotten the drill by now - and if not it would be pointless repetition anyway. What I would like is some link to back up

Re:A little self-important and misguided...

"Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner."

..............

Wow. Just, wow. I don't even know how to respond to that.

You don't see the problem? Okay, let's think through a little scenario here.

Someone steals your iPod. Because of the owner tags, they now have your e-mail address and name. Using Google and Google Maps, they locate your home and plan on breaking in. However, since your last name is Schroeder, which sounds German, they will assume that as a German you are automatically dangerous, so they'll get some guns to shoot back in case you charge at them with a rifle. Now, there's the issue of the German Shepherd - it doesn't have the name for no reason; the assumption that an armed and dangerous German has an equally dangerous guard dog as well is not far-fetched. So they need some fast guns to keep the fast-moving combat-trained canine in check. However, in order to pay for the MAC-10s the gangsters have to indebt themselves to the local mob, which means that now they're desperate. It is worth it, of course, since someone like you who can afford to express his taste with an iPod will obviously have a home full of high-quality A/V equipment and various expensive pieces of art. On the other hand, someone with possessions as prized as yours will invest in state-of-the-art security, possibly including armed and trained security personnel. As some puny machine pistols won't help them in this case and it was you who started this arms race when you gave those overzealous rent-a-cops guns and let them play cowboy on your property it's time to bring out the big guns just to pay you a lesson. So they also go to the Russian mob and acquire some Soviet-era RPG-29s, AK-47s and a T-72 main battle tank, hoping they can breach your defenses before you get to launch that V2 your father hid in the back yard in the 1940s. Just in case, they will also try to bring a General Electric M134 Minigun.

What started as a simple iPod theft has escalated into a full-scale war just because Apple had to tag your music with your name and you think everything's handy-dandy? I wouldn't want to live in your neighbourhood - the smoking, charred remains of it.


Escalation: It's not just for privileges.

Unbelievable.

This just pisses me off. Who really cares besides people who just want to immediately dump the file straight to a filesharing network? So it's got my name and email embedded in the file? So what? Apparently unlike a lot of people who are interested in this service, I'm not planning on sending the files to anyone, and if I burn someone a mix CD, the info will be stripped when it's converted to CDA anyhow.

So what's the privacy problem? It's like someone stealing my wallet. Hell yea that's a privacy concern! What's the solution? Someone steals my iPod and they'll be able to figure out my name?!? They'll also be able to figure out what my house, wife, car, and kid look like because of the pictures on the damn thing, and don't even get me going about documents I store on the damn thing...They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

So do I actually care that my info is in the file header? Hell no! It's my goddamn file, it should have my goddamn name on it! And if I wanted to go breach some copyright, I'd at least have the stones to strip the info myself. How fricking lazy do you have to be?

When I wanted DRM-free music, I wanted it because I fricking hated not being able to listen to my damn music wherever the hell I wanted to without jumping through hoops. I've got that, and that's all I care about. Far as I'm concerned the service is fine (though a bit pricey).

Re:Unbelievable.

They'll also be able to figure out my Slashdot handle, because the damn thing has "Satanic Puppy" engraved on the back.

I have avoided that problem by engraving "Anonymous Coward" on mine.

Re:Unbelievable.

I have avoided that problem by engraving "Anonymous Coward" on mine.

That's weird. I engraved 'niceone (992278)' on mine.

Re:Unbelievable.

Oh please. It's non-DRM music in a standard format; that's as consumer friendly as it gets. So you're name's in it, it's not like they're hiding it. It's right out there in the open, and it's easy to remove. If you were buying in good faith, it wouldn't bother you a bit.

Re:Unbelievable.

My question is, why encode their name and all, like that? Why not put some random number in, and then have some table that only Apple has, that matches that number to their information? Or would that be just as bad from the privacy standpoint? "Hey, someone might steal my iPod, extract the random number from the file, break into Apple's database, look up my information, and then have all the information they need to use my now-canceled credit cards or report me for illegally-shared files."

Re:Unbelievable.

Why? Because then people would be up in arms about apple tracking them based on some secret hidden number embedded in their songs. hackers woudl make big announcements about having located the secrect customer ID number and everyone would bash them for including it in the first place. And I would be replying to someone on /. who was asking "well, if they wanted to keep track of who had bought what, why didn't they just include the name or e-mail in plain text or something?"

Interesting how it will go

I am really interested in if the site will live a long life...
I guess someone will take it down, because they are modifying purchased material.

