Slashdot Mirror
Designing a More User-Friendly DRM
onethumb writes: "As one of the core engineers on MightyWords' (now-defunct) DRM for digital documents, I was impressed by Dmitry Skylarov's great analysis of our work the other day. Planet eBook is now running my reply as their feature article explaining our design goals and decisions for our decidedly user-friendly DRM solution."
As much as I oppose the idea of DRM, I believe it's the only barrier in the way of releasing more information in digital form. Sure, some may say e-books and the like will never replace their dead-tree counterparts, but I can think of a few times in which they'd be useful. Take technical books/papers - how cool would it be to just "grep" the doc for the keywords you want instead of hoping they are in the index? Remember a vague passage from a novel you read? Just enter what you recall and we'll search the text for you. The possibilities can be endless.
The only bad thing about this implementation is what happens when/if "MightyWords" goes away? How will I be able to unlock my e-docs if I need to move them to another computer and my software can't contact them? Or, perhaps I am trying to read it on a device temporarily without internet access - then what?
Sinepaw.org: Grape Winos
An analogy we used often during development was that of car door locks. A determined thief would be able to get into any car door through numerous means. All car door locks really do is prevent your average everyday person from violating your car's security and stealing your sunglasses. But it doesn't get in the way of your use of the car.
I'm not exactly sure what you were going for here. I mean sure, a determined car thief might be able to steal the car in the real world, but they can't create a simple, easy to use tool to do so and distribute it to every single person in the world (who could possibly be interested in cars).
They also can't distribute the stolen car to every single person who could want a car on earth either.
But they can do those things with e-books. Were you guys just a victim of your own analogy, or were you hoping on the DMCA to keep people from distributing cracking tools?
autopr0n is like, down and stuff.
Many of the DRM systems I've seen require me to identify myself. ME NO WANT TO DO THAT. Check out EPIC on this: Privacy and DRM.
The whole point behind DRM is to restrict copying. That is, the specific intention is to make some uses of the information completely impossible. There is No Way to make this completely transparent. Security is never free. So, really, it's an oxymoron to call any DRM "user-friendly". DRM is inherently user-unfriendly, because it exists to prevent the user from doing some things.
-russ
Don't piss off The Angry Economist
I love the analogy he uses, but there's a major flaw in it. On the car-door-lock side you have the owner, the car, the lock, and the thief. On the digital rights management side you have the copyright holder, the document, the DRM, and the consumer. It's easy to see that the car owner maps to the copyright holder, the document maps to the car, and the DRM maps to the lock.
So, who's the thief? When selling this technology to their customers (the copyright holders) the thief doubtlessly maps to the consumers, or at least some subset of them.
But when describing it to consumers, there is a tendency for the consumer to project themselves onto the car-owner (making, I suppose, the copyright holder map to the manufacturer), especially since it is their ease-of-use that's being considered. "After all," most consumers would think "I'm not a thief." This leaves them with the totaly false impression that they are somehow the ones being protected.
So it may not be perfect as an analogy, but it is fantastic> as a sales pitch.
-- MarkusQ
...of why DRM is not ready for prime time. MightyWords goes out of business and legitimate content licensees (uh, users in normal-speak) are denied access to their content. The same thing happened with Circuit City DivX. Any DRM scheme that can't even outlive its parent company should never escape from the lab.
I think that with 'friendly' DRM, that balance is between Privacy and Weak Protection.
If the DRM is supposed to be very effective, there will be privacy concerns because the authorison to the rights for certain media will have to be attached to static identifiers, this allowing the unique identification or people or computers. Of course many of us would not want that.
On the other hand, if we avoided the privacy issues, the DRM would become too weak because it would be more difficult to attach the right to play music or watch a movie to any one person and no other, allowing people to create hacked 'identities' and such.
Judging from the article, it seems these guys are taking the strongerp protection route (which makes sense if they want to make a product that will satisfy industry) since they talk about forcing a user to unlock the content once and only once, and they want a cross platform uid/passwd which is unique to your identity.
and since when is "Open source" an OS?
autopr0n is like, down and stuff.
as with all complicated IT things, user friendliness = non-existant.
