Record company required data

I was buying an MP3 album from Amazon the other evening, when I spotted a link to this statement:

The record company that supplies this song or album requires all companies that sell its downloadable music to include identifiers with the downloads.  Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon’s digital signature, and an identifier that can be used to determine whether the audio has been modified.  In addition, Amazon inserts the first part of the email address associated with your Amazon.com account, so that you know these files are unique to you.

So after downloading the songs, I looked at the files with a binary viewer.  At the beginning of the music file in a private portion of the ID3 tag is a small XML file with all of my purchase information:

PRIV www.amazon.com
<?xml version="1.0" encoding="UTF-8"?>
<uits:UITS xmlns:uits="http://www.udirector.net/schemas/2009/uits/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<metadata>
<nonce>A2iypxZe\</nonce>
<Distributor>Amazon.com\</Distributor>
<Time>2011-06-09T02:07:24Z\</Time>
<ProductID type="UPC" completed="true">00731451469626\</ProductID>
<AssetID type="ISRC">GBAAN9300103\</AssetID>
<TID version="1">we/TZ6xKpBy5iS2Iarj3Qg9D3o2peqx5\</TID>
<UID version="1">info\</UID>
<Media algorithm="SHA256">e22c0ed224ca5cea4c4c205e8a2248197118093265042fa3de9f7c161396a93a\</Media>
</metadata>
<signature algorithm="DSA2048" canonicalization="none" keyID="9b3a598acfcfea37b486aba46bdfb50c92b8f7fe">
MCwCFAJisz2c1ks/zGrrUePJGmS/1KxgAhQW0+OrlLtzn2ULedD0uLw5Sowb7Q==
</signature>
</uits:UITS>

To the untrained eye it looks unintelligible. The Time section contains the date and time of my purchase; the TID is the transaction number of the sale, which in Amazon’s database has my credit card info, address, etc.; the UID is the first part of the e-mail address I used (“info”).  There is other uniquely identifiable in there, too.

Since this information is required by the record cartel, it’s main purpose is to identify people who publicly share files.  Should any of my files escape into the wild, I would be identified and arrested or sued by the cartel, even if I wasn’t intentionally sharing the files.

What if I lost my MP3 player or it was stolen? What if my laptop was stolen?  All of those music files would end up in someone else’s collection and possibly shared and I’d get blamed for it.  I can think of a lot of scenarios where having MY information unwillingly embedded in MY files for the sake of making it easier to prosecute file sharers is not a good idea.

I looked around for an utility that would strip this particular info and couldn’t find one.  So I decided to write my own.   And I decided to make it remove iTunes stuff, too, since I don’t use it.

It’s called “iDesiccate”.  It runs on Windows and can be downloaded here if you would like to use it.

The program will clean your files in batch mode.  You start by selecting the folder of the files you want checked.  It will search any sub-folders.

A few notes on the options.  If you want to remove Amazon info, check the PRIV and COMM boxes.  If you want to remove iTunes info, check COMM and UFID.  Checking COMM will remove all comments from your tags.   Right now it only works on mp3 files. I don’t have any Apple files (m4A?) to try it on.

I’ve run over 2000 files through it as a test and there weren’t any problems.  But I can’t guarantee that if you have a corrupted file that iDesiccate won’t corrupt it further.  So back up your files first and run small batches through it.  Let me know if you encounter a problem.

I’ve provided an option where you can run through your files first without making any changes.  This will give you a preview of what it will do to the files.

iDesiccate will remember your settings next time you use it.

I hope this solftware tool is helpful.  Writing it made me feel somewhat re-empowered.

[5+ years later]

The source code can be downloaded here. As far as I am concerned, it’s public domain. It is written in C# for Microsoft Visual Studio 2005.

15 thoughts on “Record company required data

  1. This is great information! Thank you. You know my lack of technical skills! but will this work on music downloaded from iTunes? I don’t have much as I usually just buy the CD and load it to my Nano.

    • It will remove iTunes information from older files. I haven’t tried it with files recently purchased from iTunes because I don’t have any to test. If you have a recently purchased file, you can send it to me and I’ll test it.

      It’s possible that iTunes will add personal information when you load a CD to your player. I don’t trust the iTunes program at all, which is why I uninstalled it long ago.

  2. Randy, you’re my hero. After some boundary condition testing I’ll be running my entire collection through this… for science.

    • Thanks for the link to techcrunch. They need to update the info on Amazon selling clean files.

      I’d like an m4a file to test, especially if originally purchased from iTunes.

  3. Pingback: Stumbling Over Chaos :: Frazzled linkity feels flighty

  4. Found this post buried in comment threads about using Python to perform the same work. iDesiccate worked great to remove the PRIV tag from tracks downloaded from Google Play music, too. Thank you!

  5. Cannot be installed on Windows 10 :(. Setup.exe tries to open desiccate.application, concludes it is from an “unknown publisher” and refuses. Even in Windows XP compatibility mode.

Leave a Reply to Liz Cancel reply

Your email address will not be published. Required fields are marked *