Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Have accusations of Apple using Steganography in iTunes+ affected your buying habits?

  • Yes- Negatively (less willing to buy an iTunes Plus song)

    Votes: 42 10.4%
  • Yes- Positively (more willing to buy an iTunes Plus song)

    Votes: 33 8.2%
  • No

    Votes: 262 64.9%
  • Too early to tell

    Votes: 67 16.6%

  • Total voters
    404
  • Poll closed .
I bet when the song request the album art work, thats when the info will be linked to the account there by seeing if the accounts and songs match same account..

just my 2 cents
 
This whole "stealing a hard drive" senario is just crazy. The person stealing it would have to know you bought iTunes Plus tracks. They'd have to go through and find them all amougst the other tracks. Guess what, that's not why they stole your hard drive in the first place. They would probably just erase the drive or sell it to someone else that would erase it to just use it.

I wouldn't be so sure. The smart thief knows that there's a wealth of information that could be on a hard drive. In fact, that's one of the methods employed by identity thiefs -- mine the drive for anything useful.
 
apple has too much at stake to pull any kind of crap like this, if they were going to have stuff encoded, they would say so - is it gonna stop you from buying songs anyway?
 
Evidence supporting

I downloaded Inside In/Inside Out by the Kooks this week and the single of the week was included with it (there's no way to download this track NOT as the single of the week). No matter what I do, when I sort by album, that track floats to the top. I've done everything from resetting the plist file and fiddling with sorting data to manually going into the library file and changing things (the release date remains this week, even after all of these changes).

All this suggests that there's some tag somewhere in the file that I can't even see, let alone change. How else can you explain it?

...this whole thing is also really aggravating my iTunes o.c.d.
 
I downloaded Inside In/Inside Out by the Kooks this week and the single of the week was included with it (there's no way to download this track NOT as the single of the week). No matter what I do, when I sort by album, that track floats to the top. I've done everything from resetting the plist file and fiddling with sorting data to manually going into the library file and changing things (the release date remains this week, even after all of these changes).
This might be as simple as a difference in album naming and track numbering. I grabbed only the promo track, didn't buy the whole album, and it lists the album as "Ooh La - Single of the Week" and the track number as 1 of 1. Did yours manage to get stamped that way, even though you bought the whole album? Maybe you just need to change those fields to match the rest?
 
Update: After an independent MacRumors investigation, it does not appear that watermarking is taking place in the AAC data itself, and it may be presumptuous to claim that stenography is taking place. A recount of our investigation is posted here.

So would all you paranoids out there like ice cream with your piece of humble pie? :rolleyes:
 
On the 'Invasion of privacy' considerations - bullcrap - this is music for fecks sake - your not stood in a market in Marakesh attempting to buy the top secret plans of a military jet or something - It's just 'a digital copy' of a little piece of music!!..

Trust me when I tell you that Nobody is sat in a white van outside your apartment clandestinely listening to your music collection and making 'secret report's....:D


DRM is one thing and overall I prefer not to have it - tagging legitimate purchases with the identity of the owner is another and I for one have no problem with it at all. Indeed it protects the property rights of the copyright holder AND the legitimate owner!

I would say that if it ever comes to pass it would actually gives you certain provable rights to have your OWN personal tagged copy!

In fact, I don't even care if I get told or not if this is going on.
 
Correct.

However, if Apple is using the technique and not notifying users in its terms of service, they could be opening themselves up to lawsuits.

I'm not an expert in US law... Putting a serial number on a car or a piece of electronics for easy identification in case of theft is a common practice. It only seems reasonable to apply this concept to software, or "digital property". The only ones affected by steganothingy are file sharers.

IMHO the problem comes down to another thing: If I buy/sell a lot of used CDs. The resale value of digitally purchased music/movies is $0. In this regard, digital media is much too expensive.
 
Just wondering...

what happens if you transfer the file from one comp to another? has anyone tried? does the anomalous part of the file change in size?

and another thing... what evidence is there that this is taking user info? has any1 seen their name in the song? if you play it backwards does it tell you when you're gonna die?:p

that extra little bit is probably just a timestamp or something that shows when and where this was downloaded, probably used as a marketing tool.
 
I really don't see why its such a problem that the names and email addresses of people who purchased songs, videos, games, etc. from iTunes are inserted into the files.

I mean, honestly, who didn't notice it years ago? I noticed it when I downloaded my first song from iTunes. I checked the properties and saw that it had my name and account email address. No big deal. I wouldn't be sharing the songs with anybody, obviously.

