Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Have accusations of Apple using Steganography in iTunes+ affected your buying habits?

  • Yes- Negatively (less willing to buy an iTunes Plus song)

    Votes: 42 10.4%
  • Yes- Positively (more willing to buy an iTunes Plus song)

    Votes: 33 8.2%
  • No

    Votes: 262 64.9%
  • Too early to tell

    Votes: 67 16.6%

  • Total voters
    404
  • Poll closed .
Some people just don't get it.

When you buy a CD, tape or vinyl record you know that the only thing on that track is music. This, in fact, should be a total non-issue.

(Of course there was that incident where Sony sold music CDs that secretly installed a root kit onto your hard drive, but let's put that aside for the moment)

Why should we now have to put up with companies surreptitiously tagging legally purchased digital tracks with personally identifiable information?

This is without doubt a sea change in the way business is conducted.

We must draw the line here. Our right to privacy is worth much, much more than the right of some greedy, nosy company to check and see if we have somehow "misused" our property. And a music track IS our property - we paid a dear price for it.

These people who are more concerned about some company's profits than our right to privacy surrender to tyranny without a fight - in fact they wholeheartedly cooperate with it. They don't even recognize a right to privacy, else they might feel obliged to defend it. These are the kind of people who when asked to bend over, respond "Is this far enough?".

However as I and others stated earlier, there is not yet any proof or evidence that Apple IS placing personally identifiable information on iTunes tracks.

In the Sony Extended Copy Protection (XCP) situation, we have proof positive that many companies will do the unthinkable - they WILL invade our privacy, even damaging our computers in a needless attempt to "protect" their profits. Caveat emptor?
 
First of all, even if the songs contained personalized information that wouldn't necessarily mean that it was personal information. The hidden information could just as easily be a random watermark or a hash of your account info. Only Apple could trace that to you and nobody else. And that is most certainly not a violation of privacy.

Second, so what if it did contain personal information? You are the only one receiving the file. Just treat it like anything else that contains personal information you don't want others to have. This might come as a surprise to you, but your wallet contains a lot more information that these songs would. And you take your wallet out of your house!

Third if you're worried about someone tracking your purchases, you're already compromised when you buy the song to begin with. Apple has a record of all the songs you've purchased. They wouldn't have been able to offer the Plus upgrade if they didn't. Also make sure you never purchase a CD with a credit card.
 
Why should we now have to put up with companies surreptitiously tagging legally purchased digital tracks with personally identifiable information?
How is it surreptitious? It's clear text in the header, viewable in the Summary of Get Info from iTunes.

However as I and others stated earlier, there is not yet any proof or evidence that Apple IS placing personally identifiable information on iTunes tracks.

There is extremely convincing evidence Apple is placing personally identifiable information in the meta-data. There is also extremely convincing evidence the data is not stenographic.

I wonder if people don't read those posts in this thread, don't understand them, or don't believe them. Those are commands you can type in the Terminal on your Mac - you don't have to download anything but a song to examine.

Here's how you find your personally identifiable information in an iTunes song named "song.m4a". Assume your Account Name is user13@mac.com. Open Terminal.app and type:

strings song.m4a | grep mac.com

Your full account name will be revealed. If you want more details about how to locate the path to your song or find your name I'll try to make it easier.

brian
 
I wonder.. if one burned a cd of an album bought from the apple store and then traded the audio cd and burned it and shared it, would the mark still be there? After all a proper audio cd would just have audio, right?
 
I wonder.. if one burned a cd of an album bought from the apple store and then traded the audio cd and burned it and shared it, would the mark still be there? After all a proper audio cd would just have audio, right?

That is correct. The audio CD format does not have a place for metadata. It is possible to encode it into the audio soundwave itself, but it's not what we're talking about here.
 
That is correct. The audio CD format does not have a place for metadata. It is possible to encode it into the audio soundwave itself, but it's not what we're talking about here.

If Apple IS putting account info into the tracks, would putting on CDs and then reimport it delete the account info? If so, there'd be no track of who originally bought it. I think that's what he's getting at.
 
How is it surreptitious? It's clear text in the header, viewable in the Summary of Get Info from iTunes.



There is extremely convincing evidence Apple is placing personally identifiable information in the meta-data. There is also extremely convincing evidence the data is not stenographic.

