
Adobe Spyware Reveals Again the Price of DRM: Your Privacy and Security - sinak
https://www.eff.org/deeplinks/2014/10/adobe-spyware-reveals-again-price-drm-your-privacy-and-security
======
spodek
> As our friend Cory Doctorow has been explaining for years, DRM for books is
> dangerous for readers, authors and publishers alike.

Richard Stallman explained it a decade earlier in a piece worth reviewing now
and then -- [https://www.gnu.org/philosophy/right-to-
read.html](https://www.gnu.org/philosophy/right-to-read.html).

~~~
dchest
Except, even if Stallman didn't realize this, the story is mostly about state
violence ("you could go to prison for many years for letting someone else read
your books", "free operating systems ... were they illegal") where DRM is used
as a tool to control and monitor people.

DRM itself is not good or bad. As everything else, it can be abused, as Sony
and Adobe showed us, or can be used for good (or neutral), for example, to
allow indie shareware developers to let us try their software before
purchasing a little registration code (I know, not free software, but let's
not start this debate for now).

It's a logical error to say that DRM itself is evil when some of the instances
of it are evil.

DRM is a "smart contract", a protocol for enforcing a contract without laws or
violence. When you read that a person goes to prison for breaking DRM, realize
that it has nothing to do with DRM, it's about state using violence to protect
a failed smart contract, which is the opposite of the purpose of such smart
contract.

~~~
idlewan
> It's a logical error to say that DRM itself is evil when some of the
> instances of it are evil.

All of the instances of DRM are evil, because all of the instances of DRM'ed
stuff prevents practical and unlimited sharing.

In the digital world, any limitations on copying bits are akin to virtual
restraints and locking information away. It prevents you from doing anything
else than what the golden prison allows.

~~~
Tomte
> In the digital world, any limitations on copying bits are akin to virtual
> restraints and locking information away.

Jennifer Lawrence might disagree with your laissez faire attitude.

~~~
idlewan
I'd argue that Jennifer Lawrence's sensitive bits shouldn't have been given to
someone else (Apple) in the first place.

~~~
icebraining
I assume you store all your money under the mattress? We all store "sensitive
bits" (information) with others.

~~~
psykovsky
Sure. But there's not much to complaint about when those 3rd parties f __* up,
if you used them voluntarily...

~~~
icebraining
I think you've just invalidated contract law wholesale.

~~~
psykovsky
Is that even valid when the contract is nothing more than a ToS that everybody
agrees on without reading and most probably not enforceable in court?

~~~
TeMPOraL
I side with icebraining here.

The statement "there's not much to complaint about when those 3rd parties f*
up, if you used them voluntarily." taken in general can refer to pretty much
everything we encounter in everyday life. There are lot of implicit contracts
made, and breaking some of them could be recognized in court (there's the
concept of acting in bad faith).

In this particular case, JenLaw et al. have all the rights to be mad at Apple
because of the broken ToS/implicit contract that said "this is my data, it's
only backed up and will not be shown to third parties". Whether or not they
have shown _practical wisdom_ by using the service is a whole another matter.

That's basically the crux of disagreements around the "victim blaming"
concept. People confuse two different things here - morality of whether
something should be done, and the probability it will happen in practice. If I
get mugged under the bridge in the middle of the night, I'm not morally at
fault for being mugged (it's something that shouldn't be done), but I also
haven't shown practical wisdom by going alone at night under the bridge in
dangerous area (by doing so I increased the probability it will happen to me).

~~~
rakoo
As far as I remember though, the "breach" was not on Apple's part but on the
victims who chose weak passwords; can we blame Apple for this ? Except maybe
for a lack of forceful education ?

