I really wish that the word "buy" (and "sell") were illegal to use for DRM or otherwise encumbered digital goods. If a company wants to license something to you under DRM, then it should either explicitly use the words "buy a license" or not use the word "buy" at all.
And conversely, if a supplier uses the words "buy" or "sell" implying that you're acquiring digital goods (rather than licensing it), then that should be sufficient to nullify any license and make it a straightforward sale in the eyes of the law, and laws regarding "circumvention" should no longer apply.
Do you not still buy and sell licenses? Sure, it's not the product itself, but a license to use the product, but you're still buying it (it in this case is the license).
Sure, maybe using "license this product" instead of "buy this product" is technically more accurate, but at least 90% of customers don't really care. And seeing license is just going to confuse them.
Exactly. Which is why I said that it sellers should be required to use the wording "Buy a license", or something like that, to make sure that customers do not believe that they are buying the digital goods themselves.
> And seeing license is just going to confuse them.
And I'd be confused if I walked into a store and was asked to sign a long agreement at the checkout. It's the seller who wants to do something confusing instead of doing a simple sale. Why should he be allowed to hide this fact while giving the buyer a much worse and unexpected deal?
Gosh this is such a terrible feel-good non-solution. The companies will simply jump through whatever legal hoops they have to in the fine print, and merrily continue invading end-users' devices with their infantile controls.
"You could have easily downloaded our product/music/movie for free. But you went out of your way to pay us for it. Thank you. In return, we'll punish you by putting restrictions on you that you wouldn't have had if you didn't bother to pay for our content."
A logic that sadly only makes sense to out-of-touch executives: "Hey, since we can't get people stealing our stuff, lets punish people paying for it instead".
The reality is a little more nuanced. Basically, there are software people (people like you and me) who convince the execs that they can increase sales by reducing copyright infringement; all it takes is a little DRM they claim. Whether this is due to malice or incompetence is unknown, but one thing is for sure: we should start shunning these people. I don't care how good the money was, DRM creators deserve to be publicly named and shamed, or in the case of incompetence (believing that DRM will work), educated.
Of course, this is a supply side solution to a demand driven issue; but so is DRM :) I'm not sure how to reduce the demand for DRM, because the sad truth is that with enough demand, there will always be some idiot/huckster willing to implement it.
The reality is even more nuanced. Execs see people pirating their stuff and believe that those are truly lost sales. (and maybe some % of them are) They believe that if they can make it unpalatable/difficult enough to pirate music/movies etc... they will return to the halcyon when everything was good and they were making money hand over fist.
In truth, more people are turning away from traditional media than ever before as choices have expanded more and more. They deplore this as well, but in some cases the genie is out of the bottle (we are never going back to the days of 3-4 networks where power and profit margins were greatest), so the best they can hope to accomplish is to own all the networks and control the stores. They are winning.
I've written at length about this before. All DRM providers will go away at some point, or decide keeping the server running isn't profitable anymore. This is why I convert any digital good I buy, and if I can't, then I don't buy.
If any service providing a game goes down that uses this kind of DRM, I will pirate it if I bought it afterwards. How would it even stand up in court that you are "stealing profits" from a business that no longer sells the thing, especially after you already bought a license with no hard-coded expiration to it?
This is why I never 'buy' things online that I want to keep.
Music is a paid subscription through Spotify. If they went down I'd subscribe somewhere-else.
Videos are either through a paid Netflix subscription or rented for £3-ish through XBOX live. I never really watch the same movie twice.
Books I do buy from Kobo, but I wouldn't read the same book twice (unless it's a reference book which I prefer to use paper for), so I don't really care if it's not available after I've read it once.
I've never really got why people spend £15 to 'own' a movie on something like iTunes when the way we consume that stuff is changing so quickly at the moment.
I had bought some songs on Sony's old "Connect" (iTunes clone) music store which uses DRM. It shut down and basically said the only way to keep enjoying all the music I bought was to burn all the tracks onto CD and then rip the CD back into MP3 format. (This degrades quality btw)
Rhapsody, another DRM music service had a weird glitch where the few songs I purchased became "disconnected" from my account and no longer played. They were just music files sitting there doing nothing.
