ReDigi is a site that allows you either to resell your music songs that you do not want anymore, or purchase music songs that people do not want anymore. In other words, a second-hand market for music.
How does it work, from the user point of view:
- Alice user subscribes to the service
- ReDigi locates the songs Alice may resell (either purchase with iTunes, or ReDigi)
- Alice selects the songs to sell and reDigi stores them in the cloud while wiping out the copies on the computers
- As long as the song is not yet sold, Alice can stream it
- Once Bob purchased it, she cannot anymore listen to it.
- If ever a copy of the sold song appears again on Alice’s device(s), she is notified.
- She has to install a software called Music Manager
- Music Manager explores the directories and spots the iTunes and ReDigi songs. It most probably directly jumps to the FairPlay protected directory to find the licenses. It checks if it is legal (in other words if it can access the key, then meaning that it was bound to the device)
- It uploads the file (and probably the license) to the cloud and erases the accessible song. At next sync, all iTunes copies should disappear.
- The uploaded copy is marked as such until it is sold
- Mark it for somebody else. I would like to know if they rebuild their own license or a new iTunes license.
- During phase 3, it extracts a fingerprint of the song. Music Manager scouts the hard drive to find copies. I was not able to find if the fingerprint is a basic crypto hash (md5) or a real audio fingerprint. If it is the second case, then funny things may happen.
Alice purchased Song1 on iTunes. Later she purchase the full album on a CD. Thus, she resells the iTunes song1, and rips her CD. A legit copy of Song1 will reappear on her drive. Music Manager will complain (ReDigi claims that after numerous complaints that would not be obeyed, i.e., the song is erased, the subscription is cancelled)
Obviously, if it is just the hash, then the system can be easily bypassed.
The interesting question is not if the system can be bypassed. I am sure that the readers of this blog have already guessed at least one or two ways to hack it. It is not complex, and I will not elaborate on it.
The interesting question is to know if it is legal to resell a digital song. There is a US first sale doctrine that allows to resell your own goods, nevertheless the answer may perhaps not be so trivial. See this article. We will soon have a (first) answer. On January 2012, Capitol Records filed a suit against ReDigi. On February 2012, the district court rejected the preliminary injunction. Oral arguments should start on October 5. This article gives a good summary of the legal case.