LALA is a new streaming music service that allows you to listen to tracks from anywhere and to purchase MP3’s if you choose.

It has a really great feature that allows you to upload mp3’s from your own collection so that you can listen to them online. Apparently in a move to save bandwidth + space, LALA reads the tags on the MP3s before upload, and gives access to the streaming track if it already exists in LALA’s collection.

So… what’s to stop someone from downloading from the bay and uploading the MP3s?!? Now, you’ve got a “legit” version of the music  and no one is the wiser…

Similarly, if LALA  is just reading the tags… what’s to stop someone from uploading a file containing the ID3 tags of every file that LALA contains… Seems an easy way to gain access to every file they have.