Slashdot Mirror


Breaking Google's DRM

An anonymous reader writes "Google's new Google Print service (that lets you see scanned pages from printed books) has a pile of advanced browser-disabling DRM in it ('Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.'). This works with JavaScript turned off, even in Free Software browsers. Seth Schoen has posted preliminary notes on some breaks to the DRM (beyond just automating a screenshotting process), including a proposal for a circumventing proxy that would fetch Google Print pages and strip out the DRM. A full exploration of the html obfuscation and DRM employed by Google would be very interesting; certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP."

12 of 892 comments (clear)

  1. That explains those mysterious hirings by waynegoode · · Score: 5, Insightful

    Knowing how to develop stuff like this is not a skill everyone has. This might explain why Google recently hired some browser-type software developers (as discussed on Slashdot).

  2. Security issue? by radish · · Score: 5, Insightful


    certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP

    While I agree it would be nice to fix this from a convenience point of view, and a "it's my computer - it'll do what I want" point of view, how is this a security risk? How do I get a trojan, or lose files, because of an inability to copy & paste on a particular page?

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

    1. Re:Security issue? by Rude+Turnip · · Score: 5, Insightful

      "...how is this a security risk?"

      A part of your security is having control over your computer. Your security has been compromised when you lose that control.

    2. Re:Security issue? by lukewarmfusion · · Score: 5, Insightful

      No kidding... you may not like having those features disabled, but calling them a "security vulnerability" is like shouting "terrorist" because you don't like what someone else says.

      There are plenty of sites that go to great lengths to turn off functionality like copy, back button, print, etc. When a major corporation does it, suddenly it's a risk?

      Google can only offer that information because they can employ DRM.

    3. Re:Security issue? by EvilSS · · Score: 5, Insightful

      A denial of what service? Your inaliable right to Copy-Paste-Repeate? Your God given right to duplicate copyrighted works?

      Even though most of /. may not like it, Google has to protect the copyright of the books in its search, or not offer them at all.

      Take your pick:
      Google offers book searching with DRM
      Google does not offer book searching

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:Security issue? by rackhamh · · Score: 5, Insightful

      Your computer is a physical piece of hardware. Unless somebody has locked the case and/or tied your hands behind your back, you retain full control over it... including the decision of which software to install, and which services you choose to use.

      If Google Print doesn't offer the save/print/whatever functionality you desire, then don't use it.

      There, you just exercised your control over your computer.

    5. Re:Security issue? by arose · · Score: 5, Insightful

      Copyright isn't a god given right either. People tend to foerget that...

      --
      Analogies don't equal equalities, they are merely somewhat analogous.
    6. Re:Security issue? by Feanturi · · Score: 5, Insightful

      That definition's too broad though. Is crippleware of any sort then, a security risk? That doesn't make sense. Though, we're talking about a full app here that already saves other things fine but just not this particular content. So what? How is that a loss of 'control'? I still have control over *my* system, just not the ability to manipulate *someone else's* material.

    7. Re:Security issue? by cduffy · · Score: 5, Insightful

      This is distinctly unlike crippleware, unless that crippleware were to (for instance) disable some OS-level functionality until it's paid for.

      Web content shouldn't be able to affect browser functionality without the user's consent, just the same as an application shouldn't be able to disable a part of the OS.

      Finally, and I've said this elsewhere: It's not "someone else's" material in the sense that they have complete and total ownership; it's "someone else's" material in the sense that they own copyright over it. Copyright is, by intent, limited: It controls reproduction, public performance, and several other actions, and no more. It also have a number of execeptions where reproduction and so forth can be permitted (for instance, exerpting for a review).

      Pretending that ownership of the exclusive right to reproduce (and some other actions as well) is equivalent to complete and total control is a modern myth -- but if folks folks don't fight for that distinction, we may well lose it; and in that case, it's the public as a whole that misses out.

    8. Re:Security issue? by radish · · Score: 5, Insightful

      You have complete control. Don't go to that site. See? Easy. No one is forcing you to use this service. If you choose to use it, you are subject to certain rules, one of which is - no copy & paste. Don't like the rules? Don't use the service.

      Counter Example 1: Many popular games won't run without the CD in the drive. In other words, if you try to start the app without the CD, it will not do what you want (it will exit). Did you just lose control of your computer? Is your security at risk? Of course not.

      Counter Example 2: Hard drives have firmware built into them. It is this firmware, not any software on the machine itself, which controls exactly where on the disk data is written. If this firmware fails, data can be lost. This firmware is in ROM, on the drive itself. When you save a file you are trusting it to do the right thing, whatsmore, there's no way you can actually tell what it is doing, or affect what it does. Have you lost control? Is your security compromised?

      --

      ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  3. It's doomed. by gowen · · Score: 5, Insightful

    Facts :

    i) To display the books, they've got to send that information to the browser, on your machine.
    ii) Once its displayable on your machine, there is *absolutely* no way they can stop a determined person from printing it.
    iii) If its going to work on Open-Souce browsers, the DRM must be fairly transparent.
    iv) If it works on Open Source browsers, someone cleverer than me will modify that browser so that it works as the user intends, rather than the sender. Their only protection is the DMCA, which may stop a US coder from writing/distributing the hacked app, but the rest of us will be laughing.

    Frankly, if Google were as smart as they're hyped to be, they'd know this.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  4. Re:Getting stuff for free? by ImaLamer · · Score: 5, Insightful

    this just looks like breaking DRM to get stuff for free.

    You are 100% right.

    It isn't about "security" or even "fair use" it's about the ability to cut and paste, save and print someone else's content without their permissions.

    I could understand if you owned the books but you don't. Sounds like a good way to bite the hand that feeds you.

    If you are really concerned with Google messing with your browser... don't go to any Google domain, ever. Add an entry in your HOSTS file for google, froogle, gmail, gbrowser and whatever else you'd like.

    It's a free service, free in the sense that you are free not to use it.