I wonder if people don't read those posts in this thread, don't understand them, or don't believe them. Those are commands you can type in the Terminal on your Mac - you don't have to download anything but a song to examine.

Here's how you find your personally identifiable information in an iTunes song named "song.m4a". Assume your Account Name is user13@mac.com. Open Terminal.app and type:

strings song.m4a | grep mac.com

Your full account name will be revealed. If you want more details about how to locate the path to your song or find your name I'll try to make it easier.

brian
I was referring to the possibility that personally identifiable information in an iTunes purchased track might be transferred to a CD, or otherwise copied. This is the topic (see the first page of this thread):
The conclusion came after purchasing the same iTunes Plus song from the iTunes Store using two accounts. After having stripped the files of their meta data (where iTunes would store account information, and any extraneous information), she compared the files and found 774 bytes (out of 6.7 MB) were different in the AAC data itself. Her conclusion: "Clearly some sort of fingerprinting/steganography is going on in the data itself."

Of course, I already know that account information is attached to each iTunes track. The question is, will this data be propagated onto copies of the track?

The main point I was making is that threats to privacy should not be dismissed as a trivial non-issue, as so many in here seem to have done.
 
I like how laid back most of you are about this, of course if MS was doing this we would hear the damn MS crowd (99% of you) and how Apple would NEVER do this!

I love my Mac, but Apple is no better or worse than other companies.

The part that makes this a bit un-nerving, is that there is no mention of this by Apple before you buy a song. I consider this the same as someone telling you they are recording a phone conversation with you, it should be told upfront.

On another note, I wonder if the TV shows have the same info embedded in the file?
 
No nothing would be transferred

I was referring to the possibility that personally identifiable information in an iTunes purchased track might be transferred to a CD, or otherwise copied.

Of course, I already know that account information is attached to each iTunes track. The question is, will this data be propagated onto copies of the track?

The main point I was making is that threats to privacy should not be taken lightly or dismissed as a trivial non-issue, as so many in here seem to have done.

If you have read the posts in this thread then you already should know the answer. If you burn a track to CD (for example) then - No. The Music portion of the itunes files are identical with each other when downloaded to different accounts. The only differences people found were in the header metadata of the AAC file. This is NOT steganography. I hope that is clear enough.

The fact that you bought a song from iTunes is NOT private information by the way. Apple, you, and anybody that bothered to record packet traffic on your route knows. If you are concerned about privacy in this regard, you need to buy CD's with cash and hope there aren't too many cameras showing you doing it.

This whole digitial watermarking idea sounds good but it is ineffective for mass market items where authenticity doesn't matter (i.e. digital copies of a song) Quite soon people will compare several copies of a song with different watermarks and then just scramble those parts. The quality of the music will be no worse than it was before if done correctly. That will soon be automated. It probably would be useful to follow casual use though since people won't bother. Its all moot as long as CD's are around as a distribution mechanism. I am waiting for a company to do this to a CD pressing - making every one unique. I suspect that is coming shortly.
 
I was referring to the possibility that personally identifiable information in an iTunes purchased track might be transferred to a CD, or otherwise copied. This is the topic (see the first page of this thread):

The topic title is "For Debate: Is Apple Using Steganography In iTunes Plus Songs?".

No, Apple is not using steganography in iTunes Plus songs. I have shown clear evidence they are not.

I have also shown the personally identifiable information is not copied if the meta-data is not copied, as in converting to AIFF.

My quibbles are when people say "If Apple is using steganography (or being sneaky or hiding info, etc)...". No, they are not doing that, as has been shown; and when people say "if Apple is adding personal information (or personally identifiable information, or your name, etc) to the file...". Yes, they are doing that as been shown.

The point being people's arguments about privacy issues are muddled by tying them to something Apple may be doing and isn't or isn't doing and is. It's like making the argument "If Colgate put anti-freeze into toothpaste as a cheap sweetener that would be bad". Yes, but Colgate isn't doing that so why imply they are, dragging them down into the discussion and muddying the logic if your real point is just that anti-freeze is not an acceptable sweetener?
 
