Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM In JPEGs? (eff.org)

Posted by Soulskill on from the do-not-want dept.

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

41 of 301 comments (clear)

  1. DRM Thwarted by Printscreen by Anonymous Coward · · Score: 5, Funny

    If ever there was a more stupid thing to try to put drm on...

    1. Re:DRM Thwarted by Printscreen by Tony+Isaac · · Score: 4, Funny

      Oh, don't be so sure. They'll get Microsoft to update the Print Screen feature so it obeys the DRM also.

    2. Re:DRM Thwarted by Printscreen by Darinbob · · Score: 2

      It's not at all implausible. The whole foundation behind video security is making sure that every component obeys the DRM. The graphics cards have tamper detection built in. Microsoft put up only minimal resistance against this.

    3. Re: DRM Thwarted by Printscreen by mukinrestak · · Score: 5, Insightful

      They don't have to make it impossible, just illegal. And guess what, TPP and its ilk are trying to spread anti DRM circumvention laws to other countries.

    4. Re:DRM Thwarted by Printscreen by nmb3000 · · Score: 2

      If ever there was a more stupid thing to try to put drm on...

      That doesn't stop them from trying.

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    5. Re:DRM Thwarted by Printscreen by idji · · Score: 2

      That's not so funny. Microsoft doesn't let you record from sound devices anymore..

    6. Re: DRM Thwarted by Printscreen by silentcoder · · Score: 5, Informative

      Most professional photographers don't use JPG either, we take pictures in RAW - storing as much information losslessly as possible.

      JPG is something you export to for the low-quality versions you put in web based portfolios. For printing you use a lossless format like TIFF pre-sized correctly to page size (because auto-scaling tends to ruin shots) but what you save and store are camera RAW formats (CR2 for canon) which allows you maximum post-processing ability.

      --
      Unicode killed the ASCII-art *
    7. Re: DRM Thwarted by Printscreen by kheldan · · Score: 3, Insightful

      They don't have to make it impossible, just illegal. And guess what, TPP and its ilk are trying to spread anti DRM circumvention laws to other countries

      And you know what? It won't matter. Just like always, any method of locking something down will be broken in a week or less, and spread like wildfire. The tighter they squeeze, the more will slip through their fingers, and there is nothing they can do to stop it.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    8. Re:DRM Thwarted by Printscreen by flopsquad · · Score: 2

      They can't affect the screen grab feature in Linux, but patent law can prevent you (legally) writing a DRM compliant image viewer for Linux.

      Patent law can't stop you from legally doing this. It can only stop you from distributing the program you wrote.

      Patent attorney here. A patent owner has the right to exclude people from making, using, importing, selling, or offering to sell the invention. Merely reimplementing or running a patented process (or using an infringing device, etc.) can be infringement, without distribution (and subject to very limited experimental use defenses). Unlike in copyright law, distribution isn't the crux at all.

      So if there is a patented method of creating or displaying DRM-encumbered JPEGs, and you write a program practicing that method but never share the code or distribute an executable, it may still technically be infringement.

      This "feature" of patent law is not very well known to the public, because the type of infringement above is nigh impossible to uncover and is value negative to pursue. Also because most companies do not go around suing millions of end users of competitors' infringing products, rather going after the competitors themselves and getting them on direct and induced infringement.

      However, this is mostly for PR and C/B reasons, not because patent law forbids it. If you've heard about the rash of troll suits/shakedown letters against small businesses for, e.g., using a fax machine they purchased, you're hearing about a patent owner leaning on the "use" prong of exclusionary patent rights.

      --
      Nothing posted to /. has ever been legal advice, including this.
    9. Re: DRM Thwarted by Printscreen by cpt+kangarooski · · Score: 2

      Patent attorney here. A patent owner has the right to exclude people from making, using, importing, selling, or offering to sell the invention. Merely reimplementing or running a patented process (or using an infringing device, etc.) can be infringement, without distribution (and subject to very limited experimental use defenses). Unlike in copyright law, distribution isn't the crux at all.

      Copyright attorney here. Copyright infringement doesn't hinge on distribution. Distributing copies is just one way in which infringement can occur. Making unauthorized copies of copyrighted works, or even sufficient partial copies (and what's sufficient can be very small; in one noteworthy case, Bridgeport v. Dimension Films, it is suggested that even one note from a song would suffice) is also just as infringing. And there are several other forms of infringement. Since it's a strict liability statute, it's easy and in fact extremely commonplace for people to infringe all the time without even knowing about it.