Quote: "... our core focus was on usability, rather than security. Security precautions were a secondary concern."
This is a core decision to any successful product, hardware, software, anything!
History has provided us the answer and it has been : A good product that's easy to use will make us more happy than if you make more money cause I am forced to suffer your paranoia. If it's easy and smart people will buy, if it's a hassle, screw you!
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
The correct term should be "Digital Rights Denial." Once you call it by the correct name, the debate is clarified.
So, apparently lack of good DRD is the main "obstacle" to getting information into digital format? Well, here's a simple solution: Don't put your information in digital format. Wow. That took a rocket scientist.
could spell sklyarov correctly... dmitry must be getting pissed by now.... : P kev
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms,
Base on the EX-Manager of R&D's reply they seemed to take the approach that in order for something to be user friendly, security has to be compromised.
This raises one question to me. Does making something user friendly have to compromise security?
I think it does not. I think that it requires an great detail of planning and development that most companies are too profit hungry to forgo.
Once a Geek.....Always a Geek.
...is a null DRM.
We don't want to keep tripping over bits of locked data all over the place.
We think it's bad having to comply with the .doc 'standard'.... well, just wait until 50% of your files are locked/ registered/ timelimited/ self-deleting/ copy-number-tracked/ require internet connection etc. etc. in 20 different 'management' schemes...
Information transcends physical constraints... but all these clever people keep forgetting that.
What then with the username and password would stop me and a bunch of friends from all using the same UID and PSSWD? Wouldnt that defeat the purpose?
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
From the Sklyarov artical
There were several pages about each title available -- Summary, Free PDF Preview, Table of Contents, and a script generated Author Info -- and all pages. For example, the sample link here (now dead) would display a page with Free PDF Preview of the "Making Sense of the C++ Pointer" book.
http://www.mightywords.com/browse/ details_bc05.jsp?sku=MWBCBZ&private Label=false&display=preview
From the Free PDF Preview page there was a link to a PDF file with a preview exists:
http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_p.pdf.
After you paid for the title, you would get the following link to download full version of the eMatter:
http://download-prod.mightywords.com/ MW/BC/MakingSenseoftheCP_ MWBCBZ_e.pdf
The download links for preview and full version differed only by the last character before the extension -- 'p' for preview and 'e' for complete eMatter. So, an unauthorized user could download the full versions of any eMatter.
Man, you guys were MORONS!
Anyone with a hex editor and a working knowlage of javascript could have downloaded and hax0red your books for free. They wouldn't even need a p2p program, or a complex tool like DeCSS!
autopr0n is like, down and stuff.
"User-friendly DRM" is an oxymoron.
"Do I dare disturb the universe?"
I mean, if they were willing to accept a free car, then it's patently obvious that they totally would have been willing to pay full price for it. And not only that, but that they were planning to as well.
Just think about it. You buy a $10k car, and suddenly the sum total of the human population steals $60 trillion from you!
autopr0n is like, down and stuff.
A slimjim won't get you into a car with electronic locks and a cipher'd chip in the ignition.
Someone, would be able to analyze the car and possibly build an electromagnetic system to open the locks (total speculation, btw. no idea if that's actually possible) and break the crypto in the starter key. They'll need a sophisticated setup in order to replicate this.
but for software, they can just take that sophisticated setup, zip it up and throw it on Gnutella. In a few days anyone who cared will be able to do what the 'determined' person would do.
autopr0n is like, down and stuff.
Is this one of those things that many years after the fact, when they get around to marketing their own product, they turn around, and tell everyone else that they are in violation of the MS Patents, and either cease and desist, or give up the family jewels?
Do we face a situation where people are doing all of Microsoft's work for them? Why should we bother?
Talk about stifling innovation!
"It is a greater offense to steal men's labor, than their clothes"
hoped, eventually handhelds, no extra purchase required for each device.
I was thinking the other day - what happens if electronic books become so prevalent and useable that entire libraries become available via e-book formats, and public facilities use electronic books as a large part of their libraries?
