You are here

How to Make Music Sharing Totally Legal

Updated 2007-05-24 8:38AM US/Eastern

Ever heard of MP3Tunes? It's a music locker called Oboe (and a brainchild of Michael Robertson) that currently has a terrible interface but some nice features: store unlimited numbers of songs for $40 a year (or you'll randomly get selected to get a free account upgraded to unlimited storage). It'll let you stream, downsample for you to handle different connection speeds, etc. Oh, and you can use it to make music sharing totally "legal."

See, MP3Tunes has this site called If you install a browser extension, as you travel around the web when it sees links that end in a supported music type it pops a little next to it. Click this, and it copies the file from the URL to your Oboe Music Locker. Easy-peasy. Now, to make things really nice for everyone, they maintain this site where you can search through all the tracks that any user has Sideloaded and add them to your Music Locker. They maintain track information and URL information; when you Sideload it it does a copy of the track from the original URL, if it's still valid, and places it in your Music Locker.

But let's perform a theoretical excerise. I use the excellent software Ampache to enable me to stream my music collection wherever I go. I also have a MP3Tunes account, which provides some peace of mind in terms of being a "backup" of my music (though I'll not go as far as deleting my local files), has a specialized mobile interface that works on my mobile phone, and crucially lets me stream without using my upload bandwidth when I so wish to keep it free.

In Ampache, I have it set up to allow me to have a direct link to tracks to paste into players or for downloading tracks if I so wish (after all, it's my music that I've paid for and I have every right to do so). But now with this Sideload extension, I have a little next to my direct links. So let's say that I don't have a track from my collection in my Oboe Music Locker. I click the and it happily informs me that it's been added to my locker. Once it's being added to your locker it doesn't just link to the file; it actually makes a copy of it. Of course, this is all still legit -- except that it also adds the track to, where anyone can save it (again, making an actual copy at this point) to their Oboe Music Lockers.

Did I mention you can download tracks from your Music Locker? Even ones that were added through Sideloading?

Now, why is this a legal problem for MP3Tunes and not me? Because I'm not actually making the copyrighted files public. See, you need a password to access files from Ampache. But once you're logged in you have a session ID that gets encoded in URLs, which is how you can then play the file from a music player. You don't see the session ID in URLs on many web sites because they don't need to maintain state across multiple applications accessing the site under the same session, which is a particular need of a music streaming web application. So when you Sideload it, a record of that track with that URL -- including the session ID -- gets added to Which means that for at least as long as your session ID is valid -- which may be a while, if you've set it that way for your own peace of not-typing-your-password-a-million-times mind -- anyone can grab that track from your server, courtesy of the database at (which if pretty much exactly how the sued-to-smithereens Napster worked, by maintaining a database of information about how to get users' tracks). So Sideload is making your private collection available for all to see, so long as the session remains valid.

It's not terribly convenient, but it really works -- to keep from self-incrimination I won't post photos of this process in action. But some track that previously was only mine and ripped from my CD is now available for anyone on the web who signs up for the free Music Locker to Sideload and then download (for about the next day or so), getting a full copy of the track in the process. If I wanted to, I could use a screen scraper or some other sort of script to do this for me. In fact, for the Sideloading part, I could even use their own API since the default partner token can be used. I could do this for the 40GB of music across thousands and thousands of tracks that I currently have available via my own private Ampache server -- and as far as I can tell, legally I won't have done a single thing wrong, because I was simply copying a track I have a legitimate right to hear and make a fair-use copy of (after all, I got the Music Locker for backup reasons) from a service only accessible by me to a storage location that is also only accessible by me. I protected the content to the best of my ability; every step along the way (so far as my control over the files was concerned) was barred by a password known only to me. Except that in the process, the nice folks at MP3Tunes also made that song available to absolutely everyone on the web by publicly publishing a URL allowing time-limited access to everyone.

I believe this puts liability in their court -- after all, as we've all been shown from the Napster and Grokster/Morpheus/KaZaA lawsuits, it can be legal for users to have copies of a copyrighted file, but publishing links to the files (or maintaining a database of them) can land you in a world of hurt. In addition, the session ID could be considered a "shared secret" that was compromised by MP3Tunes, making them the "piracy"-enablers and me a victim. If you post a password to someone's Amazon S3 account on the web, you get in trouble for it and be sued for it, not Amazon or the Amazon S3 user, even if you then download a stored piece of copyrighted material from their storage space. This isn't really any different.

So from the user's view, it seems to be totally legal music sharing. Go get it.

Please note that my tone is facetious; I'm not encouraging music "piracy." Nor am I trying to get MP3Tunes in legal trouble. In fact, I like MP3Tunes a lot. I like having the unlimited storage for my music, which if I wanted to archive on Amazon S3 would cost more than $40 a year, even at their cheap rates. I like being able to stream my music when I'm away from home without using my upload bandwidth, which is often being used for other needs. And I do like the idea of archiving music that's around the web and having easy access to it. But there's a loophole here big enough for a lawsuit, and if they get hit with it, they'll lose. Michael Robertson founded too, and we all know how that ended up -- and the lawsuit there was over a service very similar to this, where you could stream and download digital music files if you verified you had the CD by popping it in your computer's disc drive (but there was no way to prevent friends getting together and passing CDs around).

I want MP3Tunes to stay alive, but if they keep this up, it's only a matter of time before they get sued, and another useful service gets trampled by the boots of the RIAA lawyer army.

Continue reading "How to Make Music Sharing Totally Legal"