Let me start this story at the punchline with a quick abstract: After removing all atomic meta information from my iTunes plus purchases, the music files still retain distinguishable trace differences that could be used to track the data if loaded illegally to peer-to-peer networks. Now that you’ve heard the punchline, let’s rewind to the beginning and see how I ended up at this conclusion.
Looks like MacRumors has discovered that the enema is not as thorough as I thought it was. Read this.
More after the jump…
This morning I created a new account over at the iTunes store. And I downloaded a second copy of the iTunes Single of the Week “Ooh La” by the Kooks using my brand new account. I copied them both to the desktop and renamed them to OrigOld (downloaded Wednesday) and OrigNew (downloaded today).
-rw-r--r-- 1 ericasad ericasad 6899988 Jun 1 08:45 OrigNew.m4a -rw-r--r-- 1 ericasad ericasad 6899978 May 31 19:46 OrigOld.m4a
Notice the difference in size? It’s exactly equal to the extra ten bytes in my new user name. So I decided to see what was going on in my m4a atoms. I ran Atomic Parsley on both data files and compared the embedded atoms. As I suspected, the “apID” atom, which stores the iTunes account name, differed. What I didn’t expect was that all the rest of the tags more or less matched up exactly, including the mysterious “—-”[iTunNORM] atom. That just sounded too easy. Would removing the apID tag make my music ID-free?
To list the embedded atoms:
% AtomicParsley OrigNew.m4a -t
I decided to give both files an AtomicParsley enema and remove all the tags to make sure both files were the same behind the atomic tagging.
To apply the enema:
AtomicParsley OrigNew.m4a --metaEnema
After, both were exactly the same size. (I renamed them to old and new to make things easier to follow.):
-rw-r--r-- 1 ericasad ericasad 6777450 Jun 1 08:45 new.m4a -rw-r--r-- 1 ericasad ericasad 6777450 Jun 1 08:46 old.m4a
Both files played fine in QuickTime and seemed normal AAC data sources. However, a quick diff command showed the files were definitely not the same. So I put together a quick file comparison tool using C. Here’s the code I used. (Yes, it’s typical “Erica wrote it in 2 minutes” style with all the bad variable names and other coding faults that entails. Sorry about that.)
#include <stdio.h>
#include <stdlib.h>
main()
{
FILE *fp1, *fp2;
char c1, c2;
long i = 0, diffcount = 0;
if ((fp1=fopen("/Users/ericasadun/Desktop/OrigNew.m4a", "r")) == NULL)
{
fprintf(stderr, "Could not open file 1\n");
exit(-1);
}
if ((fp2=fopen("/Users/ericasadun/Desktop/OrigOld.m4a", "r")) == NULL)
{
fprintf(stderr, "Could not open file 2\n");
exit(-1);
}
while (!feof(fp1))
{
c1 = fgetc(fp1);
c2 = fgetc(fp2);
if (c1 != c2)
{
printf("%6d: %6x %6x \n", i, (unsigned short) c1, (unsigned short) c2);
diffcount++;
}
i++;
}
fclose(fp1);
fclose(fp2);
printf("Total bytes: %6d\n", i);
printf("Difference count: %6d\n", diffcount);
}
I compiled this up and ran it against the two same-sized files. And here are the results. 774 bytes were different, including 4 3-byte items, one 4-byte item (4 * 3 + 4 = 16 bytes, checksum?), and one or two long runs of data. Clearly some sort of fingerprinting/steganography is going on in the data itself.
