Open Source DRM Solutions? 369
Feint writes "I'm working on an business platform for inter-company collaboration based on an open source software stack. As part of that platform I would like to integrate some sort of digital rights management for the documents in the system. The vast majority of articles about DRM are focused how good or evil it is to apply DRM to digital music or video. I haven't seen many articles address open source solutions for protecting business data like CAD / MS Office / PDF / etc. documents, which is a real need in business today. Can the Slashdot readership suggest some open source DRM offerings other than the Sun DReaM initiative, which hasn't had a release since Jan. 2007?"
We call it... (Score:5, Informative)
This coward is correct! (Score:3, Informative)
Re:We call it... (Score:5, Insightful)
"trusted computing" nonsense won't change anything. It's just another pile of inconvenience for the paying users that will be snipped out entirely for the bittorrent version. Sony and Microsoft have been doing their best to build tamper-proof encryption-based hardware systems (playstation and xbox series), and they're all defeated by a modchip soldered onto the motherboard - you let the tamper-proof hardware do its thing and decrypt the data, then you snoop the data right off the memory bus on its way back from the chip.
Hardware is no harder to attack than software, it just needs different tools. DRM cannot ever work.
Re:We call it... (Score:4, Insightful)
I'm not aware of a mod-chip for the PS3. Your summary of how mod-chips work is incorrect anyway. And there isn't an off-chip bus carrying unencrypted data around on a real TCP. Get a clue.
Sure, maybe a million-dollar lab can open the chip inside a suitable vacuum and snoop the internal busses; for most people that's out of range, and the kind of people who run million-dollar labs don't tend to allow their use just to warez the latest game.
There's a clear economic message here - can you see it yet? When the cost of breaking DRM is higher than the profit to be made, DRM wins. It doesn't have to be perfect.
Now get with the program - DRM is a clear and present danger to our way of life. Don't sleepwalk into it.
Re:We call it... (Score:4, Insightful)
There's a clear economic message here - can you see it yet? When the cost of breaking DRM is higher than the profit to be made, DRM wins. It doesn't have to be perfect.
Well it allows DRM vendors to sell DRM systems. The technical difficulty of breaking DRM has to be higher than the average executive at a record company.
However, there are at least four aspects to the problems for DRM to actually work as you have described, i.e. as 'resistance' that stops the kids from copying enough for them to get on the bus, queue at a checkout and go home again.
1. Politics: The majority of people don't believe in the propaganda of the content industries. Even those that think they do, don't appear able to act on their beliefs.
2. Communication: You only have to break it once, then the means of circumvention can be spread at the speed of Ethernet.
3. Physics: It is harder and slower to build and deploy restrictions than destroy them.
4. Sociology: The productivity of a grown-up working in an office with paperwork, clocking out at 5, family commitments etc, is far lower than some dedicated student working 24 hours per day to get their Blue-ray player to 'work'.
Re: (Score:3, Insightful)
As soon as your encrypted file is transformed into sound (good old analog sound). I can copy it. The quality loss can become almost insignificant (for most people IMHO) if you have a relative good installation.
kids will soon rediscover what we used to do with K7 and other Analog medium if numeric-to-numeric copy becomes too hard. it will be numeric-analog-n
Re:We call it... (Score:5, Insightful)
Encryption is all about securing data so you can send it safely from A to C without B being able to read it. The problem with DRM is that B and C are the same person.
This reality will _never_ change despite what technology is being used. In order for our senses to comprehend the signal or heck even if it were sent as a direct data stream to our brain--the man in the middle is us and we can, if we so choose, mold that stream into whatever we want.
Re:We call it... (Score:5, Interesting)
The alternative is easier nowadays: Piracy - It Just Works. With sites like ThePirateBay and easy to use Bittorrent clients like uTorrent and the likes, and with fast net connections, pirating HD content is seriously becoming easier for average users than getting it in a legit way.
Open Source DRM? (Score:5, Funny)
I'm sure we could (Score:5, Interesting)
Re:I'm sure we could (Score:4, Insightful)
Well, that's the rub isn't it, OSS being conceptually antithetical to DRM. Most open source licenses (hi BSD guys) require contributing your own work back to the collective good.
