How “Dirty” MP3 Files Are A Back Door Into Cloud DRM
All the big music sellers may have moved to non-DRM MP3 files long ago, but the watermarking of files with your personal information continues. Most users who buy music don’t know about the marking of files, or don’t care. Unless those files are uploaded to BitTorrent or other P2P networks, there isn’t much to worry about.
A list of which music services are selling clean MP3 files without embedded personal information, and which aren’t, is here. Apple, LaLa (owned by Apple) and Walmart embed personal information. Amazon, Napster and the rest have resisted label pressure to do so.
A music industry insider who’s asked to remain anonymous writes to us:
Hidden in purchased music files from popular stores such as Apple and Walmart is information to identify the buyer and/or the transaction. You won’t find it disclosed in their published terms of use. It’s nowhere in their support documentation. There’s no mention in the digital receipt. Consumers are largely oblivious to this, but it could have future ramifications as the music industry takes another stab at locking down music files.
Here’s how it works. During the buying process a username and transaction ID are known by the online retailers. Before making the song available for download their software embeds into the file either an account name or a transaction number or both. Once downloaded, the file has squirreled away this personal information in a manner where you can’t easily see it, but if someone knows where to look they can. This information doesn’t affect the audio fidelity, but it does permanently attach to the file data which can be used to trace back to the original purchaser which could be used at a later date.
