Friday, May 27, 2011

Personal Data in Amazon MP3s

In December I discussed the buyer ID data that Amazon is placing in MP3 files, noted that the standard tools seem to not notice these IDs, and expressed a desire to write a script to display these IDs. See and

First, the script:
// Time-stamp: <2011-05-27 22:23:37 jdm>

// JFlex script to look for UID tags in an MP3 received from Amazon. If
// such a tag is encountered, it is displayed. Otherwise, there is no
// output.

// Compiling (assuming JFlex is installed)
// jflex findUID.lex
// javac

// Running:
// java Yylex <MP3 file name>

// Bugs:
// A left angle bracket, <, within the UID will cause the tag to not be
// displayed.
// Even though the MP3s that I have seen with UID tags have the tags
// near the beginning of the file and only one UID tag per file, this
// searches the entire (possibly long) file and will display multiple
// UIDs if found. Though this is probably not a bug, it does cause a
// perceptible delay.




openAngle  = <
uid        = UID
stuff      = [^<]+
tagEnd     = "</UID"
closeAngle = >
tag        = {openAngle}{uid}{stuff}{tagEnd}{closeAngle}


{tag} { System.out.println(yytext()); return 0; }

.     { return 0; }

\n     { return 0; }

\r     { return 0; }

As mentioned in the comments, this is a JFlex script. JFlex's lineage dates back to the standard Unix lexical analyzer-building tool, lex, which was superseded by flex. JLex has been well-known in the Java community for awhile, but work on it seems to have ceased. JFlex, however, appears to be an active project (and an Ubuntu package). Of course, it works on Windows, too.  See

It turns out that Amazon informs the consumer when an MP3 will contain identifying information. I did not notice this before Michael D. pointed it out to me in January. The Amazon notice is in the product details and says "Record Company Required Metadata: Music file contains unique purchase identifier." Then they have a "Learn More" link. This is what Amazon has to say:

Record Company Required Metadata

The record company that supplies this song or album requires all companies that sell its downloadable music to include identifiers with the downloads.  Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon's digital signature, and an identifier that can be used to determine whether the audio has been modified.  In addition, Amazon inserts the first part of the email address associated with your account, so that you know these files are unique to you. Songs that include these identifiers are marked on their product detail page on  These identifiers do not affect the playback experience in any way.
The idea seems to be that the record companies are requiring Amazon to put the information in, and Amazon is being honest about what's in there, though most consumers likely never see this information and never notice the link to it.

A few comments are in order.
  • My script displays the UID tag and contents, but does not modify or remove it. I have no intention of providing such a script.
  • People share MP3s at their own risk. As someone who has made good money developing software, I understand their need to earn a living. I even understand, though am less sympathetic toward, the RIAA's outrageous damage claims in suits. Any individual's decision to share, or not, is between him, his conscience, and the RIAA.
  • The UID is the user's Amazon user ID. On the MP3s containing the UID that I have, my script displays this:  <UID version="1">martensjd</UID>. That's me. 
  • Amazon says there is other identifying information embedded in the MP3. Read the statement above. So stripping this out will not be sufficient to hide the original buyer.
  • I would rather not have this in my media files, but I don't object strongly enough to go through the files stripping it all out.

Saturday, May 21, 2011

4G In Catonsville

I used to be a Xohm customer, and then Xohm switched to Clear. In time I was unhappy enough with Clear's service that it became time to switch myself, to Verizon FiOS. Xohm and Clear offered 802.16 (WiMAX) to home and mobile users at around, optimistically, 4Mb/s. FiOS is faster, typically 15Mb/s at my tier.

Clear ( is now marketing their wireless Internet vaguely as 4G. They are also advertising lower speeds than before, which makes it unclear what technology they are using. 4G is a marketing term, and from an engineering or technical perspective, meaningless. Granted, WiMAX is also a marketing term (IEEE originally referred to 802.16 as Wireless MAN), but at least WiMAX actually means something.

Xohm marketed their service as WiMAX, and reading the fine print it was clearly 802.16. Clear has dummied their web site down to the extent that there is nary a clue what technology they are using. Actually, a bit more digging leads to a release at that mentions legacy and mobile WiMAX, but also mentions partners using other technologies. Perhaps Clear is still predominantly 802.16, but advertised at a lower rate, which is consistent with what I was seeing when I canceled my Clear service. It may be that they are simply provisioning their towers at a lower rate per customer. The dumbing down of their web site is unfortunate.

Of course, Verizon is vague at their web site about what FiOS is, and I think there is an intentional effort on the parts of corporations in general to make it difficult for consumers to compare what different vendors are actually providing.

Why do I care? I just got my latest Verizon FiOS bill. It was $55, which is a lot for Internet service. Clear is $35, which is high for the poor performance they offer. So it was time to look around. Also time to reevaluate whether I really need Internet access at home.

One of the appealing things about Xohm when they came to Baltimore was the promise of $35 per month  for Internet access for life. But then Clear came in and reduce the service level. So it goes.

Of course, Judgment Day is today so maybe this is the beginning of my five months of torment.

Monday, May 16, 2011

Catonsville Nine Commemoration

Some of the real heroes of the Vietnam era anti-war movement are being commemorated Saturday 5/21. From the Indypendent Reader at


May 21, 2011 - 12:00 - 14:00

The Baltimore Phil Berrigan Memorial Chapter of Veterans For Peace on Saturday 21 May
at 12 noon will commemorate the Catonsville Nine Viet Nam draft file burning action taken
by the chapter's namesake Phil Berrigan and 8 others.  Forty three years ago on May 17th
9 peace activists took draft files from the Catonsville Draft Board office and burned them
with homemade napalm in a Catonsville parking lot, and were eventually sentenced to jail
for their action.

At noon Baltimore VFP will gather at the Catonsville Post Office at Frederick Road and
Beaumont across from the Catonsville Public Library to vigil and hand out flyers, and will
later adjourn to the Knights of Columbus parking lot across the street for recollections
and fellowship. Please join us. Bring banners and posters. For information call Ellen
Barfield at 410-243-5876, or e-mail


Catonsville Post Office
Frederick Road and
Baltimore, MD
United States
39° 36' 32.3712" N, 77° 42' 18.1764" W

Monday, May 2, 2011

How to get Personal Information from Morons, Part II

Saturday I spent a few minutes messing with a phishing site that was trying to mess with me, I stopped at the point that it wanted a cell number, and rejected made-up ones. I didn't have a number I was willing to give them in order to receive their texts. This morning a colleague donated his recently-disused number, so I gave it another shot.

I ended up at, which tried to install a browser extension.

At this point I stopped.