The original sentence becomes "Jennifer Lawrence shouldn't have stored
sensitive information externally without using a minimum of good security
measures" in this vision.

~~~
TeMPOraL
> _As far as I remember though, the "breach" was not on Apple's part but on
> the victims who chose weak passwords; can we blame Apple for this? Except
> maybe for a lack of forceful education?_

In this case I guess we can blame Apple only for the "lack of forceful
education"/crappy security ideas (security questions in 21th century,
really?).

There is one funny thing about the Fappening - there was this movie[0]
released few months ago, that featured a couple making a sex tape that ends up
accidentally distributed to their extended families and friends thanks to
iPads and cloud backup. The best line from the trailer:

    
    
        - It went up! It went up to the cloud!
        - And you can't get it down from the cloud?
        - NOBODY UNDERSTANDS THE CLOUD! It's a fucking mystery!
    

Call it a prophecy.

[0] -
[http://www.imdb.com/title/tt1956620/](http://www.imdb.com/title/tt1956620/)

------
chipotle_coyote
God love the EFF, but they're using this as a platform to talk about one of
their favorite hobby horses, and that's kind of obscuring the problem. Read
the original article in which this was discovered -- this has nothing to do
with DRM.

[http://the-digital-reader.com/2014/10/06/adobe-spying-users-...](http://the-
digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-
libraries/)

Adobe is collecting data about _every ebook on your system,_ regardless of
whether it's using DRM and even regardless of whether it's even being managed
by the Adobe Digital Edition reader. (And for an added security bonus, they're
sending it in plain text.) If you install and launch the new version of ADE,
it's going to do this whether or not every single ebook you have on your
system is DRM-free.

This is certainly an electronic privacy issue, but it's _not_ a DRM issue just
because Adobe Digital Editions supports Adobe DRM, and the EFF's headline is a
little disingenuous. Adobe's rationale for this collection is indeed claimed
to be related to licensing, but the biggest problem is how wide a net they're
casting and how intrusive this information is -- ironically enough, if it was
only sending this information about DRM-encumbered books, it'd arguably be
much less of a scandal. (Although the fifty-eight people in the world using
Adobe DRM would still have every right to be pissed.)

~~~
dmix
Since Adobe is not selling books, how do they benefit from parsing this data?
If not for DRM-style tactics?

Are they selling it to third parties? Unless this is the case, then I'd say
their obsession with DRM and rights management is the primary issue. Without
of course discrediting that digital surveillance is the new standard.

~~~
chipotle_coyote
As I said (well, quoted), it _is_ for licensing -- Adobe is apparently trying
to support some kind of "metered licensing," in which you might pay by how
long you keep a book out or even by how far you read in it. Is that the same
as DRM? In practice, mostly, since it's hard to see how that particular scheme
would work without DRM. (But licensing is not the same as DRM, right? I buy a
lot of DRM-free tech books, but that doesn't give me license to put those
books up for free on my web site.)

But I'd nonetheless argue that the primary issue is _not_ that Adobe is
implementing new licensing schemes of dubious value. It's that Adobe
implemented them in an exceedingly invasive way. I don't use Adobe Digital
Editions unless I absolutely have to, but until now that's been because the
software is awful, not because it's philosophically objectionable.

I'd also argue that it may not be entirely fair to describe Adobe as "obsessed
with rights management"; they're providing a platform for publishers, and
using DRM -- or not -- is the publishers' choice. The chances are high that
the "metered licensing" concept was borne of publisher request, not an Adobe
plan to make everyone's life difficult. Making everyone's life difficult is
just Adobe's standard execution plan.

------
Karunamon
One can only hope this blows up for Adobe the same way that Sony's music
rootkit did. The sooner companies understand that DRM is a universally hated
technology, the sooner we can all move on.

~~~
gear54rus
Don't you think they already know that?

Abolishing DRM will require new breed of company. Only a few can still be
profitable without it (Mozilla, anyone?). Those who can't should also be
abolished together with DRM as outdated and obsolete (especially the worst
offenders like Amazon or Adobe).

~~~
Turing_Machine
The publisher chooses to add DRM on Kindle books. Amazon doesn't require it;
it's a checkbox in the publishing portal.

There are plenty of Kindle books that have no DRM.

~~~
JoshTriplett
Amazon chooses to offer that option. They're big enough now that they could
get away with, for instance, charging a larger fee to publishers who apply
DRM, or reducing their fee iff you don't apply DRM.

~~~
Karunamon
Amazon has no reason to do that. Their mission there is to serve their
publishers, and if the publishers want to DRM it up, that's on them.

~~~
JoshTriplett
Amazon has the same reason to do that that Apple did when dropping DRM from
the iTunes music store.

