Slashdot Mirror
Money For Nothin' From The SDMI Hacking Contest
OS24Ever points to this CNN story, writing: "SDMI is announcing that they are paying two hackers $5000 each for breaking the encryption on their watermarking technology." And as the article points out, conspicuously ignoring the fact that independent researchers have broken four of the watermarking schemes without getting taking part in the official contest.
They may already have broken discrete log.
Yes, PGP can be broken.
Basically, the point I'm trying to get at there is there really is nothing they can do to stop the copying of music. So long as I can listen to it, I can find a way to copy it. Also, going to analogue just once does not have a significant detriment on sound quality. Yes, if you record something from your portible CD-player with your SoundBlaster Live it is going to sound like crap, what do you expect? You are dealing with cheap consumer electronics with cheap converters, lots of noise and jitter on both ends. However there are some of us that do own real professional gear (you don't need a liscence or anything) and will use it. And of course once we have translated it and released, everyone can have it and believe me, we will.
Posting AC for reasons that shoudl be apparant.
I hope you're only a freshman at MIT...the point of the watermark is to add analog encoded watermark information to the signals without compromising audio quality. The watermark is designed to hold up even after analog recording - such as through the output of your soundcard. Think of it as the opposite of mp3 encoding - mp3 uses a psycho-acoustical model to remove sounds that we won't perceive, SDMI uses a psycho-acoustical model to add sounds we won't perceive.
Scuttlemonkey is a troll
That is completely false. The watermark is imbedded in the ANALOG signal. There are several technologies that SDMI is proposing, and I'll be honest, I couldn't hear them all on the samples they provided with and without the watermarking. Some were audible, but perhaps those are the harder ones to break. The quality of the original works wasn't that great to begin with, so maybe that had something to do with it. I'd imagine that it'd be easier to bury a non-audible watermark in "busy" music than it would something that's soft and simple.
The watermark is designed to survive digital conversion and compression. And some of the technolgies do survive. I did some of my own testing of the "sample" files that SDMI made available. I subtracted the "watermarked" from the "unwatermarked" files leaving just the watermark. Then I compressed the files with various schemes (mp3 file compression to different bit rates), and again sutracted the watermarked from the unwatermarked files. This leaves behind a post-compression watermark. I then compared this to the uncompressed watermark. And in most cases, they were, both visually and audibly, similar enough that I could imagine that the watermark may have survived.
In theory perceptual coding (which .mp3 compression is) should get rid of non-audible parts of the files. The fact that the watermarks did remain to some extent shows that they are, at least in theory, audible.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Yeah, but watermarks don't prevent copying. So what the hell is the difference if my friend just makes a copy of the perfect-sounding media file. I can play it to my heart's content without any degradation, and short of the RIAA storming my house, who would ever know??
It's 10 PM. Do you know if you're un-American?
SDMI provided .wav samples (44.1 KHz, 16 bit - Same as CD). A pair were exactly the same except one was watermarked. The challenge was to remove a watermark of the same watermarking technology from a 3rd piece of music.
And believe me, it's NOT trivial. Many of the technologies are certainly beyond "anyone with even moderate programming talent".
Furthermore, the watermark isn't just a couple of bits thrown in the file. It was an analog signal hidden with the music and it seemed to repeat, somtimes at random intervals, throughout the file. It's impervious to a "bit dropped here" or "a skip there". I don't think the "refuse to play" issue is an issue at all. If it sees the correct watermark throughout the file, it plays. If it sees that the file is filled with ones that it doesn't like, it doesn't play. I think it would be easy enough to keep it from barfing on the occasional "bad" watermark caused by dropped bits, scratches, or skips.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Well, karma burning time I guess. To quote Queensryche:
I used to trust the media to tell us the truth, tell me the truth
But now I see the payoffs, everywhere I look
Who do you trust when everyone's a crook?
Sorry, but I think the entire idea of "free" press is eventually going to lead to what we have in corporatized America. The only thing free about the press is the bidding process. Unless you got the cash to back you, the story will be told from the other guy's perspective. That's why hackers are still seen as "the big bad bogeymen" of the Internet.
Bite my yammer.
What in the hell does that mean?
