Sunday, 24 October 2010

Apple personal information free give-away. Snoop it while it's hot!

    Hidden in music files gotten from iTunes is  all the information needed to identify you. You won’t find it disclosed in their published terms of use. It’s nowhere in the support documentation. There’s no mention in the digital receipt. Consumers are largely oblivious to this, but it could have future ramifications as the music industry takes another stab at locking down music files.
    Here’s how it works: Apple knows your private data; before making the song available for download their software embeds into the file either an account name or a transaction number or both. Once downloaded, the file has squirreled away this personal information in a manner where you can’t easily see it, but if someone knows where to look they can. This information doesn’t affect the audio fidelity, but it does permanently attach to the file data which can be used to trace back to the original purchaser which could be used at a later date.
    As usual Apple refused comment on the matter, but there’s ample proof of what’s transpiring. Using simple file comparison tools it’s possible to verify this behavior by purchasing identical songs using different accounts and see if they match. This unfortunately applies to both purchased and free music you might have gotten from the iStore - even if it's DRM free!

    When personal libraries are stored online, it becomes possible to retrieve this personal data and match it to a user identity. From here on two possibilities arise: your data is sent to the record label where it is indexed and collected or it can be blocked through a network DRM system such as the one Lala patented (which is now owned by Apple). 
    Getting sued by the record label is less likely and it really means you have to be statistically signifying, eg. share thousands of tracks online, but what is likely to happen is your personal data and transaction details being snooped out by online bots if you shared your iTunes collection or it can even be stolen directly from your hard drive. This is especially dangerous if you use MacOS.
    For the scheme to work record labels need all retailers to support this and so far some notable names are resisting. Napster, Amazon and UK based 7digital are selling clean MP3 files. Files purchased from these stores do not have any user information whatsoever embedded into them. Other retailers such as Apple  not only watermark the tracks you buy but if you parse them through iTunes (move them to your iPhone) they seem to be randomly watermaked again with the user's data taken from the Apple ID. What you have now is a track that contains info on who purchased it and who illegally owns it.
    You as a consumer don't have any information so that you can make an informed buying decision about whether to support dirty or clean MP3 vendors. If Barnes and Noble printed your name on pages of books you purchase that would be important information to know because it would affect the value of your book.
    These clandestine actions are even more worrisome because it could lead to a future lockdown of purchases or even worse, legal action if you are found to have given away or to own  tracks that belong to someone else. If the labels have plans to require cloud vendors to use this information in the future, they should disclose that as well.

So have your iPhone/iPod tracks been around lately?