57: ff85 ff84
58: ff8d ffd6
59: 2e 7f
173: ff85 ff84
174: ff8d ffd6
175: 2e 7f
309: ff85 ff84
310: ff8d ffd6
311: 2e 7f
609: a 1
610: fff6 ffb4
611: ffd6 ffbc
612: ffbc 4e
662: ff85 ff83
663: ffe1 46
664: 1e 25
986: 2c 2d
987: ff86 ffa7
988: ffee ff8f
989: ffc9 ffda
990: 79 ff8a
991: ffa1 32
992: ffd2 ffb3
993: 4b fffc
994: fff7 68
995: 51 ffe2
996: ff9b 4c
997: ffcb 7c
998: ffd3 4
999: ffca 2b
1000: fffe ff9f
1001: 4c 4d
1002: 38 fff9
1003: ffc3 fff4
1004: ffe0 21
1005: 74 fff5
1006: 41 ffd2
1007: 4d ff9e
1008: 43 74
1009: fff3 24
1010: ffd5 ffa6
1011: 31 ffc2
1012: 41 ffd2
1013: ffc2 ffa3
1014: ffda 3b
1015: ffac ffad
1016: 76 ff97
1017: 62 43
1018: ffbc ffbd
1019: 44 ffc5
1020: 61 fff2
1021: fff3 24
1022: 5d ffae
1023: 3f 30
1024: 50 ff91
1025: ffa0 ffe1
1026: fffd 4e
1027: ffcc ffcd
1028: ffa6 ffc7
1029: 45 16
1030: ffa9 ffba
1031: ffef ffe0
1032: ffcb 7c
1033: ffa5 76
1034: ffa9 ffba
1035: ffe7 58
1036: ffcc ffcd
1037: ffaa b
1038: ffd1 62
1039: ff8d ffde
1040: 1c 1d
1041: 5a ffbb
1042: ff83 ffb4
1043: b ffbc
1044: ffc8 ff89
1045: 6 27
1046: ff95 66
1047: 6c 6d
1048: 58 19
1049: ffe9 fffa
1050: 2e ffcf
1051: ffe6 7
1052: fff2 ffd3
1053: 6b 1c
1054: e ffaf
1055: 77 ffe8
1056: ff87 fff8
1057: ffce 6f
1058: ffe6 7
1059: 15 ffe6
1060: 11 ffa2
1061: ffe5 ffb6
1062: ff93 ffc4
1063: ff80 ffc1
1064: ffcf ffc0
1065: 5f 50
1066: ff82 63
1067: ffe0 21
1068: ffab 5c
1069: ffa2 ff83
1070: ffa7 18
1071: fff2 ffd3
1072: 75 46
1073: ff9e 3f
1074: ffc7 38
1075: ff9f ff90
1076: 2e ffcf
1077: ffe2 ffc3
1078: 7c 7d
1079: ff9c ff9d
1080: 6 27
1081: 26 47
1082: 45 16
1083: 61 fff2
1084: f 0
1085: ffc9 ffda
1086: ffcf ffc0
1087: 49 5a
1088: fffc fffd
1089: e ffaf
1090: 7c 7d
1091: 7b 2c
1092: 12 fff3
1093: 7f 70
1094: ffd0 11
1095: 2 ffe3
1096: ff8d ffde
1097: 74 fff5
1098: ff80 ffc1
1099: ffa0 ffe1
1100: 46 67
1101: ff90 ffd1
1102: ffd7 48
1103: 22 3
1104: ffd6 fff7
1105: ffd8 ff99
1106: 1a 7b
1107: ffe3 14
1108: 11 ffa2
1109: ff87 fff8
1110: fff5 ffc6
1111: 25 fff6
1112: 5f 50
1113: 47 ffb8
1114: f 0
1115: 5d ffae
1116: 6c 6d
1117: ffbb 6c
1118: ffa0 ffe1
1119: 7d ffce
1120: 72 53
1121: 27 ff98
1122: ffe6 7
1123: ff81 12
1124: ffee ff8f
1125: 1a 7b
1126: fff0 31
1127: ff97 8
1128: ffce 6f
1129: 49 5a
1130: 50 ff91
1131: 1b ffcc