It's proof of purchase for future lossless upgrade

If you want to upgrade your 256 kbit/s AAC to lossless in a couple of years then leave the proof of purchase IN your iTunes Plus tracks. It enables iTunes to tell that you bought the track from iTunes Store. If you use this app on your iTunes Plus tracks you will be buying lossless for full price like a newbie.

Re:It's proof of purchase for future lossless upgr

Putting back an arbitrary ID in the file can't be much harder than removing the original one, therefore, the simple existence of such tool makes this marking a very weak proof of purchase, so I suspect that Apple will only trust their own server logs.

France folks, FRANCE

IANAFL* but here come a 100 comments and criticisms based entirely on sketchy understandings of American copyright law, none of which have any relevance in France.


* I Am Not A French Lawyer

Freely share?

Freely share downloaded music from iTunes? Did they abolish copyright law in France? I had no idea!

Seriously, while this software may be considered legal, there is little reason to use it unless you are planning to share your music or are deathly afraid of someone stealing your iPod or computer.

Of course, if you are afraid of someone stealing your iPod, what security measures do you use against someone stealing your wallet? Are all your credit cards and your photo ID without your name?

Where is the abuse?

What's not "private" about files stored on your own hard drive? Everyone else's drive is beyond the boundaries of fair use, so they won't ever show up there, right?

Just remember....

There are only a few letters difference between "privacy" and "piracy"

Head in the sand...

"Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them..."

Revelation to whom? People who had their head jammed in the sand for the past few years? That information has been in iTunes purchases for years - it's nothing new. Anyone shocked by this "revelation" needs to change their calendar because they're a bit behind...

Non-issues and real issues

I write my name in books when I buy them, and I've never considered the "privacy concern" of erasing it when selling the book, because the buyer already knows who I am. We wanted DRM-free music, we got it. The only people complaining are the cheap bastards who want to share the files over P2P.

Can we please start complaining about privacy issues that actually matter, like the fact that iPhone users' only service option is the same monopoly that was and is spying on the majority of all of our Internet traffic, without a court order or Congressional oversight?

This is sure to get us somewhere

Note: The following comments are made without any knowledge of French DRM, privacy, or consumer laws. As a result, this post isn't commentary on legalities. Just idiocy.

Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased.

Apple finally gives nerds what they've been shouting for--higher-quality DRM-free songs--and this is how the community responds? By anonymizing purchased music so people can pirate it? These guys are class-A asshats.

Last month's revelations that the DRM-free files on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns.

How is someone supposed to steal the name and e-mail address from songs you aren't passing around to all of your buddies and the Internet? Oh, wait. Hasn't the Apple ID info been inside iTunes tracks since the beginning of the iTMS, anyway?

Point and laugh

...at whoever thinks this eliminates all traces of your identity from a file. Your info could be encoded 50 different ways in the file, and if this app only scrubs 49 of them before you send the file to your friends on BitTorrent -- and seriously, what other point is there to this? -- then you're still hosed.

So does the Audio:M4P::QuickTime perl module

the method name is CleanAppleM4aPersonalData(). Here is an example on how to use it:

#!/usr/bin/perl
##
# A N O N C P . P L
#
# a script that takes the unix cp file specification options
#
# perl anoncp.pl source_file target_file
# perl anoncp.pl source_file ... target_directory
#
# which reads the source file(s) and copies them to the
# destination stripped of all the user identification gunk
# that apple adds on iTunes "DRM free" songs
#
# NB: make sure you install the latest version of the
# most excellent Audio::M4P::QuickTime perl module.
##

use strict;
use warnings;

use Carp;
use File::Basename;

use Audio::M4P::QuickTime;

my $usage = q{
usage:
        perl anoncp.pl source_file target_file
        perl anoncp.pl source_file ... target_directory
};

@ARGV >=2 || croak "not enough files specified", $usage;

my $destDN = pop(@ARGV);
my $destFN = $destDN if (! -d $destDN && @ARGV == 1);

$destDN = dirname($destFN) if( $destFN);

-d $destDN || croak $destDN, ": is not a directory", $usage;
(-r $destDN && -w _) || croak $destDN, ": cannot access ", $usage;

$destDN =~ s{ (?new( file => $m4aFN);
        $qt->FindAtom("mp4a") || croak "$m4aFN: not a mpeg 4 file\n\t";

        $qt->CleanAppleM4aPersonalData();

        $toFN = $destFN ? $destFN : $destDN . basename($m4aFN);
        $qt->WriteFile($toFN);
}

0;

I want a tool for EMBEDDING my identity into files

...so that when the jackbooted RIAA thugs break down my door at 3 a.m. in the morning I can point to the embedded ID as proof of ownership.

Why it does not matter for Apple

If you really want to share a file, just go buy the CD, rip it, and put it online.