MSN Music did the same. Google Video went down as well.
I bought "2012" on Amazon's video on demand store via Unboxed (which is terrible btw). My family night was ruined. The DRM was so invasive to prevent stream stealing that the movie got glitched midway, would pause and never unpause, would not skip forward, and disappeared from my account after upgrading the amazon player. After 2 repurchases and 2 refunds, I just pirated it. The pirated version played great, but the family already got bored and went off to do their own things.
Pirates pirate to avoid money -> customers pay because it's easier -> companies use DRM to punish pirates -> customers end up getting hurt in the cross-fire -> DRM makes pirating the better option for both pirates and customers(former).
DRM isn't a stupid idea, it's a stupid execution of a reasonable idea. Steam's DRM is reasonable. The damage to the name however, is already done. Now I avoid DRM like the plague.
This has yet to be seen. For a while, Steam was seen as a way to keep other DRM at bay. Bioshock changed that (I'm not aware of 3rd party DRM on steam titles prior; open to correction here). Now Steam is a distribution platform which also incorporates DRM which may, or may not, result in customers getting screwed, while games distributed through Steam may choose to incorporate additional DRM. The sad truth is that we simply don't know if Steam's DRM will ultimately screw over their customers. That will be seen at some point in the future, when maintaining servers is no longer financially viable.
Compared with what's out there, Steam's DRM is quite reasonable. The main reason is that you can install your games as many times as you want on as many computers as you want, it just attempts to limit how many computers can access the game at the same time. It would be even more reasonable if it allowed two computers to be signed into the same account at the same time and allow two different games to be played at the same time. For now you have to set one computer to offline mode to make this work, but even then that's a decent compromise.
But the main difference with Steam is that it offers features that are beneficial to the gamer that excuses the DRM in the first place. Plus there's the fact that for the most part the DRM is hidden from the gamer, it just works.
Although, it does allow for another third-party DRM to be involved which just sucks. Especially when the extra DRM actually cancels out features of Steam such as limited number of installs. The worst is when a game is on Steam and has Windows for Live involved. GTAIV was just awful; sign into Steam, sign into Windows for Live, sign into Rockstar's Social Club to get full functionality. Now that's just stupid.
Where Steam can possibly screw their customers is if you piss off Valve for some reason then they can ban your account, which means you lose access to all of your games. But this policy exists on other similar platforms such as Origin. Personally I think this would eventually not hold up in court as I can see them removing your access to a particular game for some reason, but not the whole collection you paid for. Especially since Steam is a delivery platform; it would be as if you did a credit card chargeback on the game store that cheated you in some way and then they somehow took back every game you ever bought from them. But so far, this type of case hasn't entered into the court system as far as I know.
Yeah, that little bit about "piss off Valve, lose access to everything you bought through Steam" also translates to, "Valve goes out of business, lose access to everything you bought through Steam".
Sure, they promise that if they do shutter the business they'll unlock all purchases. But that assumes the business is closed down in an orderly fashion.
You are quite right. It's also a good strategy to stay in business, "Buy your games from us to insure we stay in business so you can continue playing the games you bought from us."
Here's a more realistic thing some game publisher (or movie publisher, or music publisher) might have actually said at some point, though:
> Our market is composed 90% of selfish, penniless teenagers who will pirate everything they possibly can if there is any option of it, but who are also extremely impatient, and must be the first to own everything so they can talk about consuming it with their friends who are also consuming it.
> If we add DRM, we will create a ~2 week window where the only way to get our product is legitimately. With the social pressure from their friends to consume our product mounting, the selfish, penniless teenagers will be forced to either get part-time jobs, or coerce their parents into buying the [product] for them, because the primary option is temporarily unavailable.
> So, let's add DRM to our product. It will stop the pirates [for just long enough for us to turn a profit, which we can then use to do things that] our customers will love [us for].
