Breaking Eggs And Making Omelettes

Topics On Multimedia Technology and Reverse Engineering


Archives:

Spyware In Multimedia Files

November 22nd, 2005 by Multimedia Mike

I am a big fan of Rooster Teeth’s Red vs. Blue Machinima series– in fact, I own all 3 of the DVDs so far. I was excited to see that Rooster Teeth was commissioned to create a Machinima mini-series for the new F.E.A.R. game called P.A.N.I.C.S.


P.A.N.I.C.S. Title

Funny stuff. Download and enjoy. But to be safe, use an open source multimedia playback application. Here is a curious excerpt from the P.A.N.I.C.S. FAQ:

Q: When I play the video my firewall says it’s trying to access the internet, what’s the deal?
A: The producers and promotions company wanted to track the popularity of the videos, so they added a small tag that hits a server, much like a webpage counter. No information besides the IP and the hit are recorded.

I have been trying to figure out if the tracking mechanism is embedded in the multimedia files somehow. My hypothesis is that there is some kind of information embedded in the multimedia files that instructs the multimedia player to perform an HTTP GET request to a web server. Each of the 4 downloadable files is available in both Windows Media and QuickTime formats. I know that QuickTime is hyper-flexible enough to allow for arbitrary things like requesting web pages; it’s reasonable that WMV supports a similar feature. However, looking through the files with a hex editor reveals no obvious “http://…” strings, even when I decompress the QuickTime header in the .mov files.

If anyone knows how this tracking tech operates, I’m sure I’m not the only interested party.

The moral of the story is to always use open source software to view your multimedia. You can trust that the open source multimedia players do not implement user-surveillance features because we developers do not even know how the features work!

Believe it or not, security is a high priority among open source multimedia hackers. For example, on the FFmpeg project, the decree is in place that no file creation facilities (like file muxers) may place valid timestamp data into the file which would indicate when the file was created. It was believed among some that this is tantamount to spyware. If you have trouble swallowing that reasoning, a less tinfoil-hat-like explanation is that arbitrary timestamps create havoc with regression testing.

I just thought you might like to know that we’re looking out for you and your safe computing experience.

Posted in General | 1 Comment »

One Response

  1. Paul J Says:

    Back in the day the Windows Media Encoder did include a way to embed links in wmv files (couple of years ago it was still included…this was with v9 & v9 server). We currently use v9 Server to stream files for users in our language lab. A few of our videos actually incorporate a redirect of sorts that allows a set transcript to be chanced, page-by-page along with the spoken word. Just a heads up on what I know of it.