Shostack + Friends Blog Archive


Lrn 2 uZ ‘sed’, n00bz

The iTunes Plus music store opened up today, which sells non-DRM, 256kbit AAC recordings. In case you have missed the financial details, the new tracks are $1.29 per, but albums are still $9.99. You can upgrade your old tracks to high-quality, non-DRM, but you have to do it en masse and it’s only for the ones presently offered.

In a delightful bit of evil, you can also set up iTunes to display iTunes Plus first. This effectively gives EMI the endcap.

Ars Technica reports that these tracks, however, contain your account name and email address in them in their article, “Apple hides account info in DRM-free music, too.” They say,

With great power comes great responsibility, and apparently with DRM-free music comes files embedded with identifying information. Such is the situation with Apple’s new DRM-free music: songs sold without DRM still have a user’s full name and account e-mail embedded in them, which means that dropping that new DRM-free song on your favorite P2P network could come back to bite you.

I have verified that this is correct. Apple has encoded both the account name and email address using a steganographic coding mechanism standardized in ISO 10646. Colloquially, a subset of this is often called “ASCII.”

I have also verified, however, that you can patch out this information using a variety of tools. Despite my snarky subject line, I did not use sed, I used a text editor. I happened to use one that Doesn’t Suck, but I’m sure it will work with vi or emacs, or even Notepad. I give no further instructions, though, as it’s easy to botch this if you’re not well versed in the technical arts.

As I’ve noted in the past, they aren’t the only one to watermark the files. Emusic does this as well, but with a more obscure scheme. It is possible that there is some other scheme that takes more wit than typing command-F, which is all I did. It is also possible that there are side effects; all I did was play the modified file all the way through and check the info screen, which I show below.

One last bit of advice — if you’re going to put music files up a P2P network, you cannot be paranoid. They are out to get you. It would be folly to take any music you bought from any service and serve it up.


7 comments on "Lrn 2 uZ ‘sed’, n00bz"

  • Drew Thaler says:

    Yeah, they are out to get you.
    Suppose hypothetically that they encode your name more than once, e.g. both in ASCII and with some other more complicated watermark. The ASCII one could be for the UI to display, but the other one is what they’d use to track you down if it showed up on a P2P network. The code for this more complicated mark wouldn’t even need to be included in iTunes or QuickTime — it could exist purely in the iTMS servers and in a separate forensics app. Without a binary containing the algorithm to examine, a pirate would be hard-pressed to reverse it and erase the data.
    Comparing the files for a track purchased by two different users might detect whether such a scheme exists. But wait — what if they only modify 1% of the purchased tracks? Or if they only turn on the extra watermarking for one day each week? That would still be enough to catch the large-scale culprits.

  • Mike Dimmick says:

    Wait – no digital signature on that data that can be verified to ensure it hasn’t been tampered with?

  • Iang says:

    Why are they saying it is non-DRM? Is that a typo?

  • joshuadf says:

    There is a hidden benefit to the email address being in purchased songs–I found a lost iPod and that was the only place with the owner’s contact info.

  • HenryH says:

    Seems to me you can always expand your mp3’s to a lossless format that is known not to store any metadata (I’d say wave files are a pretty safe bet), and then re-encode them as mp3 again.
    The conversion to a lossless format would clear any identifying metadata, and the encoding to mp3 will most likely render any watermark useless.
    The only downside is that re-encoding an mp3 (which is a ‘lossy’ format) will result in an mp3 of lower quality.

  • Drew Thaler says:

    Wait – no digital signature on that data that can be verified to ensure it hasn’t been tampered with?

    Just because iTunes doesn’t complain about it doesn’t mean there isn’t a signature.

  • Adam says:

    Yeah, lrn 2 uZ sed, Chris! 🙂

Comments are closed.