Of course, this block of selfish-but-penniless-fad-following-teenagers just define the power-law "fat head" of most media companies' profitability, not the entirety of the curve. After that block has settled out (the fad has passed; everyone who was going to either purchase or pirate to join in on the fad has already made their choice), every additional day where DRM is kept on the product is just money-grubbing corporate self-interest. :)
What I found most interesting about their situation was the conversion rate, we hear the cry all the time of I'm just traiing it, if I like it, I'll buy it well they had a 0% conversion rate, despite good reviews and the pirates playing the game for many hours, to get the high scores. One would assume they enjoyed it right?
You can embed a private key in the TPM module of a DRM hardware player with signed boot and it will work reasonably well. This is the PS3's approach and, had they actually salted their keys, it would have remained effective.
Business-wise, DRM doesn't have to be perfect, it just needs to keep honest people honest. The fact that the lock on the door to my apartment can be broken in, or picked, doesn't make the lock itself a bad idea.
No, it's a wrong comparison. DRM is not only stupid, it's unethical. Comparing it to a lock on your apartment is not proper, since it totally reverses the idea. DRM is more comparable to placing a police robot in your house, in order to "prevent potential law violations". I.e. completely the opposite - privacy breaching, unethical preemptive policing.
The TPM (Trusted Platform Module) is an oxymoron. Trust is relation between two sides (users and distributors). It implies mutuality. The whole DRM concept is built on the opposite - i.e. not trusting the user, on treating users as potential criminals by default. Since users aren't trusted, there is no reason for users to trust DRM schemes, which should be treated as spyware and privacy intruding methods of control.
HN would really benefit from some sort of 'supervote' mechanism, that could be used once per thread or something. Because it takes effort to elaborate and tie truths together in a succinct way, effort that unfortunately has to be wasted on every half-assed outrage thread, with the resulting comments such as this one ending up on the same footing as the standard "no yu" and "it is what it is" ones.
Certain medicines which are prone to abuse have mechanisms in each pill that make it difficult to be cut up and snorted. Dynamite has chemical tracers added to it to make its use easier to trace. Photocopiers cannot duplicate currency. In all these cases products have been made more tamper proof so as to resist abuse. How is DRM different, here?
I consider photocopying control idiotic. Other use cases that you mentioned seem to deal with poisons, weapons and etc. You surely see a difference with that, or you don't? The whole issue with DRM is the level of control. Preventing crime is good. Making a totalitarian police state is not. DRM leans towards the second (invasive control which is way beyond what is ethical).
That may work for games and software where you have to copy complicated logic. However in the case of movies, music and books you can always record in some way. Once you have one DRM free recording it can be distributed and watched by anyone.
The only way to get around this would be to mandate people bought devices that refused to play DRM-free content.
The problem with the lock picking analogy is that being caught is significantly more likely and carries a heavier penalty.
Imagine the invention of a universal lockpick that was so easy that a child with 5 minutes of training could use it and readily available for free. As well as some form of cheap stealth technology that made it easy to sneak around people's houses undetected. You would expect burglary rates to go through the roof and a similar argument could be made that investing in a lock for your house is a waste of time.
Valve is much like Google. It works reasonably well most of the time, but if for whatever reason you end up on the wrong end of the stick you are basically hosed.
Often, pirates pirate a thing, not to avoid paying for it, but rather to view it on their continent of residence, to avoid region coding. There are several other good/quasi-legitimate reasons for piracy/ripping as well. I like having backup copies of things, or a media server. I don't really like having a wall of DVD's. I also hate the forced FBI warning, Interpol warning, and Stupid anti-piracy commercial. I also hate all of the other commercials too.
>companies use DRM to punish pirates
This is no punishment to pirates, the only party who is punished by DRM is the paying customer.
>DRM isn't a stupid idea, it's a stupid execution of a reasonable idea.
DRM is a misguided idea, favored by people who don't really grok the recent changes to and limitations of technology.
>Steam's DRM is reasonable. The damage to the name however, is already done. Now I avoid DRM like the plague.
Not really, it flakes out fairly often, initiating a 10-20 min process of restarting Steam and the game, which is pretty annoying for me because I try to allow myself a specific and limited amount of time for playing games. It sucks to waste that time waiting for [thing which adds no value] to align itself.
