Ask HN: How should I secure my ebooks?
I'm about to publish an ebook and am looking for ways of securing it.
The target readers are high school students so it might have to be fairly robust. On the other hand, a light-touch approach and a friendly notice about paying if you think it's worth it might be enough.
So far, every solution I've looked at seems either insecure (eg. IP restricted / expiring download links) or annoying for users (custom readers, plugins). Also, much of it is limited to Windows.
Do you have any experience of this? Any advice? Recommendations?
9 comments
[ 3.2 ms ] story [ 25.8 ms ] threadhttp://www.mobipocket.com/dev/article.asp?BaseFolder=prcgen&...
BTW, this is pretty much the same format / drm the the Amazon Kindle uses.
Only reliable "secure" way of publishing an ebook is not publishing it as an ebook at all.
We're just looking for the simplest way to make casual piracy tricky enough to discourage anyone who might want to pay for it. And of course a way that doesn't piss off paying users.
I'm not too concerned about piracy by people who would never have paid in the first place.
>>>For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels
Now, there are two main problems here, as I see:
1. The text can still be scraped from the ebook and redistributed as a .doc file. For this reason, you may also want to include some text steganography (e.g., draw some ASCII art with varying characters; change the order of people you thank on the "dedication" page).
2. The pirate-distributor could insert pixel noise randomly all over the file. Then, your trans-id information encrypted in the LSB-image would be lost. In my opinion, however, this is unlikely, because the security I've described is not (at least typically) used in practice (with eBooks, as far as I know).
These aren't preventative measures [1]. But if something does end up circulating on the net, you have a unique ID and can then probably sue their parents. Be sure to explicitly forbid them from circulating the PDF/consent to being sued if they do/what have you, in the terms of service.
[1] Unless you explain that each ebook is uniquely secured, which may prove something of a deterrent; unfortunately, one measure of security is to not let people know that the property is secured in the first place. This may make the steganography more vulnerable to attack.
http://lcamtuf.coredump.cx/soft/snowdrop.tgz
http://coderrr.wordpress.com/2008/03/23/simple-text-watermar...
I see how it would make sense if we had the money to go after people with lawyers. However, I can neither afford that nor am I particularly interested in having to do that.
I mostly see it as a deterrent.
Surely the same effect could be achieved by putting the purchaser's name / email address on there, without the hassle of steganography.
The impact of seeing your data emblazoned on the PDF would probably be a bigger deterrent than a hidden watermark, though of course it could quite easily be removed by a determined pirate.
This probably won't keep people from casually sharing the book with their friends but will probably effectively put them off of sharing it publicly on the internet or p2p.
Consider that many high school students can't purchase things online anyway, lacking credit cards, which means no matter what, "stealing" the product is more convenient for them.