10 grand is pretty cheap to have your security tested by thousands of people.. plus, if they want the money, you need to give them an NDA, so basically, they improve their methods AND people don't find out how it was originally broken...
SSL Certificate
The shear beauty of this is that they essentialy made enemy's with the wrong people. They whine about infrigment of copywrites by geeks who converted their product into a freindly digital package (something they never thought was economicaly viable.) Then they ask for our help?
What tops the cake though is that when they do release their technology there are hundreds of thousands of people that will be out to break it just simply on principle!
Whatever encription, water mark etc they use it won't be good enough. Everything is breakable with the right equipment and time. (and geeks have both).
Suck on that RIAA, MPA and anyone else who pisses off the geek community.
Are you lonely? Hate having to make decisons? Meetings, the practical alternitive to work.
> SDMI is announcing that they are paying two hackers $5000 each for breaking the encryption on their watermarking technology." And as the article points out, conspicuously ignoring the fact that independent researchers have broken four of the watermarking schemes without getting taking part in the official contest.
So? The money is for taking part in the contest.
They didn't, so they can hardly be expecting to get paid any money.
Free Anne Tomlinson!!
We're geeks. We don't need money. What happened to the chicks for free part?
People replying to my sig annoy me. That's why I change it all the time.
if you can listen to it you can copy it. They'll never develop an effective copy protection scheme
It all depends on the meaning of the word effective. It looks like Lumpy already brought up the macrovision example I was thinking of when I started this post. You can watch your video, and determined consumers can copy using older VCRs or special boxes that remove the crap from the retrace time. If effective means preventing absolutely all copies, then no, but I'd say that effective could mean causing lots of consumers to buy the tape or DVD for about $20 instead of renting for $3 and taking the time to copy onto a $2 blank.
Macrovision only works because the VCR manufacturers use a faster response AGC circuit (than used in the TV). With the world of open source, it seems like it'll be a bigger problem to get all recording devices to respect a dont-copy-me signal, but again, if winamp, microsoft media player, and most of the hardware devices at best buy respect such a signal, perhaps it gets 95% of listeners to pay. Sure, anyone greedy would want the last 5%, but it becomes expensive, and any business man with a brain(or a cost accountant) will take the path that is most profitable.
Part of my initial reaction, honestly, is more along the lines of "totally unprotected MP3 with p2p file sharing is just damn cool", followed by "it sucks that they're trying to foul it up". I suspect that's the emotional response behind a bunch of the "It'll never work, you dumb..." responses here and elsewhere on the net.
Now the part that is "going too far", is an attempt to outlaw MP3 players without SDMI features. The RIAA has already tried to do this (and won in the first round, but ultimately lost against the Diamond Rio).
As long as it's not illegal to make non-SDMI MP3 players, someone will. I know that to be an absolute fact, because I will! (trying really hard to resist a shameless plug/link to my website). As long as there are legal Free/Open-Source (GPL'd I hope) MP3 players, there will be relatively easy ways around SDMI protection.... but if these players are a small portion of the whole (mine's about as tiny as you can get, next to student projects), SDMI might be effective in allowing the recoding industry to continue its profitability, even if it's not at all effective at stopping anyone determined to copy.
PJRC: Electronic Projects, 8051 Microcontroller Tools
2. Even if the contest was meaningful and the technology survived it, watermarking does not work. It is impossible to design a music watermarking technology that cannot be removed. Here's a brute-force attack: play the music and re-record it. Do it multiple times and use DSP technology to combine the recordings and eliminate noise. Almost always there is a shortcut technique to neutralize the watermark, but the brute-force attack always works.
3. Even if watermarking works, it does not solve the content-protection problem. If a media player only plays watermarked files, then copies of a file will play. If a media player refuses to play watermarked files, then analog-to-digital copies will still work. If a watermark is designed to identify the legitimate owner of the file, it still doesn't prove who copied the file or provide the copyright owner with a party worth suing.
You write "The song file will be viewable if you decode it with your private key." Well, just decode it with your private key and then distribute the decoded song to all your friends around the world, no real magic here.
How many would go through the trouble?
And the best one of all........
What happens if your player/system is stolen after it has been registered?
GOD! I think I'm stupid but I just DO NOT get it!!!!
DRM? No thanks, I'll just get it somewhere else...