And no, Amazon's mission is not to serve their publishers, because their
publishers aren't the ones giving them giant piles of money. Their publishers
give them products to sell; their customers give them money for those
products. Amazon's mission is to get as much from their _customers_ as
possible. Whether they can get more from their customers with or without DRM
is a reasonable question, but the publishers only come into it if there's a
belief that a significant number of publishers would leave.

~~~
tomatocracy
That's not really true.

Apple faced two pressures which forced them to drop DRM from their music
store: (1) Amazon MP3 who used lack of DRM as a point of differentiation over
Apple and (2) the threat of regulatory action in Europe due to lack of
interoperability.

Amazon today is in the same position in terms of ebooks as Apple was with
music at the time - it uses DRM to lock customers into its hardware product,
in turn driving further purchases towards its own store. This may or may not
be a revenue-maximising strategy for them but it certainly looks like a market
share-maximising strategy. Apple is also in a similar position again trying to
drive purchases to its own store.

At the same time, regulatory action on competition has been more focused on
contractual terms and price collusion/fixing than on interoperability;
regulators will probably want to wait a while after sorting that mess out to
observe whether they see competition acting effectively or not before
addressing interoperability in ebooks.

For the same pressures and reasons to cause DRM to be dropped from ebooks, I
think it will take an outside competitor (probably a new entrant) without a
significant stake in hardware AND with substantial buying power to break this
cycle. I can't think of an obvious candidate to do this today but perhaps I'm
missing one.

------
gldsmth
I play pirated copies of games I bought and own on steam because I don't want
steam to know how many hours I play my games, when I play them, from what
place etc. I consider that is not anyone's business.

Adobe's spyware isn't that different from what gamers have accepted with Steam
unfortunately. Will book readers accept it, the way gamers did, or will they
fight back? Unlike video games, there are alternatives, that are still popular
(buying books on paper). I don't ever intend on spending any $ on a drm'd book
when I can have it on paper for the same price without DRM.

~~~
k-mcgrady
>> "I play pirated copies of games I bought and own on steam because I don't
want steam to know how many hours I play my games, when I play them, from what
place etc. I consider that is not anyone's business."

Just a hypothetical:

If the developer was giving you a discount on Steam because they could collect
this information would you still buy it from Steam and then pirate it (getting
the discount but not providing the information) or would you pay full price
somewhere else? Not judging, just curious.

~~~
gldsmth
I buy games because I support the developers. I've spent full price money
online on games that could've been bought for cheaper in physical form
(amazon.fr is almost always cheaper than steam prices actually unless Steam is
going through a sale. Regular prices on steam are always more expensive than
getting the box delivered at your door). So, no. I wouldn't trade my privacy
for cheaper prices, since the one reason that makes me "honest" and buy games
in the first place is spending my money on things I like. I bought all the
classic RPG I liked, and already owned in physical forms, on gog.com, just to
show an interest in what I saw as a dying genre. Plus the fact that they are
the only gaming platform that is DRM-free. Then I supported the kickstarter
renaissance (Wasteland, Torment etc).

I've put my steam profile on private, but if you could see it, you would see
almost no game past 1hour of play because I never play games from steam. I
only buy them on steam, then I download a copy that will not violate my
privacy. Because for as long as I breath I will not let anyone intrude on my
privacy. Also, when given the choice between steam and gog, I obviously chose
gog.com.

~~~
duckmysick
It doesn't make sense. On one hand you're against violating your privacy. But
on the other hand you are still supporting financially the very same
developers who are OK with such violations when they offer their games through
Steam. You're still increasing their Steam sales numbers, so obviously they
will continue to publish their future content on this platform.

> I only buy them on steam, then I download a copy that will not violate my
> privacy.