I'm not sure I buy the whole "this is a privacy" issue. When ever you buy something you agree to certain terms. If you don't like the terms then don't buy it. (Please, don't flame me as right now it appears no info is being embedded and thus why it isn't in any iTunes agreement)

The old argument records didn't contain this information is bogus as well. Just because something isn't how it used to be doesn't mean it shouldn't or doesn't need to change. It took seriously more money, effort and time to duplicate and distribute an LP then it does to rip, upload and then download an mp3 file on the net. Surely some the artists and those who created the music deserve some recourse for those who try to steal their work? No matter how much we may like to think it wouldn't happen it will NO MATTER WHAT! No matter how little you charge, no matter how DRM free music is some segment of the population will steal it. Are we to just let those people get off scott free? And if they get off with no recourse what is to stop the remaining masses from paying and just start stealing it?

Privacy is nothing with out laws. If you don't enforce the law or can't enforce the law it is as good as not having any laws. In this digital age I have no problem with an electronic file being tagged that I bought it. I just want to know before hand. Frankly, I would prefer this to some limit on how many iPods, computers or other devices I could put my music on.

But that is just me, those of you who disagree then need to find the artists who will let you pay for their music w/o any such tags or DRM. If some many people are upset surely such a market will develop. As of right now, your song choices will be limited.
 
Your delusions about what we are saying does not make your point stronger. Your delusions make it weaker. I'm not going to respond to your posts any longer. You are making weak points. Stop being paranoid.

???

I have no delusions. Have you ever been the victim of identity theft? Has anyone in your family ever been a victim? Fortunately no one in my family has, but I have two friends who were victimized and it has changed their lives. one of them is STILL having problems after three years!

I'm not saying you live a sheltered life, but the world out there has many bad elements in it. I hope you haven't had to deal with them but I have and I don't like it.

We all need to demand protection of our privacy and our personal information. Companies don't care about us, it's not their problem when someone steals our identity. We are the ones that must pick up the pieces.

All I can say is if it happens to you, then you'll understand.
 
I don't see a big issue with this other than if you lose your or have your music stolen from you and it ends up a file sharing site .

WHich, if you think about, may help police track down who stole that music. This is a tool, that works both ways.
 
If its there, I don't see the problem with it. The point of DRM free music is so that you can use it wherever, however you want... not to share it, right?

Well you can even share, I think. I'm fuzzy on copyright law here, but I've been told by someone who makes her living officially licensing for movies and advertising that making things like mix CDs for friends falls under fair use. Where you'd run afoul, where putting your iTunes account's fingerprints on the song would be reasonable, is mass burning of the albums to CD and selling them or giving them away, again en masse, or of course putting your entire iTunes Plus collection out there on peer-to-peer networks for other flavors of file-sharing servers, again for free or for sale, for mass download.

I think, honestly, and I know it's de rigueur to hate the RIAA and MPAA, but I think, with the exception of some slavering greedy monsters -- which is certainly not all of RIAA and MPAA policy makers -- their ideal goal is for you to be able to use digitally purchased media the same as you could physical media. Play it on multiple devices without restriction. Play it on a friend's device. Make a mix for a friend (if that is truly fair use). Make back-ups so you don't lose your purchases. Loan it out. Etc. They just don't want to lose millions, tens of millions, or even hundreds of millions in sales because you can just easily jump on the Internet and download product that is copyrighted and for sale, for free.

If we want artists of any kind -- visual, film, writers, musicians -- to be supported in a capitalist system, they are going to have to be able to sell their work and make enough money on it to keep them going. If you'd prefer we go to a strict communist system that selects -- by who knows what constantly changing standards -- who can be artists and funds them, but you get their work for free, then please call the White House and your congressmen. Otherwise, pay for your media. (Yeah you can argue that, say, the recording industry makes a killing while the actual artists make little and that's not fair. And it may be true, probably is true in most cases. But that's a side issue. At least they get *something*. Perhaps the system needs some repair work, but taking all you want for free is not going to fix a thing.)
 
Ok... I don't think this has been mentioned (like this) before but what would happen if Person X buys a whole bunch of iTunes+ songs and then puts them up freely on filesharing sites... or perhaps sell them at realy cheap prices, and then the RIAA com knocking on his door but he claims his computer/hard drive was stolen. The RIAA isn't going to file a lawsuit yeah? But, what if the computer is simply with a friend or a relative. They could probably try and trace it back to an IP but we all know that people who share music use a different proxy every minute. What happens then... millions of people have high quality, DRM free songs and Person X has his laptop back.
 