Libraries are required to provide reasonable access and facilities for all sorts of people, such as the deaf and blind. In that case, any restrictions on OS or devices used for the books would raise discrimination issues.
I am aware that a bookseller may restrict the rights to books in any way that they choose. However, there is a subgroup of printed matter - publically available government and court documents, for instance - that may be presented in e-book format. A broad DRM scheme is ideal for this sort of material - you still are able to keep track of who has the material, and to regulate available copyright issues (government documents wouldnt have these issues, but some "public interest" type material might) without overburdening people or forcing them to use a particular OS or device to read the material.
Goat sex free since 2001
isn't drm one of the first steps towards giving up control over the computer you own? your own computer keeping you from accessing data on your disc - a pretty pervert indea, I think.
time is a funny concept
You give digital content to someone (and by give I mean deliver in usable form) and the problem is if they make a _copy_ they still have the original. That is, the natural way of things is that the content can be distributed with loss to the people who have the content.
To couch the attempts to stop this in terms of rights is futile. It is solely within the realm of legal fiction that any such "right" must be couched. The car analogy is perfect because it shows the facile argument that IP prponents use to justify their position is flawed. If the theif takes the care then you lose the amenity of the car. There is loss. If the theif takes your copy of the content then you lose the amenity of the content. There is loss. Copying content is not the same.
Now don't misunderstand. As far as I am concerned IP does not exist, but that is unimportant for my point here. What is important is the DRM that persists in portraying copying of content as theft is doomed to fail because COPYING IS NOT THEFT (in the context of loss of amenity in which theft is by necessity placed) and so the idea of "managing these rights" is just stoopid.
"The first thing to do when you find yourself in a hole is stop digging."
The only DRM system that could work would be a unit that could transfer media (music or otherwise) to and from any possible device that you would ever want to play it on (but it would make sure it was only on 1 device at any time). Is this possible? Yes, it's called USB, USB 2.0 or 1394 (Firewire). But all manufacturers would have to agree on a DRM protocol/system, again, this doesn't work for all cases (CD-players) - this would only work with mp3 players, etc.
One way to handle this better would be to not restrict copying at all; instead, embed the identity of the original buyer into the content. Note that that does _not_ require the company or anybody else to register who bought the book, movie or whatever, just that the buyer can be identified from the content itself.
As long as you only do whatever you are allowed to do with your content anyway (quote it, show excerpts, give copies to friends), nobody will care - and are not _able_ to care. If it finds its way out on file-sharing places, it can be picked up, and the original buyer can be contacted.
Now the original buyer might well not be the one streading the content, but he or she could give information about who else had access to it, and thus the content holders could track down whoever did the deed. Even if there is no legal way to force the buyer to reveal anything (and I don't think there is), the possibility of being implicated in a mess like this is enough for the majority of people to stay away from spreading stuff beyond what they're allowed to.
And that's exactly what this _should be about (and what the car analogy is about as well): people determined to break the law by selling counterfeit copies (or that have an overriding political urge to spread others' content far and wide) will find ways to do so, just like no 'real' car thief is stopped by locks and alarms (even alarms only work because not every car has them; it's easier to steal a car without it).
What you want to stop is incidental spreading, by people that should know better. By having onerous protection systems that force people to break them just to use the content in ways they have a right to do - and expect to be able to - the barrier is gone to then just spread it as far and wide as they want. By locking down too tight, the providers actually increase the amount of copyright violations. It's like warning lights for seatbelts. Some people got so tired of hearing that buzzer whenever they put their briefcase on the passenger seat, they clicked the seatbelt permanently in place - and prevented it from being used when there _was _ a passenger in the car.
/Janne
Trust the Computer. The Computer is your friend.
I think that OneThumb's point is well made. Most DRM systems are trying so hard to be unbreakable that they become too inconvenient to use. Any scheme can and will be broken, so if you can find the right balance between ease of use and security, then most people will be happy to 'be honest'. It's like video games that require you to insert the original CD, even after you've entered in the license key, etc. I'd bet the majority of "no-cd crack" users are like myself and just hate putting a cd in the drive all the time.