      This "feature" of patent law is not very well known to the public, because the type of infringement above is nigh impossible to uncover and is value negative to pursue.

      That's why copyright infringement cases usually involve publicly distributed infringing material. However, our overly litigious bad actors in the various publishing industries haven't let the negative costs, difficulty of investigation, and the general foolishness of trying to stop all infringement stop them. Instead they keep trying to externalize the cost and labor. So, you know, you should probably beware of any efforts of patent holders to use the government or third parties to help enforce patents (e.g. by criminalizing patent infringement, or having customs look for and block import of infringing goods).

      --
      -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
  2. Sounds ineffective. by Anonymous Coward · · Score: 4, Insightful

    So what's to stop me from taking a high def screen shot of the jpeg and uploading it anyway ?

    1. Re:Sounds ineffective. by Anonymous Coward · · Score: 3, Insightful

      Future versions of OS that stop being 'your' computer and start being 'their' computer which interface with 'their' Internet that will soon not support 'your' computer. And sad to say, most people will run screaming with glee towards it at the sight of OOH NEW AND SHINY they bundle with it.

    2. Re:Sounds ineffective. by MightyYar · · Score: 3, Informative

      That is until - whoops! - you have your DRM chip manufactured in China and pretty soon anyone can buy a DRM stripper for under $20.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  3. All this nonsense by JustAnotherOldGuy · · Score: 5, Insightful

    All this nonsense, defeated by a simple screenshot.

    And I'm sure someone will quickly write a DRM-stripper to clean up these DRM-infected files.

    Let me be as succinct as I can regarding DRM in .jpg files: No. No, no, no.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  4. Re:Who cares? by SQLGuru · · Score: 4, Interesting

    If JPEG finally implemented DRM, then more people would switch. PNG is superior if only for the extra features. There are instances where JPG compresses better and instances where PNG compresses better, so I won't claim either wins on that account.....but lossless vs lossy and alpha channel support is nice. I'd also like to see the animation extension more consistently adopted (to supplant GIF). I'm not sure why it hasn't caught on more than it has.

  5. Hey you can't have this by future+assassin · · Score: 4, Interesting

    oh yah?! Click...

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  6. Awesome by viperidaenz · · Score: 3, Interesting

    How is the jpeg library supposed to know the intent? It's not even involved in the image upload process.

    Or is the website supposed to check and reject uploads with DRM?

    What's to stop me opening the file and saving as PNG, then uploading?

    1. Re:Awesome by 0123456 · · Score: 3, Interesting

      What's to stop me opening the file and saving as PNG, then uploading?

      The operating system won't let you. Any operating system which does let you will be banned under the 'free trade' treaty for breaking DRM.

      It's hard to tell whether the DRM fanatics are insane or just plain evil. But, either way, they have to destroy general-purpose computing to make it work.

    2. Re:Awesome by Dr_Barnowl · · Score: 4, Informative

      Have you read "The Right to Read"?

      Thing is, all the technology it describes is possible now, and even in use on some platforms (think iOS, where all apps must be signed by Apple, and apps are specifically prohibited from allowing the execution of arbitrary code). The only gap is in legislation, but that legislation continues to be pushed forward aggressively.

      The author of that nifty little program could well find themselves in a nifty little jail cell. They've already tried it, more than once ; and they will keep trying, with the force of these new international treaties like TPP behind them.

    3. Re:Awesome by JustAnotherOldGuy · · Score: 2

      Have you read "The Right to Read"?

      Yes, years ago.

      The problem is that there are literally billions of us and not very many of them. The Chinese have tried stuff like this for years and still can't do it. The Great Firewall of China has been a resounding flop for anyone who wants to get around it. It's got more holes than a New Orleans whorehouse.

      No matter what they come up with there will always be a way around it. Until they put a chip in our brains I don't see them winning at this game.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  7. DRM Does Work by rsmith-mac · · Score: 4, Insightful

    From TFS:

    explains why cryptographers don't believe that DRM works

    While I fully agree that DRM isn't foolproof, I disagree that DRM doesn't work. The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users. And to that end DRM works very well.