Well, you're mostly right here, sorta. But as Bruce Schneier pointed out, it still won't survive a brute force attack.
See, you can either make the watermark as an audible signal, which most people won't accept, or you can bury it in the noise.
If it's audible, most people won't even bother.
If it's in the noise, a digital noise filter can potentially remove it. Or just get several differently watermarked files, and use a DSP to smooth over any differences, and then convert it to MP3/Ogg, or any other player that doesn't have a license restriction.
It's not that SDMI will fly, it's that it won't even get off the ground.
*duck*
And the SDMI watermark _does_ screw up the music- what makes you think it doesn't? If it's going to be detectable after mp3 128K encoding, it's going to degrade the music _more_ than 128K encoding, and the degradation is cumulative.
Actually, I love it. Go to it guys. Degrade your music all you want. It only makes it easier for indie guys like me to compete with you and kick your arses :)
If the 'hackers' are SDMI employees or such, and this is simply an attempt to give credibility to a completely flawed process.
Perhaps they beleive that posing the contest as a legitimate, well executed test of the cryptographic properties of their watermarking systems will make the remaining UNBREAKABLE! cyphers seem bomb proof.
If they were to publish the attacks, complete with cryptanalysis and how the crack was discovered, I would have a bit more faith in the result.
P.S. I wonder how much they are going to charge to license these forced watermark encryption schemes...
Step one: connect line out from player to line in on recorder
Step two: press record
Step three: press play
Step four: enjoy your unwatermarked song
"The market alone cannot provide sufficient constraints on corporation's penchant to cause harm." -- Joel Bakan
No matter what, you can always record the lineout from your soundcard, then recompress into whatever you feel like (MP3, for example).
You may say "not many people would go through the trouble", but only ONE person has to, then they can share the MP3 just like we do now.
Nothing will stop this, so why are they bothering with all this encryption technology?
Nothing like irony, huh? You spelled "idiots" wrong.
MCH/VO S* W- N+++++ PEC+++ D(s++/r) A a+>+++ C* G++(++++) Q+ 666 Y
And it will end up being cracked as well not long after it comes out. Face it, there is no such thing as a protection scheme, or security measure that cannot be cracked.
:)
:)
Actualy, there is one that MAY be uncrackable... Lock up all the CD's and don't let anyone ever have one. But then, someone can always break into the warehouse and steal them.
As for the hackers getting the money, more power to them. $5K would buy me a nice multi-alpha Linux box. I'd certainly not turn it down
=== The price of freedom is eternal vigilance
That a piece of music carries a watermark linking it to the person who purchased it raises certain important issues. For instance, certain problems arise when person X transfers his copy to person Y (permanently or otherwise). Imagine what happens if person Y pirates a copy of the song without person X's knowledge. Would person X be held responsable, given that X's identity is linked to the file? Companies seem to believe it's their right to track our every move, privacy be damned.
Of course they really don't want us to transfer our files to anyone else. Every sale is a "first sale" under their little scheme. Why should hackers help out a group whose only purpose is to limit our rights as consumers?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
If you assume that everyone ends up purchasing and downloading SDMI-formatted digital music online, and each track has a watermark in it that uniquely identifies the purchaser, then to remove the watermark, what you would do is get a whole bunch of people to buy the track. Then convert each of them into a standard 44 KHz
However, if the watermark involves subtle changes in timing and pitch, then the process of "averaging" might be computationally expensive. You might also need a LOT of copies, each with different watermarks, in order to detect and remove all the changes.
But with enough differently watermarked copies and sufficient computational power, you will be able to detect all the changes and remove them. When you are done, reencode the resulting
Incidentally, I'm almost sure that the watermarking technology would use a combination of very subtle pitch shifting and timing changes in the music. Hiding information in the insignificant bits is useless - it would be trivial to remove. Adding inaudible sounds would also be useless - as another poster pointed out, the whole point of encoders like MP3 and Ogg Vorbis is to remove the sounds you can't hear anyway.
So the only way I can see to watermark something would be to change pitches and timing. For example, a high-pitched note in a song might last for 0.5 seconds and be pitched at 9620 Hz. If that was changed to 9640 Hz, you wouldn't notice it was ever-so-slightly out of tune - but that change would survive encoding as MP3, and even being repeatedly run through DA/AD converters.