I second the earlier idea that encrypting your data is the best option, and submit for review the existence of libcrypt [gnupg.org] as an efficient means of accomplishing said goal.
Real World Scenarios (Score:5, Interesting)
I.E. - Engineers and CAD designers are the only ones that can see pre-production drawings. Pre-production drawings are not accessible from line terminals, only engineering or conference room workstations. Line terminals can not print drawings, though they can print some other things. Line terminals and assembly people can't even open non-production documents.
Considering many electronics assembly shops have people on staff that used to (like, last week) work for a competitor the possibility of moles in real. So, prevent documents from being opened by non-authorized personnel. Prevent drawings from being printed, copied to removable media, etc.
I've had to deal with all of that in a manufacturing environment.
Re: (Score:2)
Re:I'm sure we could (Score:4, Insightful)
So when you share your name, address and credit card number (commonly considered 'personal data') with Amazon, under the 'information wants to be free' principle they can share it with whoever they want?
When you share your passport, National Insurance and driver's licence numbers, family details and NHS numbers [bbc.co.uk] with the MoD when you apply to join the armed forces, it's not such a big issue if they then (inadvertently) share it with the public?
The vast majority of your personal data will be shared with some person, company or organisation at some point. That's the whole point of having personal data in the first place. It then stands to reason that the definition of 'privacy' is that it is not then shared any further.
Re: (Score:2)
In order to build secure systems for our own reasonable purposes. It would be really nice if I could have a system which is not hackable except by me, but is truly hackable by me. And you could have yours.
Re: (Score:2)
Take a good look at the history
Re: (Score:2)
Well why dont you try and refute it instead of just making a baseless slur.
Re: (Score:2)
Unclear On The Concept of "Open?" (Score:5, Funny)
Do we have open-source Tasers? I'm also after open-source software to rig voting machines.
I look in freshmeat and SourceForge - but they mostly seem to be oriented to freeing people, not locking 'em up.
Re: (Score:2)
Re:Unclear On The Concept of "Open?" (Score:4, Funny)
Too busy (Score:3, Funny)
Re:Too busy (Score:4, Funny)
Why not simple passwords? (Score:2, Insightful)
Re: (Score:2)
If you want to limit documents or files to specific users why not use ACL's then you never have to worry about pass
Re: (Score:3, Interesting)
Passwords can be applied in any number of ways. You can base it on pgp keys, if you want to limit the specific people who have access to the documents; or, you can do a one-size-fits-all solution, just applying a password to a file, and giving that password to those who need access.
Recently I was considering a solution to a professional problem that included some sort of DRM[1], albeit of a temporary sort.
As a part-time translator, I have in several occasions worked for people who got their translations, but failed to pay up. Some of my colleagues have had even worse problems of that sort.
The idea was, if they don't pay, have the file self-encrypt or self-destruct. Of course, since they could easily just copy and paste the contents in a new document, all this is really moot. Actua
It's an oxymoron (Score:5, Insightful)
Re: (Score:2, Insightful)
Re:It's an oxymoron (Score:4, Insightful)
You are making the same mistake that people who insist on coming up with DRM schemes make...
A DRM scheme is an attempt at giving someone the encrypted file and the decription key, with the intent of protecting the content against that precise someone. GPG, on the other hand, is a scheme which attempts to protect the encrypted files from those who do not have the decription key.
It is not that difficult, really...
Re: (Score:3, Insightful)
Re:It's an oxymoron (Score:5, Interesting)
DRM is a twisted variant of crypto. If Alice sends a message to Bob using GPG, Eve can't read it because she doesn't have the key. In this case, Bob is the intended recipient, and Eve is the unintended recipient. In the case of DRM, Alice encrypts software and gives it to Bob. So, if Alice doesn't give Bob the key, Bob can't use the software. If Alice does, then Bob can break the DRM, having both the key and the code.
So, in DRM, Bob and Eve are the same person. DRM is not only socially undesirable, it's sexually perverse.
Re:It's an oxymoron (Score:4, Funny)
hey now, keep your Judeo-Christian mores to yourself. Some /. folk like the idea of Bob and Eve being the same person.
