I was buying an MP3 album from Amazon the other evening, when I spotted a link to this statement:
The record company that supplies this song or album requires all companies that sell its downloadable music to include identifiers with the downloads. Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon’s digital signature, and an identifier that can be used to determine whether the audio has been modified. In addition, Amazon inserts the first part of the email address associated with your Amazon.com account, so that you know these files are unique to you.
So after downloading the songs, I looked at the files with a binary viewer. At the beginning of the music file in a private portion of the ID3 tag is a small XML file with all of my purchase information:
<?xml version="1.0" encoding="UTF-8"?>
<uits:UITS xmlns:uits="http://www.udirector.net/schemas/2009/uits/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProductID type="UPC" completed="true">00731451469626\</ProductID>
<signature algorithm="DSA2048" canonicalization="none" keyID="9b3a598acfcfea37b486aba46bdfb50c92b8f7fe">
To the untrained eye it looks unintelligible. The Time section contains the date and time of my purchase; the TID is the transaction number of the sale, which in Amazon’s database has my credit card info, address, etc.; the UID is the first part of the e-mail address I used (“info”). There is other uniquely identifiable in there, too.
Since this information is required by the record cartel, it’s main purpose is to identify people who publicly share files. Should any of my files escape into the wild, I would be identified and arrested or sued by the cartel, even if I wasn’t intentionally sharing the files.
What if I lost my MP3 player or it was stolen? What if my laptop was stolen? All of those music files would end up in someone else’s collection and possibly shared and I’d get blamed for it. I can think of a lot of scenarios where having MY information unwillingly embedded in MY files for the sake of making it easier to prosecute file sharers is not a good idea.
I looked around for an utility that would strip this particular info and couldn’t find one. So I decided to write my own. And I decided to make it remove iTunes stuff, too, since I don’t use it.
It’s called “iDesiccate”. It runs on Windows and can be downloaded here if you would like to use it.
The program will clean your files in batch mode. You start by selecting the folder of the files you want checked. It will search any sub-folders.
A few notes on the options. If you want to remove Amazon info, check the PRIV and COMM boxes. If you want to remove iTunes info, check COMM and UFID. Checking COMM will remove all comments from your tags. Right now it only works on mp3 files. I don’t have any Apple files (m4A?) to try it on.
I’ve run over 2000 files through it as a test and there weren’t any problems. But I can’t guarantee that if you have a corrupted file that iDesiccate won’t corrupt it further. So back up your files first and run small batches through it. Let me know if you encounter a problem.
iDesiccate will remember your settings next time you use it.
I hope this solftware tool is helpful. Writing it made me feel somewhat re-empowered.
[5+ years later]
The source code can be downloaded here. As far as I am concerned, it’s public domain. It is written in C# for Microsoft Visual Studio 2005.