With the DRM-free songs, I will continue to not share them with anybody.

The only thing I do have a problem with is that DRM takes away "right of first sale". Meaning I can't take the content I buy on iTunes and sell it to somebody else. And since I know somebody will purposely misinterpret what I said there, I will explain myself. You know how you can buy a CD and then go sell it to somebody else once you are done with it? Thats what I mean here. Take the song, sell it, transfer the file and "rights" to somebody else. Thats the only thing I don't like.

But as far as embedding the email address and name of the person who purchased the song in the file... who cares? iTunes has been doing it for 4 years now.

Honestly, whats going to happen if somebody steals your iPod? They're going to know your name and email address?

And if those songs get up on a P2P program? Well, look at things realistically. You think the RIAA is going to come to your house and say "OMG YOU UPLOADED YOUR FILES TO P2P! WE GONNA SUE YOU!" Obviously if your iPod was STOLEN and you can prove it (you would file a police report for something that is worth a couple hundred dollars, right?) they're not going to be able to do anything to you. Think of it like somebody breaking into your house, stealing a gun you had locked away, and then shooting someone with it. Its not YOUR fault THEY stole it and then commited a crime with it.

And what about the lock on modern iPods? They're not exactly going to be able to do too much with your iPod until they format it and restore the software. You think the average theif that is stealing an iPod is going to even begin to know how to use data recovery software or get around that lock?

On top of that, theres IP addresses. Lets say your iPod was stolen and your songs uploaded to the world. The RIAA sees it and is determined to get the person uploading those songs. They have the IP address and come to you.... and see that you didn't do it and that your iPod is, infact, stolen. Now we all know the RIAA isn't the most intelligent organization in the world. But even they know they'd lose a case brought against you for somebody else uploading songs they got off of an iPod that was stolen from you.

Lets also look at this situation with some common sense.

All of these people are freaking out about songs being stolen that have nothing more than your email address and name in them. But what about the other things that have even more personal information in them?

What happens if your car is stolen? The registration and insurance policy will be somewhere in the car. That has your whole name, address, what other cars you own, and maybe even a phone number on it. The person who stole your car might even be able to impersonate you and get more information about you from your insurance company, or use that information to come to your house and steal even more from you!

Lets look at the car being stolen for a moment. Let's say your car is stolen, involved in a hit and run AND drive by shooting all before you can report it stolen, and then it disappears. The witnesses at the crime scenes give police the license plate number and, shockingly, they come knocking on your door before you still were able to report it stolen (or maybe after now). They're going to be able to put 2 and 2 together. No different than if your iPod was stolen and your songs were uploaded without your consent.

Now what about all of the other things that have your personal information on them? Think about what somebody could do if they broke in to your house. How much could they steal then? Presumably enough to make you an identity theft victim. What if somebody steals your wallet? Same.

Some iPods are stolen simply by people being forgetful or the iPod falling out of someones pocket. What happens if your wallet falls out of your pocket with your ATM card and a receipt you had from your last visit to the ATM that has your account number on it?

Theres literally thousands of other more dangerous things people should be worried about that can truly lead to identity theft or other problems for the victim. Worrying about a song, video, or game having your name and email address embedded in it is about as silly as worrying about what color socks you're wearing that nobody else is going to see.

Embedding your name and email address in the file might even be helpful. It could lead you back to a stolen iPod, computer, etc.

But it's never going to cause YOU problems as long as YOU don't allow the files to be distributed in ways they were never meant to be.
 
I downloaded the same $1.29 song using two different accounts on two different machines. I renamed one of the m4a files and copied it to the machine with the other account's downloaded version.

I opened up each m4a file in Amadeus Pro and saved them in AIFF format. I then ran the Unix cmp(1) program on the two files and they are byte for byte identical.

brian

ETA: for the heck of it...
$ md5 *.aif
MD5 (14 Ber-Bop-a-Lula.aif) = bcbd59cb35b48213385d52b1752037ac
MD5 (14 Bub-Bop-a-Lula.aif) = bcbd59cb35b48213385d52b1752037ac
$ cksum *.aif
718695236 28104166 14 Ber-Bop-a-Lula.aif
718695236 28104166 14 Bub-Bop-a-Lula.aif
$ cmp 14*.aif
$ echo $?
0
$

You may be correct, but I believe I read on another forum that the information is stripped once the file is converted.
 
