You're viewing an article in iPO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site: iTunes Plus: DRM Free or Not?

Column

Dr. Mac: Rants & Raves - iTunes Plus: DRM Free or Not?

Friday, June 8th, 2007 at 3:05 PM - by

Episode #79

Surely by now you've heard about Apple's new DRM-free iTunes offerings known as iTunes Plus. If you haven't, here's how I described it in my Houston Chronicle column earlier this week:

Announced earlier in the month and launched last week, iTunes Plus provides the option of higher-quality music encoded at twice the bit rate of previous offerings (256 kbps vs. 128 kbps AAC). And, iTunes Plus music is free of DRM (Digital Rights Management) so you can listen to it on any device you like rather than only iTunes or iPods. Furthermore, DRM-free tracks can be played on an unlimited number of computers and devices. The tracks are priced at $1.29, which is 30¢ more than the current versions, and 30¢ upgrades are available for songs you already own. At present only music from EMI, which includes singles and albums from Paul McCartney, Pink Floyd, The Rolling Stones, Frank Sinatra, and Coldplay, is available in "Plus" form but I expect that other labels will jump on the bandwagon soon.

I've only purchased one iTunes Plus track so far and while I hear subtle differences--slightly more transparent high frequencies and smoother bass--with my best sound systems and earphones, I don't think most people using most sound systems and earphones will be able to tell the difference. That's not a knock on iTunes Plus, but rather, its a tribute to the quality of the older 128 kbps offerings, which sound incredibly good considering how much they are compressed.

Sounds like a pretty good idea, doesn't it? I thought so. But the next day I read something about iTunes Plus that I found somewhat disturbing. In an article for Associated Press, which I read in the Houston Chronicle, May Wong reported that personal data may be embedded in iTunes Plus tracks purchased at the iTunes Store. She went on to say that the Electronic Frontier Foundation believes that the embedded user information raises privacy issues.

I wasn't sure what to think so I did a little Googling™ and found sites all over the Web, including playlist, ars technica, and USA Today to name a few, abuzz with this "story." So, to check it out for myself, I dragged the iTunes Plus track I had just purchased onto the Microsoft Word icon, used Word's convenient "Recover Text from Any File" filter to open the song as text, and lo and behold, there was my name and email address, as clear as day:

Just for kicks I performed the same procedure on a DRM-protected track I had purchased at the iTunes Store and guess what? My name and email address were visible in it as well.

Not long after this discovery I learned that you don't even have to do the Microsoft Word dance to see the embedded info! Just use iTunes Track Info command and you'll find the same info on the Summary pane, as you can see in Bryan Chaffin's coverage of this same issue last week right here at iPodObserver.com.

So here's where things stand: Your name and email address appear clearly and unencrypted inside every track you buy at the iTunes store, whether the track is DRM-protected or not. This is NOT anything new -- I bought the DRM-protected track several years ago and the iTunes Plus track last week. In other words, the only thing that has changed since then is that you can buy tracks without DRM today.

I do have an issue with Apple embedding my personal info in tracks I purchase, but it's not what you might think. I don't blame Apple or the record labels for wanting to identify the purchaser of a track. (And please, don't bombard me with email and comments telling me I'm wrong. That's my opinion and you're not going to change it.)

And I wouldn't mind them doing it if they would just be up front and honest about it. What I find odious is that they have yet to come out and say that your name and email address are embedded in every track you buy at the iTunes Store. If they'd just do that, I'd be fine with the whole thing. I mean, for gosh sakes, they're not handing out my credit card number or bank routing information. If I were to lose my iPod or MacBook Pro I'd be a lot more concerned about other sensitive data than my my name and email address being embedded in m4a and m4p files.

All Apple needs to do to set things right is be perfectly clear about what personal information is imbedded in the songs you buy. If they would just do that, this whole issue would become a total non-issue.

And that's all he wrote...

Bob "Dr. Mac" LeVitus has been a Macintosh user for a long, long time and has written 49 computer books including Mac OS X Tiger For Dummies and GarageBand for Dummies. He also offers expert technical help and training to Mac users, in real time and at reasonable prices, via telephone, e-mail, and/or unique Internet-enabled remote control software. For more information on Bob and his services, visit www.boblevitus.com.

Send polite comments to

Send impolite comments to DeleteWithoutReading@boblevitus.com, or post your comments below.

Dr. Mac: Rants & Raves Archives.

10 comments from the community.

You can post your own below.

