DRM In JPEGs?

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

DRM Thwarted by Printscreen

If ever there was a more stupid thing to try to put drm on...

Re:DRM Thwarted by Printscreen

[Tony+Isaac]

Oh, don't be so sure. They'll get Microsoft to update the Print Screen feature so it obeys the DRM also.

Re: DRM Thwarted by Printscreen

[mukinrestak]

They don't have to make it impossible, just illegal. And guess what, TPP and its ilk are trying to spread anti DRM circumvention laws to other countries.

Re: DRM Thwarted by Printscreen

[silentcoder]

Most professional photographers don't use JPG either, we take pictures in RAW - storing as much information losslessly as possible.

JPG is something you export to for the low-quality versions you put in web based portfolios. For printing you use a lossless format like TIFF pre-sized correctly to page size (because auto-scaling tends to ruin shots) but what you save and store are camera RAW formats (CR2 for canon) which allows you maximum post-processing ability.

Sounds ineffective.

So what's to stop me from taking a high def screen shot of the jpeg and uploading it anyway ?

All this nonsense

[JustAnotherOldGuy]

All this nonsense, defeated by a simple screenshot.

And I'm sure someone will quickly write a DRM-stripper to clean up these DRM-infected files.

Let me be as succinct as I can regarding DRM in .jpg files: No. No, no, no.

Re:Who cares?

[SQLGuru]

If JPEG finally implemented DRM, then more people would switch. PNG is superior if only for the extra features. There are instances where JPG compresses better and instances where PNG compresses better, so I won't claim either wins on that account.....but lossless vs lossy and alpha channel support is nice. I'd also like to see the animation extension more consistently adopted (to supplant GIF). I'm not sure why it hasn't caught on more than it has.

Hey you can't have this

[future+assassin]

oh yah?! Click...

DRM Does Work

[rsmith-mac]

From TFS:

explains why cryptographers don't believe that DRM works

While I fully agree that DRM isn't foolproof, I disagree that DRM doesn't work. The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users. And to that end DRM works very well.

Any DRM system that's built half-way decently won't be possible to trivially bypass, and that's enough to deter casual infringement. You don't see people going Napster with iOS apps, you don't see everyone and their mother pirating DirecTV like they once did, and you can't pick up pirated PS4 games off of your local shady games shop. Why? Because the DRM systems that are in place are good enough that it's no longer easy and convenient to pirate this material. So casual piracy stops.

DRM shouldn't be implemented for a whole other host of reasons, least of all because it prevents users from fully controlling works they've purchased. But to argue that it doesn't work is disingenuous. It works to stop the most threatening form of piracy, casual piracy, and with every generation the underlying technology gets harder and harder to break.

Re:DRM Does Work

[Dutch+Gun]

DRM works reasonably well in closed ecosystems and on closed hardware. That includes consoles, handhelds, phones, and so on. It can be bypassed, but it's a pain, and most people don't do so. This is because the DRM is implemented in hardware, and in ways that are extremely difficult to unravel, and so aren't really worth attacking except for people who are mostly doing it for the technical challenge.

Where DRM typically fails is on open platforms like the PC. There are only two forms (that I can think of offhand) of DRM to really succeed on the PC. One is the "leave most of the code on the server" sort of DRM, essentially online-only games, and that's a pretty draconian solution for single-player games. The other is high-end software that uses a hardware encryption dongle to protect it. Other than that, the only way to make software-based DRM work on the PC is to make it a closed device like consoles, and although I'm sure some companies wouldn't mind seeing that happen, with declining PC sales as is, I just don't see it happening.

DRM in JPEG images is a pipe dream. Even if it were technically possible in the first place, do you really think anyone and everyone is going to bother implementing whatever extensions would make it possible? It's ridiculous. Note that the ONLY way I can think to implement this would be an image handling library with root-level privileges on every computer system on the planet. Did we fucking learn nothing from Stagefright?

I'm a JPEG Content producer

[JazzXP]

I produce a lot of JPEGs that earn me money and find me clients (photographer)... DRM? Nope, do not want.

How will it work? Seriously

[Todd+Knarr]

It won't stop uploading. Tools like wput and Curl don't read the contents of files before uploading, and wouldn't be modified to support one closed-source feature for one specific file format.

