Flyspeck23
First Post
Hopefully, a company doesn't stop thinking of their customers as their friends (of sorts) when the sale's concluded. That what's support, updates and erratas are for.Krypter said:
Apart from that, I'd agree with you.
DRM limitations (merged with "why DRM sucks")
- Thread starter HellHound
- Start date
Apart from that, I'd agree with you.
RCanning
First Post
I am glad to see people like Steve Wieck and Scott Greene who have a vested interest in the site are reading all of this.
I personally can not got the DRM protected files to work the way I need them to. I downloaded them and could view them at home no problem, but when I did a "Save a Copy" from "My Bookshelf" and then gave it to my wife, who took it to work, logged into Adobe DRM with my username and password and tried to open the file, it failed. The Adobe ID was logged in, but the file kept giving a "Bad Encryption Dictionary" error (or something like that).
I have sent feedback to DriveThruRPG about this, asking for assistance. I have spoken to Adobe, who said that DRM was supposed to work on "one computer only" and backed that up by pointing me to their eBook FAQ (the same one linked to off DriveThru) as evidence that this is the way it is supposed to work.
I can't print the PDFs because I can not load them on machines that are connected to good printers. I am not going to spend thousands of dollars on a colour duplexing laser printer that I already have access to, but the files won't work.
Sure, like anyone wanting to spend 10 minutes, I can break the DRM and get a lower quality larger file, but I don't want to have to do that. I want the product to work.
I hope these are teething problems that will go away, because otherwise I can't see how stating a product will do something when only a fraction of people can get it to work is going to help. If I have to spend the time to break the DRM in order to print it, then why would I not just keep the DRM-less copy (it is not as if storage is expensive)?
If the DRM protection gets tougher, then I won't be able to print the product at all, and that gets to the territory of selling something under false pretences.
I am getting to hot under the collar here, but I want this to work for everyone. The publishers and the customers. The publishers think they are winning out because they are stopping piracy - that is just wrong. The customers are losing out because the functionality of the product has been crippled. I can't see a fix to this with DRM in place; but then I am not a digital security expert. However, if the products don't do what they are promised to do for everyone, then I think Steve and Scott need to see that as a problem.
Richard Canning
I personally can not got the DRM protected files to work the way I need them to. I downloaded them and could view them at home no problem, but when I did a "Save a Copy" from "My Bookshelf" and then gave it to my wife, who took it to work, logged into Adobe DRM with my username and password and tried to open the file, it failed. The Adobe ID was logged in, but the file kept giving a "Bad Encryption Dictionary" error (or something like that).
I have sent feedback to DriveThruRPG about this, asking for assistance. I have spoken to Adobe, who said that DRM was supposed to work on "one computer only" and backed that up by pointing me to their eBook FAQ (the same one linked to off DriveThru) as evidence that this is the way it is supposed to work.
I can't print the PDFs because I can not load them on machines that are connected to good printers. I am not going to spend thousands of dollars on a colour duplexing laser printer that I already have access to, but the files won't work.
Sure, like anyone wanting to spend 10 minutes, I can break the DRM and get a lower quality larger file, but I don't want to have to do that. I want the product to work.
I hope these are teething problems that will go away, because otherwise I can't see how stating a product will do something when only a fraction of people can get it to work is going to help. If I have to spend the time to break the DRM in order to print it, then why would I not just keep the DRM-less copy (it is not as if storage is expensive)?
If the DRM protection gets tougher, then I won't be able to print the product at all, and that gets to the territory of selling something under false pretences.
I am getting to hot under the collar here, but I want this to work for everyone. The publishers and the customers. The publishers think they are winning out because they are stopping piracy - that is just wrong. The customers are losing out because the functionality of the product has been crippled. I can't see a fix to this with DRM in place; but then I am not a digital security expert. However, if the products don't do what they are promised to do for everyone, then I think Steve and Scott need to see that as a problem.