In Soviet Russia, hot grits put YOU down THEIR pants.
MightyWords is due kudos for implementing a system that was easier to use then to crack, but their withdrawal from the market highlights the fundamental flaw in any DRM system.
The best analogy I've come up with for DRM content (any DRM including DVD) is that the content is in a safe with a little window in the side. Both the safe and the window have combination locks on them. If you have the right window code, you (personally) can peer through the window and view the content in a limited way. eMatter has a pretty big window, but you still have to go to them to get the combination. When the copyright on the content expires, or if you want to make fair use copies of parts of it, you are allowed to open the safe, take out the content, and manipulate it directly.
Only, you aren't. When the inevitable happens and the code holder goes titsup, you are boned. Specifically, if you want to make use of the content in any way - even perfectly legal uses - you are absolutely required to break the law.
As we've seen in the DeCSS case, the DMCA trumps fair use. You're still allowed to use fair use as a post facto defence for the act of copying the content, but not as a pre facto justification for obtaining the tools that let you do it. In other words, obtaining or possessing a safe cracking kit is illegal regardless of the use you put it to. Cracking the safe is actually legal, but obtaining (or creating) the tool to do it is not. Astonishing, but that's exactly what the DMCA says.
The SSSCA will just make this worse, as it will mandate hardware that will only look through the little window. Even if you break the law to obtain tools to open the safe and get at the content (quite legally if the copyright is expired), you won't (legally) be able to obtain hardware that will touch that content.
Again, eMatter is one of the best attempts at DRM I've seen, but it still demonstrates how fundamentally flawed DRM is, because it requires you to prove your innocence while giving no guarantees that you will be able to continue to do so. It illustrates the vital distinction that you are not buying content, you are licensing a limited and revokable right to access content. There's a big difference, both in theory, and as the collapse of MightyWords now shows, in practice.
If you were blocking sigs, you wouldn't have to read this.
To whoever modded the parent post "-1 flamebait":
and since when is "Open source" an OS?
The "open source operating system" is the OS that runs on a network whose machines run GNU/Linux, BSD, AtheOS, FreeDOS, and other operating systems whose kernel, shell, and included applications are OSI Certified open source software.
ObDRM: None of the OSI Certified operating systems place the kernel or GUI under a digital-rights-denial system (unlike retail Windows XP). Windows XP does have one advantage, however: in the cartoon world, it can turn a laptop into a jetpack. (Read More...)
Will I retire or break 10K?
They are morraly wrong and in violation of the spirit of US copyright laws. Copyright is a created right which only exists by positive govenment action. It is not like natural rights such as speech which require negative government action to deny. The goal of US copyright law was to enlarge the public domain without unduely limiting people's natural rights. To do this, the framers of the constitution granted a 14 year exclusive franchise to publish works to the creators of the work. That 14 year franchise could be renewed once if the original author was alive. The framers of the constition were well aware of the evils of exclusive franchises, especially ones that forbade the spread of knowledge, but balanced that evil with the good of enlarging the public domain. The laws made sense for dead tree and other physical media publications. They don't make sense in the digital world. Low and non existant costs of duplication remove the need for copyright in the first place as anyone who wants to can add their thoughts to the public domain. Secondly but more important the viewing tool is also the tool of creation and an enforcement of a franchise on that tool is a clear violation of free speech. To achieve their ends, publishers must control ALL digital devices. They must deny my right to create and share software. Indirectly they will gain the ability to deny the creation and sharing of ALL information. There are few things more morraly reprehensible than violations of free speech. Without free speech, there is no truth. Without truth there can be no justice. Without justice there is only the rule of the strongest, amoral anarchy. Digital Rights Denial is the law to end all laws.
Friends don't help friends install M$ junk.
Well, trolling is a kind of fishing...
--
The Cap is nigh. Time to get a fresh new account.
