For Debate: Is Apple Using Steganography In iTunes Plus Songs?

[johnee]

I VERY much understand it.

You only need to be paranoid about things you do wrong. If you don't do anything wrong there is nothing to be paraniod about.

no, the information being stored (that is, if there is information being stored), might be obtained from my computer after I simply buy the song, say from a virus. I didn't do anything wrong, but yet my account info has been read.

Are you understanding what i meant by that info being used in ways that it wasn't intended to be used?

 

[WestonHarvey1]

How?

I guess i don't understand how most of you feel this is ok. I want to reduce the ways people/companies can track me, not allow them to increase that type of activity. especially without my knowledge.

a bit big brother-esque if you ask me.

How are they going to track you... maybe if you drop your iPod on the subway? Maybe you'll get it back, then.

 

[WestonHarvey1]

Uhh..

no, the information being stored (that is, if there is information being stored), might be obtained from my computer after I simply buy the song, say from a virus. I didn't do anything wrong, but yet my account info has been read.

Are you understanding what i meant by that info being used in ways that it wasn't intended to be used?

Like the rest of your user files aren't *packed full* of your user information? You're at least in total control of these files. Why are you worried about them, yet not worried about all the billions of websites you have signed up on with personal information? You have zero control over what is done with that, "Privacy Policies" be damned.

 

[rjstanford]

Read the article again. The name-string is in the meta data. The file was STRIPPED of the meta data, and was still different.

Actually, it wasn't. The song was incompletely stripped of meta-data, by a program that Apple didn't represent as being theirs. Apple very plainly puts meta-data into the AAC file - and they've been very open about this. The fact that they place it into the file in more places than the 3rd party vendor who wrote the meta-data-stripper utility was considering is Apple's fault how, exactly?

After all, iTunes is also consistent and doesn't let you (or encourage you to) remove that piece of meta-data in any way; so I really don't see how you're blaming them on this one.

 

[PCMacUser]

What happens if you have an external disk or laptop full of your iTunes music, and someone steals it and then shares the music from it? Apple somehow sees that all of this shared music has come from you, and therefore you get sued or prosecuted. You tell them that your disk got stolen, but you didn't report it to the police because it wasn't significant enough and you knew they wouldn't do anything about it. Apple say 'prove it was stolen', but you can't. Doh.

 

[Bern]

no, the information being stored (that is, if there is information being stored), might be obtained from my computer after I simply buy the song, say from a virus. I didn't do anything wrong, but yet my account info has been read.

Are you understanding what i meant by that info being used in ways that it wasn't intended to be used?

And eventually when you're listening to your iTunes bought music... suddenly.. within the music..... subliminal messages start to play.....buy Vista.... buy vista... get the wow now...

 

[johnee]

Oh come on... once you get a driver's license, a passport, a credit card or even a public health card all the personal information about you is already out there.

Some of you need to get a hobby. Be paranoid if you're doing something you shouldn't be.

you're making my case even stronger. There is already a lot of information out there. I wonder if the increase in the ubiquity of personal data is a directly proportional to the skyrocketing identity theft trend, hmmm, let's think about that.

My point is to reduce any and all personal info released out in the wild.

And eventually when you're listening to your iTunes bought music... suddenly.. within the music..... subliminal messages start to play.....buy Vista.... buy vista... get the wow now...

god i wish

 

[Torajima]

If those who wish to do illegal deeds are going to be held accountable and this is the only way to do it, why not?

Because when a friend copies some of your mp3s without permission, or someone hacks into your machine and grabs your music without your knowledge (and even on a mac, this CAN happen), you are the one that the RIAA is going to come after.

And even without the threat of the RIAA dragging you to court, I simply don't like the idea of "Big Brother" tracking everything I do. Apple doing this is no better than Microsoft.

 

[nagromme]

you're making my case even stronger. There is already a lot of information out there. I wonder if the increase in the ubiquity of personal data is a directly proportional to the skyrocketing identity theft trend, hmmm, let's think about that.

My point is to reduce any and all personal info released out in the wild.

What info do you think is embedded? I'm thinking it's your account ID, i.e. email address, which a million virus and spam companies already have. If you want to protect that address, don't be paranoid about someone breaking in and stealing your music and then harvesting your address... be paranoid about ever sending an email to a Windows user Because the next virus they get can harvest your address from their inbox.

 

[RichP]

This is another pointless debate...