It won't affect Web sites. Web servers don't read the contents of files before serving them, files are just blobs of bytes to the server. The sites of interest to the DRM people are running open-source Web server software too, and I seriously doubt Apache or nginx are going to add closed-source code for one specific file format. IIS would, but it's at best the third-place player in the large-volume-site space.

And finally, it'll be cracked. My bet is that before it becomes widely implemented someone'll crack the system and there'll be browser extensions easily available that simply strip the DRM off the JPEG before uploading, displaying or saving it. Those extensions'll be widely used too, it won't be long before anyone having problems viewing images on Pinterest/Tumblr/Twitter/etc. will just get told to install the extension and it'll fix the problem. Users won't know or care how it fixed it, just that it fixes it.

Re:How will it work? Seriously

[nashv]

You're not getting this. Most likely, adding DRM will make JPEG files unreadable without a license/key. Tools that don't read contents and decrypt will not be able to view it. So irrespective of whether you can upload it or serve it, no one without proper rights will be able to view it. Think of this like locked PDFs.

This will be the end of JPEG. Nothing to worry about, PNG is better anyway.

Re:How will it work? Seriously

[AHuxley]

An advanced always internet connected "free" US operating system might have to send back details on any moved, copied, created or altered image under a 'free' anti virus, malware feature.
It would just be a small dataset created from details, names, embedded strings about all files visible, open when the the screen image captured.

All files would be looked at for expected, listed virus or malware and if an image was moved, copied against existing international police databases.
The transmission of a set of small checksums would not be difficult given the amount of other data most big brand modern operating systems send back.
For the average user the file would be reported on by the OS in near realtime for 'free' anti virus efforts with the free operating system.
The user can then run any application to try and convert, remove, transform the image but the report of a copy made would have been sent. Downloading and using any such rights altering application could also be logged :)

Such efforts are usually done now for any images in free email, cloud or other networked products as part of law enforcement image tracking efforts over the years.
Just push the tech down into the users 'free' OS computers and let the publishing/media community add every image checksum they have.
No action if the image stays in a deep part of the OS for say allowed web browsing, if moved to a new folder or captured the rights owner gets the ip, time, unique hardware details of the computer.

The sites will be a walled garden. Users will have to load and enjoy the site everytime without been able to save data.
The OS will phone home the possession of the saved image or creation of a screen capture with the protected image in it. The free gift of AV software at the OS level gets to look at every file in realtime, why not report on DRM files too :)

Re:Who cares?

[urdak]

If JPEG finally implemented DRM, then more people would switch.

You are missing the point... Even if JPEG implements DRM, it doesn't force you to use DRM on the photos you create. You can still take photos, draw images, etc., and not enable DRM on them. So people who currently create JPEGs can continue to use them and don't need to "switch". The problem with DRM is when other people put them on the images they send you. E.g., you browse some website and you see there a DRMed JPEG. How can you "switch" to PNG here?? You didn't create this JPEG, someone else did it, and they did so deliberately.

What users can do, however, is to not even try to get their content from the official publisher (because it uses some annoying DRM) but rather get the same content from a "pirate" which broke this DRM and converted the content to a more useful format. This is what people have been doing for years for video. I, for example, never use actual DVDs any more (my living-room "DVD player" is stash away in the attic) - I always rip my DVDs to an unencrypted ".vob" file before watching them, and avoid all sorts of region locks, mandatory ads, and other crap the publisher thought he could force on me in the pretense of "copyright".

Re:Who cares?

[wonkey_monkey]

Now the difference between the file size of a lossy JPEG and PNG is negligible

What are you talking about? The difference in file size is arbitrary because you can set the quality of a JPEG to whatever suits your purposes.

With JPEG you get horrible colour blocks and banding artefacts. It ruins most pictures.

So set the quality a bit higher. You'll still beat PNG in filesize for photographic images, enough that pages will load visibly faster.

Re:Awesome

[Dr_Barnowl]

Have you read "The Right to Read"?

Thing is, all the technology it describes is possible now, and even in use on some platforms (think iOS, where all apps must be signed by Apple, and apps are specifically prohibited from allowing the execution of arbitrary code). The only gap is in legislation, but that legislation continues to be pushed forward aggressively.

The author of that nifty little program could well find themselves in a nifty little jail cell. They've already tried it, more than once ; and they will keep trying, with the force of these new international treaties like TPP behind them.