1132: 6 27
1133: ffba 1b
1134: ffc2 ffa3
1135: ff88 49
1136: fff4 75
1137: ffb7 28
1138: 58 19
1139: 12 fff3
1140: 2c 2d
1141: 50 ff91
1142: fff7 68
1143: ffcd 1e
1144: 5c 5d
1145: ffb4 35
1146: fffe ff9f
1147: ff82 63
1148: ffae 4f
1149: 7b 2c
1150: c d
1151: ff93 ffc4
1152: 5a ffbb
1153: 75 46
1154: ff99 ffaa
1155: 4a ffab
1156: 1d 6e
1157: ffbb 6c
1158: 60 ffa1
1159: 1e ffbf
1160: ffa9 ffba
1161: fff0 31
1162: 16 37
1163: ff94 15
1164: ffdc ffdd
1165: ff98 59
1166: ff91 22
1167: 2f 20
1168: 78 39
1169: ff9a fffb
1170: 15 ffe6
1171: 51 ffe2
1172: 34 ffb5
1173: 72 53
1174: 7 78
1175: 24 ffa5
1176: fff9 a
1177: 78 39
1178: 45 16
1179: ffd2 ffb3
1180: b ffbc
1181: 35 6
1182: 63 ff94
1183: fff7 68
1184: ff95 66
1185: 3 34
1186: 36 57
1187: 1d 6e
1188: e ffaf
1189: ff89 ff9a
1190: ffec ffed
1191: ffb7 28
1192: 39 4a
1193: 5b c
1194: ffa6 ffc7
1195: ffa5 76
1196: 5a ffbb
1197: 73 ffa4
1198: 22 3
1199: 46 67
1200: 11 ffa2
1201: c d
1202: 37 ffa8
1203: 9 1a
1204: ffc2 ffa3
1205: fffc fffd
1206: ff97 8
1207: ffa1 32
1208: 20 61
1209: ffed 3e
1210: 70 ffb1
1211: ffb7 28
1212: 1d 6e
1213: 77 ffe8
1214: fffc fffd
1215: ff96 ffb7
1216: fff1 ff82
1217: ff82 63
1218: fff2 ffd3
1219: 1f 10
1220: 54 ffd5
1221: ff81 12
1222: ffc4 45
1223: ffc1 52
1224: 19 2a
1225: 70 ffb1
1226: 5f 50
1227: fff9 a
1228: ff96 ffb7
1229: 56 77
1230: ffbf ffb0
1231: 45 16
1232: ff93 ffc4
1233: 1d 6e
1234: ff93 ffc4
1235: ffa0 ffe1
1236: fffa 5b
1237: f 0
1238: 52 33
1239: 0 41
1240: 1f 10
1241: c d
1242: 41 ffd2
1243: 7d ffce
1244: 3a ff9b
1245: ffce 6f
1246: ff87 fff8
1247: ffb2 ff93
1248: 34 ffb5
1249: 6a ffcb
1250: fff4 75
1251: 74 fff5
1252: 0 41
1253: 60 ffa1
1254: 48 9
1255: ff8b 3c
1256: ffa8 69
1257: 74 fff5
1258: d 5e
1259: 63 ff94
1260: 78 39
1261: ffce 6f
1262: 57 ffc8
1263: 3e ffdf
1264: ff96 ffb7
1265: ffe1 72
1266: a 6b
1267: ffbb 6c
1268: 7b 2c
1269: ffdc ffdd
1270: 11 ffa2
1271: 6d ffbe
1272: 10 51
1273: ffa0 ffe1
1274: ffe0 21
1275: 7 78
1276: 6e f
1277: ffe7 58
1278: 64 ffe5
1279: ffe1 72
1280: 6a ffcb
1281: ffcb 7c
1282: 23 54
1283: ffca 2b
1284: fffa 5b
1285: 6a ffcb
1286: 39 4a
1287: 65 36
1288: ffda 3b
1289: 39 4a
1290: 18 ffd9
1291: ffd7 48
1292: ffc1 52
1293: ffcc ffcd
1294: a 6b
1295: ffae 4f
1296: ffcf ffc0
