For Debate: Is Apple Using Steganography In iTunes Plus Songs?

[joemama]

Shouldn't people be concerned about tracking?

I mean, isn't this the reason people are going to buy DRM-free music - to share it with their friends?

I still can't believe the record companies are going to allow DRM-free music? Are they stupid? They are undoing what they spent years building - for people to stop pirating and sharing music.

Now a college student will buy a high quality DRM-free song, put it on a server and everyone will download it.

DUM...D-U-M!

 

[GodBless]

After I got home this evening (back to my mac ), I went ahead and repeated the steps in the linked article to see if I could confirm the claims made regarding fingerprinting/steganography.

My steps:

1. Downloaded from two different accounts the iTunes Plus version of Jeremy Camp's "Take My Life"...

1. Jeremy Camp is awesome and Take My Life is sure to rock your world in more than one way. Good choice for the testing.

 

[EagerDragon]

I dont see the problem but Apple schuld inform us about it. That would be fair. I dont like root kits and all this kind of stuff...

It is not the same, it is just a number or string in the file spread over a number of the bytes. It does not execute or do anything, it is probably in the inaudable portion of the song, it can be read if you know how to decoded and the correct bytes. When decoded the result is a number or a string.

However so far there is no proof that it is there.

 

[EagerDragon]

Correct.

However, if Apple is using the technique and not notifying users in its terms of service, they could be opening themselves up to lawsuits.

Like an iPod, all they did was give you a free engraving. No need to disclose it, it is not personable information and the information can not be used to steal your identity or open a bank account with.

I work in security and I am about as paranoid as it gets, to me it is fine if they engrave my songs with my id even if I do not know it.

I would find it hard to believe that anyone has grounds for a suit.

 

[samh004]

I might be a little late to chime in on this now, seeing as it's already made all the rounds, but I don't see how this was different than before.

Previously a DRM-ed file would have your name and e-mail in the DRM portion of the file, you could clearly see it as there every time you got info on the file in iTunes. Now that files don't have DRM they'd obviously wrap the file in something else, but would still add the same kind of data to it...

You've been given ultimate restrictions now, you can share your files with anyone, your family and friends included if need be. But don't abuse the privilege as you can still be tracked down if need be... which under the circumstances I think would be perfectly reasonable.

And I'm sure there is a way to remove that info anyway...

 

[ajhill]

Enough people

As an artist that relies on copyright to earn a living I find it hard to believe that so much has been made of the "what if someone steals my HD and uploads all my files to a PTP network.

Please, It sounds more like a bunch of thieves spouting sour grapes at not being able to steel music anymore. Maybe if more hardworking artists (and iTunes lets artists get more revenue while leaving out the middleman more and more) to get paid, MAYBE we will get better music that we will actually want to own and take some satisfaction in knowing that a great artist that we enjoy listening to is make a living at it.

Teaching our children that stealing is okay as long as "no one get hurt" is insane. Teach you kids integrity and respect for others and the world will be a better place. Teach them to steal as long as they don't get caught and quite frankly you will get the music and movies that you deserve.

This whole story was put out in an effort to try and weaken the share price of AAPL stock, because the shorts were getting the heads handed to them on a platter until today. If they can just get it to go down another $15 maybe they can get out of their short positions and we can get back to the real issues of the day.

Al

 

[NicP]

Shouldn't people be concerned about tracking?

I mean, isn't this the reason people are going to buy DRM-free music - to share it with their friends?

I still can't believe the record companies are going to allow DRM-free music? Are they stupid? They are undoing what they spent years building - for people to stop pirating and sharing music.

Now a college student will buy a high quality DRM-free song, put it on a server and everyone will download it.

DUM...D-U-M!

Lol I sure hope that was tongue in cheek humor cause I sure laughed!

 

[alveryx]

Uhm...

That's interesting.

 

[SiliconAddict]

And if Microsoft was doing this everyone and their mother would be raising holy heck on this board.

