Apple neglects to secure streaming album previews
Periodically, albums become available for live streaming on iTunes prior to their official release date. The hope is that not only do consumers get a chance to hear the album before buying it, but also that by offering a free and legal way to listen to the album before it’s available, there will be less motivation for eager fans to pirate leaked albums. With unreleased albums from Daft Punk and The National currently streaming on iTunes, 9to5Mac has discovered that the streams are being left completely unprotected, offering an easy way for pirates to get high-quality cuts of the albums before they’re officially released.
With traffic sniffing tools (such as Charles Proxy or HTTP Scoop) anybody can monitor their traffic while streaming the album which will show the URL of the M4P media file being streamed. Using this URL, users can easily save the album to their computer for future listening. While it’s true somebody could also just record the stream from their computer as they listen to it, it would lose some of the quality. Downloading the stream directly offers a crisp 256kbps AAC recording. It’s also true that rather than ending up with individual tracks that a listener can easily navigate through, you’re stuck with a single file that contains the whole album. You could split the album up into separate tracks yourself (though first you'd have to get around the DRM), but at that point it would be less effort for most people to just go pirate the album elsewhere. In fact, an illegal download of Daft Punk’s Random Access Memory currently available on a popular torrent site appears to have come from the iTunes M4P stream.
Admittedly, even if the streams were protected, piracy would still be happening. There are some people who just don’t want to pay for music. However, Apple’s handing these albums to pirates on a silver platter by offering up an unprotected, high-quality streams like this ahead of their release dates. Ironically, Apple has documentation available for developers that covers how to encrypt HTTP audio and video streams to protect from this sort of thing.