Re: (Score:2)
Re:It's an oxymoron (Score:4, Informative)
Crypto works because you give the decryption-key to the intended recipient, but others don't know it, and can't easily guess it since it's a large random string.
But with DRM, you give the recipient the file *AND* the decryption-key, and then say: You may use this key to decrypt the file and display it on your screen; but not to decrypt it and print it on your printer ! (for example)
That is fundamentally impossible to enforce. The decryption-algorithm does not care what happens to the file AFTERWARDS.
Re: (Score:2)
That is fundamentally impossible to enforce. The decryption-algorithm does not care what happens to the file AFTERWARDS.
No, not really. It's just fundamentally impossible to enforce in the wild.
In a controlled business environment, this can be setup so that any attempt to break the DRM sends a clear signal to the company of an employee's activities. And if you can't think of reasons where a business wouldn't want DRM, I say you're just limiting your ideal of what kind of company would use Open Source Software if they could.
Re:It's an oxymoron (Score:5, Insightful)
On a theoretical level, you can't both give an open-source program all of the information required to decrypt a stream, and still prevent it from decryping the stream in ways that you don't approve of. The end user has all of the information required to have full control over the process.
At some point hardware attachments may make open-source DRM possible by hiding some of the required information. Or we may reach some compromise of semi-open DRM. But until then, Open Source DRM appears to violate a fundamental law of information science, much like perpetual motion machines violate thermodynamics.
Re: (Score:2)
The article asked for DRM.
Neither of the packages you mentioned involve or support DRM.
-
Also note: (Score:3, Insightful)
But that is pretty much the only way to give someone the source, but not the content -- assuming you are trying to protect content. If you are trying to prevent people from copying your code, then you completely missed the point of "open source".
I would very much like to see a followup article, or a clarification, or some comment by the guy who made this post, to find out j
Talk about a contradiction in terms. (Score:5, Insightful)
DRM is about Alice/Bob/Eve cryptography where Bob and Eve are the same person. All DRM tries to work by hiding the Implementation - Universally, it fails.
Open source is about revealing the implementation.
OpenDRM. Just say Huh?!
Re: (Score:2, Funny)
Re: (Score:3, Informative)
Re: (Score:2, Interesting)
All DRM tries to work by hiding the Implementation - Universally, it fails.
That's not true. Obfuscation is just one of the layers in any DRM system (and also in security in general). Relying on obfuscation alone is what's bad practice -- not the presence of obfuscation itself.
DRM technologies work on essentially the same principles as PGP. The content being protected will usually be encrypted/decrypted using a symmetric key. This key is then protected using PKI (i.e. the content key is encrypted using each user's private key) -- that's the key management part of it.
I do agree tha
Isn't that an oxymoron? (Score:5, Interesting)
Use encryption if you want safety. But you still can't prevent the people who have legitimate access from doing whatever they want to the documents.
Re:Isn't that an oxymoron? (Score:5, Funny)
Unless, and I think this is what he is after, you hire a group of armed commandos/Stallman look-a-likes (to keep it open source) to detail every end user of your media. With a gun to the head... making decisions about media becomes much more serious business.
Open Source Stallman Commando: Don't even think about putting that in your shared folder! If this ends up on bittorrent, it's a 7.62mm round right to the groin!!!
User: Oh my god... please don't kill me... (gets hit with the butt of the commando's rifle)
Commando: One more word and I swear I pull the trigger!
I'm not sure, but that may be the most workable DRM solution anyone has ever come up with.
Re: (Score:2)
What do you need the DRM scheme's source code for? Most major algorithms are loosely guarded if not totally open secrets.
DRM schemes rely on playback software and devices managing to keep their decryption keys hidden from their users... and so far, breaking them (finding a way to bypass safeguards and traps to locate plain-text keys) has always been a matter of days or weeks. Since OSS DRM would have no way of hiding the keys from
Re: (Score:2)
Yes, you need both the code and the keys to break DRM*. At least one of the two must be hidden. The point is that, with open source, both must be given in plain view, so it doesn't work.
* Sometimes, you can even break it without the keys if the algorithm itself can be attacked.
Re: (Score:2)
That is so wrong it isn't even funny. Hell, that is Microsoft's main argument about Closed Source vs Open Source. "If you could see the code, you could hack anything! Nothing would be safe!"
