For Debate: Is Apple Using Steganography In iTunes Plus Songs? [Updated: No?]

Following the discovery that Apple was embedding iTunes account information in iTunes Plus songs, Erica Sadun at O'Reilly speculates that Apple may be using Steganography within the AAC portion of iTunes Plus tracks.

The conclusion came after purchasing the same iTunes Plus song from the iTunes Store using two accounts. After having stripped the files of their meta data (where iTunes would store account information, and any extraneous information), she compared the files and found 774 bytes (out of 6.7 MB) were different in the AAC data itself. Her conclusion: "Clearly some sort of fingerprinting/steganography is going on in the data itself."

The EFF has apparently also begun investigating the issue, although they do not indicate how far they will pursue the issue.

Most forum users appear to not be dissuaded by the revelations, and appear to accepting the move as a compromise allowing music companies to have some recourse against those who illegally share music, but opening the DRM restrictions for legitimate users.

Of note, Apple does not indicate that it uses such technology in its iTunes Terms of Service.

Steganography (from Wikipedia): "the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message." Different from cryptography in that the existence of the message itself is not disguised, but the content is obscured.

Update: After an independent MacRumors investigation, it does not appear that watermarking is taking place in the AAC data itself, and it may be presumptuous to claim that steganography is taking place. A recount of our investigation is posted here.

A forum post suggests the differences seen in the files are simply a result of differences in modification dates embedded in the files, rather than any sort of embedded identifying information.