And what about the case when Steam itself is used by companies as platform for their DRM. I can't play Ubisoft titles without Ubiplay, can't play some titles without Games For Windows Live.
I have spent 10 minutes waiting to sign in to these services because I have a flaky connection!
I forget, are companies with invasive and arbitrary software content requirements on their app store a good thing or a bad thing? I get so confused about which one I'm supposed to despise nowadays.
While that is true is some cases, it's not true in all. Some pirate because they can't get it otherwise (ex. region exclusions, see Game of Thrones), some because they want to try out a game but there is no trial, and some because they don't want to deal will all the stupid ads and Don't pirate crap on DVD's now (SEE: http://bit.ly/eriKlB) as well as broken DRM management (Sony Music CD's anyone)
Companies try to hurt pirates with DRM but all they hurt are the paying customers, who do not have it easier. The recent fiasco with SimCity is a perfect example of that. Paying customers got screwed because of EA's DRM scheme.
And the long term effect of Steams DRM has yet to be proven. If Steam goes under and we lose all the games we paid for does that still qualify as reasonable or completely borked?
I get that companies want to protect their assets, but applying 19th processes to a 21st century reality is never, ever going to work.
The dumbest thing which happens in the age of digital distribution is region-delayed releases.
This is a thing which makes absolutely no sense: the product can be delivered nearly instantaneously, I have money I am willing to pay for it, and the product is released - on identical hardware - in another part of the world.
Why can I not give you money, for said product, right now?
But don't forget that digital distribution is only relatively recent - it wasn't possible for many people before. (Also, content producers had a weird aversion for peer to peer distribution models, so distribution would have been expensive for them).
So part of the reason is that they're slow to change; they will change, they just haven't got round to it yet.
Another part of the reason is that Americans are rich, so they get charged more. People in country X are poor, so they get charged less. Price differentiation is a strong reason for region locking. But, as you say, it's dumb, and some content producers know it's dumb and are moving away from it.
"DRM isn't a stupid idea, it's a stupid execution of a reasonable idea." I'm sorry but this conclusion doesn't follow from everything you wrote before this. What?
I think he's referring to the "companies use DRM to punish pirates" point. Which is by itself a reasonable idea. But as it turns out most companies somehow screw it up and end up punishing the customer instead of the pirate.
Steam's DRM may have been reasonable at some poin but it certainly isn't now. I had all kinds of issues playing my legally-purchased copy of Portal 2 thanks to the DRM, as did a number of other people.
...or because the officially endorsed copied will not play on their OS of choice (due to reliance on some proprietary technology), or because there is no legal copy available in their region, etc. Even without DRM-induced reasons, there are non-monetary reasons people might download unauthorized copies.
DRM is not just a stupid idea. It's unethical idea. No execution of DRM is proper. All of them are improper with various degrees of evilness and stupidity.
Right, but a his poorly constructed example might be used against his general argument that there is no way to recover the content he purchased with his hard earned money. Of course, his example of being able recover the content itself is a weak example because not everyone will have the skillset to get around DRM.
So you start with a 4MB music file with DRM and lossy compression. After stripping the DRM, you've now got a 40MB music file at the same quality. If you want to get back down to 4MB, you must lose quality.
It wouldn't be a problem for jpeg (though I believe it is for mp3?). In jpeg the quantisation step controls the degradation in quality - you can run it through a 2nd time with the same quantisation without losing further quality.
Indeed, since I posted that comment I've been looking into it further. I read on wikipedia [0] that:
The DCT based form cannot guarantee that encoder input would exactly match decoder output since the Inverse DCT is not rigorously defined
I don't get that - I thought the inverse of the DCT was just the linear combination of the components.
So...I've been playing around with it myself to see what happens (using graphicsmagick).
I converted an image to jpg (quality 70) and then bmp -> jpg again. There are definitely some minor artefacts.
I then iterated that step jpg -> bmp -> jpg (quality 70) a dozen times. These further iterations don't add any additional artefacts. So it sort of gets into a stable state.