You have (or can have) the code for GnuPG, but does that mean you can break the data encrypted with it. And no, DRM isn't special in that way.
I have terminals at work on a production
RE (Score:5, Informative)
The only open source system I am aware is OpenKM[http://www.openkm.com/].
Open Source ECM (Score:5, Informative)
Open Source DRM is Oxymoronic (Score:2)
You're probably in for a disappointing search (Score:5, Informative)
Most people smart enough to program such a thing are also smart enough to know it can never work. People who do create/sell/push drm solutions are selling snake oil.
Your best bet is to use PGP and simply encrypt your data, and trade public keys with your intended recipients. And plan ahead - once someone can see it, assume they can always see it. The whole "revoking a key" bit is the snake oil part of DRM.
Re: (Score:2)
My recommendation would be PGP, too. That would be the way to go. As long as the members of your company can secure their private/public keys, you can keep good control over who will have access to what.
If the members of your company fail to secure their keys? Well...
Responsible Behavior [xkcd.com]: "I got too drunk. I screwed up, bad".
Re: (Score:2)
There is a precedent for open source DRM.. (Score:5, Informative)
Re: (Score:3, Informative)
It is still an oxymoron.
If you see my comment [slashdot.org] posted shortly after yours, I mention OGG-S/Media-S. They are, at least, honest about their "open source" DRM system. In their FAQ they explain while it is GPL'd, you can buy a (closed-source) license so that it's anything other than a public-key encryption system. ergo: Open source DRM is an oxymoron.
Easy solution (Score:3, Insightful)
Re:Easy solution (Score:5, Insightful)
Yes, this exists (Score:5, Informative)
DRM makes it hard for people to leak a file. It does not spend very much effort, if any, on authenticating the initial owner of the file (for example, anyone who picks up a DVD can play it, although they can't copy it to a new DVD). In a business environment, you're usually far more worried about authenticating the file's recipient and making sure the original does not accidentally reach anyone else's computer, than about preventing a cooperative person from intentionally leaking the file. (In most cases, you do want to permit them to print, copy-and-paste, etc. the document. These would all be prevented by DRM because they all make it easy to leak the file.)
The other failing of DRM, as I'm sure you've seen discussed, is that it's crackable by mere cleverness. If you're going to permit someone to view a file on screen (or hear an audio clip over headphones), you can always take a screenshot (or recording) and leak that. HDCP and so forth make the screenshot harder, but nothing prevents you from pointing a camera at the TV. It will be low quality but it will be a leak. PKI, on the other hand, is only crackable by brute-force searches of the key space, or (unlikely though possible) sufficiently smart mathematicians.
Encryption, but why do you need it? (Score:2)
Most of what you want can be implemented by encrypting/decrypting on the fly as files are opened by signed in users. That is how most programs work. If that won't work for you then you need to organize how the program/files will be accessed in order to establish what control is needed.
DRM in a nutshell... (Score:5, Interesting)
Such a system is untenable with proprietary software (just need to find the right memory address), and absolutely impossible with open source software, as you can simply remove the line in the program that tells it what actions not to allow. (See xpdf). With proprietary DRM systems, the companies just hope it's difficult enough to decipher the compiled code of the proprietary programs, that it takes a while before someone finds the right spots in memory to probe/change, and publishes the details... Then, they make trivial changes to the DRM system, and call it a new, "fixed" version that everyone should start using quickly (before someone figures it out).
The only thing DRM can do effectively, is to prevent the first opening of the file. After you send that first key (eg. via server), no matter what the DRM involved, the user can (trivially) strip the DRM off, and do whatever they want with the unencrypted file.
If that is what you want... I would suggest using public-key encryption to protect the file instead of a commercial "DRM" system. Either PGP or SSL (keys in combination with a password) can make absolutely sure only the intended recipient can make use of the file, even if others obtain copies of it. If you are expecting any more control over what others do with the file, you are simply denying reality.
All that said, here is one open source DRM system: http://www.sidespace.com/products/oggs/ [sidespace.com]
And if you WANT more... (Score:5, Informative)
Instead you should save your money and hire a lawyer instead who will draft up NDAs for you to have people sign in order to protect those documents/secrets you want tightly controlled.
