Breaking Google's DRM
An anonymous reader writes "Google's new Google Print service (that lets you see scanned pages from printed books) has a pile of advanced browser-disabling DRM in it ('Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.'). This works with JavaScript turned off, even in Free Software browsers. Seth Schoen has posted preliminary notes on some breaks to the DRM (beyond just automating a screenshotting process), including a proposal for a circumventing proxy that would fetch Google Print pages and strip out the DRM. A full exploration of the html obfuscation and DRM employed by Google would be very interesting; certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP."
Knowing how to develop stuff like this is not a skill everyone has. This might explain why Google recently hired some browser-type software developers (as discussed on Slashdot).
certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP
While I agree it would be nice to fix this from a convenience point of view, and a "it's my computer - it'll do what I want" point of view, how is this a security risk? How do I get a trojan, or lose files, because of an inability to copy & paste on a particular page?
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Facts :
i) To display the books, they've got to send that information to the browser, on your machine.
ii) Once its displayable on your machine, there is *absolutely* no way they can stop a determined person from printing it.
iii) If its going to work on Open-Souce browsers, the DRM must be fairly transparent.
iv) If it works on Open Source browsers, someone cleverer than me will modify that browser so that it works as the user intends, rather than the sender. Their only protection is the DMCA, which may stop a US coder from writing/distributing the hacked app, but the rest of us will be laughing.
Frankly, if Google were as smart as they're hyped to be, they'd know this.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
this just looks like breaking DRM to get stuff for free.
You are 100% right.
It isn't about "security" or even "fair use" it's about the ability to cut and paste, save and print someone else's content without their permissions.
I could understand if you owned the books but you don't. Sounds like a good way to bite the hand that feeds you.
If you are really concerned with Google messing with your browser... don't go to any Google domain, ever. Add an entry in your HOSTS file for google, froogle, gmail, gbrowser and whatever else you'd like.
It's a free service, free in the sense that you are free not to use it.
Get your Unix fortune now!