Friday, March 18, 2005 |
09:33 - Never underestimate the human capacity for genius in cheating
http://www.engadget.com/entry/1234000267036571/
|
(top) |
Via several: looks like the iTMS has been cracked. At least temporarily.
Seems that our good friend discovered that when you buy something from the iTMS, the DRM is only added to the tracks after you’ve purchased and downloaded them, which sort of makes sense since they do need to be tagged to your account. You’ll still have to actually pay for the music, but PyMusique conveniently neglects to wrap the file with any copy protection, which means you’re free to do what you want with the unrestricted file, including copying it to multiple machines or sharing it over P2P. Hard to imagine how this could possibly be legal, since Apple specifically requires you to access the iTMS only through their software (Laurie Duncan actually read the ToS and checked), but you may as well enjoy the next six to twelve hours before Apple devises a way lock PyMusique users out.
Yeah. The key thing to note here is that it's still entirely withing Apple's capabilities to plug this hole, even through something as quick-and-dirty as changing the way in which it verifies that it's actually talking to iTunes. The longer-term solution would be to adjust how their tagging system works so that it doesn't start the download until a file's been tagged. But however they do it, the point is that they can. Whereas Napster is pretty much SOL in the model they've chosen.
The reality of the world is that these DRM systems will be cracked. Apple's model is to take that into account, making sure that even someone determinedly re-recording AACs into MP3s through an audio capture loop still has to buy the music in the first place, making the risk a linear one—$1 per breached song. (This crack still matches that same risk profile: people using PyMusique still have to buy the original download; they just don't have to re-record it afterwards. Apple's technically no worse off than they were before.) But the music stores that rely on client-side validation of downloaded music, where they can crack songs at their leisure after they've been essentially allowed to download them without limit or marginal cost... it works great on a planet with no crackers, but the instant someone starts seeing where the weaknesses are, the entire model breaks down, and the risk is geometric, even exponential.
So, nothing even particularly surprising here. But it just illustrates further what kind of model can survive in the digital world and what kinds can't.
|
|