Technical solutions will not cut it. They never will. You are throwing your money away.
Hire a lawyer, and only give the documents to people who ABSOLUTELY need it and is worth the time to get contracts involved with.
Have we not discussed this before? (Score:4, Insightful)
Point. Learn good computer security practices.
I want DRM to dissappear from this world forever/
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What about computers you don't own? For example, the ones people use at the office. The PC, and all the data on it, belong to the COMPANY, and not you.
To do your job, you need to see data. You have no legitimate business need to print, copy or otherwise transfer that data anywhere. Other people have different needs with the same data.
DRM assures the rights that each group needs are all that they get. Least privilege is what
Re: (Score:2)
DRM assures the rights that each group needs are all that they get. Least privilege is what they call it.
You're talking about normal operating system security. This has nothing to do with DRM. DRM is all about using technology to control an otherwise free agent when something is "sold".
---
DRM'ed content breaks the copyright bargain, the first sale doctrine and fair use provisions. It should not be possible to copyright DRM'ed content.
Re: (Score:3, Informative)
Re: (Score:2)
DRM, at least as I believe it is being used in this discussion, is short for "digital rights management". This can be interpreted in a much wider perspective than just as it is applied for DVD's or iTMS purchased files.
Well you'd be broadening the definition of DRM. Digital *Rights* Management is about protecting author's *copyright*
I would include a hospital system where the accounting department can list what tests have been performed for you, but can't see what the actual test results are, as having DRM.
That's called "Access Control". It's a fundamental part of computer security. DRM is not.
Heck, an ATM is a DRM system. you put in a card and a PIN, you have the 'right' to view your balances
I doubt there's an actual law that says you have this _right_. If I insert my card, enter my pin and the ATM suddenly goes out of service and spits out my card, can I sue my bank due to a _violation of my rights_?
-Stor
Re: (Score:2)
Convince your business not to waste the money. (Score:5, Interesting)
Here's what's become my business-side take on DRM: don't bother.
DRM systems set the bar too high for honest users who just need to get some work done, and too low for malicious users.
Corporate espionage in mind? Just make screen-captures. That won't work? Digital camera, anyone?
You can't make it work, principally because there's no way to both show and not show the same document to an end user. The security is only as good as your trusted users are.
You can also appeal to reason on financial grounds: the Hollywood studios are extremely motivated to make DRM work, have pored in millions and haven't hit on anything at all that prevents piracy.
If they can't do it, you probably can't either, and should probably focus on differentiating your content by making it sticky and extremely easy to use.
Re: (Score:3, Interesting)
In the case of a web site, it could mean going from a login business model to an ad-supported model; with your content in the open instead of hidden behind a login, users are free to fall in love with it and return daily.
In the case of an analyst report, it could mean that instead of trying to protect the report to the hilt, you instead use wide a
Re: (Score:2)
I'd try a camcorder and set it up to show the records on the screen at a rate that would allow the video to still be read by an OCR program. I'm unsure whether digital or analog would be better for this.
If you could capture 30 fps and 1 record a frame, that's 10800 records an hour. That's under 93 hours. Depending on your workplace, you could split that into short periods, lunch hours, night time, weekends, or just constantly.
DRM or ACL (Score:2)
or do you want to control the access rights?
It would seem to be 2 different issues.
Do you really want to send this data out in to the wilderness to lots of people you don't trust on the hope they might pay you?
Or are you more looking for a system where trusted colaberators can freely share information in a more flowing fashion.
Re: (Score:2)
or do you want to control the access rights?
This is really the issue at hand here. DRM that prevents people from copying software is protection via obscurity. open sourcing this means nothing and is a complete waste of time. DRM to control access rights can simply use configuration files and digital signatures - these algorithms can be public. if a user changes the configuration file (access rights), they are blocked from using the material because the signature will fai
Re: (Score:2)
What is really important in these sorts of situations is stopping an altered version of that document getting mixed in the official stream and causing confusion.
If as a bonus you can have a document that self destructs (so to speak) when it goes out or date or can't be varified that would be a major plus.