+ show options

Your current settings, click to change: Sort Oldest First, Show Guest Posts, Hide Community Stats

burrito said:

member since 07 Aug 2005 with 177 posts, unranked, send him a message or view his profile

Fri Jun 08, 2007 3:46 pm

i agree.

to me, embedding the name and e-mail of the purchaser is a happy compromise. to the honest user, it shouldn't raise any issues at all. i just believe any situation where your name and email address can potentially be leaked should be brought to the user's attention, just so that one's aware in case one of those drm-free files escapes their control, potentially via a friend or relative.

Quote this post ↓

A guest said: (hide)

Fri Jun 08, 2007 4:43 pm

Great write up!

I suspect that the reasons may be less insidious. I wonder if this information is added by the local/client computer i.e. by iTunes (just like Word files will have info about who created it and when). May be it is to enable Apple to tell that you bought this single from iTunes and now want to buy the whole album ('complete my album' feature of iTunes).

Is this so that Apple can allow you to download all your purchased songs, if a disaster befell your hard drive-they allow a one time downloading of all songs if you lose your entire library. Without this information, how would you or Apple know which of the songs you have in your library you purchased from iTunes?

Undoubtedly, the embedded info will force people to go through hoops before they can share the songs indiscriminately on P2P networks.

Quote this post ↓

A guest said: (hide)

Fri Jun 08, 2007 5:18 pm

[quote="burrito"]i agree.

to me, embedding the name and e-mail of the purchaser is a happy compromise. to the honest user, it shouldn't raise any issues at all.

Lou responds >>> I use the fake name that was taken from a character in the movie Revenge of the Nerds. My Apple account is in that name and, yes, that fake name does appear on all my bought and paid for tunes.

And this affects my privacy how?

Quote this post ↓

A guest said: (hide)

Fri Jun 08, 2007 6:48 pm

I once ordered a CD online and my name and home address was visible on the package when they mailed it to me.

Quote this post ↓

Terrin said:

member since 29 Jan 2006 with 414 posts, unranked, send him a message or view his profile

Fri Jun 08, 2007 7:15 pm

I do not get it. I have known for three years that this information was embedded into the tracks. It is not like Apple is hiding the fact. All you have to do is check out the info on the track using iTunes, which a lot of people do regularly to adjust settings of the track.

Furthermore, I do not see why people are all riled up about it. First, if you are not uploading songs to Limewire, then you have nothing to worry about. Even if somebody steals your iPod, there is not enough information there to do you any harm. Second, the information is used to implement certain features, such as updating tracks. Third, if it really bothers you, there are means to strip the information, and you can always write to Apple and tell them you prefer the information encrypted.

People need to get a life, there are far worse things happening in the world that deserve attention. For instance, Paris is back in jail, and they expect her to eat hotdogs.

Quote this post ↓

A guest said: (hide)

Sun Jun 10, 2007 6:47 pm

This is all silly. When Microsoft embedded data in Microsoft Word documents, that exposed numerous privacy concerns, I think that's upsetting. People regularly TRADE Word documents. When Apple allows you to download music to your computer there simply needs to be a clear way to identify who purchased what. When you share across iTunes on a network, this info doesn't show up. It's only available when you have the file in front of you. When someone contacts tech support and says that they're song doesn't play, Apple will likely need to verify that this song belongs to YOUR account, right? For iTunes Plus, this will also mean the difference between whether "reverse sync" will work or not work. If they had my address and phone number in there, I'd be concerned. Name and e-mail? As long as its not transmissable/readable by outside scanners of my machine, I see NO issue.

Quote this post ↓

vasic said:

member since 09 Aug 2005 with 279 posts, unranked, send him a message or view his profile

Sun Jun 10, 2007 9:22 pm

Apple (much like all other online or offline retailers) HAS your name and e-mail (as well as your home address, home phone, credit card number, expiration date, security code for that credit card, your user name, as well as your password). They also have your entire purchasing history. You can actually see it for yourself from the Apple Store online (from iTunes, go to your account). If you every crashed your hard drive irrecoverably, Apple would let you download all the songs you have purchased. They will NOT need to look into the name-email tags in your files (they'd be gone by then anyway); they have it in their database.

The only reason these tags are there is so that YOU can know which files YOU bought, and which you ripped (or 'borrowed' from your iTunes-using friend). Fringe benefit (for RIAA) is that if YOU (or anyone else) shares this kind of a file, they'd know who it is. They'd have to (politely) ask Apple for more information and, if (and only if) Apple agrees they'd be coming over knocking.