1297: ff8f ff80
1298: 37 ffa8
1299: 59 6a
1300: 3a ff9b
1301: 6e f
1302: ffa8 69
1303: fffe ff9f
1304: 4c 4d
1305: ffb4 35
1306: ffea 4b
1307: ffe6 7
1308: 36 57
1309: 4c 4d
1310: ffad fffe
1311: ff95 66
1312: 44 ffc5
1313: ff8c ff8d
1314: 4f 40
1315: ff93 ffc4
1316: ffd0 11
1317: ffd7 48
1318: ff81 12
1319: ffcf ffc0
1320: ffcc ffcd
1321: ffae 4f
1322: ff8e 2f
1323: 3e ffdf
1324: ffbf ffb0
1325: ffb1 42
1326: ffde 7f
1327: 30 71
1328: 5c 5d
1329: ffcc ffcd
1330: ff84 5
1331: 67 ffd8
1332: fffa 5b
1333: ffed 3e
1334: f 0
1335: ffb7 28
1336: fffc fffd
1337: fff5 ffc6
1338: fff4 75
1339: ffff fff0
1340: 5f 50
1341: 63 ff94
1342: fffe ff9f
1343: ffd4 55
1344: ffd9 ffea
1345: 43 74
1346: 36 57
1347: ffe2 ffc3
1348: fff3 24
1349: ff86 ffa7
1350: ffb7 28
1351: 12 fff3
1352: 33 64
1353: ffb2 ff93
1354: 6f 60
1355: fffe ff9f
1356: 4e ffef
1357: ffe9 fffa
1358: ff8b 3c
1359: 23 54
1360: ffd2 ffb3
1361: ffd6 fff7
1362: ffd2 ffb3
1363: ffef ffe0
1364: 6c 6d
1365: 63 ff94
1366: ffca 2b
1367: ff8c ff8d
1368: 15 ffe6
1369: 3d ff8e
1370: 66 ff87
1371: ffef ffe0
1372: ffc3 fff4
1373: ff8b 3c
1374: ffe4 65
1375: ffb8 79
1376: 69 7a
1377: 22 3
1378: 4a ffab
1379: 18 ffd9
1380: ff94 15
1381: 4e ffef
1382: 6e f
1383: ffa6 ffc7
1384: 4c 4d
1385: ffe3 14
1386: 7c 7d
1387: 54 ffd5
1388: fff6 17
1389: ffe3 14
1390: ffd4 55
1391: 68 29
1392: ffb3 ffe4
1393: ffeb ff9c
1394: ff9a fffb
1395: ffe9 fffa
1396: 29 3a
1397: 33 64
1398: 30 71
1399: 2b ffdc
1400: ffb2 ff93
1401: fff8 ffb9
1402: 4c 4d
1403: 24 ffa5
1404: 62 43
1405: ffe5 ffb6
1406: ffe0 21
1407: ff91 22
1408: ffd1 62
1409: ffc7 38
1410: ff91 22
1411: 7f 70
1412: 3 34
1413: ff87 fff8
1414: ffbb 6c
1415: 66 ff87
1416: 6 27
1417: 75 46
1418: ffff fff0
1419: ffa0 ffe1
1420: ffde 7f
1421: ffa8 69
1422: 12 fff3
1423: 3c 3d
1424: 73 ffa4
1425: 40 ff81
1426: 74 fff5
1427: 2f 20
1428: ff96 ffb7
1429: ffdc ffdd
1430: c d
1431: 52 33
1432: 6b 1c
1433: ff9a fffb
1434: 9 1a
1435: fffa 5b
1436: 59 6a
1437: 50 ff91
1438: ffa1 32
1439: ff8b 3c
1440: 75 46
1441: 6c 6d
1442: e ffaf
1443: 4 ff85
1444: ff88 49
1445: 48 9
1446: ffb6 ffd7
1447: ffa5 76
1448: 2b ffdc
1449: 20 61
1450: ffdc ffdd
1451: 78 39
1452: 13 44
1453: 29 3a
1454: 58 19
1455: ffce 6f
1456: 2b ffdc
1457: ffb3 ffe4
1458: ff8e 2f