I know working on $xxx million construction projects big issues crop up with if people don't use the current info
Minimal DRM (Score:3, Informative)
There's basically two kinds of DRM in the world: DRM that's been broken and DRM that no one has cared to break.
So, that said, here's some python DRM you can use which I am releasing into the public domain:
(replace _ with spaces)
A simple DRM solution (Score:2)
Counterintuitive (Score:2)
The main purpose of DRM is to insure that some of a device's native capabilities (eg, the ability to copy bits) are
THAT is why FOSS DRM does not really exist (and why nobody uses Sun's DReaM). It's not about software quality control - it's a flaw in the designed intent of these systems that you can point
Oh brother, not this again (Score:2, Informative)
Cory Doctorow was been over this a couple of years ago when Sun came up with the (I'm guessing abandoned) idea of an Open Source DRM. Here, go read why it's oxymoronic: DRM != SSL [boingboing.net]
Any protection scheme where your customer and your attacker are the same party, doomed to failure, IMO.
Do not buy any DRM-encumbered products. Make a statement about this by not participating.
That is not logical. (Score:4, Interesting)
can we produce a filled emptyness?
can we produce a hard softness?
can we produce a rich poverty?
can we produce an Open DRM?
err... not really?
Re: (Score:2)
The only real answer (Score:2)
Licence limiting software is a real pain and time sink. I've been halted in the last couple of weeks by one with a Y2K bug of all things, have others limited to dongles on real parallel ports (USB converters have a different memory address to a parallel port in MS Windows) and have to kee
I understand what he wants.... (Score:3, Insightful)
In business there are things like trade secrets, documents, drawings and the like that you have to distribute to a jobber or some other outside entity to accomplish a task, but you really only want the outside entity to have them for the amount of time that they actually need them to get a task completed.
Typically this has been accomplished via NDA's or other legal agreements. It appears that in some instances they want more then a "promise" to destroy the information when it is no longer useful for the legitimate contracted purpose. Sort of like the old "This tape will self destruct in 10 seconds" gag from mission impossible.
The problem is that it really cannot be accomplished. You can use PGP or IronKey (tm) as others have suggested but that only prevents the material from being easily viewed by 3rd parties and does not address the "self destruct" desire.
I really cannot think of a way to make that happen. Every method that I can think of requires the destruct method to either be built into the data ( as a code block ) but even then something has to execute that code, and that is simply worked around.
It basically has to come down to trust. Either you trust the outside entities that you deal with or you don't. When I was in the military I had access to classified materials, and I was looked over from front to back top to bottom, my friends and neighbors were interviewed as well as my Principal from High School.
Sadly, I think the last 8 years of the current administration have re-enforced the notion of mistrust and it has found its way deep into the culture of corporate America.
Re: (Score:2)
DRM isnt useless (Score:2)
Just try using adobe ebooks, (not the protected pdfs) but the actual ebooks being sold. EBX_HANDLER errors and no real way to remove that crap
A publisher should not have the power to say you cannot print a file, but sadly they do.
Just use encryption (Score:2)
Two solutions (Score:2)
Paranoia is contagious... if you show people you suspect that they're devious bastards, they'll arrange to be devious bastards. If you trust people for the most part, they'll be trustworthy. I'm not saying put everything on a publicly available website, but show your employees a little faith and they'll believe in you, and just keep a little eye out for things that aren't right. You don't nee
DoD (Score:2)
IBM TCPA (Score:3, Informative)
Open-source and DRM incompatible (Score:2)
They're mutually exclusive. The only way to enforce DRM is to encrypt the contents and only permit decryption when authorized. But, to decrypt the content you have to have the decryption key present. If the software is open-source, anyone can simply change the code to dump out the decryption key. Once they have the key, they can decrypt the content exactly as if they were authorized to do so. Or, they can simply change the code so the enforcing application always gets back "Yes." as the answer to "Is this o
I've said it before (Score:2)
All it takes is for ONE dedicated geek to build a phonograph, the copy then hits the internet and it's game over. Not even locking down the hardware will help because a single output wire operating at 50khz or above will be able to reproduce the sound. You would have to sniff every single port on the computer for
DRM is sexy (Score:2)
One of the big problems with DRM is that it's a sexy technology.
