MP3′s that you buy from iTunes, Wal-Mart, and Lala are earmarked with personal information to attach the MP3 to the individual that purchases it. Just because we won the battle over DRM doesn’t mean shit, apparently.

Hidden in purchased music files from popular stores such as Apple and Walmart is information to identify the buyer and/or the transaction. You won’t find it disclosed in their published terms of use. It’s nowhere in their support documentation. There’s no mention in the digital receipt. Consumers are largely oblivious to this, but it could have future ramifications as the music industry takes another stab at locking down music files.

Here’s how it works. During the buying process a username and transaction ID are known by the online retailers. Before making the song available for download their software embeds into the file either an account name or a transaction number or both. Once downloaded, the file has squirreled away this personal information in a manner where you can’t easily see it, but if someone knows where to look they can. This information doesn’t affect the audio fidelity, but it does permanently attach to the file data which can be used to trace back to the original purchaser which could be used at a later date.

Retailers aren’t talking, but there’s ample proof of what’s transpiring. Using simple file comparison tools it’s possible to verify this behavior by purchasing identical songs using different accounts and see if they match. I emailed support departments for several retailers asking if they would acknowledge these actions and inquiring about what specific information they are embedding. Only 7digital responded saying they don’t use any watermarks. What retailers won’t say publicly is that the major record labels are requiring this behavior as a precondition to sell their music.

Certain record labels have aspirations to use this hidden data to control future access to music in a return to DRM (digital rights management). The labels yearn to control where you can listen to your music and this could be a backdoor for them to achieve it. When personal libraries are stored in the cloud, it becomes possible to retrieve this personal data and match it to a user identity. If the match is successful the song plays, but if not, access can be blocked through a network DRM system such as the one Lala patented (which is now owned by Apple).

You can see a list of which providers are selling clean vs. dirty mp3′s here.

(via TechCrunch)