The averaging process to remove the watermark wouldn't be done in the space of "16 bit samples, 44K times per second", though. You would have to use a Fourier transformation to convert everything to some sort of frequency / time domain, and do the averaging in that space. But no sweat - that's how MP3 does compression anyway.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
DIVX also caused discs that had been purchased, to not play just two days after the initial viewing. Consumers rejected having to pay twice, and not being allowed to play a disc that they had already paid (admittedly very little) for. Consumers buy a piece of media, they expect to own it and use it as much as they like whenever they like.
People may not like registering their players, but if it's easy (like activating a cell phone), they'll probably just do it and forget about it. It won't feel like they're been spyed upon, like DIVX. SDMI won't make the discs you've purchased stop playing, like DIVX did. They may not like not being allowed to play a copy on their friend's player, but it won't feel like they're being cheated out of something they paid for with their own money, as DIVX did.
If SMDI works like "sdo1" described, I doubt it'll even be important to have all the players registered. As long as the output from one won't play on any others, it'll put enough barrier in front of most consumers that they'll just go pay for a legit copy. If non-SDMI software exists, but portable hardware doesn't, it may be the best situation, as consumers could sample on their PCs, but not listen on any SDMI-compliant CD player, thereby causing them to pay for when they've already got for free (illegally) on the computer! If the registration step isn't required, it's unlikely most consumers will even notice until they try to copy with their friends... both of whom already own the SDMI-compliant players at that point.
As far as getting consumers to boycott SDMI, it's be a lot harder sell than the invasion-of-privacy (Big Brother is watching) and cant-play-your-own-disc (they're ripping you off) and hassle (your house has a phone jack next to the TV, right?) associated with DIVX.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Too costly.... here's a little reality check, in case you haven't been keeping up with technology for the last several years...
You can afford to design in a 40 second playback buffer (at 174 kbytes/sec, that's about 7 megs), and in the case of MP3, a DSP capable of the 32 multiply/accumulate operations per sample for the polyphase filter, and even more for the IMDCT, and lots of data shuffling and other code for the complexity of the MP3 bitstream. That's at least 3M MACs/sec for 44.1 kHz stereo sampling. In practice, DSP's running at about 25 MHz seem to be about the lower limit for MP3 playback. If you've got enough computational power to decode MP3 (remember, in the PC world that's at least a faster 486)... you've probably got plenty of hardware to check a watermark. We can't know for sure, since they haven't published the algorithms, but even if the watermark takes a lot more CPU power, you can do the work before you start decoding.... the user expects a second or two of silent time between tracks anyways, and they'll wait a bit longer if needed.
Tiny skips in the stream from the CD hardly seem like a problem... you've got memory for buffering, and you can always read it again, since deciding wether to play is not a real-time process like maintaining in-progress playback. Watermarks are designed to be resiliant to attack.... they can certainly withstand small gaps in the audio, due to scratches or skips.
In the event there is no watermark, playback is allowed, so the failure mode is "safe". (apparantly the wont-play condition is the custom watermark added by a different player) Even if it fails 30% of the time (allowing playback of otherwise restricted input), 70% success is plenty to annoy the holder of the (presumably illegal) to spend some effort to get a cleaner copy, or maybe buy an original.
PJRC: Electronic Projects, 8051 Microcontroller Tools
humor for the clinically insane
great comedy company.
It won't work because, quite honestly, the RIAA and pals don't want it to work. Given their profits, it should be trivial to buy big number crunching machines (to watermark the music and house our public keys). Then they only have to do two things:
.1%-1% flawed discs. Expensive both in terms of replacement and PO'ed consumers.
First, put a terminal into Sam Goody, Coconuts, etc. that reads your ID (username/password or smartcard. The latter is cool and could be combined with a discount card) and then burns your disc.
OR, cheaper still, let you enter your username/password and dl the music to your machine. While cooler, and while it would be a 'legitimate' method of selling emusic, it also would let you make a copy to a cd.