Technologists and businessmen just love the idea of being able to control other people in ways that were not possible before and that's why DRM keeps resurfacing. I know, I used to like DRM myself until I grew up and realized that it was simply not in my interest to live in a supposedly free society when DRM does end-runs around everything from first sale doctrine to fair use provisions to the copyright bargain to free enterprise. This is bec
You need to define your business need first (Score:3, Insightful)
You should really first see if the disadvantages outweigh the benefits, from what I read you're simply after some method to protect information from disclosure. Well, encrypt it. Just don't use any DRM related solution because you're inflicting a serial chain of single points of failures on your business, and it'll screw any backup and recovery strategy as well. Just don't. You really don't know just how much trouble you're heading for.
From the trenches (long) (Score:3, Insightful)
I make a living selling copyable software which has no DRM or copy protection, so I'm taking a bunch of time to explain how I'm doing that in the hopes Slashdot minds will find it interesting. This isn't hypothetical, it pays my bills. I'm betting it will continue to do so...
The software is mostly plugins for Logic etc. (Audio Unit format) but I'm also getting some other tools together like an animation program. This isn't free software- I'll talk pretty freely about how I do what I do but I don't distribute the code, and I pick some software products to give away at no cost and other products to sell, never for more than $60 before VAT etc. (lots of my sales are overseas, I'm in the USA)
Almost every (every?) commercial plug-in maker uses DRM, sometimes insanely intrusive stuff. There's stuff that has to dial home in order to be 'authorized' and you only get 3 or 4 goes before it is shut off, there's stuff that uses one of several dongles (iLok is the most common but there are others), etc.
I use NOTHING- once you have the plugin, I expect you to use it, back it up for safe keeping, use it on whichever computers you need it, including the new Logic nodes for DAW clustering that Apple's come up with. There isn't a line of code in there to take the plugin away from you, ever. It's a matter of principle.
At the same time, I expect people not to copy these to their friends, put them on websites, anything like that. You are only supposed to get them from me. It's done through a variation on DRM by Kagi Shareware, who are my store-runners: they have a thing they'd like to see people use more, called Kagi's Digital Download Service. This could be open source if people wanted one like it- how it works is, a purchaser is given a temporary download URL. It's open for X downloads or X days and then it's no longer valid, so if someone posted one of these somewhere it would go dead quickly. The neat thing is, if there's a problem and someone emails me I can check my copies of the Kagi receipts, and see if a sale went through. If it did- the reply email contains a copy of the thing they bought- I don't have to wait for Kagi's systems to be fixed, because the customer only needs the plugin, not access to some authorization server.
This brings me to my point about DRM, one I take very seriously- I've been thinking about this for some time having been a Slashdotter from way back. (that's easily proved, at any rate
There are two ways you can get a person to do something- push them or entice them. DRM is strictly push-ville. The big assumption you make there is that the enticement is basically infinite- the person MUST buy your thing, or steal it, so it's all about getting really tough with them to compel them not to steal it.
I make a different assumption, and it's paying my mortgage. I may not be putting out lots of open source code (though anyone from an OSS project wishing audio tips is welcome to talk with me endlessly) but I assume the person must CHOOSE to buy your thing or steal it.
No matter who it is, they still must choose. It doesn't matter if they're 14, have never bought something before, and have found my stuff on an FTP site somewhere- even if the choice seems compellingly obvious, people CHOOSE to copy stuff that's not intended to be copied. (to use the non-thief terminology)
I get to make choices as well. For instance, current law is very friendly to me talking to such an FTP site and telling them, please remove those files now. It's easy to monitor, they'd have no real leg to stand on, and I'd be entitled to want that done since it's my stuff.
The site itself CHOOSES to include my stuff (if they can get it) or not to bother- or
Re: (Score:2)
And the difference between "read" and "full" is what, again? We're not talking about a file system here; we're talking about a document that you've given the other person, that you're trying to allow them to "read" but not "read".
As another poster put it, DRM is the Alice / Bob / Eve problem... where Bob and Eve are the same person. It can't work long term, and to the extent it works in the short term it's by hiding the implementation.
Re: (Score:2)
It's about pollution of trusted information.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)