back to article iTunes Plus - plus user details that is

Apple's much touted DRM-free music download service launched yesterday under the moniker iTunes Plus. But apparently such freedom comes at a price as the computer giant failed to highlight one important point: customers using iTunes Plus will have their username and email address embedded in each DRM-free track they download. …


This topic is closed for new posts.
  1. Igor Mozolevsky

    and so what?..

    They should've done it right at the begining. As much of anti-Big Brother society as I am, I don't see what is so particularly wrong with this... At the end of the day, I know that the music that I buy, I will not upload to any p2p sites, mainly because I'm not daft and I'm not going to give something that I've paid for away; and as an added bonus I can copy the music between devices that don't support Apple DRM...

    So honestly, what's the big deal???

  2. Simon Foxwell

    Data protection?

    I'm no lawyer but wouldnt this be a breach of the data protection act in some way? Is it written in the terms and conditions of the software that Apple will be doing this?

    If I were particularly evil I would create a email address and distribute as many copies of this wonderful "Free" music across as many P2P sites as possible.

    Why do we put up with this?!

  3. Rich Silver badge


    "Our customers are very excited about the freedom and amazing sound quality of iTunes Plus."

    ...rather than the DRM'd crappy sound quality of standard iTunes then? :-)

    So, after ....oooo many years?.... we've finally come full circle back to good ol' CD ease-of-use and quality then? How "innovative" and "new".

  4. Keif Gwinn

    If it worked

    I signed up yesterday, upgraded, bought an album... and as of right now it's still not downloaded. I've managed to get one track of 14... I keep getting download errors.

  5. Colin Jackson


    I'd have thought that this contravened the data protection act, in the UK at least.

  6. Anonymous Coward
    Anonymous Coward

    Proving copyright has been infringed is easy

    It's even easy to prove that the copy sold to a particular person was distributed (by embedding a random number into the file and keeping a secure copy of it). But proving that that person distributed the file would be hard as they could just claim that their MP3 player was lost/stolen, or a flatmate copied it without permission, or whatever.

  7. Anonymous Coward
    Anonymous Coward

    Data Protection?

    There must surely be legal implications of doing that, particularly here in the EU where data protection laws are stricter?

  8. Fred

    DRM Free?

    Not really, this is just another way to implement it. Your rights will be administrated, resistance is futile.

  9. Anonymous Coward
    Anonymous Coward

    The battle may be won but the war continues...

    Good luck to 'em. As far as I can see it's just to satisfy some legal requirements. People will just code tag filters into the P2P apps. I suspect it wouldn't be hard to even change the data to change the MD5 or other hashes too.

  10. Mark Rendle

    So what?

    This shouldn't be a problem for people who dislike DRM because it limits their own fair use of material for which they have paid, should it? I want to be able to copy my music onto my various devices, and burn CDs which don't sound awful when I turn the volume up in the car. So why do I care if my e-mail address is in the files?

  11. Igor Mozolevsky

    Re: Data protection

    Simon Foxwell wrote:

    > I'm no lawyer but wouldnt this be a breach of the data protection act in some way?

    How? You're are the one who gets to keep the file with your information, if you chose to broadcast that, how is that Apple's fault?.. :-/

  12. Mark Randall

    Data protection?

    How can it be a breach of data protection to embed your name in something you own and store on your hard drive and have promised not to give to anyone else?

  13. Rob

    I used to do audio research at EMI...

    I think they are adding a watermark into the MDCT coefficients (pre-Huffman coding, BIFSEnc, mux, etc.) at the point of sale. It was something proposed as a viable option long time ago with MOSES (iTunes before iTunes).

    However, I don't think they are embedding your e-mail address as the payload. You could of course, but an N-bit serial number is far more robust that an indeterminate length string. In any case, a serial number gets around the data-protection issue as only Apple will have access to the data that matches these serials to user accounts, and since you as the customer have already given them permission to retain this user data then there's no legality to consider.

    As for my opinion on this approach, it's what we were banging on about years ago, because everyone knows DRM is rubbish. With a traceable DRM-free scheme, people who pay-up and play fair have no problems. If however, their purchases appear seeded 200+ times on torrentspy, they should expect an angry letter.

    I will be inspecting some tracks this week to see if they are indeed using a watermark, but the likely culprits right now are DigiMark and Fraunhoffer IIS.

    Good riddance to DRM!