But, since THEY want you to buy a copy for the CD, a copy for the computer, a copy for your RIO, etc, they won't do the second option. At least not for so much money that we are right back where we started (CD's too expensive, so rip 'em off)
The former plan won't work: it takes too long to burn a disc (no, not really, but after you pay your money, are you gonna wait for 30 minutes to get a copy of Britney98SyncAguilera? No, you gotta go show it off to your friends.) There is also the issue of coasterization. I imagine there are essentially zero flawed discs coming from the music makers' plants. Even in a well designed system, in store burners might turn out
It is a good idea, and one that I think all parties SHOULD be able to live with. Problem is, it takes away enough freedom from the consumer, and enough profit from the manufacturer to make it unlikely to happen.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Saying the researchers should get the cash even though they're not in the contest is like saying I should win prizes because I played along with Wheel of Fortune.
Wrong. The whole point is that if the system were truly secure, you could know everything about the encryption etc. and you still wouldn't be able to remove it. Does having the source code to PGP mean you can read encrypted mail without the key? Of course not. Similarly, if SDMI depends on security through obscurity, it is insecure.
If it is truly secure, the SDMI people should give us the source and all the information you have; if not, they should go away and learn about basic security.
Exactly. They will never succeed at this, because what they are trying to do is an oxymoron: they want a watermarking system which cannot be removed, yet cannot be detected by the human ear. Meanwhile, audio codecs are designed to remove everything which cannot be heard by the human ear (which will include a successful watermark).
Either they produce a watermark which ruins the music, so they fail - or they produce a watermark which can't be heard, and is promptly deleted from the music when you compress it.
Then, there's the simple DoS attack: take their watermarked track with your unique ID in - and add a couple of other inaudible watermarks at random, using the same method. After a couple of tries, the original watermark will have been corrupted by all the other "fake" watermarks you added.
I disagree, this kind of process has to rely on obscurity. The problem is that you'll have a box on your shelf that generate authentic signatures, and can authenticate signatures in the music. You can pull that box apart, and see how it works. With encryption, you don't have a box that can decrypt my email, 'cos only I have the decrypt key. When both keys are in the boxyou can't make it secure unless you put a man with a gun next to every box.
Perhaps it's because control of the media by just a few individuals is just as bad as control by the government. Since the internet is about (among other things) openness, the above is anathema to many people that post here.
> Yes, I enjoyed the movie "Sneakers" too.
You will probably not beleive me, but I never heard of 'Sneakers' before. Went to imdb, looks like the movie is exactly about this. Mmm. French name 'Les Experts'. I'll try to find it.
Thanks,
--fred
1 reply beneath your current threshold.
"Thank you for purchasing 'Simply Irresistable' by Robert Palmer. Enclosed is your custom key which you will need to program into every playback device you own in order to listen to your purchase. Be sure to keep it safe, alongside your other 683,426 keys, as the music is unplayable without it, and we cannot furnish a replacement. You might consider storing your new key with all of your unique website, brokerage, and ATM passwords which you change regularly."
Here are some answers to commonly asked questions about SDMI.
Q. What are the differences between current MP3 players and SDMI-compliant devices?
A. Current MP3 players can only play MP3 content. SDMI-compliant devices will play content originating from both SDMI-compliant and non-compliant sources.
Q. Can SDMI-compliant devices play MP3 files?
A. Yes. SDMI-compliant devices will be able to play both protected and unprotected formats; it is up to the manufacturer of each device to choose which particular formats to support. The only content SDMI-compliant devices will not play is illegally copied new music with SDMI technology (beginning in Phase 2). Unlike non-SDMI devices, SDMI devices can also be upgraded to play new music released in the future in new SDMI-compliant formats. And many SDMI portable devices will be able to play music that is digitally downloaded in new, protected formats right away.
Q. Is it true that, in order to play MP3 files, SDMI-compliant software and devices will disable MP3 files after converting them into SDMI-compliant files?
A. No. SDMI-compliant devices will translate MP3 files into a format acceptable for that device. The exact form will depend on the device. The original MP3 file will remain intact on the computer.
Q. Why does the SDMI framework allow both protected and unprotected formats?
A. SDMI members agree that protected formats enable the growth of electronic music distribution by protecting the rights of artists. Members also recognize that there are many legitimate uses for unprotected formats. As a result, SDMI supports both.
