

Ask HN - How do you restrict file-sharing on a USB - quicksilver1024

Hello All,<p>I'm planning on distributing data on a USB, where the data can only be read, and not copied or moved to another USB or HD.<p>Are there any good ways to do this?<p>Thanks!
======
peterhi
If you have the budget of a small nation or the defence department you could
probably do this. Remember the specially coded DVD players that were created
for the Oscars screeners? Well that is the sort of territory you are heading
into.

The big problem is that to copy the data you have to read it, and to read the
data you have to read it! There is no way for the USB stick to tell if the
process that is reading the data is showing it to the user or writing it to
the hard disk. Ignore the USB stick, it is not the issue, the issue is the
data. You encrypt your data and you need to write an application to display
the data to the user, anything else that reads the file will just see
gibberish. Your application, which knows how to decode the data, will be the
only way to view the data.

Of course this can be hacked, what can be made by man can be broken by man,
but you have just upped the entrance fee. Then comes the trade off, is your
data valuable enough to cover the expense and inconvenience to the user of the
custom software and is it too expensive for the thief to hack the application?

Of course the application could be copied so you now need to lock the
application to the hardware so that the data becomes useless without it. As a
USB stick is just a computer on a chip you could build some custom hardware
that is required by the application (such as the decryption built into
silicon) so that the application cannot be run without the USB stick.

And that is the best you are going to get.

Did I mention that this could get expensive :)

~~~
quicksilver1024
How about this then? <http://www.nexcopy.com/usb-secure-flash-drives/>

Does this not work?

~~~
peterhi
That actually seems to be just what I envisioned. I notice that the PDF files
get added as data to a custom PDF viewer which gets in the way of between the
viewer and the system. This is pretty much how I would have implemented it
except that the error messages are not handled correctly. It stops you
printing by making the viewer think that the printer is not connected, the
error message is misleading in that it claims that the printer is not
available when it really means that you are not allowed to print the document.

However without having one of those to hand I don't know how hackable they
are. I am mildly curious as to how this is implemented and wouldn't mind
trying to hack one. But I note that they don't publish their prices so I
suspect that it is beyond my budget.

~~~
quicksilver1024
From what I've read, it uses a hardware key to limit access to the data. You
can actually copy the data onto your desktop, but if your USB isn't plugged in
it won't open. I guess the software-side (DRM) wraps around each file and
copies the unique serial of the USB drive? So, the data is available only when
the serial is detected.

------
cperciva
_Are there any good ways to do this?_

No. There aren't even any _bad_ ways to do this. If I can read data from a USB
drive, I can write it to another USB drive.

~~~
chaosprophet
Perhaps the only way you can accomplish this is to destroy the data on the
drive after first use, but then it still can be copied before first use, and
if you do destroy files after first use, nobody is going to be pleased. Your
better off letting people copy it.

