Breaking Google's DRM
An anonymous reader writes "Google's new Google Print service (that lets you see scanned pages from printed books) has a pile of advanced browser-disabling DRM in it ('Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.'). This works with JavaScript turned off, even in Free Software browsers. Seth Schoen has posted preliminary notes on some breaks to the DRM (beyond just automating a screenshotting process), including a proposal for a circumventing proxy that would fetch Google Print pages and strip out the DRM. A full exploration of the html obfuscation and DRM employed by Google would be very interesting; certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP."
Knowing how to develop stuff like this is not a skill everyone has. This might explain why Google recently hired some browser-type software developers (as discussed on Slashdot).
certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP
While I agree it would be nice to fix this from a convenience point of view, and a "it's my computer - it'll do what I want" point of view, how is this a security risk? How do I get a trojan, or lose files, because of an inability to copy & paste on a particular page?
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Facts :
i) To display the books, they've got to send that information to the browser, on your machine.
ii) Once its displayable on your machine, there is *absolutely* no way they can stop a determined person from printing it.
iii) If its going to work on Open-Souce browsers, the DRM must be fairly transparent.
iv) If it works on Open Source browsers, someone cleverer than me will modify that browser so that it works as the user intends, rather than the sender. Their only protection is the DMCA, which may stop a US coder from writing/distributing the hacked app, but the rest of us will be laughing.
Frankly, if Google were as smart as they're hyped to be, they'd know this.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
this just looks like breaking DRM to get stuff for free.
You are 100% right.
It isn't about "security" or even "fair use" it's about the ability to cut and paste, save and print someone else's content without their permissions.
I could understand if you owned the books but you don't. Sounds like a good way to bite the hand that feeds you.
If you are really concerned with Google messing with your browser... don't go to any Google domain, ever. Add an entry in your HOSTS file for google, froogle, gmail, gbrowser and whatever else you'd like.
It's a free service, free in the sense that you are free not to use it.
Get your Unix fortune now!
They have to show the suits at the publishing houses that they are being responsible, safeguarding the suits' ``intellectual property''. It doesn't really matter whether it actually works, just as it doesn't really matter if the features in the checklist on the box of software work. It's a tool for the salesman to use.
If this feature exists but really doesn't work, then the suits get the illusion that their ``intellectual property'' is protected, and they get free advertising of the try-before-you-buy variety. For this best of all possible worlds scenario, it has to work well enough to fool the suits, but not well enough to stop the rest of us.
Sounds to me as if Google has gotten it to work just about well enough to do a good job for all concerned: Google, us readers, and even the suits.
See what I've been reading.
You are adding to the fire by allowing them to change the definition of copyright. Copyright gives holder no right to determine how one USES content, it merely gives them a monolopy right over copying the content for distributation. There are some copyright limitations on use, such as public displaying and the like, but fair use clearly says once you give ME a copy of your work, I can do anything I damn well chose to it.
It already gave me a copy of the work for free, if I chose to burn it, make a hat out of it, or print it out, it's my business.
Burn Hollywood Burn
I seem to recall them using a simiar trick on the official site for Lord of the Rings when it came out.
The World Wide Web is dying. Soon, we shall have only the Internet.
Even within the framework of our eroding copyright laws, fair use allows quoting of copyrighted works. Why should I not be allowed to cut and paste (to prevent distorting a quote)? So I would say this is not an open and shut case.
I understand the necessity for the DRM by Google -- without it their library of content will be severely limited; however, do not paint the actions of everyone attemting to circumvent the DRM.
Home Automation & Linux -- now I know I'm a geek
What's next, banning cell phone cameras in book stores, or libraries?
This sort of HTML onfuscation abuse is just the beginning. This is a general problem with any sufficiently rich presentation language. There are hundreds of different ways to obfuscate things.
Just wait until MS finally decides to properly support PNG alpha transparency! Combine this with CSS absolute positioning, and you'll start seeing images which are composited from many different layers of semi-translucent images; each of which is just noise of it's own. You also have already seen for a long time the cutting up of images into many small pieces.
This could be taken to an extreme as well. With absolute positioning you could also do this with text as well as images. Just position each letter on the page separately and randomize the order in which they appear in the HTML stream. Or even worse, use a custom downloaded font, where the glyphs are all randomized, so although it may look like an "A", it's really in the slot for a "Q"...try to cut and paste that.
Consider the PDF format as an extreme of where XHTML+CSS+DHTML+PNG can go wrt. obfuscation. Sure, the determined and savy can always get the text copied out; but that doesn't mean its not going to be very difficult.
Maybe we should all go back to ASCII and lynx.
This was always intended as a "feel good" feature of the Google print system so that pulishers would feel safer sending tons of books to Google.
/. But it's good enough for Google to run the business, most likely.
/. isn't going to spread enough FUD to publishers that would have otherwise sent in their material. Google print is still in its infancy, and could fail if Google doesn't assert some spin control on the situation, I suppose. Maybe I overestimate /.'s influence.
The "real" DRM here isn't DRM. As a previous post so astutely pointed out, DRM is schitzophrenic by nature: it involves trying to give someone something without *actually* giving it to them.
Google's "real" protection is that the service won't let you view more than a certain percentage of the book in any given month. That percentage is determined by the book's publisher at submssion time, anywhere from 20% to 100%.
Even if you can copy/paste/print, you're still only going to get a portion of the book - certainly not enough to replace a valid sale. Disabling that functionailty basically returns us to the age of photocopying a few pages of a book/article in a library. Except now we can search, so it's faster.
If one solution is as simple as "grab th data from your browser's cache" this is clearly meant to only stop the "average" user, something that is in very short supply here on
Here's to hoping this headline appearing on
Most people arn't aware of that workaround. But browsers are supposed to work for the user not the website designer. "Features" that irritate the user in order to placate designers are antithetical to that the concept.
Designers didn't pay for my machine, why should they have any right to control what I do with it.
autopr0n is like, down and stuff.