Q. Will consumers still be able to copy their CDs onto their personal computers?
A. Yes. The specification allows consumers to copy (rip) their CDs onto their computers for personal use (on their PC, on their portable devices, on their portable media, etc.). In fact, the specification enables consumers to do so as many times as they wish - as long as they have the original disk.
Q. Will it be possible to have content that plays on multiple platforms - PCs, car stereos,portable devices, etc.?
A. Yes. The 1.0 Specification is intended for portable devices and supporting PC software, but future specifications will address other devices such as car stereos. Existing requirements that relate to portable media (e.g. flash-RAM cards) were written with portability and multiple platform support in mind.
Q. Will it be possible to have content that plays on portable devices from multiple vendors?
A. Yes. The SDMI Portable Device specification is a framework for security that promotes interoperability and allows content to be converted from one format to another. The specification allows, but does not require, manufacturers to create systems that are interoperable. There are now a number of different music players and systems on the market that are not compatible with each other. And the initial SDMI offerings also will not offer widespread compatibility across devices at this time. Given the extremely short time frame for producing the portable device specification, it wasn't possible to achieve this goal now. But SDMI is working towards that goal and eventually, we hope that all SDMI-compliant devices will be able to play all SDMI-compliant content.
This way to the egress > The Linux Pimp
--It's Pimptastic!--
probably infeasible as well. First of all, to make this proposal work, it would require that
Especially because of the second point, I don't believe it would work. Please, find some references on asymmetric/symmetric hybrid encryption and you understand why third point is unmeaningful.
As this "challenge" proved, watermarking can be removed. Tagging mp3 frame headers with pseudorandom data would be trivial to circumvent. You just can't earmark music that way.
There is no such thing as good luck. There is only misfortune and its occasional absence.
"MACHINA II/the Friends & Enemies of Modern Music" is the pumpkins' final album, the followup to "MACHINA/the Machines of God". It is a limited pressing of only 25 (twenty-five) copies on hand-cut, hand-numbered, non-lacquered acetate (aka vinyl, aka records), consisting of 3 10" EPs and a double 12" LP, 5 discs & 25 songs total. The 25 copies were given to close friends of the band, a few of whom happen to be online, and whom were instructed to circulate the new material as quickly as possible, since the band plans on playing some of the new material on the European tour.
For more detailed info, see: SPFC
Since there were only 25 copies on vinyl, unless you were one of the lucky 25, you can't get the original pressing. But since the band instructed some of the recipients to circulate and distribute the material, you will be able to get copies of it- consider it an "official bootleg". Currently, the only source available is mp3. Since none of the 3 known online recipients had access to an ultra-high-end audiophile turntable (the tube kind that cost thousands), one of them used what they had and made mp3s so that the new songs could be distributed immediately. There are plenty of web/ftp sites and mirrors hosting the new songs, as well as people sharing files via napster, AIM, etc. Look around a bit, the info has been posted in many places many times.
Virgin was not interested in releasing a followup to Machina, so rather than pack up their gear and go home, they recorded and released it themselves. It will not and cannot be officially released on CD, as their contract with Virgin includes a non-compete clause, which prevents them from releasing anything Virgin holds rights to under another label for 1 year. Since the material was partially recorded while still under the Virgin contract, they are legally prohibited from releasing it on another label or in any other way.
To download, or for more information, go to Machina2
following this...
is that why it seems on slashdot that all big media comapnies are "boogeymen"? Is it all just a matter of perspective?
--
+&x
Wrong. If the song is encrypted, I must have the decryption key to play it - at which point, I can decrypt it, so I can record the plaintext and distribute it.
You suggest putting the watermark in "the low order bits", if I understand you correctly. This is trivial to defeat: I just change the low order bits randomly myself! If you can change them without affecting the music, so can I.
More sophisticating ways of hiding the watermark are also doomed: you must be changing the music itself very slightly (otherwise, simply changing format will destroy the watermark!). Each subsequent watermark will corrupt previous ones, since there is only a finite (and small) area of data they can affect without their watermark being trivial to remove.
I can just take a watermark reader and a watermark writer. I add my own watermark - random data - then try to read the watermark back from the music. Perhaps some of my ID is still there? No problem - add another random watermark. Rinse, repeat. Compress, Opennap.