Richard Canning
Tsyr
Explorer
RCanning said:
The wrong part is that they think this actually WILL stop piracy.
I restate what I have stated elsewhere: This is *only* a pain in the ass for the people who actually bother enough to follow the law. For people who didn't in the first place, this doesn't change things *at all*. Adobe DRM documents are *not* secure, and have not been since their inception many years ago, which is why so few people are foolish enough to rely on them when sensative data is at risk.
Adobe DRM is the equivilant of those 'toy' locks kids get out of gumball machines at the store for a quarter. They 'work', and yeah, I guess you could lock something with them. But they won't stop *anyone*. You don't have to be some 1337 locksmith of a ubercriminal... A toothpick will pick one, and you can just snap'em off with a good sharp twist of your wrist if you're impatient.
Repeating: They only matter to people to whom wouldn't steal the product in the first place.
Cergorach
The Laughing One
If you use the right program, it doesn't have to be 5x as large, use pdfFactory to print to an unDRMed pdf with selectable text intact.Dimwhit said:
People always report that they can do things they actually can't. I've seen it in the past that when confronted such people actually didn't know a thing, and where just screaming this so that the security would be removed.Tsyr said:
The point was finding a print to pdf driver that doesn't care about any of the 'security' code that's send to the printer.
Yup, but with every new version of Adobe there were improvements, the links used in that security document would only work for pdfs that weren't using the current incarnation of Adobe DRM.Tsyr said:
Absolutely, this isn't cracking anything, it's just using the right tool for the right job. Although it would be nice if when people say they can do it, they actually tell you how to do it, because otherwise it has no value (to either the consumer or the publisher).DanMcS said:
Cergorach
The Laughing One
When you get the "Bad Encryption Dictionary" error go toRCanning said:
https://aractivate.adobe.com/eden/EdenUI.asp and reactivate your Adobe DRM on the pc you have trouble with (you can do this as often as you want). This should solve the problem, it did for me.
I've currently activated my third pc, having absolutely no problems what so ever. Obviously, a helpdesk in india isn't going to be very helpful ;-)
If you want to, it doesn't have to be larger or of lower quality...
I really don't want to get condesending, but can you blame publishers that you can't get certain software to work, or more specifically, that you can't get your wife to get it to work on her pc at work?
RCanning
First Post
Cergorach said:
Thanks, we will try that again. We were just going to the page that it brought up asking us to relog onto, trusting that it was sending us to the correct URL. It might not have been.
Well, I wouldn't have to hand it to her to print if I could do it myself, but as my work has an SOE with Acrobat Reader 5, I can't print them myself anymore. DTRPG are saying that you can take it somewhere to print, that is all I am trying to do.
Thanks for the advice.
Richard Canning
Flyspeck23
First Post
And see how easily this is accomplishedRCanning said:
That's a difference between PDFs and, say, computer games. Both have a copy protection now, but you're encouraged to take your PDF to other PCs...
If publishers made their PDFs to be read on screen too, DRM wouldn't be that awful...
Tsyr
Explorer
Cergorach said:
In this case, I'm inclined to take their word on it. It is *painfully* simple.
Cergorach said:
Which is *not* hard to do.
Cergorach said:
Actually, most of the security flaws outlined in this '01 document are still there, excepting one which relied a commercial program that Adobe sued the maker of.
And in that case, what got them sued was they were making it a point of sale that their product did something plenty of other software programs will do anyways, but don't advertise it.
I'm not talking about some script kiddie's page of links to cracks. I'm talking about an evaluation of the fundamental flaws inherent to DRM encryption, and using it in the manner that DTRPG is using it, most of which have not changed since day one.
Cergorach said:
Hypotheticly, I have no desire to tell the publisher how to make this better. I want every company using it to drop it, and if DTRPG were to go bankrupt, I wouldn't shed a tear.
