June 6, 2007 | By Peter Eckersley

An Update on the Innards of iTunes Plus Files

Last week, we posted to say that iTunes Plus files seem to exhibit some strange variations above and beyond the widely reported fact that they contain the purchaser's name and email address/Apple ID. We've since had time to look at these files more closely, and we can say a little more about what's going on inside.

Firstly, the most interesting hypotheses turn out to be false. There aren't any watermarks in the compressed data; in fact, the compressed segments are identical across multiple copies of the same track. The large variation in size that we observed between two different iTunes Plus purchases of the same track turned out to be because one file contained two copies of the cover art: a quality 93 600x600 JPEG, and a quality 100 600x600 JPEG. This is a little odd, but it probably results from iTunes having cached a cover for the whole album before the track was purchased, and is unlikely to double as a tracking mechanism (inadvertent or otherwise).

Secondly, the odd tables we mentioned last week are not all that interesting. They're tables of pointers into the compressed audio data, so that players can find different parts of the track (stco tables). When the file is offset by the inclusion of an extra JPEG in the headers, all the pointers change.

While there are no watermarks, there are some other interesting fields that are likley to have privacy implications. In particular, there is a 1024 bit variant field labeled sign and a 630 byte variant field labeled chtb. These are unique for every combination of user and track we've seen. Neither of these fields existed in the FairPlay DRMed .m4p tracks that Apple has been selling in the past.

It's best to assume that either the sign or chtb field could be used by Apple to identify the user who purchased a track (that would be true if Apple logs what it writes in these fields, or if sign is, as it seems, a cryptographic signature). It's also safe to assume that they can be used to tell the difference between real and forged names / Apple IDs in tracks.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Here's a 360-degree photo of some of the volunteers who've gathered 415+ California database catalogs https://www.facebook.com/eff/... #datahunt

Aug 27 @ 2:31pm

Unless stopped, European user content sites may be forced to do revenue-sharing deals with entertainment companies https://www.eff.org/deeplinks...

Aug 26 @ 3:52pm

Leaked European copyright proposal would cause massive changes to Internet platforms and news sites as we know them https://www.eff.org/deeplinks...

Aug 26 @ 1:06pm
JavaScript license information