1459: 5d ffae
1460: ff84 5
1461: 21 ffb2
1462: ffb1 42
1463: ffff fff0
1464: ffb3 ffe4
1465: ffdd 2e
1466: 1e ffbf
1467: ff90 ffd1
1468: ffd6 fff7
1469: ff9b 4c
1470: ff86 ffa7
1471: 48 9
1472: ff8f ff80
1473: ffaf ffa0
1474: 16 37
1475: ffac ffad
1476: ffa3 ffd4
1477: ffde 7f
1478: 54 ffd5
1479: ffeb ff9c
1480: 6f 60
1481: ffec ffed
1482: 68 29
1483: ffe2 ffc3
1484: 6a ffcb
1485: ffd8 ff99
1486: ffa0 ffe1
1487: ff87 fff8
1488: ffef ffe0
1489: ffe4 65
1490: ffac ffad
1491: 4c 4d
1492: ffd6 fff7
1493: 7c 7d
1494: fffd 4e
1495: 33 64
1496: ff8a ffeb
1497: ffc0 1
1498: 3a ff9b
1499: 49 5a
1500: fff1 ff82
1501: ffa3 ffd4
1502: ffd8 ff99
1503: fff6 17
1504: 54 ffd5
1505: fff8 ffb9
1506: ffae 4f
1507: ffd3 4
1508: fff0 31
1509: 19 2a
1510: 49 5a
1511: 30 71
1512: ffd9 ffea
1513: fff7 68
1514: 6e f
1515: ffdf ffd0
1516: 77 ffe8
1517: fff8 ffb9
1518: 16 37
1519: 44 ffc5
1520: ffe4 65
1521: ff8c ff8d
1522: 57 ffc8
1523: 3 34
1524: 5 ffd6
1525: ffdb ff8c
1526: fffc fffd
1527: 43 74
1528: ff9e 3f
1529: ffda 3b
1530: ff90 ffd1
1531: ffc8 ff89
1532: ff8c ff8d
1533: ffe2 ffc3
1534: 6e f
1535: 12 fff3
1536: 66 ff87
1537: ffb0 fff1
1538: ffae 4f
1539: ffce 6f
1540: ffe7 58
1541: ffe2 ffc3
1542: ffa7 18
1543: ffa4 25
1544: 7a ffdb
1545: 42 23
1546: ffd7 48
1547: 48 9
1548: fff9 a
1549: ff95 66
1550: 5f 50
1551: ffec ffed
1552: ffff fff0
1553: 61 fff2
1554: 68 29
1555: fff9 a
1556: 78 39
1557: ffcc ffcd
1558: ffbd e
1559: ffe2 ffc3
1560: 14 ff95
1561: 47 ffb8
1562: 10 51
1563: ff94 15
1564: ffe4 65
1565: ffa2 ff83
1566: 66 ff87
1567: 54 ffd5
1568: 61 fff2
1569: ffb4 35
1570: a 6b
1571: 19 2a
1572: 1e ffbf
1573: fffd 4e
1574: ffd5 ffa6
1575: 6a ffcb
1576: 1c 1d
1577: ff96 ffb7
1578: 16 37
1579: ff86 ffa7
1580: 5 ffd6
1581: fff9 a
1582: ffa6 ffc7
1583: 40 ff81
1584: a 6b
1585: d 5e
1586: ffb3 ffe4
1587: 78 39
1588: 3b ffec
1589: ffe3 14
1590: 2c 2d
1591: 77 ffe8
1592: ffe7 58
1593: 1c 1d
1594: 69 7a
1595: ffee ff8f
1596: 6a ffcb
1597: fffb ffac
1598: ffd6 fff7
1599: 20 61
1600: fff5 ffc6
1601: fffd 4e
1602: 13 44
1603: ff93 ffc4
1604: ffc9 ffda
1605: 55 26
1606: ffc1 52
1607: 2c 2d
1608: ffa9 ffba
1609: fffa 5b
1610: 36 57
1611: 25 fff6
1612: 20 61
1613: ffe5 ffb6
1614: 46 67
1615: 17 ff88
1616: 28 ffe9
1625: 16 23
1626: 7f ffc8
