20 comments

[ 3.1 ms ] story [ 75.1 ms ] thread
"Open source DRM"? No, they should push for removing DRM entirely.
There are many good reasons we all know that DRM is evil, but here's another:

I wanted to buy a book recently, but for various reasons I don't want to have that purchase permanently associated with me. The only ebook options were DRM'd, so that was impossible. They all necessarily bind the book to your account.

My only option for maintaining some semblance of privacy is to buy a hard copy from an independent retailer.

This seems a lawsuit hoping for a payoff without having much merit. If you can purchase the item in several different ways, either on other devices or print, then how is it a monopoly? Just because a company enjoys a large market share doesn't necessarily make it a monopoly.

Also, publishers have the ability to specify no DRM on their ebooks for the Kindle. So the fact the DRM exists at all is for the benefit of the publisher, not Amazon. They might as well sue the publishers for exercising their ability to use DRM on the Kindle that creates a monopoly for Amazon.

The open source DRM thing is just for PR and is rather silly. They brought it up in an attempt to make themselves appear reasonable. If such a thing existed then you might as well not use it. If it's open source then it would be trivial to crack it, so what would be the point?

This lawsuit should be tossed, but alas, how much money shall be wasted fighting it that benefits no one but the lawyers for both sides?

Another thing, if the claim is that Amazon has a monopoly on publishing ebooks, does that mean the bookstores are saying that Amazon's monopoly is preventing them from publishing ebooks on the Kindle?

"If it's open source then it would be trivial to crack it, so what would be the point?"

You are subscribing to the security-through-obscurity myth and I claim my five dollars.

Doesn't every single DRM scheme rely on that principle to protect content from the user?
You must be smarter than me, so to collect your five dollars you must explain how my statement means I subscribe to that myth.

My way of thinking on the matter is if you hand someone the technical drawings of a lock, then they have the means to determine how to best open it without having the key.

I can explain to you in complete, perfect details how, for example, the RSA public-key encryption system works. If you can use that to crack the encryption (in a useful time) without having the decryption key, you can write your own ticket.
And that won't help you get around the fact that DRM is security through obscurity. If DRM were cryptographically secure, we wouldn't be able to read the books at all.

The fundamental difference from PKI is that "attackers" have both the content and decryption keys on hand.

If your device/app can decrypt a given book in order to display it, then you can be sure that someone else will be able to emulate your decryption method, or just rip the decrypted book from memory.

Remember that DRM is not about protecting content over the wire. It is about protecting content from "malicious" users, who also need to be able to consume that same copy of content.

If you can write an encryption scheme that does not require consumers to store a key, but still can only be read by a given consumer, you can write your own ticket.

Seems you agree with me then. You are suggesting that RSA can be cracked, it just takes time that we don't have. Therefore it's only a matter of time before someone figures out how to crack said encryption in a timely manner. You're only describing a lock that requires tools we currently don't have to get it open without the key. In other words, you're just attempting to throw a bigger lock at the problem and claiming victory.

Regardless, RSA encryption is a different matter anyway simply because, for a proper comparison, you would have to make the key to decrypt available to me in some way. In other words, RSA would be just as trivial to crack if the RSA system also told you where it stored the encryption keys.

Er, no. Everything can be cracked in a non-useful amount of time, by just iterating the search space. "Non-useful" meaning "about a googol times the length of the universe." That implies nothing about the possibility of any quicker method.
It also implies nothing about the impossibility of any quicker method.
Unfortunately, I don't think you'll get your payout in this case.

DRM is inherently insecure. All DRM is actually employing obscuring tricks to make it as difficult as possible to access the plaintext content. At _some point_ though, you have the plaintext sitting somewhere in memory or in registers on the attacker's machine.

Since DRM _is_ security-through-obscurity, an open source module would make it significantly easier to break.

With ebooks it's crazy easy because you can READ the plaintext unlike with video etc. where it take a tad more work to read the plaintext.
Fuck DRM, get DRM free ebooks at ebookoid.com
You can buy DRM free books on Amazon as well, it's the publisher's choice. I don't know the percentages, there doesn't seem to be a huge number of them but they are there.
I can understand why they're frustrated by the big 6, but why Amazon?

Amazon does not mandate DRM on ebooks. All O'Reilly ebooks are DRM-free on Amazon, for example...

  > the filing takes issue with Amazon’s proprietary DRM,
  > AZW: “Ebooks with the AZW DRM can only be read on a
  > Kindle device or on another device enabled with a Kindle
  > application…the Kindle app works solely with ebooks sold
  > by Amazon.”
Being able to read books from Amazon only on a Kindle or via the Kindle app isn't a big deal in practice, because there are Kindle apps available for every major platform and on the web.

The claim that the Kindle app only works with Amazon books is flat-out false. I know for a fact that it supports DRM-free Mobipocket files, and I assume that the Amazon document conversion service works for the app just as it does for Kindle devices.

It's a HUGE deal if you want to sell books. Yes the Kindle reads DRM free books, but 80% of the books being sold in terms of dollar volume MUST be sold with DRM. Thus anyone with a Kindle can't buy and read the majority of books being sold if they buy those books from a 3rd party.

I know you can buy good books without DRM, but if you want to read Stephen King, Nora Roberts, John Grisham they are ONLY sold with DRM. Selling those ebooks when they can't work on the eBook reader system that has sold more units than every other system becomes a problem.

Note, I happen to have a solution for getting ebooks with DRM onto a kindle in a readable form that I'm working on.

If the ebook reader market is dominated by one manufacturer that supports both DRM'd and open formats, and some author refuses to sell books in an open format while complaining about DRM, then that's not the manufacturer's fault. It's not reasonable to expect Amazon to support every hair-brained DRM scheme that a publisher can come up with.