EDIT: reading that quote from wikipedia again it looks as though it's just saying that jpeg is lossless (ie, we apply quantisation).
These guys used to let you run your own images through their filter. It was great for spotting even really good shoops. http://www.errorlevelanalysis.com/
There is no way to stop people's ability to pirate things if people want to bad enough. I think the only real way to eliminate pirating is to find a way to make people not want to. Maybe it is naive of me to think this, but i honestly think that if you made a good product that very convenient to get and allowed people to use it in the way they want then a lot of pirating would go away. People are willing to pay for convenience, and when you introduce DRM which makes getting/using it less convenient then you are actually pushing a segment of people towards pirating.
PS: I know it's an old article but if anyone has not read "What color are your bits?"[0] it is a great article on protecting copyrighted digital material and why it is so hard/impossible.
Yes, to keep people from copying a movie or a book requires more-than-totalitarian control over people. But that's from a special property of noninteractive works, that one viewing is all there is to them. To copy-protect a program, in principle you could deliver it only to tamper-proof machines that self-destruct before giving up the code. You can't infer the program from its behavior, in general, unless P=NP (though of course you can do well enough for many programs; but black-box reverse engineering is more like creative work than scanning/recording). And releasing an app only for a particular platform is not a human-rights violation, at least not on the scale needed to suppress cameras and Turing machines.
So "DRM is impossible" strikes me as short-sighted. DRM is bad for humans, impossible for the media that Big Media currently cares the most about, and currently unable to keep anything from escaping into the free world.
You do bring up some interesting points. Restricting a program to physically secured hardware along with software protection would definitely make it extremely difficult to get the program or information outside of the way that the maker wants you to. Although I am not entirely convinced that it would be impossible. The issue is that it still must be a deterministic system. And this means that with enough money, expertise, time, precision someone could produce a situation in which they would be able extract the code and edit it. Now in most cases the amount of resources and effort that would be required to do so would probably not be worth it which would mean that it wouldn't be worth it to pirate, but i would be hesitant to say that it would be impossible to. Any deterministic system can be compromised the key is to make compromising it so difficult/expensive/time consuming that compromising it is not worth it.
Now from a practical stand point I don't know how well this would work in a consumer market, but can certainly see it being used in areas where protection of information is extremely important. It just seems a little to costly to implement on a wide scale to me, and I think consumers would see it as too invasive and resist it, so if there were alternatives in the marketplace I think a lot of people would opt for the alternative.
I broadly agree, but claims of impossibility face a burden of proof; and you can see iPads as cheap crude approximations to sealed systems, and they're effective enough that AFAIK most developers needn't worry about pirating. And I'm not sure but I get the impression that successive models of iDevices tend to take longer to find a jailbreak for.
See my post to another one of your comments as to why as far as I can see it is impossible to make a system that is completely unbreakable. But I definitely think you could create a system that is so difficult to break that in practical applications it would cost more to break then what is to be gained. The solution you suggested is likely a very good example of this. I'm not saying your proposed solution isn't a good solution to the problem or that it wouldn't work in the real world(if security is the only concern). I'm simply saying I don't there is such a thing as an unbreakable system, as long as it is deterministic.
>in principle you could deliver it only to tamper-proof machines that self-destruct before giving up the code.
"Tamper-proof" is impossible. That's why they call it "tamper-resistant" -- someone with enough resources is going to be able to tamper with it. In theory you may be able to make tampering expensive, but now you're just back to playing the cat and mouse game, and people start showing up with timing attacks etc. that aren't as expensive as you might have hoped.
Exactly. Anything that is deterministic can be compromised, even if that is something physical. The only thing you can do is make something so difficult/long/expensive to compromise that it't not worth it. This is the theory behind encryption, given enough time and/or computing power and encryption can be broken by brute force but making it require so much time and/or hardware to crack that the information would be useless by the time it is broken. You can't make a deterministic system unbreakable, only harder and harder to replicate the situation needed to break it.
I guess you're bringing up determinism with the idea that if you can extract some information from a probe even if the system self-destructs, then given enough diverse probes you can extract everything. But the designer could refuse to send you an unlimited number of copies.