TRACK YOU? You bought the stupid music on iTUNES, its already documented clear-as-day. I dont like big-brother stuff as much as anyone else, but I dont see this being a problem.

Hell, Im suprised iTunes doesnt encode every AAC file it makes (off of CDs) with user info.

 

[Baja2k]

What happens if you have an external disk or laptop full of your iTunes music, and someone steals it and then shares the music from it? Apple somehow sees that all of this shared music has come from you, and therefore you get sued or prosecuted. You tell them that your disk got stolen, but you didn't report it to the police because it wasn't significant enough and you knew they wouldn't do anything about it. Apple say 'prove it was stolen', but you can't. Doh.

Well you make my case statement above even better. No computer needed. It can happen and the guys bent on piracy would probably use the same defense as well.

 

[nagromme]

This is another pointless debate...

I disagree. Any time Apple drags the music industry kicking and screaming in a better direction, Apple deserves our outrage and fury for not dragging them further

As for Apple saying "prove it's stolen"... two things: a) Apple won't care, it's the RIAA, and b) You are innocent until proven guilty, not the other way around.

Interesting scenarios though I would prefer if Apple stated something in their fine print (which makes a better deterrent anyway) but I can think of a million things I care about a lot more, like getting more labels on board with iTunes Plus.

 

[asrmatt]

Code

And what's the secret embedded message? 4 8 15 16 23 42?

 

[aria505]

The way DRM should be implemented

I think this is brilliant. This is how DRM should have been implemented from the start. And yes this is a form of DRM. This is a psychological form of DRM.

DRM is needed, but not the horrible kind that actually limits our fair rights to the music we purchase.

This form doesn't limit our use of the music at all. What it does do is help limit the sharing of music because we know that our names are going to be all over the music if we let it roam out of our control.

Great Job Apple. You have come up with a solution that uses the best technology available, the brains of your customers.

 

[Baja2k]

And what's the secret embedded message? 4 8 15 16 23 42?

Hey that looks very similar to my credit card number that I registered with Itunes. Great now all they have to do is fill in the last 6 numbers.

It's probably in another part of the file anyway....

 

[Sabon]

no, the information being stored (that is, if there is information being stored), might be obtained from my computer after I simply buy the song, say from a virus. I didn't do anything wrong, but yet my account info has been read.

Are you understanding what i meant by that info being used in ways that it wasn't intended to be used?

Don't open files unless you know who and why you are getting them.
Don't use a Windows computer and you won't have to worry about viruses.
Like the other guy said. Your information is ALREADY all out there on the internet.
Stop being paranoid.

 

[FoxyKaye]

I just assumed that without blatant DRM that Apple would do *something* to tag the music files it sold with some sort of unique identifier. It just makes sense: if a ton of copies of some song or another suddenly appear on the BitTorrent and P2P networks, music companies now stand some sort of chance of finding out where it came from. Anyone who has ever used BitTorrent or any other P2P program already knows that RIAA and other major music and software companies monitor the networks.

The real question to me is exactly what data is being encrypted into the files? Is it a unique ID number that only matches up to your account in Apple's database, is it your full account information, your email, etc.? And, related, what is being done with this information (to protect the buyer) on Apple's end?

No identification scheme is foolproof: maybe someday someone will hack Apple and suddenly a ton of $1000 charges will appear on your account's credit card, or maybe the folks who stripped previous DRM out of Apple's files will figure out a way to strip this too.

I dunno - back in the day we just used dual-cassette players to copy each other's tapes. It wasn't too much later that copying CDs also became quick and easy. Somehow I think all this DRM paranoia is just going to push people back to the "old skool" forms of music piracy more than anything else - it's not like trading a bunch of CDs with your friends and ripping them on to each others' computers somehow stopped working.

 

[iMeowbot]

However, if Apple is using the technique and not notifying users in its terms of service, they could be opening themselves up to lawsuits.

The iTunes Store user agreement gives Apple permission to do pretty much as they please with this information :/

You agree that Apple has the right, without liability to you, to disclose any Registration Data and/or Account information to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement

"A third party" boils down to "whomever we feel like".

Earlier in the agreement they reserve the right to monitor usage without notice.

 

[jayb2000]

Doesn't matter to me one bit. I don't intend to share my songs.

I'm ditching buying CD's now when there is iTunes Plus versions of songs. Why drive to the music store and pick up a CD when I can get the album on iTunes for the same (or cheaper) price?