Does no one here have a concept of privacy? It doesn't matter if you are only going to use this music on your ipod, on your itunes, or if you want to torrent it to the world, the point is that apple is selling this music in a way that is linked to you, and that's not what you're paying for. You did NOT pay for a tracking device, you paid for a song. How can you fail to realize that this is a violation of privacy? It's as if Apple sold you a phone, but to make sure you don't sell it to someone else they put your name on it . . . and possibly listen in your conversations. I could understand that if the phone was FREE and the conditions were known, but you're PAYING them to NOT trust you and they didn't even mention this?

Not that I care, I have never purchased a single track from iTunes and I sure don't intend on starting now.

The only time it would be an issue with privacy is if you distribute the music. Apple already knows what tracks you purchased so there is no privacy there. Apple already has your name. the only time this comes into play is if you distribute your tracks to others.
Its no different then having a credit card in your wallet. As long as you don't give your wallet away to someone on the street corner its a nonissue.
What IS the issue is Apple not telling us that such a thing exists. That's it.

 

[Xavier]

I love how people are bashing Apple for giving them more freedom with their bought music.

 

[AidenShaw]

...you can share your files with anyone, your family and friends included if need be...

"Fair use" doesn't mention friends and family....

But anyway - if your friend listens to and keeps the song that you bought, rather than buying his own copy - it's the artist that suffers from not being paid for her effort.

The "Zune" model of limited replay is better, and is like the shareware software model. Try it for free, but if you like it, you should pay.

For every mega-star with millions of bucks, there are hundreds of talented people trying to make each month's rent payment....

I donate about $10K per year to a couple of non-profit (and tax deductible) organizations in the Bay Area that support the performing arts, especially music. I buy the CDs at concerts, and feel obligated to ensure that any musician that I enjoy is compensated for her effort.

People who listen to (steal?) the music without paying the artist disgust me....

 

[Xtremehkr]

I agree with Trent Reznor.

 

[inkhead]

Please change the title to "stupid bitch" doesn't know how to use md5

Thank-you, otherwise your story will hurt Apple.

 

[aristotle]

Like an iPod, all they did was give you a free engraving. No need to disclose it, it is not personable information and the information can not be used to steal your identity or open a bank account with.

I work in security and I am about as paranoid as it gets, to me it is fine if they engrave my songs with my id even if I do not know it.

I would find it hard to believe that anyone has grounds for a suit.

Agreed. In fact, maybe someone should start thinking about lawsuits against people who are thinking about lawsuits just to give them a piece of their own medicine.

If you value the work artists put into their songs and you value the work that you do enough that you feel your wages are justified, then you should not mind "paying" for music.

 

[kalisphoenix]

For every mega-star with millions of bucks, there are hundreds of talented people trying to make each month's rent payment....

...and hundreds of millions of brown people starving in Africa because land is used inefficiently. In the vast scheme of things, musicians are immensely lucky people.

 

[aristotle]

A couple of points everyone seems to be overlooking:

1. DRM-free music should mean it is actually DRM-free. This means I can play it on whatever device I want, with no repercussion from Apple, the RIAA, etc. Within this fair use, I would fully expect that I can take a USB thumbdrive to a friend's house and play back the files on their computer, not unlike taking my CD, cassette, or LP over to a friend's house and play it. If, through the use of fingerprinting techniques, Apple starts tracking your (legitimate) usage of your files on your friend's computer and using it in a witch hunt for filesharers, I can see this becoming a point of contention really quickly.

2. All of the arguments that claim it shouldn't matter whether Apple is tagging/tracking how & where you play your files, as long as they don't actually use the information, are totally missing the point. The same flawed reasoning would mean it should be ok to set up cameras in a washroom or changeroom, as long as you don't look at the recordings. Let's see how far that argument gets you in court. The bottom line is that tagging the files with your personal information is an invasion of privacy, unless you specifically consent to it. If Apple hasn't laid this out clearly as a term of use in iTunes Plus, it is definitely something they can be taken to court over.

Do you work for a living, or are you either old money or a welfare bum? It appears that you don't respect the value of work or under than the value of a hard earned dollar. This also goes for kalisphoenix. In what mental universe do you people live in?