    Any DRM system that's built half-way decently won't be possible to trivially bypass, and that's enough to deter casual infringement. You don't see people going Napster with iOS apps, you don't see everyone and their mother pirating DirecTV like they once did, and you can't pick up pirated PS4 games off of your local shady games shop. Why? Because the DRM systems that are in place are good enough that it's no longer easy and convenient to pirate this material. So casual piracy stops.

    DRM shouldn't be implemented for a whole other host of reasons, least of all because it prevents users from fully controlling works they've purchased. But to argue that it doesn't work is disingenuous. It works to stop the most threatening form of piracy, casual piracy, and with every generation the underlying technology gets harder and harder to break.

    1. Re:DRM Does Work by elvesrus · · Score: 2

      If DRM works why is it that customers generally have a worse experience with products than others that didn't pay?

    2. Re:DRM Does Work by Dutch+Gun · · Score: 4, Interesting

      DRM works reasonably well in closed ecosystems and on closed hardware. That includes consoles, handhelds, phones, and so on. It can be bypassed, but it's a pain, and most people don't do so. This is because the DRM is implemented in hardware, and in ways that are extremely difficult to unravel, and so aren't really worth attacking except for people who are mostly doing it for the technical challenge.

      Where DRM typically fails is on open platforms like the PC. There are only two forms (that I can think of offhand) of DRM to really succeed on the PC. One is the "leave most of the code on the server" sort of DRM, essentially online-only games, and that's a pretty draconian solution for single-player games. The other is high-end software that uses a hardware encryption dongle to protect it. Other than that, the only way to make software-based DRM work on the PC is to make it a closed device like consoles, and although I'm sure some companies wouldn't mind seeing that happen, with declining PC sales as is, I just don't see it happening.

      DRM in JPEG images is a pipe dream. Even if it were technically possible in the first place, do you really think anyone and everyone is going to bother implementing whatever extensions would make it possible? It's ridiculous. Note that the ONLY way I can think to implement this would be an image handling library with root-level privileges on every computer system on the planet. Did we fucking learn nothing from Stagefright?

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:DRM Does Work by urdak · · Score: 3

      From TFS:

      explains why cryptographers don't believe that DRM works

      While I fully agree that DRM isn't foolproof, I disagree that DRM doesn't work. The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users.

      That is a common misconception. When DVD CSS (the DRM on DVDs) came out, they claimed it was to stop piracy. That was a joke - it only took the effort of one pirate to strip out the DRM and create an unencrypted file, and from then on the movie becomes available to pirates, and "casual", "low-skilled" pirates started copying *those* unencrypted fils, not the original DVDs. All these pirates needed to know was how to copy files - they didn't need any special "hacking" skills.

      Moreover, not only did CSS not stop DVD piracy, movie producer started to use it to limit users with things that have nothing to do with copying - for example region coding (you cannot play a movie you bought legally in another country) and unskippable ads (in some places in the video, fast-forward did not work). And who didn't have to suffer this crap? Of course, the pirates. The pirates - either copying files over bittorrent or buying a DVD from some pirate DVD manufacturer - will get a DVD without all that crap. What a wonderful business move.

      It's gotten to the point where the first thing I do after getting a DVD is to rip it to an unencrypted file, delete the silly "FBI warning" and ads, and save that file. I don't need my children to see FBI warnings and ads before watching a movie I paid for. Nothing in "copyright" law allows the copyright holder to force me to watch this crap - any more than book manufacturers can force me to read the first page of the book every time I want to read it.

  8. I'm a JPEG Content producer by JazzXP · · Score: 5, Interesting

    I produce a lot of JPEGs that earn me money and find me clients (photographer)... DRM? Nope, do not want.

  9. Re:Who cares? by Gr8Apes · · Score: 2

    With JPEG you get horrible colour blocks and banding artefacts. It ruins most pictures.

    So that's why so many cameras use JPEG!

    --
    The cesspool just got a check and balance.
  10. How will it work? Seriously by Todd+Knarr · · Score: 4, Insightful

    It won't stop uploading. Tools like wput and Curl don't read the contents of files before uploading, and wouldn't be modified to support one closed-source feature for one specific file format.