  14. Alex

    Data protection act?

    What exactly has the data protection act got to do with this?

    Your username and email address has ALWAYS been added to iTunes downloads. This is nothing new!

  15. Ed

    Come on...

    Your name has been embedded in any DRM tracks you have downloaded as long as the iTunes store has existed... I don't think its that unreasonable that it continues. Its not exactly hard to remove it if you want to.

  16. Morely Dotes

    Prove that it wasn't distributed by Appl, then.

    "But proving that that person distributed the file would be hard as they could just claim that their MP3 player was lost/stolen, or a flatmate copied it without permission, or whatever."

    Since there's no such thing as a hack-proof server (no, my friends, no even Linux - which I use, and love), and there's certainly no such thing as a 100% honest employee base, any such files that "escape into the wild" might as easily be taken by an Apple employee, or a system cracker (called by the illiterati "hackers"), with a perfectly-honest customer's information embedded.

    Of course, removing the embedded data is literally child's play. Changing it to something totally different, such as "" is no more difficult.

  17. bruceld


    I believe most people complained because they couldn't use the music that they purchased to be cross compatible with other portable music players. Their complaint wasn't that they weren't allowed to flood the internet with music they purchased and giving it away to complete strangers around the world.

    I applaud Apple for at least making some attempt to do whats best for consumers; that is to allow them to play their purchases wherever the see fit. As for having that right to share something that the consumer legitimately paid for, well then, why would anyone be idiot enough to give it a way to strangers?

    *nodding head* As for the ability to hack the DRM and spoof the tags, big deal. You have to at least give kudos to Apple for taking that first major step towards being fair to consumers, and I highly doubt that the tagging of the files is really intended to stop piracy.

  18. Thomas Vestergaard

    Stop whining

    I have to agree with bruceld. This move by Apple have solved all the problems with compatibility, which were peoples strongest point against DRM.

    Now it is made absolutely obvious that it was only a cover - the real concern was to be able to share them _illegaly_!

    I really cannot see why Apple should work to make that possible. So stop whining!

    As already noted can this watermark (like the previously DRM) easily be removed by any tech-savvy person. So this is "just" a strong move towards higher interoperability.

  19. SImon Hobson Bronze badge

    Well at least it explains one thing ...

    If their servers are having to customer encode stuff for each download, perhaps that explains why I've not actually been able to listen to anything at all. Almost every track I've tried to sample has just failed to start, and of the few that actually did most stopped while the stream was rebufferred.

    I guess Apple have seriously underestimated demand and the servers can't cope.

    As for watermarking, I'd bet it won't survive transcoding to another format.

  20. Rob

    [in response to Simon Hobson] Audio watermarks can be fairly robust

    Yes, I think the servers are oversubscribed right now, and having to encode the tracks on the fly as well.

    In terms of robustness, the watermark research effort I worked on spawned "PromoProtection", which EMI (and later others such as V2) used to trace ownership of pre-release promo CDs that were supplied to commercial radio stations. Each radio station needed to pay for their promo, but the problem was that once some stations got hold of it, others would quickly receive copies illegally. The fact that they had a copy was obvious as they would air it, but the real question was where did it come from?

    We would make a unique serial number for each purchase that would identify the station and the track itself. Then, we had these computers tuned in to every FM and DAB radio station scanning for the presence of these watermarks. As soon as it found a station playing an illegal copy, it would also know where the copy came from and fine the offender. Within 6 months, promo piracy ended.

    The watermark survived most things, including transcoding to a lossy format, from that lossy format to another, or even from a loudspeaker across a noisy pub into a PDA's microphone - you'd be surprised.

    Changing the payload was also quite tricky because its locations in time and frequency were scattered. Attacks usually lead to either damaging the listening quality of the music, or simply adding additional codes to the track, all of which the decoder could spot.

    I don't think Apple are using PromoProtection though, because it needs to encode in the PCM domain (even more CPU than an MDCT domain encoder).

  21. Tim Bates

    If you don't want the serials/names/tags....

    Converting to a lossy format and back would render any watermarking completely stuffed. And transcoding to anything should allow easy editing of any other tags in there.

    So either way, it's not a big deal. If you don't upload them, no issues. If you want to be a pirate, just transcode it to MP3 and let any hidden tagging get obliterated.