It's music for christ's sake, if you can listen to it you can copy it. They'll never develop an effective copy protection scheme, so give up already...
So then it's all about making hardware manufacturer pay high fees to license the SDMI technology so they are "allowed" to play the media. Wow...that sounds familiar...
It's 10 PM. Do you know if you're un-American?
SDMI in Dire Straits comment.
So what about PGP, the encryption we rely on daily? Let there be no doubt that the NSA and other national bodies are spending billions and throwing the brightest minds at these encryption schemes. They may have been broken already, and we don't know anything about it.
Do you trust the NSA? Or MI6? Or GCHQ?
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
The whole purpose of a watermark is to embed data within an audio or video stream without affecting the sound and/or video quality. A good watermarking system will retain the watermarking information (ie your username) through A/D and D/A conversions. A good watermarking system would adversely affect the sound output if the watermark were forcibly removed. Your solution will only work for an encrypted stream, not a watermarked one.
Remember, You are unique...just like everyone else.
The legality of copyright is not and should not be dependent upon the copyright holder's financial situation. Debate all you want about the legitimacy of their claim, but don't try to justify illegal behavior by saying the victim can afford it.
Likewise, with music piracy, what is the company going to say? "Yes, we know people are pirating our music. No, we're not going to do anything about it." It would be suicide for all those execs making money off of their stock. Instead, they come up with crap like this to placate their shareholders.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
Which is why the watermark is still there, regardless of the encryption state
You suggest putting the watermark in "the low order bits", if I understand you correctly. This is trivial to defeat: I just change the low order bits randomly myself! If you can change them without affecting the music, so can I.
That would depend on the player as well. What if the player required those bits to be intact? You already have to have a custom player to do the encryption
More sophisticating ways of hiding the watermark are also doomed: you must be changing the music itself very slightly (otherwise, simply changing format will destroy the watermark!). Each subsequent watermark will corrupt previous ones, since there is only a finite (and small) area of data they can affect without their watermark being trivial to remove.
Actually, there would be an infinite amount of data space. There are also all the frequencies too high to hear, as well as subtle changes in the timing (let's shift this beat by a microsecond, for example)
I can just take a watermark reader and a watermark writer. I add my own watermark - random data - then try to read the watermark back from the music. Perhaps some of my ID is still there? No problem - add another random watermark. Rinse, repeat. Compress, Opennap.
Depends on the watermark. The shifting mentioned above would be harder to erase, but still possible. I think a lot of the goal of the RIAA is to make it as inconvenient as possible. There will ALWAYS be pirates that can distribute copies. I don't think there is any technological way around it. You can make it inconvenient and or expensive though.
Do you think the general public can understand what the challenge is truly about? Most will probably miss the point of the story all together and be abashed that someone would pay a hacker for doing anything. I just think a story like this doesn't belong on cnn because a majority of the readers are too technically inept to grasp the point. I dont want to say these people don't deserve to get the information but they simply miss or misunderstand anything that the media tries to report to them. Of course, who trusts the media anyway.
www.droppingdimes.com
I want my...
I want my...
I want my MP3.
---
Good judgment comes from experience.
Experience comes from bad judgment.
I think a lot of people here are missing the point. They're not going to encrypt every CD with a unique number, but they WILL make you register your SDMI compliant play-back device (hardware or software).
.mp3, or whatever) and then pass it around the internet... and BAM! They've gotcha!
Now maybe the original work you bought at the store has a watermark in the music. If your SDMI compliant device does not see said watermark, it won't play.
And if it DOES see the watermark, an ADDITIONAL watermark containing your unique registration information is added to the OUTPUT device, be it a digital out or analog out.
Now you capture that output (record it to tape, rip it to
From that file, they'll be able to read the watermark (assuming you haven't done a credible job destroying it while still maintaining the sound quality of the music) and they know EXACTLY who's equipment the file was produced on... and since you've registered that equipment (or software), they know exactly who YOU are.
Now go back to my 2nd paragraph. To make this even more ugly, maybe your SDMI compliant playback device will only play "clean" originals or copies from your own SDMI compliant devices. Try to play back some song that you copied from a buddy and his registration code is buried in the watermark. Bzzzzt. Invalid code. Will not play.