Futhermore I seriously doubt most people who buy music at the iTunes store
1) are going to know that this software exists
2) are going to care that this software exists
3) are going to run this software so they can share their music

Finally, Apple could easily (and might already) use digital watermarking to add personal information to the music file, which is a lot harder to remove (no I did not say impossible).

Basically, if they can make sharing iTunes files a bigger hassle than buying/ripping a physical CD and publishing that, the DRM is still effective.

That said, this software does matter for iTunes users. If you lose your iPod or your machine gets p4wned and your files get shared without you knowing, at least this software can make sure your name is not in the files in an easily readable format anymore.

Uh, what rights?

Privatunes is aimed at guaranteeing the privacy of users but also rights as consumers to freely share and trade the songs they have purchased.

Lack of DRM doesn't magically give you the right to "freely share and trade". May as well call it Piratunes.

Perhaps it's a red herring?

Just a theory here: Maybe they want you to find and remove the plaintext data. That way you don't notice the watermarking that contains the encrypted form of the same information.

Has anyone verified if two DRM-free downloads of the same song by different people are otherwise identical after having been stripped of the plaintext identifiers?

Interesting conundrum for EMI

I can hear it now from EMI - "Hey, under the DMCA, you can't circumvent digital management." "Oh, wait. This wasn't DRM. Never mind."

This is retarded.

"Anonymize iTunes tracks"? All it does is strip out metadata. You can do this yourself with one basicially any application that either remuxes, converts the stream, or alters tag/meta information. Pretty much any music player out there. Hell, even Apple's own iTunes can do this! I could understand the use if it could do batch processing on your entire iTunes library, but this tool cannot even do that.

Missing from smart playlist filters

The only problem with Apple including the name and email address in purchased music is that the iTunes UI won't let me filter on it for smart playlists! It's really useful information, and I want to be able to _use_ it to automatically separate the music that my wife buys from the music that I buy.

quite possibly the 8th wonder of the world

what a technological marvel! i wonder if these guys have also come up with a toothbrush with only one bristle, and a comb with a single tooth.

In the meantime, Ratiatum has promised an updated version of Privatunes which will be able to anonymize several files at a time and will be available on Mac and Linux.

wow, i can't wait to see how many textboxes they'll be able to fit on a screen!

Don't call Privatunes users "pirates..."

...call them "privateers."

only the tip of the iceberg.....

Correct me if I'm wrong, and I know this crowd will, but if a program can be written to REMOVE the name and email address, couldn't one be written to REPLACE it with whatever text you might like??

Now MP3 with the RIAA name and email address flooding P2P networks, that would seem humorous at first, but then i thought.......
It could be any other person or group....so doesn't that really mean that the data in the file would not be permissible as evidence. You'd have to prove that the file came from me, not that my name and email address were in the file.

Stripping out the name and email address out of a file that I own and do not share should not be illegal. Putting someone elses name and email address in it, that should be illegal:)

The posting of the file on a P2P network is a separate issue.

Do not rely on the current version!!!

The current version of Privatunes blanks out the name and Apple ID/email fields from iTunes Plus files, but it doesn't remove all of the fields that Apple, or a litigant subpoenaing Apple, could use to identify a user. There are two of those, marked sign and chtb, which I posted about here [eff.org].

There are some other differences between copies of a track purchased by different users, but they're only a byte or three here and there. Probably still worth blanking. vbindiff on *nix (or a similar hexdiff program for other platforms) will show you these fields.

A version that works. And a question.

As author of the popular GSpot [headbands.com] app, I regularly deconstruct and analyze multimedia files. I've just now whipped together a small CLI app called "NIPPIN" [ftyps.com] that will recursively traverse an M4A file. It can be used for informational purposes only (and I've found that much of the "technical" info in this thread is wrong). Or you can create a "privatized" copy of your iTunes Plus file, that, unlike that "other" app, is "provably correct" (see web page).

Mine does it the right way; it doesn't "blank" any characters, it recalculates all atom lengths, and it recalculates the entire stco table as required. When the input files are the same songs downloaded from different accounts, the resulting output files all have identical MD5 hashes. Hell, even if you're not interested in privacy, it saves a minimum of 32KB per file - which adds up - that's like an extra 75 songs on a 30GB iPod.

And BTW - privacy may not concern some people, but to others it's very "real". Why else would the DMCA, of all things, protect against use of Personally Identifiable Data for copy protection mechanisms? Either the people who wrote the DMCA believe Personally Identifiable Data is a serious and "real" issue, or they put this provision in section 1201 of the DMCA [ftyps.com] to promote file sharing. Take your pick.