This is a non-issue. Nobody can EVER get this information from your files, regardless of what you (legally) do with them. They have millions of other (easier) ways of finding your name and e-mail (this forum is one of them, for example).

Quote this post ↓

gslusher said:

member since 13 Nov 2002 with 2088 posts, unranked, send him a message or view his profile

Sun Jun 10, 2007 9:44 pm

vasic wrote:
Apple (much like all other online or offline retailers) HAS your name and e-mail (as well as your home address, home phone, credit card number, expiration date, security code for that credit card, your user name, as well as your password). They also have your entire purchasing history. You can actually see it for yourself from the Apple Store online (from iTunes, go to your account). If you every crashed your hard drive irrecoverably, Apple would let you download all the songs you have purchased. They will NOT need to look into the name-email tags in your files (they'd be gone by then anyway); they have it in their database.

True, except the bit about Apple allowing you to download purchased songs again. They are under no obligation to do that and, in fact, will not do it. (For one thing, how can they be sure that your hard drive really crashed?) That's why they suggest backing up your purchased songs.

"Why do I need to back up my music library?

Be sure to make regular backups of your music files (in your iTunes Music folder) by copying them to an external hard disk or other media. Otherwise, if your hard disk becomes damaged or you lose any of the music you've purchased, you'll have to buy any purchased music again to rebuild your library. "

You can reload purchased tracks from an iPod that is on the same iTunes Store account or another computer (also on the same account), an external HD, data DVDs, etc..

Quote this post ↓

Terrin said:

member since 29 Jan 2006 with 414 posts, unranked, send him a message or view his profile

Sun Jun 10, 2007 10:43 pm

Actually, it is not an advertised policy, but Apple has been known to allow users to download purchased songs again, but only once.

Quote this post ↓

A guest said: (hide)

Mon Jun 11, 2007 11:58 am

Guest wrote:
Great write up!

I suspect that the reasons may be less insidious. I wonder if this information is added by the local/client computer i.e. by iTunes (just like Word files will have info about who created it and when). May be it is to enable Apple to tell that you bought this single from iTunes and now want to buy the whole album ('complete my album' feature of iTunes).

Is this so that Apple can allow you to download all your purchased songs, if a disaster befell your hard drive-they allow a one time downloading of all songs if you lose your entire library. Without this information, how would you or Apple know which of the songs you have in your library you purchased from iTunes?

Undoubtedly, the embedded info will force people to go through hoops before they can share the songs indiscriminately on P2P networks.

No, this is not so you can re-download you purchased music if you hard drive failed. If you lose these files, they would not be retreivable and so that would totally defeat the purpose. Your purchase history is stored in a database on Apple's servers. For folks who care enough to serve up these files to P2P networks, the hopes aren't significant. Users can update the tags in a batch. It would take just a few seconds to tag an entire album: clear the values you want cleared, apply to all files.

Guest wrote:
I use the fake name that was taken from a character in the movie Revenge of the Nerds. My Apple account is in that name and, yes, that fake name does appear on all my bought and paid for tunes.

And this affects my privacy how?

Most people don't use fake names and are unware that their personal information is being embedded into the files. Since you used a false identity, it doesn't affect YOUR privacy, but it does affect the privacy of people who used their real names on their iTMS accounts which most people do.

Guest wrote:
I once ordered a CD online and my name and home address was visible on the package when they mailed it to me.

True, however the ability to reproduce that information and spread it is much more difficult since that was not an electronic copy.

Terrin wrote:

you can always write to Apple and tell them you prefer the information encrypted.

You can? I had no idea this was their policy. Since the fact that your personal information being embedded is not advertised, but only found through the discovery of curious individuals, I find it odd that this policy has not been advertised. Do you have a link showing this has been done or is something Apple will even do?

Guest wrote:
People regularly TRADE Word documents. When Apple allows you to download music to your computer there simply needs to be a clear way to identify who purchased what. When someone contacts tech support and says that they're song doesn't play, Apple will likely need to verify that this song belongs to YOUR account, right?

People don't regularly trade music files? As if. What songs you have purchased is stored in the Apple database, customer support does not need access to your files to know what songs you have purchased.

vasic wrote:
TFringe benefit (for RIAA) is that if YOU (or anyone else) shares this kind of a file, they'd know who it is.

Nobody can EVER get this information from your files, regardless of what you do with them.

Those two comments don't add up.

Quote this post ↓

Post Your Comments

  Remember Me

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.


Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.