1627: ff8d ff9d
1628: ff9c ffd4
1629: 2d 1f
1630: ffbc 2d
1631: ffb8 ffa3
1632: ffc7 7a
1633: 12 69
1634: 65 ffd7
1635: 31 55
1636: 55 33
1637: 3a 3
1638: 7b ffc6
1639: 18 71
1640: ffe1 26
1641: 1f 2f
1642: 1e 7f
1643: 75 4c
1644: 68 fff5
1645: 33 ffe2
1646: 54 fff0
1647: 2 ffba
1648: ff87 4c
1649: ff9e ffa7
1650: 4f ffdf
1651: fff2 ffa7
1653: ffb1 21
1654: ffcd 58
1655: ffa2 ff82
1656: ffb7 59
1657: ff8a d
1658: ff92 7
1659: ffca ff89
1660: ffe4 fffd
1661: 1e ffa9
1662: 3d ff95
1663: ff83 19
1664: 6c ffd2
1665: ff9a ffb0
1666: ffce 28
1667: ffdc 6
1668: 6 ffd7
1669: ffbf ff80
1670: 54 ffe4
1671: ff94 c
1672: 2d ff98
1673: 51 14
1674: 10 ff9c
1675: 12 67
1676: 21 ffb1
1677: ffd7 37
1678: ffab ff8b
1679: 4f 0
1680: 1b ffd9
1681: 20 4d
1682: 1f 74
1683: 4e 2d
1684: ffe8 11
1685: 5d 17
1686: ffba ffcb
1687: ff8d 5b
1688: 11 7a
1689: ffb4 41
1690: 6b ffec
1691: ff8b ffee
1692: ffcd 5d
1693: ffff fffc
1694: 6d 1f
1695: ffc6 ffd5
1696: ff84 59
1697: 41 6c
1698: 3c ffc8
1699: 4a ff95
1700: ff88 ffce
1701: 51 ff8e
1702: 6 ffa4
1703: ffeb 5a
1704: 11 fffb
1705: 35 ff9a
1706: ffaf 20
1707: 55 fff2
1708: ff8e ffcd
1709: fff2 8
1710: 6 ffd9
1711: 9 5b
1712: ffe5 ffa0
1713: 1c 5b
1714: d 6e
1715: 3e ffd0
1716: 8 e
1717: e 3f
1718: 18 fff7
1719: fffe ffd3
1720: ff9b 7d
1721: ff83 fffa
1722: ff92 ffe4
1723: 45 10
1724: ffa0 ffda
1725: 1 ff96
1726: ffa7 ffd2
1727: 2c ffda
1728: 16 ffae
1729: ffb4 23
1730: ffd4 1d
1731: ff9a 70
1732: 68 ff84
1733: 7b 3a
1734: 16 ffd8
1735: 2f 5b
1736: ffb4 7a
1737: 1 ffe9
1738: 26 ff9c
1739: ffd5 58
1740: 1a 53
1741: ffd8 7
1742: 2c 32
1743: 75 ff92
1744: ffb1 ff95
1745: 60 1b
1746: ffe2 ffaf
1747: 49 ffe2
1748: 72 ff96
1749: ff8e ff9d
1750: 68 ffac
1751: ffac 27
1752: 11 ffe4
Total bytes: 6777451
Difference count: 774
Update: Converting both files to AIFF produced identical output:
.% ./a.out Total bytes: 36872107 Difference count: 0 %
As a matter of interest, does the difference go away if you transcode the stripped files to AIFF or WAV? The EFF's on the case too, and their findings are that it does. If so, and if it's a watermark, it's a very washable one. Thanks for the pointer to Atomic Parsley, BTW: saves me hacking up Perl one-liners using Image::ExifTool. Well, for .m4a's at least.
