Is it possible to see where a MP3 file was downloaded from? Like if the file was downloaded from Google, Safari or other sites?
-
7alternative approach: many browsers have a history of downloads. You could manually check each of them– lucidbrotCommented Jul 17, 2022 at 12:50
-
74This has XY written all over it– xvk3Commented Jul 17, 2022 at 13:48
-
11"downloaded from Google, Safari or other sites", those are not sites, you don't "download from" them (well, google IS a site, but in this context you've probably meant Google Chrome, the browser).– Dan M.Commented Jul 18, 2022 at 15:02
-
18Safari is not a web site. That's like driving to the grocery store and thinking you just visited "Toyota", because that was the brand of the car you used.– Joel CoehoornCommented Jul 18, 2022 at 15:26
-
1Some site might encode relevant data inside the file itself, as metadata.– Patrick MevzekCommented Jul 19, 2022 at 5:47
|
Show 3 more comments
5 Answers
On macOS, the source URL of the downloaded file itself, the URL of the referring webpage, and more information are often stored in the file's extended attributes.
Finder: you can right click on the file (or use the File menu) > Get Info.
Then check the "More Info" section.
Terminal: you can use xattr. The data is stored as a binary-encoded plist.
xattr -px com.apple.metadata:kMDItemWhereFroms [path/to/file] | xxd -r -p | plutil -p -
You can also check com.apple.metadata:kMDItemDownloadedDate for that information.
Source and more info: Armin Briegel, Scripting OS X: Parse Binary Property Lists in Finder Metadata
-
66It's rather horrifying that modern operating systems store potentially private, potentially compromising information like this in places normal users don't know to look for or even know exists. Commented Jul 18, 2022 at 2:00
-
2@R..GitHubSTOPHELPINGICE wait until you see the output of
last!– jvbCommented Jul 18, 2022 at 20:17 -
2@jvb:
couldn't open file '/dev/null/wtmp': Not a directoryI think I've got that covered. Commented Jul 19, 2022 at 2:41 -
@R..GitHubSTOPHELPINGICE all operating systems let any program access every single file the user owns, by default. Linux lets any program make any of those files visible to everyone else that uses that computer, by default. Windows effectively lets any program talk to any IP address or domain host on the internet, by default. Android tells a privately-owned company your exact GPS coordinates (which saves that history and even maps your movements), by default. All browsers tell all websites which other website you came from, by default, right now, in 2022, ~30 years after the Internet's birth.– ionoCommented Jul 20, 2022 at 9:23
-
3@iono what the commenter means is that, when you share this file, you share these information too (CMIIW), without you realizing it. Your example of sharing GPS coordinates to a privately-owned company is something where there are attempts to make the user aware of such sharing. No such attempt is made for this source URL thing, which is the issue.– justhalfCommented Jul 20, 2022 at 10:42
For a Windows equivalent to chrisk's macOS answer, the source of a downloaded file may be stored in an Alternate Data Stream called Zone.Identifier.
This stream, if it exists, can be viewed with the following PowerShell command:
Get-Content -Stream Zone.Identifier "path/to/file"
And it will look something like this:
[ZoneTransfer]
ZoneId=3
ReferrerUrl=https://www.wireguard.com/
HostUrl=https://download.wireguard.com/windows-client/wireguard-installer.exe
Note that the existence of this ADS depends on several factors:
- The browser actually adding the ADS entry; most modern browsers will do so by default
- The file being stored on an NTFS filesystem; ADSes are a NTFS feature and will not be preserved if the file is ever moved to a FAT or other filesystem
- The stream not being removed at some point; this stream is what prompts the security warning when you open a downloaded file, and will be removed if you untick the "always ask before opening this file" option. It will also be removed if you use the "unblock" option in the file properties.
-
3If you're more used to Command Prompt you can use
more < "path/to/file:Zone.Identifier"instead.– NeilCommented Jul 17, 2022 at 19:29 -
Iirc, you can also open the zone in Notepad, with
notepad "path\to\file.ext:Zone.Identifier"(and possibly, though probably not, by typingfile.ext:Zone.Identifierinto the Open dialog box). Commented Jul 18, 2022 at 14:48 -
Actually it's not just NTFS, when I download files to WSL2 from a Windows browser an additional file is always created with the original file named suffixed by ":Zone.Identifier"– NobodyCommented Jul 19, 2022 at 9:34
-
1@Nobody That sounds like a browser bug more than anything else. It's certainly not an expected convention.– BobCommented Jul 19, 2022 at 10:16
It depends, but probably not. If the site writes its information to file metadata, then you'll be able to read that.
But there is nothing inherent to the MP3 file that means you'll be able to see this every time.
Outside the file, elsewhere on the system, you can also look at browser download history, but if you're on a different computer or you've cleared history or it's been a long time that might not work either.
answered Jul 17, 2022 at 4:15
-
I was using my phone at the time of the download so i don't know if it's possible to track it within the file itself Commented Jul 17, 2022 at 5:55
-
1There are MP3 tag viewing or editing programs available that will read all the tags in the file. I believe VLC can view this information as well. Even the Windows File Explorer should be able to show the data in most of the tabs. Commented Jul 17, 2022 at 15:19
-
6@music2myear The tags in an MP3 only have what was in it at the time it was created or edited. If those tags have anything to do with where it was downloaded from, that is only incidental. Tags do not guarantee the file was downloaded from any particular site. Commented Jul 17, 2022 at 17:20
-
@BoogaRoo please tell me where I said it would always show that. I said "IF the site writes its information to...". Writing to MP3 files is trivial and I'd imagine some sites may wish to do this for whatever reasons they choose. And IF they do then you'd have this information. Commented Jul 17, 2022 at 23:09
-
6@music2myear The comment is mainly for the rest of the viewers. Tags should not be relied upon for any reason. Anyone can put a URL they want in them. All it tells you is someone added that information in the tags. It does not mean the file was ever associated with the site in question. In my opinion, the comment about tags is a red herring that people may misunderstand, which is why I felt a clarification was warranted. It would probably be better to not mention tags at all. Commented Jul 18, 2022 at 0:01
Back when P2P services were blowing, record companies (or agencies commissioned by them) would embed hash codes inside media files and then seed them across various download services.
Once downloaded this hash code would be embedded in the file in a way that was invisible to regular software, and could be used by the record companies to tell where a person had downloaded it from. As opposed to them having downloaded the file legally or having ripped it from a physical CD.
-
2Purchased iTunes songs were similarly tagged internally, back in the DRM days.– TetsujinCommented Jul 18, 2022 at 7:32
On Linux that would be stored as the extended attribute user.xdg.origin.url
$ wget --xattr https://download.wireguard.com/windows-client/wireguard-installer.exe
...
$ xattr wireguard-installer.exe
user.xdg.origin.url
$ xattr -p user.xdg.origin.url wireguard-installer.exe
https://download.wireguard.com/windows-client/wireguard-installer.exe
However for some reason Linux browsers don't or no longer store that attribute, and wget also doesn't do that by default since version 1.20.1 unless specifically told by the --xattr option