But it's never going to cause YOU problems as long as YOU don't allow the files to be distributed in ways they were never meant to be.

Spot on. As far as i see it that's the end of this discussion.

People campaigned to get rid of DRM because they say they felt "locked in" but as soon as it's removed they're up in arms again as the truth is revealed: they just wanted to pirate all along.
 
I mean, isn't this the reason people are going to buy DRM-free music - to share it with their friends?

That is a reason to put the name of the purchaser into a song in the first place: After you gave a song to a friend so he can listen to it before he buys it, or after putting it on a friend's computer so that the song can be played at a party, your friend can then look for songs bought by people others than himself and delete them. That is surely what your friend would want to do and what you would want your friend to do, right? :)

Now seriously, I know that music bought on iTunes _will_ be shared with friends and family. If your name is stored in a song, then you just have to be sure that "friends and family" only includes people who have a brain and don't pass music with your name in it on to others. If a friend gave _you_ a song that he purchased from iTunes and he asks you not to pass it to anyone else because his name is in it, would you give that song to anyone else? If you would, then surely anyone in the world should remove you from their list of "friends".
 
I don't see a big issue with this other than if you lose your or have your music stolen from you and it ends up a file sharing site but this whole topic could have been avoided (for the most part) in the first place.
 
Because when a friend copies some of your mp3s without permission, or someone hacks into your machine and grabs your music without your knowledge (and even on a mac, this CAN happen), you are the one that the RIAA is going to come after.

And even without the threat of the RIAA dragging you to court, I simply don't like the idea of "Big Brother" tracking everything I do. Apple doing this is no better than Microsoft.

I think if someone hacks into your computer, the last thing they're going to take is some mp3's.
Besides...we have no idea what makes up this size difference? What if its date purchased? What OS was being used when purchased? Until someone can actually say "Look! Here is your name in the file", all of this seems moot.

-Vince
 
If you have genuine concerns for the safety of your digital information and content, then don't use iTunes plus. I think Apple would be well within their rights to be deaf to "oh, my tunez was stolen from my computerz"-style excuses.

For those of us that live in the real world where "guys in my dorm" aren't going to break into my house, run a quick search for all my iT+ content and then upload it all to Soulseek to spite me, it's not an issue, is it? I mean, you're the only person who's going to use it, so who cares if your name's on it, right?
 
You may be correct, but I believe I read on another forum that the information is stripped once the file is converted.

Yes, because the information is not in the (music) data itself. But that's exactly what his post is about: proof that it's stripped.
 
Hmm. . .

This was all over the local news. Whatever..

Maaaaaaan. I wish I were a Canadian =( !!!! I WISH that really bizarre and awkward computer "news" was all over the U.S's News, but alas, its far less fun than that. But really, the issue here is just that people are crazy. I understand that we're all on here reading mac news every morning. . . and every afternoon . . . and every night. . . but seriously, who buys an iTunes Plus song and starts analyzing it for stergeonography or satanography whatever? Thats a little extreme, me thinks. So, my words of advice to that lady: Buy a nice dress, maybe some earrings, and go out... dance a little... try not to bring your laptop and secret steganography decoder ring, and, for the love of god and everything that's holy, try to have a good time.

Rant: Over.

. . . I only comment on news items that I don't care about, haha. Far more importantly to me..... ITS ALMOST WWDC TIME! AHHHHHH!
 
You may be correct, but I believe I read on another forum that the information is stripped once the file is converted.

Yes, that's because the information is in the meta-data of the file, not the audio stream. That is not steganography as the info is not obscured or hidden. It's clear text located in the header along with the title, artist, etc.

$ strings 14\ Ber-Bop-a-Lula.m4a > ber.strings
$ strings 14\ Bub-Bop-a-Lula.m4a > bub.strings
$ diff *.strings
...
< name<ber's name here>
---
> name<bub's name here>
...
83c82
< <ber's store name here>
---
> <bub's store name here>
105c104
< 2007-06-02 03:09:28
---
> 2007-06-02 03:03:51
 
Having that data somewhere in the file is a risk without any benefit. Some may think that the risk is very small (but it's still there), some think that it's bigger (because they live in the real world, where people bring songs to parties, give them to their family and friends, which is perfectly legal in some countries). Anyway, I should not have to worry about it unless I am the one responsible for it appearing on p2p.
 