Try this: 'man cmp'
I haven't tried transcoding. I'll give that a try and report back.
David: Thanks. I usually use diff. Sometimes the blindingly obvious just passes us by.
Domo: Transcoding the stripped files to AIFF produces identical results. I added an update above.
If I buy tracks, I don't mind if they've got a "sticker" on them indicating I own them.
The watermark might be innocuous. It could be a timestamp or something like that. Or it could signify which of Apple's servers actually did the encoding.
I can think of other things that aren't nefarious or traceable.
But there's no way of knowing what the real cause is without lots more digging. And since AIFF "rinses out" the watermark, I doubt the digging is worthwhile, except intellectually.
It's too bad you can't buy The Planets' "A one minute silence" (on Classical Graffiti), or John Cage's 4'33" on iTunes.
It seems like that would simplify cryptanalysis.
I'd take "bookplates" over DRM any day.
> Update: Converting both files to AIFF produced identical output:
So why don't you say what this means? That it totally contradicts your findings, that "No, that isn't steganography," that metadata left behind by AtomicParsley explains the difference, and that you jumped the gun on this? That explanation should go at the top, right by your "punchline."
Agreed. The "Update" at the bottom is almost hidden past the point anyone would get to...almost as if there was a watermark of shock value on the article itself.
The first sets of differences (groups of three bytes) are in the movieheader, trackheader and mediaheader atoms, and there within the modification date. If you look at the numbers, old = 0x84d67f, new = 0x858d2e, the difference is about 46000 (seconds), that is about 13 hours, and that is exactly the difference in time between your two downloads; one at 19:46 and one at 08:45 the next day. So no steganographie there, the server has just truthfully filled out the time when the file was modified.
Erica-
MacRumors furthered the research you did, and has found that it looks like Steganography is NOT taking place.
http://www.macrumors.com/2007/06/01/apple-using-steganography-in-itunes-plus-songs/
Nate: Relax, dude.
Everyone else: Added the Mac Rumors link up to the front. I still don't find things conclusive one way or the other but Mac Rumors looks like it's definitely taking things in the right direction.
I don't get why there's so much static about this.
Your email address and itunes account name are stored on your computer in files you buy?
So what? Your iTunes account name and email are stored on your computer in iTunes. Your email address probably occurs quite often on your computer (i.e. every email you've sent or received) Clearly not a privacy issue - its *your* computer, after all.
So, this only matters in any way if you intend to distribute these purchased tracks and don't wish to be liked to them.
And if you're doing that, you're lower than whale sh*t anyway, so who cares?
Why didn't you get your facts straight before you published the story instead of sending everyone into an uproar for nothing? If you don't know one way or the other, why even write the story? Maybe you should write for the tabloids. Journalists that print inaccurate garbage shouldn't be working at reputable news sources.
Hey Anonymous, good points there to respond to. First, this is not journalism. It's an informal web log. Second, although my initial conclusion (that it might be steaganography or fingerprinting of some kind) looks more and more like it is probably wrong, by putting out the method and the data encouraged exploration and peer review.
Undoubtedly this ain't journalism.
The way you handled the "update"... burying it after a hex dump, merely crossing out your totally wrong innuendo, and not even speaking in plain English... reeks of unprofessionalism.
Why so complicated?
strings file1 > x
strings file2 > y
diff x y
Erica: First, this is not journalism. It's an informal web log.