As for quality, unless you are one of the lucky few that has golden ears AND the proper equipment AND in an environment with no background noise can tell the difference between a 256kbps AAC file and the original cd (numerous blind listening tests at hydrogenaudio.org have proven this).

Since I always rip a cd and then store the cd away never to be touched again (I don't even remember the last time I listened to a physical CD playing), why not just skip that step?

Which is great until your hard drive fails and you lose all your music.
Apple won't be giving any of that back.

So a person can
a) Buy music from iTunes, then buy CDs or DVDs to make backups
or
b) Buy a CD and you have a backup and better sound.

 

[Sabon]

What happens if you have an external disk or laptop full of your iTunes music, and someone steals it and then shares the music from it? Apple somehow sees that all of this shared music has come from you, and therefore you get sued or prosecuted. You tell them that your disk got stolen, but you didn't report it to the police because it wasn't significant enough and you knew they wouldn't do anything about it. Apple say 'prove it was stolen', but you can't. Doh.

Sure you can. It would be very unlikely that the person that stole your computer didn't have an internet connection and didn't open up iTunes to look at your music. You can have Apple get the IP of where they are connecting from and they can help the police find your computer.

Hey, that's one GOOD reason for them to have the info in there.

 

[Spades]

The account info in the file is one piece of evidence, but alone it isn't strong enough evidence to prosecute a person. I doubt it's enough to charge a person. There really is no downside to anybody that doesn't want to illegally share the files.

 

[JeffDM]

Enjoy missing out on the internet music revolution then.

Most people still are. Paid downloads are only approaching 10% of music sales.

So... if I bequeath all my iTunes plus songs to my son and then die (yeah, it will happen eventually), does he have to worry about getting arrested for possessing music with MY fingerprints all over it?

You could ask him first if he actually wants your music. Not much music crosses generations these days.

I VERY much understand it.

You only need to be paranoid about things you do wrong. If you don't do anything wrong there is nothing to be paraniod about.

That's how a lot of witchhunts start: they tell you if you've done nothing wrong, then you have nothing to hide.

If your iPod gets stolen and the thief starts trading your files and a sniffing bot finds them. The RIAA is very nasty about this sort of thing, even if they don't have a case, they'll press it as hard as they can, just like they've been doing for the past several years.

 

[crazytom]

My $.02

If this steganography use is true and if the original purchaser can be tracked through it, I'd still purchase just as much as I did with DRM'd music: next to nothing.

What if, say, I want to sell my purchased song file? What if said song file is then distributed far and wide by someone with reduced ethical values? Who gets in trouble? Who do you think the RIAA will go after? Would I need to lawyer up to sell a song? What if I want to give the song away? We all know that the RIAA will stop at nothing to get their way (money). I'd be crazy to buy something that could open me up to an RIAA lawsuit....heck, I'd be giving them money that they could use to sue me....it sounds crazy, but has anyone claimed that the RIAA is sane?

 

[Sabon]

you're making my case even stronger. There is already a lot of information out there. I wonder if the increase in the ubiquity of personal data is a directly proportional to the skyrocketing identity theft trend, hmmm, let's think about that.

My point is to reduce any and all personal info released out in the wild.

Your delusions about what we are saying does not make your point stronger. Your delusions make it weaker. I'm not going to respond to your posts any longer. You are making weak points. Stop being paranoid.

 

[longofest]

Actually, it wasn't. The song was incompletely stripped of meta-data, by a program that Apple didn't represent as being theirs. Apple very plainly puts meta-data into the AAC file - and they've been very open about this. The fact that they place it into the file in more places than the 3rd party vendor who wrote the meta-data-stripper utility was considering is Apple's fault how, exactly?

After all, iTunes is also consistent and doesn't let you (or encourage you to) remove that piece of meta-data in any way; so I really don't see how you're blaming them on this one.

http://atomicparsley.sourceforge.net/

Note how aware the author of the utility is of iTunes' meta data encoding.

Metadata is pretty straight-forward, as is the utility.

AtomicParsley works by first scanning the file, looking for these atoms and how they are organized

the metaEnema command, which Erica used, removes the metadata.

EDIT: Further investigation has found that the Atomic Parsley does NOT remove all of the atoms in the file, like you suggested. I repeated the steps that Erica took, and I saw 28 atoms left. In addition, the AAC data was the EXACT SAME for each version of the file that I downloaded. It does NOT appear as though Apple is doing any watermarking in the AAC data itself, lending credence to others' claims that Apple is not doing anything more than what they were doing with the DRM'd tracks.