That said, posting instructions on how to do this could get my ass sued six ways from sunday by the DMCA lawyers. I've not commited a crime, and don't plan to. DRM encryption is so flimsy that it can be broken by ACCIDENT, anyways, so it doesn't matter. If it's a shock to *anyone* that DRM encryption is so shoddy (As it has been proven to be time and time again for *years*), DRM isn't the answer for them anyhow.
Put it this way: Anyone who listened to fair, un-biased by marketing hype list of the insecurities of DRM would either abandon the technology (As it is effectivly worthless for this particular implimentation), or wouldn't believe it.
This is all ignoring that basic truth that, if you let people open it in the first place, SOMEONE will find a way to pirate it. It just happens that DRM doesn't even make it a challenge.
Last edited:
The Mad Kaiser
First Post
Why DRM Sucks
Why DRM Sucks: is the DRM glass half full, or half empty?
The Experience is Unsatisfying
Even the best DRM technology takes away some capabilities from the consumer; it is a business issue, not a technology one, to give consumers something in exchange.
The Requirements for DRM are Contradictory
To name just one of the contradictions:
A must-have capability for consumers is "fair use:"
i.e. the legitimate copying of content under certain circumstances, such as making a copy of a CD you own to listen to in the car.
A must-have capability for content owners is piracy prevention
i.e. preventing any copying beyond "fair use."
But the difference between fair use and piracy is one of HUMAN INTENT, which no foreseeable technology can divine. So, since content owners cannot technologically restrict copying to "fair use", there is a strong temptation to PREVENT COPYING ALTOGETHER.
Consumers hate this and are showing considerable resistance to systems of this type.
And there are still more requirements that a reasonable person might add:
That a DRM system be lightweight and user friendly.
That it offer new benefits as well as new restrictions.
That it be quickly deployable on mass-market legacy platforms such as PCs, preferably without distributing hardware.
That it support multiple platforms and DRM vendors, and content migration between them.
That it provide "uncrackable" security.
That it support multiple content types such as audio, video, text, and software.
That it support multi-tier distribution, peer-to-peer distribution, superdistribution etc.
If success for DRM is defined as having one system which meets most or all of these requirements simultaneously, then DRM will fail.
DRM Is Philosophically Wrong
Some people argue that there is inherently NO SUCH THING AS GOOD DRM. It goes beyond the unfortunate fact that many existing DRM systems are implemented poorly. In this view, DRM is evil at worst and futile at best.
Some proponents of this view are simply anti-business and don't care if anyone makes money. More moderate advocates claim that, with creative business rules, you can still make money without DRM. People are, on the whole, inherently honest: they will pay for quality content even if they don't have to. Systems which embody this line of thought include The Street Performer Protocol, Tipster, the The Gift Economy and Fairtunes.
Such honor based initiatives are a resounding flop. The issue is not so much dishonesty as inconvenience.
In such systems, acquiring usable content, and acquiring legitimate rights to it (or even making a "feel-good" contribution to the artist) ARE TWO UNRELATED PROCESSES. It may cross someone's mind to pay the creator of a favorite MP3 file. But will people go to considerable effort, personally, to find out how, and follow-up with action ? Probably not. It's just not convenient.
If it does nothing else, a good DRM system addresses this issue by making it ONE PROCESS to acquire both USABLE CONTENT and THE ASSOCIATED RIGHTS.
DRM Kills "Fair Use"
As described in impossible requirements, technology which controls access to content is inherently incapable of exactly matching the current legal concepts of "fair use."
There is no direct way around this problem. Eventually, the definition of fair use will have to evolve to something technologically verifiable e.g. "n" permissible copies in "m" formats on "x" devices. Unfortunately, technology which behaves as above is hard to build and easy to crack, and in the meantime, content owners are trying to simply prevent copying altogether. Consumers owe it to themselves to fight this trend.
DRM Is Futile, Because It Will Always Be Cracked
This line of reasoning starts and ends with the assumption that a "crack" will likely be produced for any given content-protection scheme.