The topic title is "For Debate: Is Apple Using Steganography In iTunes Plus Songs?".

No, Apple is not using steganography in iTunes Plus songs. I have shown clear evidence they are not.

I have also shown the personally identifiable information is not copied if the meta-data is not copied, as in converting to AIFF.

My quibbles are when people say "If Apple is using steganography (or being sneaky or hiding info, etc)...". No, they are not doing that, as has been shown; and when people say "if Apple is adding personal information (or personally identifiable information, or your name, etc) to the file...". Yes, they are doing that as been shown.

The point being people's arguments about privacy issues are muddled by tying them to something Apple may be doing and isn't or isn't doing and is. It's like making the argument "If Colgate put anti-freeze into toothpaste as a cheap sweetener that would be bad". Yes, but Colgate isn't doing that so why imply they are, dragging them down into the discussion and muddying the logic if your real point is just that anti-freeze is not an acceptable sweetener?

If people don't believe you and they continue to be paranoid about it and they can only think of their rights to privacy, then the solution is very simple....... Do not buy the new tracks and stick to DRM music instead or buy the non DRM tracks elsewhere.

If People think their rights are being trampled they should write to Apple or set up a site dedicated to this issue, don't bellyache all day here, just say your piece once on this site and move on.

Vote with your wallet people and if you need to organize, please do so, but this site is not the place to do so. Create a site and post the link here.

I am fine with what Apple is doing and I am perfectly ok with the above statemement by Mr. oogje.
 
Ok... I don't think this has been mentioned (like this) before but what would happen if Person X buys a whole bunch of iTunes+ songs and then puts them up freely on filesharing sites... or perhaps sell them at realy cheap prices, and then the RIAA com knocking on his door but he claims his computer/hard drive was stolen. The RIAA isn't going to file a lawsuit yeah? But, what if the computer is simply with a friend or a relative. They could probably try and trace it back to an IP but we all know that people who share music use a different proxy every minute. What happens then... millions of people have high quality, DRM free songs and Person X has his laptop back.

umm that sounds like a problem that the labels and RIAA need to deal with. I am not sure that we need to worry about that scenario.

But let me remind people that music sharing started before there was an iTunes store.

Pirates even get the music before it is released in CD form and before it is available in iTunes. So iTunes has never been a major contributor. It could become a contributor now because music is now coming out DRM free, but it will be low level sharing.

The pro's have better methods of getting their music to share.
 
Ok... I don't think this has been mentioned (like this) before but what would happen if Person X buys a whole bunch of iTunes+ songs and then puts them up freely on filesharing sites... or perhaps sell them at realy cheap prices, and then the RIAA com knocking on his door but he claims his computer/hard drive was stolen. The RIAA isn't going to file a lawsuit yeah? But, what if the computer is simply with a friend or a relative. They could probably try and trace it back to an IP but we all know that people who share music use a different proxy every minute. What happens then... millions of people have high quality, DRM free songs and Person X has his laptop back.

What would happen if person X bought a couple of CDs, rips the songs and then puts them up freely on filesharing sites? CDs outsell iTunes by more than ten to one. That's why DRM on music was pointless in the first place.
 
If Apple IS putting account info into the tracks, would putting on CDs and then reimport it delete the account info? If so, there'd be no track of who originally bought it. I think that's what he's getting at.

That's the old method for removing DRM.
 
The point being people's arguments about privacy issues are muddled by tying them to something Apple may be doing and isn't or isn't doing and is.

You are missing the point. The discussion (obviously) started way before it was clear that Apple doesn't use steganography. Now that it is clear, why should people stop replying to posts they don't agree with? After all, people's indifference to privacy issues can be discussed without Apple actually fingerprinting the audio stream.
 
You are missing the point. The discussion (obviously) started way before it was clear that Apple doesn't use steganography. Now that it is clear, why should people stop replying to posts they don't agree with? After all, people's indifference to privacy issues can be discussed without Apple actually fingerprinting the audio stream.

I assert you are missing my point. My point is for one to say "if 2 + 2 is not equal to 4 then ..." is not an effective way to argue one's position.

brian
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.