  22. Conway

    High Frequency encoding

    A couple of years ago there was mobile phone service, I think the number was 2581, if you dialled the number and held your phone to the speaker, they would text you the title/artist of the track. I believe this was achieved by reading high frequency signals encoded in the track. Would it be possible to encode Personally Identifiable Information in the same way? If so, then it might survive re-encoding to different formats and would be difficult to remove without degrading the track.

    I for one am in favour of discrete means of preventing wholesale copying. I am a part time musician and know a lot of other musicians. Their work is as valuable as anyones, but for some reason everyone believes that music is written and produced by machine (the versificator maybe) and distributed by greedy corporations. Wait a minute, with some of the pulp being produced these days maybe it is... Ho hum, you only get what you pay for.

  23. Eric Van Haesendonck

    I don't see a problem with this.

    Honnestly I don't think it's a bad idea. For me the best digital distribution system is one where you can copy the content as much as you want on your own devices and media (including new ones that don't yet exist when you buy the content), share it with your familly and maybe friends, that continues to play even if the service that sold you the media is discontinued but where you would be reluctant to mass distibute it (because there the artist doesn't get paid, which means no second abulm etc...)

    This seems to fit the bill perfectly for me! The reason I want DRM-less music is to be able to copy my iTunes music to my new zen, or to copy my VHS tapes to DVD (which is sometimes not possible because of macrovision) so that I can junk the old ipod and VCR, NOT to distribute it on the net.

  24. Rob

    re: [If you don't want the serials/names/tags....]

    Sorry Tim -

    as my above example can testify, the "better" audio watermark schemes can survive lossy format conversion with no problems at all. Think about it: if i was that easy then EMI wouldn't sign up to it. And if you eventually succeed, what do you have but a rather raspy reproduction of the song you wanted to listen to?

    In any case, enjoy the fact that the AAC bit-rate has now doubled and you can play you music on a few more players than you could before.

    BTW. Conway - yes, I believe you are referring to "X-Audio". That was also one of ours. ;-)

  25. Law


    Well I still won't be using iTunes. I don't think they will be looking at these tags with a view to sue anybody for distrobution, but I don't like the idea of somebody stealing my mp3 player, and then having my name and email via some of the content on it.

    One thing I don't understand, somebody actually had to write this system into iTunes - so they should be able to instantly tell people why they do it. Also, does it say in their terms and conditions that they do this to tracks you download? If not, then they should be in breach of data protection because they are not making you aware of extra security measures you should take to protect information that could identify you. One example is not putting the tracks on you work computer (as anybody could in theory use that).

  26. Steve Roper

    Watermarks can be erased

    Digital watermarks are actually easy to remove with software - not by transcoding formats or re-recording, which the watermarks are DESIGNED to survive, but by processing the data in just about any application designed to actually edit and modify that data. These applications really get down and dirty with the numbers that constitute the data, and no watermark can survive that.

    For example, the Digimarc image watermark widely used in online photography can be wiped out by the application of two basic filters in Photoshop (I won't say which ones in case I'd be breaking some dumb DMCA-type law or other) with almost no loss of image quality. Those who have encountered Digimarc watermarks will have found that they can survive even crappy inkjet printing and rescanning, yet just run the original image through these two filters in Photoshop and the watermark vanishes without trace. I know, because I've done it myself many times, and it's never failed yet.

    Similarly, audio watermarks will survive re-recording even in a noisy environment, but can be wiped out by the application of just one basic filter in Cool Edit Pro (but again I can't divulge which one) again with minimal loss of audio quality! Again, I've tested this technique and verified that it works repeatedly on a number of different files and formats.

    As to cleartext identity tags, well, it's obvious: a simple conversion to a raw WAV and back to MP3 will take care of that!

    Why would I want to do this, you ask? Well... I just don't like the inherent assumption of my supposed criminality as a consumer in these things. Why would I need handcuffs if I've committed no crime?

  27. steve lacey

    Not MP3

    I'm not sure about audio watermarking - i haven't test the files... but to the point of the article, the details (itunes username/email/name) are stored just as they are with purchased DRM-protected files... itunes specifies a 'kind' for each file. The new 'itunes plus' files are recognized as 'purchased AAC' files (as opposed to classic itunes drm-protected files which are identified as 'protected AAC' files. You could - with just a couple of clicks inside itunes - convert the files to any format - this strips the 'personal details' - i would have to assume that it would leave any audio watermarking intact.

This topic is closed for new posts.