 

[~Shard~]

Should you really be telling us that? Are you going to have to kill us all?

Ah, but I didn't tell you what I was using it for.

So no worries, no required killing... this time...

 

[chrisgeleven]

Come on, iTunes reporting back to Apple what who's purchased songs are being played on which computers? Are you kidding me?

Apple isn't that stupid. The only thing they have ever done remotely (and I mean, remotely) similar is use the mini-store feature to show you other music you might be interested in.

There is a documented case of Apple refusing to track (with stats sent over the internet back to Apple) how many DVD's your burned with iDVD back in the day when DVD's were just released, because they didn't want to give off the impression that someone's privacy would be violated.

People need to get a life. Close your P2P apps and take a chill pill.

And trust me, people who steal a computer/ipod have better things to do...like selling the computer/ipod as quickly and profitably as possible. They aren't going to spend a hour trying to download songs off of it or sharing them on P2P networks.

 

[oogje]

The audio bits are identical

I downloaded the same $1.29 song using two different accounts on two different machines. I renamed one of the m4a files and copied it to the machine with the other account's downloaded version.

I opened up each m4a file in Amadeus Pro and saved them in AIFF format. I then ran the Unix cmp(1) program on the two files and they are byte for byte identical.

brian

ETA: for the heck of it...
$ md5 *.aif
MD5 (14 Ber-Bop-a-Lula.aif) = bcbd59cb35b48213385d52b1752037ac
MD5 (14 Bub-Bop-a-Lula.aif) = bcbd59cb35b48213385d52b1752037ac
$ cksum *.aif
718695236 28104166 14 Ber-Bop-a-Lula.aif
718695236 28104166 14 Bub-Bop-a-Lula.aif
$ cmp 14*.aif
$ echo $?
0
$

 

[Jetson]

Haven't read thread -- probably redundant -- but...

If you're not giving away your music, you have nothing to worry about.

Now -- I, from time to time, might burn out a CD to hand to close buddy. That, in my opinion is different than having my entire library available to anyone using Limewire or ShareBear.

This is the same flawed, self-righteous argument (excuse really) used to justify "sneak and peek", drug testing, and other intrusions of privacy. The claim is that if you're not doing anything wrong, why worry about surveillance?

The fallacy of this "argument" is that it's an invasion of privacy - plain and simple.

I don't want anyone peeping into my bedroom window, clandestinely listening to my phone conversations, or insisting on examing my hairs, DNA, urine, or other bodily fluids.

Embedding personal information into an iTunes track is not innocuous either. Suppose you make a CD for a friend. Then that friend thoughtlessly uploads a track or two to a file sharing service. Other people then copy and upload these same tracks. What if an RIAA investigation finds these tracks and trace them back to you? We've already seen how aggressively RIAA will pursue legal action. It doesn't matter whether you intended for your legally purchased track to end up on a file sharing site or not - the evidence points to you.

Of course, it's not clear if Apple actually is writing personally identifiable information into iTunes tracks. Nor is it clear whether copies of these tracks would replicate the data onto CDs.

Still, in this day and age, privacy is fast becoming a scarce commodity. Privacy is a vital right which is well worth defending - threats to our privacy must be strenuously resisted.

 

[Mal]

Embedding personal information into an iTunes track is not innocuous either. Suppose you make a CD for a friend. Then that friend thoughtlessly uploads a track or two to a file sharing service. Other people then copy and upload these same tracks. What if an RIAA investigation finds these tracks and trace them back to you? We've already seen how aggressively RIAA will pursue legal action. It doesn't matter whether you intended for your legally purchased track to end up on a file sharing site or not - the evidence points to you.

Umm, dude, if you do that, you've already broken the law, so technically you are guilty of exactly what they're accusing you of, but the likelyhood of them coming after you for a single song of yours that ends up being shared with a bunch of others is absurd. It's about as likely as those claiming they're worried about thieves stealing their computers and then sharing their music. I'm willing to bet that there has never once in the history of the internet been a case where music was shared illegally from a stolen computer and the original owner had to prove the computer was stolen to protect their innocence (if the first part of that scenario ever happened anyways).