It wouldn't really make a difference if we copied the books. Once I've read one, I'm unlikely to read it again soon. In a way, we're already duplicating information when sharing the books in the old fashion. The difference seems to be that physically copying is illegal, which is a completely arbitrary statement. Our legal sharing scheme is already 'taking money from the artist' because we're not buying duplicates.
It's completely arbitrary and unphysical to say that a person owns some thing. The idea with car keys is that of convenience: you're always sure nobody else has used your car, so you know where to find it, in what condition. Once you can duplicate cars with zero effort, this problem is meaningless.
--
The Cap is nigh. Time to get a fresh new account.
"Now MightyWords does not perform authorization anymore, so it would seem that legitimate users of MightyWords eMatter are now out of luck."
If the Domesday book on laserdisk became unreadable due to technology drift in just a couple of decades, it seems likely that DRM schemes will have the same problem. Fortunately in the case of the Domesday book, there is an analog hardcopy to fall back on.
It is disturbing to think that our civilization might entrust its new works of art to DRM schemes that make accessibility to the work dependent on the perpetual business success of the vendor.
"How to Do Nothing," kids activities, back in print!
The software industry confronted the unpleasant reality that their product could be perfectly copied, against their will and in violation of their copyright, without limit. Naturally, the software industry feared the potential loss of revinues.
The industry tried copy protection, and even before the recent mathematical proof proving that secure copy protection, or DRM, was impossible the industry learned from its own experience that copy restrictive technologies were both ineffective in stopping copyright violation, and harmful to their legitimate customers and, therefor, to their product.
The industry learned, however, that even a modicum of personal accountability suffices to stop most forms of copyright violation, and that nothing short of a depopulated world will ever stop it all. The solution was quite simple: serialize the product and/or stamp the user's identity onto each piece of software sold. We don't know if there is a mechanism in place to trace serial number N of product P to the credit card number used to purchase it, and hence to the purchaser, but we as consumers do know it is certainly possible, and that alone makes the vast majority of people reluctant to share software illegally, even with their close friends.
Not everyone, mind you, as warez sites obviously demonstrate, but the vast majority. So much so that the software industry thrives, despite a complete lack of copy restriction technologies, or DRM, whatsoever, and despite a much greater vulnerability to such copying than eBooks, music, or film will ever be. Software has no equivelent alternative revinue streams like live concerts or cinemas, yet it has learned to thrive and prosper in an environment that copyright-obsessed yet technology-naive control freaks, like the sort currently lobbying congress to gut, even outlaw, technologies fundamental to the internet and personal computing, would assume to be inimical.
The problem of copyright violation and the "threat" the ability to make unlimited, perfect copies of a product has already been confronted, addressed, and successfully solved by the software industry, without DRM, without laws like the SSSCA, and finally without, and prior to, the DMCA.
eBook authors, musicians, and movie producers need to learn this, and need to seriously look at the motives their publishers, recording companies, and studios have for persuing technological restrictions on a problem for which an elegant social and legal solution stressing personal accountability have already solved. That motive, of course, is to secure their parasitical place as dominant middleman, with power over both the artists and their fans, at the expense of both and at the expense of the art they have usurped "ownership" over.
The Future of Human Evolution: Autonomy
All i want to know, is where can i get a job inventing stupid and pointless drm systems that try and go against the "if i can see it i can copy it" rule and fail. The one in the article is a cheap hack that a 12-year old might pull off. Why do companies pay good money to programmers to come up with this stuff - css, region encoding, ebooks, windows media etc..?
PS. Would anyone be interested in buying the DRM system i just developed: Basically, the media (cd/dvd etc..) comes with a special label stuck on the front that says: "for every cd bought, we save one 3rd world childs life. If you pirate this cd, you are killing a poor little child, can you handle the guilt??" and it has a picture of a sick and starving mine victim on it.
Don't worry, your company doesn't have to actually donate any money, all you have to do is put a little notice on the back in 1pt font saying "x company does not donate money to charity and may not actually save one life per cd. all rights reserved"
Please note that i plan to sell this DRM system for allot of money (3 million) and it is (c) Theodore Allardyce 2002. If i see any such labels on cds, i will know who to sue.