There's a third choice - don't buy the games that violate your privacy and
don't play them. You've pointed out great ways to support developers that
don't violate privacy (GOG.com, Kickstarter) - why not stick only to these?
Unless, your urge to play a video game is bigger than your integrity.

~~~
gldsmth
> There's a third choice - don't buy the games that violate your privacy and
> don't play them. You've pointed out great ways to support developers that
> don't violate privacy (GOG.com, Kickstarter) - why not stick only to these?
> Unless, your urge to play a video game is bigger than your integrity.

I support these options when they are available. But when you have a certain
taste for specific niche of games, sometimes there is no alternative.
Kickstarter has managed to bring back the classic top down, turn based party
RPGs, which is fantastic, but I haven't seen any developer try to bring genres
like RPG sandbox (ala Skyrim) or grid based, turn based dungeon crawlers
(MMXL, which has one of the most annoying DRM, is the first game to be
released in the genre in decades) to Kickstarter yet.

Sure, I'm making a dent on my integrity by buying these games but I don't see
it as a great evil as long as we're still able to fight against privacy-
invading schemes. If that option was no longer there, I would stop playing
these games. I also feel that the developers deserve the support, they aren't
responsible for the publishers requirements. I don't wish for them to go out
of business, I'm optimistic that the growing success of Kickstarter and gog as
a platform might change their mind in the long term, I don't think it's all
black & white where we either support kickstarter or support DRM published
games.

I'll remind you that many of the current great kickstarter developers come
from a classic DRM supporting background. Obsidian, for example. Their last
RPG, Fallout New Vegas, depended on Steam as their DRM. They saw the success
of kickstarter, started their own project on it (Pillars of Eternity),
succeeded in crowdfunding it and might end up relying more often on
crowdfunding their games in the future. Pillars of Eternity will be DRM-free.

Now the question is, do you think it would've been better if no one had bought
their games before? You think it would have been better if they had gone out
of business? I do not believe so. PoE exists today because Obsidian could
afford to build itself as a studio and recruit some of the best developers of
the genre.

Showing support for crowdfunding, buying games on gog.com will help these
developers free themselves from the shackles of the bad publishers. Boycotting
developers that are still kept in shackles will not do anything but destroy
their livelihood. Particularly as publishers are very likely to blame piracy
when the games don't sell well.

The fact that a lot of pre-established developers are turning to crowdfunding
bodes well for the future in my mind.

~~~
duckmysick
> But when you have a certain taste for specific niche of games, sometimes
> there is no alternative.

There absolutely is. You can just not play. Video games aren't an essential
commodity; they are a luxury.

Just because I need to edit a photo using a Spot Healing Brush and I don't
like cloud-based subscription doesn't mean I get to pirate Photoshop.

> I also feel that the developers deserve the support, they aren't responsible
> for the publishers requirements. [...] Now the question is, do you think it
> would've been better if no one had bought their games before? You think it
> would have been better if they had gone out of business? I do not believe
> so. PoE exists today because Obsidian could afford to build itself as a
> studio and recruit some of the best developers of the genre.

Except there are independent developers who succeeded without the need of
going through classic big-house publishers: Mojang (before their acquisition
by Microsoft) and Grinding Gear Games are two popular examples. Both of them
did so with their first games. They built their reputation from scratch -
nobody bought their games "before" because there were no such games.

And yes, there's nothing wrong with going out of business if you're doing a
bad job and somebody else can do it better.

> Boycotting developers that are still kept in shackles will not do anything
> but destroy their livelihood.

On the other hand, it will promote the livelihood of those developers who took
risk and published their games independently. It also isn't black and white
where we either support old studios or they go bust and there are no more new
games whatsoever.