This is evil, evil technology. The way to stop it is the same way we stopped DIVX. Educate your friends and family. And don't buy SDMI compliant devices (hardware AND software).
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
But this is the difference between encryption and watermarking. If the music were encrypted, it couldn't be played without decryption (everything would sound like white noise). Here, the watermarked music is essentially still in plaintext, and can be played by any program that understands the music format. The watermarking may hide an ID that COULD allow a player to discern information "hidden" in the music, but it doesn't obscure the music itself.
In theory, a closed source player could refuse to play the music, but another program that doesn't check for watermarks would. so the watermarking is really an attempt to track the music, or identify the creator (or the watermarker). It cannot effectively prevent playback without encryption, however.
I'd like to know what happens if additional watermarks are added to an already watermarked piece of music. Do they somehow add linearly, or do they interact destructively, making the watermark useless? Are different watermarking algorithms orthogonal (ie. don't affect each other too badly), or can noise be added to any watermarking scheme (without too badly affecting the signal)? If watermarking is immune to such tampering (which I doubt), it makes sense to try and keep the specific technique secret. However, as many have pointed out, watermarking seems inherently defeatable (assuming you can live with an imperfectly reconstructed signal).
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
Thats why the SDMI goons are using watermarks. They're trying to hide your idenity in the music file so if you give the song away, they can nail you. Aside from the obvious problem that all of the watermarking schemes were totally defeated, defeating the ability of the RIAA to track down the person that is distributing it, there is also the "so what?" problem. Simply explained it boils down to the fact that watermarks prove nothing.
Even if the watermark is intact, the information contained in it is not trusted for a whole host of reasons. If the watermark is trivial to forge, then it proves nothing. If the watermark can be overwritten with another watermark, it proves nothing. If the watermark isn't using a digital signature, validating its authenticity, it proves nothing. If the implementation of the signature scheme is flawed in any way (ie it can be forged), it proves nothing. If the keys are ever stolen (if the watermarking scheme is even using watermarks!), the watermarks prove nothing. The list goes on and on, but the bottomline here is that there are serious serious technical problems with watermarking. But it gets worse for the SDMI folks!
Even if the watermark survives all the technical and implementation attacks against it, it still doesn't prove anything. There is no trust in the model to absolutely verify the identity of the person that bought the music, short of a police state. What if your creditcard was stolen to by the music online? What if the person buying the music, in person, has a fake ID with your name and address on it? Furthermore, whats to say the song wasn't stolen? That your box wasn't broken into and so on. Or, what if you bought the song and gave it someone as a gift? The list goes on. The bottomline here is thats its circumstantial evidence at best.
What the SDMI folks are trying to create is a false sense of security in their constituency. And frankly, I think SDMI is rapidly becoming a set of technologies in search of a problem to solve. SDMI simply does not do what its creators claim it does, and the SDMI folks are too embarrassed to admit that they have wasted millions of dollars of the consitutencies money pursuing a ridiculously flawed idea.
--
Python
Python
You can make a lot more than $5000 by cracking the security on a major ecommerce website and making off with the credit cards.
I've met over 65536 elite hackers on IRC who have become millionaires that way.
--Shoeboy
The only possible way to encrypt any sort of content that is intended for mass-distribution is by encrypting it on a per user basis. Each user must be given a key. Every song file must be encrypted using public/private key encryption tailored to a specific user. The song file will only be viewable if you decode it with your private key. Ok, this method has its flaws. Notably, customizing songs for each person will be a tedious task. (But, it's feasible) Another problem, why not just give your key out to your friends or post it on the net? Well, they can determine your identity from your key, and they will probably go after you for copyright violation of some sort. Why won't something like this system work?
I can't believe that these 'hacker's' got paid $5,000! They're set for life!! What would the world be like without the generosity towards the high tech industry by such big companies as Seagram Co Ltd.'s Universal Music, Bertelsmann AG's BMG, Sony Corp.'s Sony Music,Time Warner's Warner Music Group and EMI Group's EMI Music. Time Warner is the parent company of CNN.com. Especially if they has to keep paying security experts to troubleshoot their system.
We should all feel blessed.
They got off cheap.
I love the smell of Karma in the morning