    It won't affect Web sites. Web servers don't read the contents of files before serving them, files are just blobs of bytes to the server. The sites of interest to the DRM people are running open-source Web server software too, and I seriously doubt Apache or nginx are going to add closed-source code for one specific file format. IIS would, but it's at best the third-place player in the large-volume-site space.

    And finally, it'll be cracked. My bet is that before it becomes widely implemented someone'll crack the system and there'll be browser extensions easily available that simply strip the DRM off the JPEG before uploading, displaying or saving it. Those extensions'll be widely used too, it won't be long before anyone having problems viewing images on Pinterest/Tumblr/Twitter/etc. will just get told to install the extension and it'll fix the problem. Users won't know or care how it fixed it, just that it fixes it.

    1. Re:How will it work? Seriously by nashv · · Score: 4, Interesting

      You're not getting this. Most likely, adding DRM will make JPEG files unreadable without a license/key. Tools that don't read contents and decrypt will not be able to view it. So irrespective of whether you can upload it or serve it, no one without proper rights will be able to view it. Think of this like locked PDFs.

      This will be the end of JPEG. Nothing to worry about, PNG is better anyway.

      --
      Entia non sunt multiplicanda praeter necessitatem.
    2. Re:How will it work? Seriously by AHuxley · · Score: 4, Interesting

      An advanced always internet connected "free" US operating system might have to send back details on any moved, copied, created or altered image under a 'free' anti virus, malware feature.
      It would just be a small dataset created from details, names, embedded strings about all files visible, open when the the screen image captured.

      All files would be looked at for expected, listed virus or malware and if an image was moved, copied against existing international police databases.
      The transmission of a set of small checksums would not be difficult given the amount of other data most big brand modern operating systems send back.
      For the average user the file would be reported on by the OS in near realtime for 'free' anti virus efforts with the free operating system.
      The user can then run any application to try and convert, remove, transform the image but the report of a copy made would have been sent. Downloading and using any such rights altering application could also be logged :)

      Such efforts are usually done now for any images in free email, cloud or other networked products as part of law enforcement image tracking efforts over the years.
      Just push the tech down into the users 'free' OS computers and let the publishing/media community add every image checksum they have.
      No action if the image stays in a deep part of the OS for say allowed web browsing, if moved to a new folder or captured the rights owner gets the ip, time, unique hardware details of the computer.

      The sites will be a walled garden. Users will have to load and enjoy the site everytime without been able to save data.
      The OS will phone home the possession of the saved image or creation of a screen capture with the protected image in it. The free gift of AV software at the OS level gets to look at every file in realtime, why not report on DRM files too :)

      --
      Domestic spying is now "Benign Information Gathering"
  11. Other other news... by SJ · · Score: 3, Insightful

    Joint Photographic Expert Group trying to think of things to justify their relevance.

  12. Will not be supported by Instagram/facebook by Anonymous Coward · · Score: 2, Interesting

    JPEG with DRM will fail because the biggest use of JPEGs (on facebook & Instagram) will require that users upload images without DRM. By necessity, facebook & instagram require you to assign them full rights to use an image, thereby making any DRM from the original owner of the content pointless. Similarly, facebook & instagram (as licencees to use the work but not owners) are not in a position to impose DRM on said images (they don't own the content and thus can't decide or enforce rights management.)

  13. Won't be implemented by andymadigan · · Score: 3, Insightful

    JPEG can add this to the standard, but nobody will implement it. Think about it, why would Google or Mozilla decide to make these images work in their browsers? Why would Microsoft or Apple implement it?

    DRM on video (and to a lesser degree music) only worked because there was a captive market. Blu-ray players, DVD players, and iPods would implement whatever DRM the movie/music industry specified. Browsers and smartphones won't. Without them the audience is so small that it won't matter.

    --
    The right to protest the State is more sacred than the State.
  14. Re:Who cares? by Travis+Mansbridge · · Score: 2

    Check out FLIF which beats almost any other format in quality per byte regardless of whether you're at the low end (JPG) or the high end (PNG) of the quality scale

  15. a picture is worth . . . by swell · · Score: 3, Interesting

    no, I'm not going to finish that by saying '1000 words'. That would be insulting to those who already despise the stupid phrase.