After all, if a crack exists, and the Internet makes it available to everyone, then everyone will use it, and nobody will legitimately buy content, right? An example of this school of thought, by the respected cryptographer Bruce Schneier, can be found here. This article attacks copy protection, and I happen to agree with Bruce that copy protection per se is stupid. However the train of thought clearly extends to other DRM systems.
From a pure security point of view, DRM cracks are always possible, they are often produced, and when produced, they are usually discoverable on the Internet. What this argument ignores is that cracks are a nuisance and a substantial portion of the user community would prefer not to use them.
It's partly a question of honesty, but it is more about convenience and good business. Getting and applying a crack (and the crack for your next upgrade, and the crack for the crack detector, and the crack for your next computer, and..) puts users on an inconvenient, underground treadmill of support issues and flaky software made even flakier.
And an intelligent content owner can offer the legitimate user services based around the content, which add additional value beyond pirated or "cracked" content. Conversely, if an unimaginative content vendor makes legitimate on-line access to the content impossible, exorbitant, or user-hostile, then a large portion of the user community may take a dishonest route such as applying cracks.
The point is, the market for legitimate on-line content, including DRM, is there for the content owners to win or lose. Today, at least in music, they are losing. But they're not losing because their DRM is crackable. They're losing because they have not given on-line consumers value. When they get around, sooner or later, to giving consumers value through reasonable business options, many consumers will be quite happy to pay, and quite uninterested in applying cracks.
Even Microsoft has acknowledged in their Darknet paper (here) that cracks and their associated underground networks will always exist, and that uncrackable DRM, although many would like to have it, is neither achievable nor necessary.
It Robs the Future
If all content is created in, or migrates to, digital form, and all digital content is copy-protected, how will we access any of this content in 50 or 100 years? Dan Bricklin covers the issue well in this article. Personally, I think Dan is only partly right. The migration to digital form, even without copy protection, has already shortened the lifetime of content. No sooner were on-line news services available in the 1980s, than controversy arose over inconvenient articles "disappearing" from newspaper databases. More recently, a significant online archive in the UK, the Digital Domesday Book, has been off-line for ages due to obsolete technology and only revived with extraordinary effort.
In the long run, it has to be possible - and legal - for people other than content owners to archivally maintain digital content.
Uncontrolled Content is Freely Available Anyway
Most people who steal copyrighted materials don't have, or need, sophisticated technical knowledge. They don't need to apply cracks. They just download what they want from a peer-to-peer site or, for music, rip and/or burn it themselves from their own CDs.
Legacy formats like Red Book audio, .WAV and MP3 have no support for DRM, and they will be with us for a long time. So what's the point in adding DRM to new channels and formats? Pirates won't use them anyway, they'll just stick to these easy sources.
It is a good reason not to apply draconian DRM to new channels and formats. Users have a choice of whether to migrate: if they feel that the newer systems are unduly restrictive, they will stay with the old. And since media are shared between PCs and consumer electronics, this could adversely affect the consumer electronics industry as well as the PC and online industries.
DRM puts Big Brother in my PC!
Suppose we came to live in a world where every PC featured Palladium and the Fritz Chip? Such systems haven't been shown to truly benefit the average end user. In the worst case, they would exist to protect Hollywood content, and could be used to let technology companies (or your employer, or the government) take unilateral, ever-increasing, secret control of your PC and the data on it.
Fortunately, Microsoft appears to have realized that consumers don't want to be forced into such technology. They have publicly opposed efforts at "PC design-by-legislation" such as the Hollings bill, and even convinced the RIAA to support this stance.
But all is not sweetness and light yet. For example, the MPAA still supports mandatory copyright-control hardware, and Microsoft still seems to want increasing control of Windows PCs. Recent software license agreements from Microsoft (the ones we all ignore when we install, say, the latest Windows Media Player) give them ever-increasing rights to monitor and control your PC, such as by unnanounced, unstoppable "updates" which could, say, disable certain media playback capabilities in the name of copyright protection.
