Last week it was discovered (and actively blogged about) that user account information is embedded in the AAC music files purchased from the iTunes Store. This led some people to assume the worst – that Apple was surreptitiously using this information to track iTunes users, without notifying users via the iTunes “Terms and Conditions of Use.”
The discovery came about when researchers were seeking the cause of mysterious differences between DRM-free iTunes Plus AAC files and regular DRM’d iTunes files. As Macrumors.com reports:
“The conclusion came after purchasing the same iTunes Plus song from the iTunes Store using two accounts. After having stripped the files of their meta data (where iTunes would store account information, and any extraneous information), she compared the files and found 774 bytes (out of 6.7 MB) were different in the AAC data itself. Her conclusion: “Clearly some sort of fingerprinting/steganography is going on in the data itself.”
After much research and investigation, it does NOT appear that Apple is using stenography, watermarking, etc, to spy on iTunes music users. Read about this here.
It’s worthwhile to note that files purchased from the iTunes Store have always had account information embedded in them. This is nothing new, and it’s not unique to DRM-free iTunes Plus files.
I’m not crazy about this – but I’m not surprised, either. I never upload copyrighted music to be swapped and traded, so I’m not worried about being “caught” doing this. I just don’t want someone to steal my iPod and then have access to my email address.
However, my user information is embedded in many of the digital files I use, so iTunes is not unique. And, apparently it is possible to strip this information out of your iTunes-purchased songs. I’m not concerned enough about this to take that extra step.
Many other groups are looking at this issue. We’ll keep you up to date as more information is released.
Here is some other feedback: