Slashdot Mirror
SDMI *NOT* Cracked!?
StoryMan writes "Inside.com is reporting that Salon jumped the gun when it reported that SDMI had been cracked. I think this is fascinating. There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"
Thank you from saving me from having to make that point.
Imagine Salon said movie studio insiders had declared that FooBar: The Movie was going to be a bomb, and that the studio replied that
"When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer. It's simply not true, because we, ourselves, don't have that information. Our test marketing committee started working on the test screenings Wednesday morning, and it's simply impossible to say whether this is true or this is false."
Now, sure, the insiders might be wrong; after all, the cracks/movie haven't been fully evaluated. But it's the way to guess.
Steven E. Ehrbar
And bluster like this deserves nothing. Janelle Brown and Salon put their individual and corporate necks on the line; and all Chariglione does is spew hot air. If they've published something inaccurate, then you know that they'd be sued in a hot minute -- we know just how fast the music industry sues anything that crosses their lawyers hair-trigger gunsights.
I am certain that it is possible to crack the SDMI watermarking, but I am surprised that it was done so easily.
More power to Brown and Salon for having the guts to publish this article. We need more of that kind of courage.
thad
I love Mondays. On a Monday, anything is possible.
The way the "contest" worked, you got 3 sound files for each set, 2 of them were the same segment (one with watermark, one without) for you to analyze, the 3rd is a segment with the watermark that you were supposed to remove, then re-upload. The upload server automatically checks the files for the precense of the watermark, and rejects them if its not found.
The fact that they've got 450 files to analyze means that at least that many files were succesfully uploaded. Now, it's possible that a bunch of people uploaded random noise or badly distorted versions of the sample (I'm not sure whether the upload server checked that), in which case it's not really a "break" - but I suspect at least a few of the uploads were real breaks.
...and as for the idea that it wouldn't be broken because a bunch of internet hackers decided to boycott it.. well, most software or system crackers out there probably wouldn't know where to begin to crack something like a audio watermark (unless they had the watermarking source to disassemble) - if there were successful breaks made, it was probably by audio stenography experts that already had a good understanding of how the process works and what its shortcomings are.
If you read carefully, they're saying "Since it hasn't yet been proven beyond a shadow of a doubt that it wasn't hacked, as of this moment, it wasn't hacked." Corporate denial at its finest.
Their accusations against Salon are pretty extreme, considering that they themselves don't know that Salon was wrong. They're just pissed that Salon got someone on the inside to talk, and messed up their chance for a damage control press release. Salon was perfectly ethical. The article mentions that it's an anonymous source and not the official word. The article simply makes it clear that there are forces within SDMI that want it to die, and who assert that it will. That there is no uncrackable watermark is common sense, so I don't think Salon went too far.
WARNING: there is a trojan on your
I don't know if you are on crack (you don't sound like you are, but who can tell on the internet?), but cracking an encryption scheme is a much better defined problem than removing a watermark. You have a reasonable standard to decide if you have succeeded. A watermark, on the other hand, introduces some distortion in the music and removing it is going to result in more distortion. Removing it is always possible in the trivial sense that you can write a program to take a music file and output all zeros; it will be a "distortion" of the original music with no watermark. The point of this observation: there is some ambiguity about how good the cracked music has to sound before you call it a legitimate crack. No matter what hackers come up with, these guys are going to swear with their hands on their wallets that cracked music has shitty sound quality and that their watermark doesn't harm the sound quality at all.
The guy in the link mentioned this fact. I'm betting it's something they'll hide behind, even if all their schemes are cracked.
niceFire.com - Humor and Lego's or Lego's and Humor or Some Combination of
Let me try to explain why watermarks will fail: JPEG and MP3 are both streaming formats. Consider an ID3 tag on an MP3 file. An ID3 tag is 128 plaintext bytes of data added to the end of an MP3 file so you can fill in the song's title, artist, album, etc. The ID3 tag is totally separate from the audio itself, since it comes at the end, and it does not change the audio one bit. This is very similar to the way GIF89a images can have text inside them; text which is totally separate from the image data because it comes separately at the beginning or end of the image data. In stark contrast, a SDMI watermark is NOT separate from the audio itself. It is actual changes to the audio file itself interleaved throughout the audio data from beginning, to middle, to end. It is a series of actual frequency changes IN the audio, not outside of it at the beginning or end. It's a series of very slight changes, designed to be so small that they're inaudible but can be picked up by a watermark detector. The bottom line is that SDMI watermark DOES alter audio since it's PART OF the audio data and is not separate from it. Also above you provided a link to a site about JPEG watermarking and the claim is that the watermark does not affect the JPEG image. JPEG and MP3 are very close relatives. JPEG watermarks DO affect the image data, ever so slightly, if it's interleaved. You can't see it because it might be a difference of 1 or 2 shades per pixel on a palette of 16777216 colors (JPEGs are 24-bit by default). a JPG with a non-altering plaintext watermark inside it would be invalid and unviewable, since you'd have image data and non-image data together. Like, the image would cut off where the watermark is, and start off further down out of alignment. It's the same concept behind skips in MP3s. If you miss 10kb or so due to a bad download, you'll be able to hear the rest of the song but there are frames missing and there is a loud glitch. So SDMI is a data-altering watermark which alters the audio and is not the audio the artist intended his audience to hear. It's amazingly close, but it's not the same. Anyway, i don't know yet about 100% eradication of music watermarks, but when it comes to killing image watermarks, this works great for me: Just open the watermarked image in your favorite photo editor, highlight the entire image from very top left to very bottom right, and copy&paste that as a new image. Don't just copy&paste the whole image .. actually highlight from top left to bottom right and paste as a new image, new selection. There goes the watermark! Poof.. gone.
Wrong. It is illegal to sell a VCR which can record Macrovision infested signals without degradation. This is part of the DMCA. If the VCR's electronics are not confused by a Macrovision signal (e.g. due to automatic gain control), the manufacturer has to intentionally add electronics that recognize Macrovision and deny or screw up the recording.
All the content industry has to do is buy some more Congresspeople and get that restriction to apply to every technology. I.E. if a protection technology gets more than x% of the market, it would be illegal for a device to record or retransmit in spite of it.
No longer will active circumvention be required to prove an offense, but merely not recognizing/being affected by protection will be illegal, As will giving any info that could aid in the construction of such a device.
Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection.
Just because it CAN be done, doesn't mean it should!
Just wanted to say that the Inside piece wasn't meant to pass judgement on Salon's story (or Salon itself) -- we just presented Leonardo Chiariglioni's position, in his words, as the head of SDMI. As has been pointed out, he didn't say the six technologies hadn't been hacked, just that no one knows for sure yet, since the review process is ongoing. (Personally, I would be surprised if the hacks weren't successful, given what people have been saying about digital security.) But just to be clear, it was Chiariglioni who characterized the Salon report as wrong, unfounded, etc., not Inside. And I don't think it would be fair to say we "bought" his spin by publishing his words -- I did my best to raise in the story the significant doubts people have about digital security in general and the enormous, perhaps impossible task the SDMI has set for itself, and if you check Inside's coverage of SDMI and the major labels' pretty lame attempts at public secure-music trials so far, I don't think we've been coddling anyone. At any rate, having Chiariglione's words out there complements Salon's piece (IMO), and we'll have to see how SDMI handles it from here. (email: johara@inside.com)
We checked out the story with three members of the coalition, all of whom confirmed it. They did so off the record, of course, which puts us in a vulnerable position. But all I see in the inside.com article is one source, the executive director, who has every reason to be unhappy with Salon, not just for this story, but for previous stories in Salon that painted him in an unflattering light.
We printed their denial, we checked it out as best we could. I won't respond to larger questions about Salon's "ethics" but I'll defend Salon's technology coverage to the DEATH.
Editor, Salon Business & Technology
Salon.com
He's denying it, but he has not said that it has not been cracked. It was a very careful, political statment.
What he didn't say is if the group that reportedly cracked it provided the "plaintext" of the watermark. If they managed to extract that, then all his bluster is about evaluating how well they removed the watermark and eliminated the damage the watermark caused.
...as opposed to the degradation caused by a watermarking system designed to be detectable even after passing through an MPEG decoder -> encoder -> decoder cycle? After being recorded to analog cassette? After being compressed for FM transmission? That kind of degradation?
The Inside.com reporter did not understand enough about the technology to ask the right questions, and let him/her self be snowed.
"How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.
.889 letter, then six (6) copies of the following letter:
It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.
However, we were unable to process this submission because:
Status message: N/A
Score: 0.889
Remark: The watermark was not completely removed.
Please refer to the guidelines at www.hacksdmi.org for details about the requirements.
You are invited to resubmit a new proposal prior to the closing date of this challenge.
Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.
--- End Quote ---
That was in response to my first attempt...
So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...
I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.
Actually, I got 2 copies of the
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.
Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.
Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.
--- End Quote ---
Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...
Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.
Watermarks are only useful for one thing: tracking the original source of a piece of information.
If the goal is to nail the original poster of a copyright work, watermarking will fail: as compression technology improves, watermarking information will automatically be stripped out as it is non-important information.
If the goal is to allow buyers to time, space, and media shift a copyright work, it will also fail: users will buy players that don't require the music to be encoded with some realbits+watermarkbits = bigprime scheme. Even the DMCA doesn't force hardware manufacturers to use protection technologies.
Watermarking only works if a) the end user devices are all SDMI compliant, b) the end user devices refuse to play anything but compliant audio, and c) no one bothers to break positive watermarking (i.e. if no watermark, you don't play.)
Point b is possible but not likely. Point c will happen rapidly if point b comes to pass.
I've been looking into watermarking a bit, and I'm less confident about such assertions than I was a few days ago.
In particular, there's this awesome paper online. (Click .pdf or .ps in the upper right corner of the page.) It's remarkable stuff, even if you just look at the pictures. For example, they show a photo before and after watermarking. As you flip back and forth, it's as if the shadows have somehow subtly changed. They do all sorts of crazy stuff like JPEG encode/decode, cutting off parts of the picture, adding noise, photocopying, multiple-watermarking. But none of that destroys the original mark.
Frankly, I'm QUITE surprised that anyone could break watermarks under the conditions of the hacksdmi contest. (Come to think of it, the proposed "technologies" were not all watermarks, right?) My feeling is that if SDMI keeps the watermark verifier in hardware, cracking their scheme could be a real bear.
At least, until some community-friendly engineer anonymously posts details of the verification process on USENET from a public-access terminal. :-)
Quoting from Salon's article:
One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."
Quoting from Inside's article:
'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.''
IF it had been an entirely internal affair, I MIGHT sympathize (nah, probably not!) But in either case, the C-man's wrath is misplaced. He should be angry at the leakers, not at Salon. What he's really saying is "You had no right to report this until *I* said it was OK, because I'm the head honcho." That thinking may apply to whatever underlings leaked the info, but not to the independent media! Salon was carrying out their journalistic duty to REPORT NEWS, and I don't see this as being sensationalist. They presented all the (available) facts, they included both sides (i.e. the fact that the "official report" from SDMI was still forthcoming), and they didn't over-exaggerate the importance or significance of what they were reporting.
One thing I'll buy - he's probably not lying when he says they don't know. I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings. They haven't had enough time to do an in-depth study yet, so it's unlikely that any results are %100 conclusive yet (it couldn't be THAT bad... could it?) On the other hand, educated guesses are often VERY close to the mark, and I suspect some people who know what they're talking about were doing the leaking. And as the C-man points out, it's not a cut-and-dried "it's cracked or it isn't" judgement. A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...