Apple sells DRM-free music. Throws in your personal data for free

Well, well. I’d been wondering about this, and now ArsTechnica confirms it

With great power comes great responsibility, and apparently with DRM-free music comes files embedded with identifying information. Such is the situation with Apple’s new DRM-free music: songs sold without DRM still have a user’s full name and account e-mail embedded in them, which means that dropping that new DRM-free song on your favorite P2P network could come back to bite you.

We started examining the files this morning and noticed our names and e-mail addresses in the files, and we’ve found corroboration of the find at TUAW, as well. But there’s more to the story: Apple embeds your account information in all songs sold on the store, not just DRM-free songs. Previously it wasn’t much of a big deal, since no one could imagine users sharing encrypted, DRMed content. But now that DRM-free music from Apple is on the loose, the hidden data is more significant since it could theoretically be used to trace shared tunes back to the original owner. It must also be kept in mind that this kind of information could be spoofed.

Concerned users could convert selections to MP3, but there will be a generational loss in quality resulting from the transcoding. We also have to wonder: who is buying DRM-free music with the plans of slapping it up on a P2P share, anyway? It’s not like there aren’t dozens of other ways to get access to music without paying for it…