    But what is a picture worth? I spend my days at one of the most attractive places on earth where thousands of visitors from everywhere snap the same photos. One scene in particular must have been shot millions of times over the last 100 years. They line up so that they can stand in the exact spot for the best view. Each photographer walks away proud of their new acquisition.

    Certain pictures do have value and are well protected. The hollow inside of Fort Knox. The Dead Sea scrolls (yes, the ones they haven't told you about). The blueprints for the Star Trek phaser weapon. The Royal Personage picking her nose...

    But really, who would use this DRM? Web sites with sale-worthy photos show thumbnails and sell the full resolution image via email. Not much problem there. It's true that stock photo sellers have been ripped off badly and I'm sorry about that, but I assume they have watermarks, etc, offering some protection. Even Playboy magazine has come to realize that photos just aren't that compelling anymore.

    --
    ...omphaloskepsis often...
  16. Re: JPEG is gay by Anonymous Coward · · Score: 2, Funny

    Damn boy! You're making me get HARD. I've never seen such a throbbing erection before.

  17. Will it be available to Joe Public? by grahammm · · Score: 3, Insightful

    Most JPEGs are created by ordinary people, with their digital cameras and phones. So will Joe Public who has taken a photo be able to define the rights on the image? Will he be able change the rights depending on where he sends or stores the image? Or will it only be the media conglomerates who are able to manage the rights to their images?

  18. Re:Who cares? by urdak · · Score: 5, Informative

    If JPEG finally implemented DRM, then more people would switch.

    You are missing the point... Even if JPEG implements DRM, it doesn't force you to use DRM on the photos you create. You can still take photos, draw images, etc., and not enable DRM on them. So people who currently create JPEGs can continue to use them and don't need to "switch". The problem with DRM is when other people put them on the images they send you. E.g., you browse some website and you see there a DRMed JPEG. How can you "switch" to PNG here?? You didn't create this JPEG, someone else did it, and they did so deliberately.

    What users can do, however, is to not even try to get their content from the official publisher (because it uses some annoying DRM) but rather get the same content from a "pirate" which broke this DRM and converted the content to a more useful format. This is what people have been doing for years for video. I, for example, never use actual DVDs any more (my living-room "DVD player" is stash away in the attic) - I always rip my DVDs to an unencrypted ".vob" file before watching them, and avoid all sorts of region locks, mandatory ads, and other crap the publisher thought he could force on me in the pretense of "copyright".

  19. Re:Who cares? by wonkey_monkey · · Score: 4, Informative

    Now the difference between the file size of a lossy JPEG and PNG is negligible

    What are you talking about? The difference in file size is arbitrary because you can set the quality of a JPEG to whatever suits your purposes.

    With JPEG you get horrible colour blocks and banding artefacts. It ruins most pictures.

    So set the quality a bit higher. You'll still beat PNG in filesize for photographic images, enough that pages will load visibly faster.

    --
    systemd is Roko's Basilisk.
  20. Dear JPEG group by Lumpy · · Score: 2

    This already exists, it's called EXIF data.

    if your "DRM" is to convey an easily identified data inside the photo than tell your members to stop being stupid and use the EXIF copyright and owner fields.

    Oh wait, I'm betting you want to CHARGE MONEY for using the DRM and using EXIF data fields you can do that...... I understand now.

    --
    Do not look at laser with remaining good eye.
  21. Re:Who cares? by omnichad · · Score: 2

    I took a random 833x1200 portrait photo from the Internet and loaded it into Photoshop to compress.

    The 24-bit PNG is 941.4 KB. There are no areas of solid color that benefit from PNG's efficiencies. Just for fun, I ran it through an online PNGCrush tool and it somehow jumped to 1.5MB.

    The JPEG at 100% quality is 311.6KB
    The JPEG at 94% quality is 260KB
    At 80% quality it goes down to 179KB
    At a web-appropriate 60% it's 133KB and still looks nearly-flawless, with only a minor loss of detail around pores.

    If I'm a professional photographer, I would probably still save to JPEG at 100% for final output instead of RAW or TIFF. And even at 100% it's 1/3 of the size of the 24-bit PNG.

  22. Re:Better get the facts straight... but who cares? by omnichad · · Score: 2

    DRM is copy-protecton (and view protection in some cases).

    IPTC/EXIF can already embed digital signatures. There's really no need for a new standard for that.