Search Slyck
Anonymous
Welcome
Privatunes: Stripping your Identity from iTunes
June 28, 2007
It's no secret that iTunes embeds a customer's account information in each track purchased. Why this information is embedded is not known, and our inquiries to Apple have gone unanswered. However for those concerned with their privacy, this inclusion of personal information is unacceptable. Whether this concern is warranted or not, the French P2P site Ratiatum.com took on the task of eliminating this perceived threat. The result? Privatunes.Privatunes is a simple application that strips the customer’s account information embedded on an iTunes purchase. Although iTunes has always included this information, awareness of this fact gained traction when Apple began selling EMI's "DRM-free" content. This was never an issue prior to iTunes selling EMI track, since few people are in the habit of sharing or distributing DRMed iTunes purchases.
However the purpose of DRM free music, at least within the file-sharing community, is for maximum interoperability and transportability. How will these aspects be compromised if one's identity is transferred along with a track? Ratiatum's editor Guillaume Champeau talked to Slyck.com about his site's new iTunes identity stripping application.
Slyck.com: Why do you suspect Apple includes the consumer's name and email information?
Guillaume: Apple has done that since the day one on DRMed files and they just kept doing it when they stopped putting DRM on the EMI catalog. We don't know exactly why. It's not an EMI requirement as other MP3 shops don't put that information within their files. It's probably an internal policy but it's still unclear at the moment.
Slyck.com: Who designed/programmed the application? Was this a collaborative effort?
Guillaume: It's been designed by the main developer of Ratiatum.com, who is also behind a third generation feed reader called Matoumba.com (a great tool that digs up stories based on the user reading habits - it works very well with P2P and digital media oriented news, by the way ;)). It's not yet a collaborative effort but it may become so when we release the source code.
Slyck.com: Are there any terms of service you know of that this software is in breach of?
Guillaume: It cannot be in violation of any terms of service, as iTunes Plus tracks are said to be "sold". Any terms of service that would restrict the use of the sold item would be violating the "sale" term. That is a key difference between selling something and renting it. In my opinion DRM songs are not sold but rented, for undefined amount of time. But when you sell DRM-free songs, you transferred the property with no restriction whatsoever on the use of the sold object. Only the law can restrict this after-sale use, and French law only prohibits the alteration of metadata when they are related to the identity of the rights holders and the management of these rights. It's not the case with AppleID information.
Slyck.com: What are the possibilities of releasing a Mac version in the near future?
Guillaume: It's been asked a lot since we released Privatunes and we designed it so that it can be easily compiled for other systems. So expect a Mac version to come very soon.
Slyck.com: What are your primary motivations for creating this tool?
Guillaume: It's mainly a question of respecting customer’s privacy and rights. We don't like the idea that our name and address would be stamped forever on a CD we buy at the shop nearby, or on whatever object we buy daily. Why should we accept this on digital files we buy? Is it the kind of Big Brother society we want to live in? I don't. Moreover, if someday you want to sell your iTunes tracks collection, will you do it if your name is written on every song? The idea of selling a digital collection sounds weird, but think about it. How is more stupid than selling a CD collection on eBay? It's just stupid because people would not buy MP3s they can have for free on P2P networks, but it's no stupid per se. If labels want to sell MP3s, customers should have the rights to re-sell them as well.
Slyck.com: From conceptualization to the program's actual release, how long did the entire process take?
Guillaume: It's hard to say as it wasn't a full time job. It took about a week to discover the data structure and about a day of coding.
Slyck.com: What are your hopes for this program?
Guillaume: That it becomes useless as fast as possible. I think the legislator who is so keen on protecting DRM should look at customer’s rights as well and forbid the attachment of personal information on digital files that are actually sold to the public. Or it should forbid the use of the term "sale" when it's only a long term rental.
The EFF (Electronic Frontier Foundation) further investigated the suspect files and discovered two bits of code that could compromise one's identity. Research by the EFF found there are a 1024 bit variant field labeled "sign" and a 630 variant field labeled "chtb". These fields were unique to each individual customer.
Guillaume's team recognized this as well, and told Slyck.com that, "We'll investigate the matter and probably update the software if we can confirm this is identifying information."
The question still remains why Apple embeds the consumer's information on purchased tracks. However it appears Ratiatum.com isn't waiting around for the answer.
Slyck.com: What are the possibilities of releasing a Mac version in the near future?
Guillaume: It's been asked a lot since we released Privatunes and we designed it so that it can be easily compiled for other systems. So expect a Mac version to come very soon.
Slyck.com: What are your primary motivations for creating this tool?
Guillaume: It's mainly a question of respecting customer’s privacy and rights. We don't like the idea that our name and address would be stamped forever on a CD we buy at the shop nearby, or on whatever object we buy daily. Why should we accept this on digital files we buy? Is it the kind of Big Brother society we want to live in? I don't. Moreover, if someday you want to sell your iTunes tracks collection, will you do it if your name is written on every song? The idea of selling a digital collection sounds weird, but think about it. How is more stupid than selling a CD collection on eBay? It's just stupid because people would not buy MP3s they can have for free on P2P networks, but it's no stupid per se. If labels want to sell MP3s, customers should have the rights to re-sell them as well.
Slyck.com: From conceptualization to the program's actual release, how long did the entire process take?
Guillaume: It's hard to say as it wasn't a full time job. It took about a week to discover the data structure and about a day of coding.
Slyck.com: What are your hopes for this program?
Guillaume: That it becomes useless as fast as possible. I think the legislator who is so keen on protecting DRM should look at customer’s rights as well and forbid the attachment of personal information on digital files that are actually sold to the public. Or it should forbid the use of the term "sale" when it's only a long term rental.
The EFF (Electronic Frontier Foundation) further investigated the suspect files and discovered two bits of code that could compromise one's identity. Research by the EFF found there are a 1024 bit variant field labeled "sign" and a 630 variant field labeled "chtb". These fields were unique to each individual customer.
Guillaume's team recognized this as well, and told Slyck.com that, "We'll investigate the matter and probably update the software if we can confirm this is identifying information."
The question still remains why Apple embeds the consumer's information on purchased tracks. However it appears Ratiatum.com isn't waiting around for the answer.
This story is filed in these Slyck News categories
Technology News :: Software
You can discuss this article here - 7 replies
Unlimited and
Uncensored Usenet Service
200 days binary retention, Unlimited Access, 99%+ Completion! Signup for Giganews' free trial account and try for yourself.
www.giganews.com
200 days binary retention, Unlimited Access, 99%+ Completion! Signup for Giganews' free trial account and try for yourself.
www.giganews.com
| Astraweb |   |
| EasyNews |  |
| Giganews | |
| Usenet-News | |
| Ngroups.NET | |
| NewsDemon | |
© 2001-2008 Slyck.com