[This post is protected under the Allardyce DRM 1.0 - I will personally save one starving and sick 3rd world mine/aids/torture victim child for every +1 mod. Can _YOU_ handle the guilt??]
This comment does not represent the views or opinions of the user.
Everyone seems to hate the ideas of DRM systems, but what I would like to hear are good ideas for implementing DRM's. From the general concensus I hear a DRM must 1) be anonomyous, 2) be easy to use 3)allow for copying and modifying and 4) not add to the cost of the material. So out of curosity, what would you like to see?
There is nothing wrong with being gay. It's getting caught where the trouble lies.
Yikes! Now even the editors are trolling!
To test the service for a client, I purchased and downloaded one of the articles that my client had put on Mightywords. The purchase and download were painless enough, but then I tried to read the content offline. BEEP -- you MUST authenticate online before you can read the content! Which renders the content useless for any non-connected machine, and probably raises privacy issues as well (someone else can get into that if they like), not to mention making the content inaccessable whenever Mightywords is not available. IIRC, the document was also tied to the registry of the machine it was downloaded to, so could not have been transferred to a portable for reading elsewhere.
THIS INCIDENT prompted me to look for a crack for password-protected PDFs, something I had never considered doing before.
To return to the car analogy, in this case a crack is a lot like keeping a spare key hidden inside your car's frame, because of that time you lost your keys and couldn't get home.
~REZ~ #43301. Who'd fake being me anyway?
I mean, it's not as if he is a core engineer- that would have been mentioned.
The car door lock is a lousy analogy, because it protects the purchaser, not GM. DRM protects the seller, and is nothing but a pain in the rear to the purchaser. Imagine having to call GM to re-activate your car key every time you get an oil change...
But there are two important lessons you can learn from car locks. One is that they aren't absolute security; anyone who bothers to spend a few hours learning how can steal any car in less than five minutes. The other is that cars are rarely stolen anyhow, because car thieves get caught and severely punished. Go after the thieves, don't cripple the product.
" Any real determined thief won't mess with the locks when the car's covered in breakable glass ;)"
It really depends on what the thief wants to steal. If he wants your stereo, he'll happily smash a window to take it. If he wants your car, he won't smash a window. Replacing a smashed window will cost you $100-$200. A brand new stolen car will sell for $500-$1000 to a chopshop (yes, a $50,000 vehicle will only fetch $1000). It's too expensive to break a window.
It all comes down to the value of the item being protected. If the cost of the item isn't that much more than the cost of stealing it, then people won't bother. If stealing it damages the item too much (broken windows or crappy quality VCDs) people won't bother. DRM companies need to figure that out.
is better than one designed by the
riaa and mpaa.
All histrionics aside, that is the inevitable
choice.
What part of this don't status quo geeks understand?
Current Geek stategy is stupid.
If you wait til they roll out their DRM it will
be too late ( for 95%) of us.
If we came out with a drm that respects legitimate fair use, which file sharing mp3
with people who haven't ponied up for music, is NOT, then while they dithered it would become a
standard.
If the riaa and mpaa then objected to a drm
that most people thought was fair, they would look like greedy bastards (to everyone, not just
clued in geeks) for wanting more.
of course, some l33t types would actually rather
play cat and mouse with the System.
in short, a fair use drm ( so i can make compilation cd's and time shift tv- not to file
swap) now or Riaa-mpaa-Microsoft benefits hell
within a couple of years.
...compared to encryption. Comparing two (or ten) different copies to find the watermark and either remove it completely or at least mix it to an invalid watermark is *trivial*. The only place I've heard that it actually works is with classified documents, where getting multiple copies is a big pain in the butt. Also you wouldn't be able to resell it (your name = you get the blame) or borrow it (friend makes mp3s of your cd, you get the problems) without risk. I'd rip the watermark off such a cd and reburn it faster than lightning, just for those reasons alone.
Kjella
Live today, because you never know what tomorrow brings
Security was a secondary concern, not totally ignored like microsoft. Their secondary concern, if not primary, was profit.
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.