Besides, as has been pointed out, there's far less data possibly included (and there's no proof yet that it is indeed included) than what they already have on file anyways. I'm all for things like this, because if anyone's stupid enough to try to share the music they download from iTunes, they deserve to be caught. This is not an invasion of privacy, they're not tracking your listening habits, buying trends, or any other data via this "steganography", if it even exists. It's not even possible for them to do so with 774 bytes of information embedded in an .m4a file.

jW

 

[welephants]

If those who wish to do illegal deeds are going to be held accountable and this is the only way to do it, why not?

I hate when people make statements like this. It screams of being a hypocrite, but let's assume you've never done anything illegal (ever), and always drive the speed limit, and I'll just state my reasons why it concerns me.

1. Because treating people like they are going to do something illegal before they have done anything illegal is a dangerous precedent to set (though it seems to be the way things are going)

2. Because if someone steals my iPod and shares my files I get in trouble for something that is not my doing?

3. Because I am entitled to privacy. One of those old dusty documents has some stuff about it... Just because I don't want you to know what I am doing with a file does not mean I am doing something illegal with it. It just means I don't want you watching me through the window while I dress.

4. People who are worried about this should be far more worried about ISP's that keep logs of everything you've ever looked at or done than your name on a song you bought from iTunes...

Just my thoughts.

 

[oogje]

... It's not even possible for them to do so with 774 bytes of information embedded in an .m4a file...

You could assign a unique number to everyone on the planet and every one of their bones individually (except digits) with only 5 bytes. Nevertheless it's been shown there is no information in the audio data of an iTunes Plus file that distinguishes it from another. So the conversation isn't about what Apple's doing, it's simply about privacy - not that there's anything wrong with that.

brian

 

[macinfojunkie]

BBC News Web-site now has this as the top story on its Technology section:

http://news.bbc.co.uk/1/hi/technology/6711215.stm

Typical BBC waffle when it comes to so called "bad news" about Apple. They have a doom and gloom headline, then mention briefly that there has been tagged user data has been in Itunes files all along. I'm convinced that the BBC News technology section is written by people who still use type writers. The funny bit about the article was that they seemed to care more about pirate's ability to eventually strip out this heinous data, rather than explain why it might be necessary to help prevent piracy whilst allowing consumer freedom and that it is a small price to pay for DRM-free music files. I expect more than this in return for the $250 a year licence fee!

Personally I could care less if Apple want to tag the songs they sell, whether it is user removable or not. Surely nobody expected higher quality DRM-free songs to have no piracy safeguards whatsoever?

 

[gwangung]

This is the same flawed, self-righteous argument (excuse really) used to justify "sneak and peek", drug testing, and other intrusions of privacy. The claim is that if you're not doing anything wrong, why worry about surveillance?

The fallacy of this "argument" is that it's an invasion of privacy - plain and simple.

I don't want anyone peeping into my bedroom window, clandestinely listening to my phone conversations, or insisting on examing my hairs, DNA, urine, or other bodily fluids.

Embedding personal information into an iTunes track is not innocuous either. Suppose you make a CD for a friend. Then that friend thoughtlessly uploads a track or two to a file sharing service. Other people then copy and upload these same tracks. What if an RIAA investigation finds these tracks and trace them back to you? We've already seen how aggressively RIAA will pursue legal action. It doesn't matter whether you intended for your legally purchased track to end up on a file sharing site or not - the evidence points to you.

Of course, it's not clear if Apple actually is writing personally identifiable information into iTunes tracks. Nor is it clear whether copies of these tracks would replicate the data onto CDs.

Still, in this day and age, privacy is fast becoming a scarce commodity. Privacy is a vital right which is well worth defending - threats to our privacy must be strenuously resisted.

Muddled thinking.

One. Apple ALREADY has this information. it got it when YOU bought it.
No privacy involved at all.

Two. The tracks point to you...as ONE link in a chain, not the endpoint.

Three, when the track gets into the public realm...which is what happens if it gets passed around multiple times...privacy doesn't apply. By definition.