You, of all people, should realise that such a distinction is increasingly blurred these days. This weblog is self-promotion for you in order to increase your reputation within the community and hence influence future sales of your books and/or to encourage publishers to use your articles etc. Doesn't sound too different to modern mainstream technology journalism to me.
Erica: Second, although my initial conclusion (that it might be steaganography or fingerprinting of some kind) looks more and more like it is probably wrong,
Your initial conclusion is not "probably wrong". Other, more thorough, researchers, using the same data, have categorically *proven* it wrong. At least have the decency to recognise your mistake and the moral fibre to accept it instead of trying to weasel out of it.
Erica:... by putting out the method and the data encouraged exploration and peer review.
You did not offer your method out for peer review. Your peers, not trusting your method and the conclusion you had arrived at, took it upon themselves to investigate and debunk your theory. Your article bears little resemblance to scientific method; while the title seems like a question you had already jumped to the conclusion before all the facts were in: " the music files still retain distinguishable trace differences that could be used to track the data if loaded illegally to peer-to-peer networks. Now that you've heard the punchline, let's rewind to the beginning and see how I ended up at this conclusion."
If you'd framed it as a question, and asked for people to review your method and come to their own conclusions instead of the sensationalist headline you used, not nearly as many people would have visited your site. So it's obviously not your way of asking for peer review, but clearly yet more self-promotion. In this case, it does appear to have backfired (one can only hope).
Hey Erica, why don't you spend less time censoring comments on this page and more time cleaning up the mess you've made? All you've done up to this point is punish Apple by dragging its name through the mud when, by all indications, they were only trying to do the right thing. The least you could do now is issue a retraction (please note, a cryptic statement buried two paragraphs deep in your original article, otherwise unedited, is NOT a retraction).
AnonymousHey Erica, why don't you spend less time censoring comments on this page and more time cleaning up the mess you've made?
Seconded. I've had two comments axed now because I dared to suggest that the person at fault here was Ms Sadun, not Apple Inc.
Think it might be time to write a letter of complaint to O'Reilly about this silent moderation of critical voices.
Erica, it might be appropriate for you to use your favorite online dictionary to look-up the phrase "jumping the gun".
Erika, you wrote in a comment "Second, although my initial conclusion (that it might be steaganography or fingerprinting of some kind) looks more and more like it is probably wrong.. "
Your original conclusion wasn't that it might be steganography. Your conclusion was "Clearly some sort of fingerprinting/steganography is going on in the data itself". That was what you wrote in your blog, and it was completely unjustified. There is not only no evidence, I can't see a reasonable explanation why you would have come to that conclusion at all.
I wonder why no one has asked the obvious question: Why on earth would Apple want to include hidden information about a customer in a music file? There is open information clearly visible: Geeks find it by searching for strings, normal people click on "Get Info" in iTunes. But why would Apple include hidden information? How would Apple benefit from this? You can get all paranoid about this and come up with some weird big brother theories, but please tell us just one scenario describing how Apple could benefit from this.
> "Think it might be time to write a letter of complaint to O'Reilly about this silent moderation of critical voices."
I'm sure you must be looking forward to receiving their reply. Should they send it to anonymous@anonymous.com?
Pointing out inaccuracies and mistakes is fine, but there's no need to be nasty. I think Apple's good name, and Erica's, will be just fine.
Anonymous excoriation for a mistake owned-up to with grace and honesty is reprehensible. Perhaps Anonymous could have simply provided an ID or a link to his/her own site with a discussion of the mistake and a correction, as LongoFest did on the MacRumors forum. Then again, perhaps not, because Anonymous is just a garden variety heckler. Thanks to Erica Sadun for working through the steganography question, publicly and professionally.
Wow, this article is misleading. If one only reads the abstract, one draws a conclusion (steganography) that is contradicted by an update at the bottom. Immediately after the abstract, there is a sentence about 'enemas' which, I think is an update, but is not labelled as such. Many people (myself included) will have no idea what an 'enema' is in this context without reading the whole article. What a misleading mess.