1. DRM-free music should mean it is actually DRM-free. This means I can play it on whatever device I want, with no repercussion from Apple, the RIAA, etc. Within this fair use, I would fully expect that I can take a USB thumbdrive to a friend's house and play back the files on their computer, not unlike taking my CD, cassette, or LP over to a friend's house and play it. If, through the use of fingerprinting techniques, Apple starts tracking your (legitimate) usage of your files on your friend's computer and using it in a witch hunt for filesharers, I can see this becoming a point of contention really quickly.

2. All of the arguments that claim it shouldn't matter whether Apple is tagging/tracking how & where you play your files, as long as they don't actually use the information, are totally missing the point. The same flawed reasoning would mean it should be ok to set up cameras in a washroom or changeroom, as long as you don't look at the recordings. Let's see how far that argument gets you in court. The bottom line is that tagging the files with your personal information is an invasion of privacy, unless you specifically consent to it. If Apple hasn't laid this out clearly as a term of use in iTunes Plus, it is definitely something they can be taken to court over.

I like to highlight a few things
" If, through the use of fingerprinting techniques, Apple starts tracking your (legitimate) usage of your files on your friend's computer and using it in a witch hunt for filesharers, I can see this becoming a point of contention really quickly."
In this comparizon to a CD, looks to me that it does not match, the content you put on the usb drive looks like it got moved to your friend computer. There is where you steped out of the law. You can use the USB to play the music but not copy to his computer. You can lend him the USB drive and he can play the music, but there still a flaw ....... The same music is in your computer and you can play it at your house at the same time that your friend can play the music at his house. As you did not removed the files from your computer or iPod before you lend your friend the USB, you are breaking the law. You can not do that with a CD, a CD that has not been copied can not be in two different locations at the same time.

If one follows the usage pathern of a book or CD (without ripping) when we use or lend the DRM free music we should be fine.

"The bottom line is that tagging the files with your personal information is an invasion of privacy, unless you specifically consent to it. "
Not quite, there is no personnal information in the tag, all that is there is your iTunes ID. That is not considered personnal information. Just like your "Alias" or MacRumors Id is used to tag all the entries you make and it is visible to all.

Apple has a **** load of lawyers, they rarely do something that will land them in court unless they have to.
 
I'd say good! I want DRM-free music so that I can put them on MP3 CDs, transfer them between my computers, and use the files for various purposes (background tracks in a video or swapping them out with a game MP3 to change game background music, etc).

I don't want MP3 music so that I can illegally put them on LimeWire or BitTorrent.

If Apple is watermarking MP3's with the name of the purchaser, I'd say good; that will accomplish almost the same purpose as DRM (letting Apple track down those that are uploading the illegal MP3s) while not affecting the legal users (heck, or even the downloaders or people who give it to one or two friends).
 
I'd say good! I want DRM-free music so that I can put them on MP3 CDs, transfer them between my computers, and use the files for various purposes (background tracks in a video or swapping them out with a game MP3 to change game background music, etc).

I don't want MP3 music so that I can illegally put them on LimeWire or BitTorrent.

If Apple is watermarking MP3's with the name of the purchaser, I'd say good; that will accomplish almost the same purpose as DRM (letting Apple track down those that are uploading the illegal MP3s) while not affecting the legal users (heck, or even the downloaders or people who give it to one or two friends).

I'm with you. Besides this is something that was probably requested by EMI or that they are doing to attract the other labels.
 
Isn't it funny how ppl dont seem to understand what the problem is? Its not
what you do with the files, its what others do with your files.

How others get a hold of your files?
See that is the issue, if you share your data (music is data) with friends and family and they can not be trusted, then it is clear that you should not be sharing with them or you need better friends and family.

Guns also have a serial number and that serial is registered to the gun buyer, also guns leave a particular marking on each bullet they shoot and on the casing.

You could lend the gun to a friend and he can do target practice at the gun club, or he can shoot his girlfriend. It was his decision to do the right thing or wrong thing, but it was you who provided the material or means for him to do his deed. Who are they coming after???? Well both of you of course.

Yes, its crazy but people and the law both expect you to use good judgement. Everytime you lend your music you incur a risk. Since it is your music you are required to protect it, once it leaves your control, you no longer have the ability to control it but you are still responsible.

I never share.
 
Because treating people like they are going to do something illegal before they have done anything illegal is a dangerous precedent to set (though it seems to be the way things are going)

I wonder if those people feel the same about police on duty. "Hey, I didn't do anything illegal, but those frikkin' cops still are out there on the road somewhere! That's clearly an accusation!"
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.