The recent news is somewhat encouraging, but these trends should be of concern to everyone with a computer and an Internet connection i.e. everyone reading this.
Content owners and consumers must remain free to choose from various technologies and business models, developed in open, competitive marketplaces. DRM is not, and never will be, good for free consumers.
Why DRM Sucks: is the DRM glass half full, or half empty?
The Experience is Unsatisfying
Even the best DRM technology takes away some capabilities from the consumer; it is a business issue, not a technology one, to give consumers something in exchange.
The Requirements for DRM are Contradictory
To name just one of the contradictions:
A must-have capability for consumers is "fair use:"
i.e. the legitimate copying of content under certain circumstances, such as making a copy of a CD you own to listen to in the car.
A must-have capability for content owners is piracy prevention
i.e. preventing any copying beyond "fair use."
But the difference between fair use and piracy is one of HUMAN INTENT, which no foreseeable technology can divine. So, since content owners cannot technologically restrict copying to "fair use", there is a strong temptation to PREVENT COPYING ALTOGETHER.
Consumers hate this and are showing considerable resistance to systems of this type.
And there are still more requirements that a reasonable person might add:
That a DRM system be lightweight and user friendly.
That it offer new benefits as well as new restrictions.
That it be quickly deployable on mass-market legacy platforms such as PCs, preferably without distributing hardware.
That it support multiple platforms and DRM vendors, and content migration between them.
That it provide "uncrackable" security.
That it support multiple content types such as audio, video, text, and software.
That it support multi-tier distribution, peer-to-peer distribution, superdistribution etc.
If success for DRM is defined as having one system which meets most or all of these requirements simultaneously, then DRM will fail.
DRM Is Philosophically Wrong
Some people argue that there is inherently NO SUCH THING AS GOOD DRM. It goes beyond the unfortunate fact that many existing DRM systems are implemented poorly. In this view, DRM is evil at worst and futile at best.
Some proponents of this view are simply anti-business and don't care if anyone makes money. More moderate advocates claim that, with creative business rules, you can still make money without DRM. People are, on the whole, inherently honest: they will pay for quality content even if they don't have to. Systems which embody this line of thought include The Street Performer Protocol, Tipster, the The Gift Economy and Fairtunes.
Such honor based initiatives are a resounding flop. The issue is not so much dishonesty as inconvenience.
In such systems, acquiring usable content, and acquiring legitimate rights to it (or even making a "feel-good" contribution to the artist) ARE TWO UNRELATED PROCESSES. It may cross someone's mind to pay the creator of a favorite MP3 file. But will people go to considerable effort, personally, to find out how, and follow-up with action ? Probably not. It's just not convenient.
If it does nothing else, a good DRM system addresses this issue by making it ONE PROCESS to acquire both USABLE CONTENT and THE ASSOCIATED RIGHTS.
DRM Kills "Fair Use"
As described in impossible requirements, technology which controls access to content is inherently incapable of exactly matching the current legal concepts of "fair use."
There is no direct way around this problem. Eventually, the definition of fair use will have to evolve to something technologically verifiable e.g. "n" permissible copies in "m" formats on "x" devices. Unfortunately, technology which behaves as above is hard to build and easy to crack, and in the meantime, content owners are trying to simply prevent copying altogether. Consumers owe it to themselves to fight this trend.
DRM Is Futile, Because It Will Always Be Cracked
This line of reasoning starts and ends with the assumption that a "crack" will likely be produced for any given content-protection scheme.
After all, if a crack exists, and the Internet makes it available to everyone, then everyone will use it, and nobody will legitimately buy content, right? An example of this school of thought, by the respected cryptographer Bruce Schneier, can be found here. This article attacks copy protection, and I happen to agree with Bruce that copy protection per se is stupid. However the train of thought clearly extends to other DRM systems.
