RSS
 

Record company required data

10 Jun

I was buying an MP3 album from Amazon the other evening, when I spotted a link to this statement:

The record company that supplies this song or album requires all companies that sell its downloadable music to include identifiers with the downloads.  Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon’s digital signature, and an identifier that can be used to determine whether the audio has been modified.  In addition, Amazon inserts the first part of the email address associated with your Amazon.com account, so that you know these files are unique to you.

So after downloading the songs, I looked at the files with a binary viewer.  At the beginning of the music file in a private portion of the ID3 tag is a small XML file with all of my purchase information:

PRIV www.amazon.com
<?xml version="1.0" encoding="UTF-8"?>
<uits:UITS xmlns:uits="http://www.udirector.net/schemas/2009/uits/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<metadata>
<nonce>A2iypxZe\</nonce>
<Distributor>Amazon.com\</Distributor>
<Time>2011-06-09T02:07:24Z\</Time>
<ProductID type="UPC" completed="true">00731451469626\</ProductID>
<AssetID type="ISRC">GBAAN9300103\</AssetID>
<TID version="1">we/TZ6xKpBy5iS2Iarj3Qg9D3o2peqx5\</TID>
<UID version="1">info\</UID>
<Media algorithm="SHA256">e22c0ed224ca5cea4c4c205e8a2248197118093265042fa3de9f7c161396a93a\</Media>
</metadata>
<signature algorithm="DSA2048" canonicalization="none" keyID="9b3a598acfcfea37b486aba46bdfb50c92b8f7fe">
MCwCFAJisz2c1ks/zGrrUePJGmS/1KxgAhQW0+OrlLtzn2ULedD0uLw5Sowb7Q==
</signature>
</uits:UITS>

To the untrained eye it looks unintelligible. The Time section contains the date and time of my purchase; the TID is the transaction number of the sale, which in Amazon’s database has my credit card info, address, etc.; the UID is the first part of the e-mail address I used (“info”).  There is other uniquely identifiable in there, too.

Since this information is required by the record cartel, it’s main purpose is to identify people who publicly share files.  Should any of my files escape into the wild, I would be identified and arrested or sued by the cartel, even if I wasn’t intentionally sharing the files.

What if I lost my MP3 player or it was stolen? What if my laptop was stolen?  All of those music files would end up in someone else’s collection and possibly shared and I’d get blamed for it.  I can think of a lot of scenarios where having MY information unwillingly embedded in MY files for the sake of making it easier to prosecute file sharers is not a good idea.

I looked around for an utility that would strip this particular info and couldn’t find one.  So I decided to write my own.   And I decided to make it remove iTunes stuff, too, since I don’t use it.

It’s called “iDesiccate”.  It runs on Windows and can be downloaded here if you would like to use it.

The program will clean your files in batch mode.  You start by selecting the folder of the files you want checked.  It will search any sub-folders.

A few notes on the options.  If you want to remove Amazon info, check the PRIV and COMM boxes.  If you want to remove iTunes info, check COMM and UFID.  Checking COMM will remove all comments from your tags.   Right now it only works on mp3 files. I don’t have any Apple files (m4A?) to try it on.

I’ve run over 2000 files through it as a test and there weren’t any problems.  But I can’t guarantee that if you have a corrupted file that iDesiccate won’t corrupt it further.  So back up your files first and run small batches through it.  Let me know if you encounter a problem.

I’ve provided an option where you can run through your files first without making any changes.  This will give you a preview of what it will do to the files.

iDesiccate will remember your settings next time you use it.

I hope this solftware tool is helpful.  Writing it made me feel somewhat re-empowered.

[5+ years later]

The source code can be downloaded here. As far as I am concerned, it’s public domain. It is written in C# for Microsoft Visual Studio 2005.

 
 

Tags:

Leave a Reply

 
 
  1. Chris

    June 10, 2011 at 10:05 pm

    Oh, very, very cool. I’m running the log option right now – the red highlighting’s a very nice touch indeed.

    Thank you!

     
    • randyg

      June 11, 2011 at 6:37 am

      Heh… the red highlighting was the last touch I put on the program. 🙂 Hopefully everything worked ok for you.

       
      • Chris

        June 11, 2011 at 8:30 am

        Well, I did freeze my backup and check a bunch of songs after they were modified, just in case. 🙂 But all went well! Thanks!

         
  2. Jason

    June 10, 2011 at 10:18 pm

    ~nods and smiles~

     
    • randyg

      June 11, 2011 at 6:39 am

      I just want control. 😉

       
      • Jason

        June 11, 2011 at 12:33 pm

        oh, I am pretty sure you have it. 🙂

         
  3. Liz

    June 11, 2011 at 9:46 pm

    This is great information! Thank you. You know my lack of technical skills! but will this work on music downloaded from iTunes? I don’t have much as I usually just buy the CD and load it to my Nano.

     
    • randyg

      June 12, 2011 at 7:53 am

      It will remove iTunes information from older files. I haven’t tried it with files recently purchased from iTunes because I don’t have any to test. If you have a recently purchased file, you can send it to me and I’ll test it.

      It’s possible that iTunes will add personal information when you load a CD to your player. I don’t trust the iTunes program at all, which is why I uninstalled it long ago.

       
  4. Boil

    June 12, 2011 at 8:44 am

    Randy, you’re my hero. After some boundary condition testing I’ll be running my entire collection through this… for science.

     
    • randyg

      June 15, 2011 at 1:06 pm

      Furthering our knowledge of science is always a good thing. 😀

       
  5. Dan

    June 14, 2011 at 1:33 pm

    I’ve been searching for something like this since I read an article about this well over a year ago. FYI: http://techcrunch.com/2010/04/06/how-dirty-mp3-files-are-a-back-door-into-cloud-drm/

    If you like I can send you some m4a files to play with. Drop me an e-mail. Thanks for writing this program!

     
    • randyg

      June 15, 2011 at 1:05 pm

      Thanks for the link to techcrunch. They need to update the info on Amazon selling clean files.

      I’d like an m4a file to test, especially if originally purchased from iTunes.

       
  6. Stumbling Over Chaos :: Frazzled linkity feels flighty

    June 17, 2011 at 1:03 am

    […] If you’d rather that the music in your music library wasn’t filled with identifying data…. (I ran the program and it worked very well.) […]

     
  7. Kyle

    December 10, 2017 at 7:47 pm

    Found this post buried in comment threads about using Python to perform the same work. iDesiccate worked great to remove the PRIV tag from tracks downloaded from Google Play music, too. Thank you!

     
 
css.php