I linked above to someone sketching a strategy to distribute limited DRMed designs worth trillions of dollars to unlock. He may be wrong, but it's enough to make me think the current state of the arms race need not hold forever.
If the system has a state where the hardware reliably doesn't self-destruct, then that state can be replicated. From there probing can handle extracting the information needed and presumably some sort of interpreting of the information would be required to make it workable. Now I think this process has to be possible for any system (a reliable deterministic state has to be able to be replicated unless I am really missing something) but there a lot of ways to make replicating this process very difficult and unlikely to the point where I can't imagine anyone actually doing it, but it still is theoretically possible for someone to break it.
SaaS or any other cloud based service model. Storing your data somewhere else where it gets held hostage in a proprietary format is a lot of pain waiting to happen.
Dropbox and Gmail are examples of how it should be done, I have a copy, I can make more copies, they make sure its accessible from everywhere I want. If Dropbox or Gmail suddenly stops I will still have my files.
> "Storing your data somewhere else where it gets held hostage in a proprietary format is a lot of pain waiting to happen."
Which isn't really all that different a situation from having your data held hostage in a proprietary format on your own machine. And now we all sound like RMS.
Somewhere along the line, most people draw a line between security and convenience. Some will get burned by this line. Others will appreciate the risk, plan accordingly and come out ahead for having had a fallback and profited from the convenience in the meantime.
It's harder to say where a reasonable exchange has been met when it comes to media. But for things like, say, Twitter/Facebook/LinkedIn or even SaaS offerings like Salesforce and such -- who's to say a user wouldn't have gotten acceptable value from it before its inevitable end (or a change of terms such that the user won't get any more value than if it was simple closing forever)?
So, for most, the "pain waiting to happen" isn't, by itself, a deal-breaker. It's simply a cost that ought to be considered, but no different from any number of essentially-unknowable surprises this world saves for those who dare to make long term plans.
It obviously is, but you're only trusting the 'cloud' to keep an extra copy and help you maintain synchronization between your copies. If they go down or out, you've only (potentially) lost the latest changes if you actually threw away the machine you were sitting in front of when you made them. In other words, good use of the cloud.
*edit: So they provide sharing and cloud sync, too. I'm not sure if that should detract. I haven't used Dropbox shared folders since they were Public Folders.
> If you're walking into a situation with your eyes open, then go for it. I pay money to Spotify on a monthly basis because I view it the same way I view cable TV - I'm paying for access, I'm not purchasing something. But if you want to keep something long term, and have it work the way you want it to, then don't buy it unless it's DRM free.
This seems like reasonable advice but I'm not sure it really follows from the heading. DRM in Spotify is reasonable because if they shut down you lose nothing and can move easily to another service (rdio or whatever).
Paying for something that you have no control over is reasonable only if you don't care whether you get to keep it long term (I'd personally put books on Kindle in this category as I'm only ever going to read them once). If you care about access to something long term, then either subscribe to a service that provides it (i.e. you explicitly own nothing (like Netflix and Spotify)), or get it DRM free.
In a roundabout way such concepts also apply to things like Google Reader, which is fairly trivial to migrate to another service vs Email, which (unless you own the domain) isn't.
The sad fact is that global, multi-million dollar production value media (film, computer games, etc.) is a seller's market. As long as they consider it more profitable to implement DRM, it's not going away. It works enough to be of some limited use to the content producers, and that's all they care about.
The sad fact is that global, multi-million dollar production value media (film, computer games, etc.) is a seller's market.
Only an artificially created one. Take away the hype from big Hollywood movies; could you then tell the difference between them and indie productions, or even between most of the big studio ones? And I'm not just talking about remakes here (which is another issue, because of copyright terms being inflated ludicrously).
I still like Nina Paley's take on the concept: "Attention is scarce. Information is not. Do the math."
And conversely, if a supplier uses the words "buy" or "sell" implying that you're acquiring digital goods (rather than licensing it), then that should be sufficient to nullify any license and make it a straightforward sale in the eyes of the law, and laws regarding "circumvention" should no longer apply.