From a pure security point of view, DRM cracks are always possible, they are often produced, and when produced, they are usually discoverable on the Internet. What this argument ignores is that cracks are a nuisance and a substantial portion of the user community would prefer not to use them.
It's partly a question of honesty, but it is more about convenience and good business. Getting and applying a crack (and the crack for your next upgrade, and the crack for the crack detector, and the crack for your next computer, and..) puts users on an inconvenient, underground treadmill of support issues and flaky software made even flakier.
And an intelligent content owner can offer the legitimate user services based around the content, which add additional value beyond pirated or "cracked" content. Conversely, if an unimaginative content vendor makes legitimate on-line access to the content impossible, exorbitant, or user-hostile, then a large portion of the user community may take a dishonest route such as applying cracks.
The point is, the market for legitimate on-line content, including DRM, is there for the content owners to win or lose. Today, at least in music, they are losing. But they're not losing because their DRM is crackable. They're losing because they have not given on-line consumers value. When they get around, sooner or later, to giving consumers value through reasonable business options, many consumers will be quite happy to pay, and quite uninterested in applying cracks.
Even Microsoft has acknowledged in their Darknet paper (here) that cracks and their associated underground networks will always exist, and that uncrackable DRM, although many would like to have it, is neither achievable nor necessary.
It Robs the Future
If all content is created in, or migrates to, digital form, and all digital content is copy-protected, how will we access any of this content in 50 or 100 years? Dan Bricklin covers the issue well in this article. Personally, I think Dan is only partly right. The migration to digital form, even without copy protection, has already shortened the lifetime of content. No sooner were on-line news services available in the 1980s, than controversy arose over inconvenient articles "disappearing" from newspaper databases. More recently, a significant online archive in the UK, the Digital Domesday Book, has been off-line for ages due to obsolete technology and only revived with extraordinary effort.
In the long run, it has to be possible - and legal - for people other than content owners to archivally maintain digital content.
Uncontrolled Content is Freely Available Anyway
Most people who steal copyrighted materials don't have, or need, sophisticated technical knowledge. They don't need to apply cracks. They just download what they want from a peer-to-peer site or, for music, rip and/or burn it themselves from their own CDs.
Legacy formats like Red Book audio, .WAV and MP3 have no support for DRM, and they will be with us for a long time. So what's the point in adding DRM to new channels and formats? Pirates won't use them anyway, they'll just stick to these easy sources.
It is a good reason not to apply draconian DRM to new channels and formats. Users have a choice of whether to migrate: if they feel that the newer systems are unduly restrictive, they will stay with the old. And since media are shared between PCs and consumer electronics, this could adversely affect the consumer electronics industry as well as the PC and online industries.
DRM puts Big Brother in my PC!
Suppose we came to live in a world where every PC featured Palladium and the Fritz Chip? Such systems haven't been shown to truly benefit the average end user. In the worst case, they would exist to protect Hollywood content, and could be used to let technology companies (or your employer, or the government) take unilateral, ever-increasing, secret control of your PC and the data on it.
Fortunately, Microsoft appears to have realized that consumers don't want to be forced into such technology. They have publicly opposed efforts at "PC design-by-legislation" such as the Hollings bill, and even convinced the RIAA to support this stance.
But all is not sweetness and light yet. For example, the MPAA still supports mandatory copyright-control hardware, and Microsoft still seems to want increasing control of Windows PCs. Recent software license agreements from Microsoft (the ones we all ignore when we install, say, the latest Windows Media Player) give them ever-increasing rights to monitor and control your PC, such as by unnanounced, unstoppable "updates" which could, say, disable certain media playback capabilities in the name of copyright protection.
The recent news is somewhat encouraging, but these trends should be of concern to everyone with a computer and an Internet connection i.e. everyone reading this.
Content owners and consumers must remain free to choose from various technologies and business models, developed in open, competitive marketplaces. DRM is not, and never will be, good for free consumers.
Similar Threads
