Personal Data found hidden in ITunes

Has Microsoft bought iTunes on the quiet...?

Whats the problem? Its only your music, and it has your email in your music.

Now if you choose to give that music away, well thats your decision is it not?

The Apple apologist strikes again!

Garyi, did iTunes make this widely known when they did it?

Personally I blame Microsoft .... Apple is blameless.

Deanne explain the problem?

Gee garyi, I guess that as a NZer I have a different attitude to privacy - we've got an entire statute devoted to it which says that if personal information is collected then the person must be informed and that there are restrictions on the dissemination and use of that information.

Privacy Act 1993

Does anyone know if the download protocol used by Apple is encrypted? i.e. when downloading a file, does it come down through an encrypted pipe? If it doesn't (and I'd be surprised if not) then anybody could snoop the iTunes site and copy things leaving it - including tunes. These could then be shared without the original purchaser ever knowning...

Yet we would be pleased if we could securely hold data in image files that could not be altered.

Deanne the data is in YOUR file sent to YOUR computer and no one elses.

Its like saying you want to have a go at your bank because they sent something addressed to you.

More over and this is an important fact, itunes states that your music habits is being watched in the mini store which you can turn off. Also if your harddrive crashes and you log back into itunes after, you can download all your previously purchased music for free, so obviously they collect the data on what you purchased, no doubt if you had 400 tuns in there bought from itunes you would be mighty pissed off if you could not get them back.

Also Amazon collect data on what you purchased then send you targeted adverts in your email.

Also Yahoo says in its small print that when you sign up to their email they can collect data on stuff you are interested in and target you in advertising, far more disturbing than apple watermarking your purchased music with your name then sending it only to you.

I may be an appologist but you go straight for the neck without stepping back and thinking about it.

Gary,

If the download is not encrypted then any half decent hacker could steal a copy of your tune in transit. If that hacker then makes it available on a share site, you could be accused of sharing the file.

If the file is not encrypted and a hacker could get the download, how owuld he go about achieving this? I have no idea but assume he has access to your broadband space, computer or the apple store system, in which case I would guess he has access to a lot more interesting stuff than your email addy in a tune.

Also tunes purchased on apple (the new drm free ones excepted) require that any itunes they are played on the user has to be logged into the apple store to approve them.

I'm delighted to hear about the i-tunes plus service with higher quality downloads for my personal use, and if it reduces real piracy, so much the better.

Gary,

Stop being dim. It's actually very easy to snoop addresses on the net. Once you snoop, you can grab and keep the packets. It's not whether the files are encrypted which is important (since they can all be decoded and used by MP3 players) but the method of transport between the store and your computer which is.

I agree the hacker is not interested in your email address. He just wants to share any music files he has nicked. The fact that your address appears in the files he has shared is what concerns me. If the likes of EMI takes you to court for sharing of the file, there is evidence that this is your file and it could prove rather painful and expensive to prove that you did not share it in the first place.

If the transport uses strong encryption (extending download times by approx 30%), then it is very unlikely (nigh on impossible at this point) that the packet stream could be used. If it is unencyrpted, then it's a piece of cake.

In the former case, the chances a hacker could have installed a virus/bot on your system remotely to copy your files to his system. Proving your innocence in this case is not very easy. In the case where it's unencrypted, the fault lies with Apple's store since they haven't ensured that the transfer has been done in a suitable manner to avoid copying.

This is why I asked the question - does anyone know if the transfer method is encrypted and what level of encryption does it use? (40-bit encryption is nigh on useless nowadays).

Frank it is not I who is being dim. If someone wants to steal music, they will copy a CD or get the music via torrent on the web, both methods is very easy to do and quick.

I would hazzard a guess that all music on the itunes store is available via torrent no problemo, so why is someone going to wait around snooping my address on the off chance I might download one or two tracks from iTunes?

Or put another way I cannot find any evidence or info on this, so I am guessing to date with nearing 2 billion downloads, no one has hacked someone else in order to steal their one track download, when there is a royal tonne of it on torrentspy.com

Gary,

I agreed earlier that the malicious hacker has no interest in the downloader's email address.

My point is that if that file gets shared subsequently by the malicious hacker, and if EMI chased the owner of the file, they can see from the watermark who bought it in the first place and accuse that person of copyright breach, something they have been very eager to do in the last few years.

My point is they would accuse the wrong person of this and there is damning evidence in the file identifying the owner! I wonder, for example, how many of those files on torrentspy are watermarked, and how many might not have been put there by the original owner? After all, why buy a CD when you can nick it off a download site???

Do you really think Big Brother needs itunes to find out all he needs to know about you?

Sheesh.

Wake up.

quote:

Stop being dim. It's actually very easy to snoop addresses on the net. Once you snoop, you can grab and keep the packets. It's not whether the files are encrypted which is important (since they can all be decoded and used by MP3 players) but the method of transport between the store and your computer which is.

Frank,

Working for someone who designs and builds these networks. I think you'll find that snooping and intercepting files from apple.com across the backbone and then via your ISP is in fact remarkably difficult. I would be interested in these 'easy' snooping that you can do, without compromising the end PC.

Roy.

Frank

What stops me changing the address in an iTunes downloaded file to somebody else's address before I share it - something I most certainly wouldn't do even with Atomic Parsley

In any case if there is a concern then

Download AtomicParsley for your Mac or PC and uncompress it into your music directory
Open a Terminal Windows in OSX or Windoze and view the iTunes metadata with

atomicparsley song.m4a -t

Atom “©nam” contains: Everybody Whatever
Atom “©ART” contains: Yoyou
Atom “aART” contains: Yoyou
Atom “©alb” contains: Variations on Agadoo
Atom “gnre” contains: Rock
Atom “trkn” contains: 1 of 14
Atom “disk” contains: 1 of 1
Atom “©day” contains: 2007-06-10T08:00:00Z
Atom “pgap” contains: 0
Atom “apID” contains: Ada.Bloggs@mac.com
Atom “cprt” contains: ℗ null 2007
Atom “cnID” contains: xxxxxx
Atom “rtng” contains: Offensive
Atom “atID” contains: xxxxxx
Atom “plID” contains: xxxxxx
Atom “geID” contains: xxxxx
Atom “sfID” contains: United Kingdom (143441)
Atom “akID” contains: 0
Atom “stik” contains: Normal
Atom “purd” contains: xxxxxxxxx
Atom “covr” contains: 1 piece of artwork

Remove your email address

atomicparsley song.m4a –manualAtomRemove “moov.udta.meta.ilst.apID”

You'll have a file without your e-mail address as a new temp song file.
Test it in iTunes to make sure it still works before deleting your original.

This is much easier than trying to capture it during download IMHO.

All the best, Rotf