One more thing. It might be a long shot, but if you're interested in grid- and
turn-based RPGs, maybe give Dofus or Wakfu a shot. I'm saying it's a long shot
because a) they are MMORPGs; b) they are subscription-based; c) they look
cartoonish, almost anime-like. But they can get surprisingly complex and
fascinating plus they are refreshing takes on seemingly played-out fantasy
role-playing genre. They weren't on Kickstarter because they were developed by
an indie French company for 10 years.

~~~
gldsmth
> Just because I need to edit a photo using a Spot Healing Brush and I don't
> like cloud-based subscription doesn't mean I get to pirate Photoshop.

The comparison is disingenuous, I buy all the games I play at their full
price, some games I've even bought twice (all the classics available on gog
with the DRM removed).

> Except there are independent developers who succeeded without the need of
> going through classic big-house publishers: Mojang (before their acquisition
> by Microsoft) and Grinding Gear Games are two popular examples. Both of them
> did so with their first games. They built their reputation from scratch -
> nobody bought their games "before" because there were no such games.

Sure, but not all types of games can be made with a small and inexperienced
team. Something like Minecraft, which is mostly procedural content, or a
diablo like cannot be compared to a lengthy RPG.

> And yes, there's nothing wrong with going out of business if you're doing a
> bad job and somebody else can do it better.

If they made a good game, and all that's bad about it is the drm scheme, is
that really a "bad job"?

> One more thing. It might be a long shot, but if you're interested in grid-
> and turn-based RPGs, maybe give Dofus or Wakfu a shot. I'm saying it's a
> long shot because a) they are MMORPGs; b) they are subscription-based; c)
> they look cartoonish, almost anime-like. But they can get surprisingly
> complex and fascinating plus they are refreshing takes on seemingly played-
> out fantasy role-playing genre. They weren't on Kickstarter because they
> were developed by an indie French company for 10 years.

Unfortunately, I'm pretty averse toward MMOs in general, I don't like games
over which I have no control, that could be shutdown at any moment, or change
in a way I might not like in a patch (as MMO have a high tendency to
constantly go through rebalance, skill changes etc). I don't mind the anime-
like stuff when the gameplay is good though, although I'll always feel games
would be better without it. I don't mind buying and playing games on console
platforms like the 3DS when I know that at some point in the future they will
be emulated and thus ensure the long term archiving and playability of the
games, so I've had experience with games like Etrian Odyssey IV, which have
bad (in my opinion) graphic style, but classic gameplay that has been long
forgotten on the PC. I like big dungeon mazes and having to draw my own maps,
it's a nice throwback to the era of games like Wizardry and older Might&Magic.
The closest to that in the world of indies on PC is Grimrock, but the combat
is real time and pretty badly done, consisting of a mumbo jumbo dance where
you step back and forth in a hit and run fashion.

Overall, I'm willing to compromise with DRM, as long as there's a way, be it
in the present (like with most PC games) or in the future (like 3DS games) to
eliminate it. This is also why I didn't buy into the newer generations of
consoles, with Moore's law more or less coming at an end, I don't think we'll
ever be able to emulate Playstation 3 games, for example, at a decent speed.
Current handhelds, while not being emulated yet, are still within the realm of
possibility. For home consoles, CPU just aren't progressing fast enough,
single core performance seems like it'll reach a standstill soon and it
already takes a high end CPU to fully emulate something like the PS2,
nevermind thinking about something like the Cell.

I don't play a lot of games, but those I do play and enjoy tend to be games I
enjoy revisiting decades later. For that matter, I'm currently replaying
Wizardry 6 as I'm in a heavy dungeon crawling mood. This is also partly why,
to me, it is important for the possibility of getting rid of DRMs to exist.

Other than not liking MMOs, I do have a varied taste in RPGs. I can go from
games like Wizardry, to gridbased/tactical RPGs like Jagged Alliance 2 and
Fire Emblem, to sandboxes like Skyrim. RPGs are pretty much the only genre of
games I play.

~~~
duckmysick
> The comparison is disingenuous

I disagree. I can always pay the monthly subscription equivalent of the old
standalone license and then just torrent the DRM- and cloud-free version of
Photoshop. The developer still technically gets paid, but I'm under no
illusion that my actions are in any way justified.

> a diablo like cannot be compared to a lengthy RPG.

I tried to look up how "lengthy" this game exactly is going to be and I'm not
content with my results. "Our goal is to make it as long as possible with the
funding that we get from Kickstarter" is as bland response as it can get. And
from the look of it Pillars won't have a decent voice acting. Path of Exile
does, not only main characters taunts, but also NPC dialogs and environmental
lore (journals, statues, inscriptions, etc.). Recently, they released an
expansion pack which added more story and fully voiced NPCs. In my book this
"Diablo-like" can hold candle to a "lengthy RPG" just fine.

I really hope Pillars succeeds, but I'm going to hold my judgement until it's
fully released.

> If they made a good game, and all that's bad about it is the drm scheme, is
> that really a "bad job"?

Apparently it is, since it's such a deal-breaker for you and you actively seek
DRM-free games. And it's ok, because user experience is extremely important.
Even if the gameplay is good, technical obstacles which won't let players
enjoy the game will absolutely ruin its opinion. It was especially evident
with always-online games that had problems during the launch (Diablo III,
SimCity).

> Unfortunately, I'm pretty averse toward MMOs in general (...)

Ah, well. They're not for everyone. I'm not a big fan of them myself; I prefer
to go at my own pace and often end up playing them like in a single-player
mode.

Interesting point with emulation; I haven't considered that.

> Other than not liking MMOs, I do have a varied taste in RPGs.

What about roguelikes? Again, they might not be for everyone, but I had tons
of fun with classics like Nethack and ADOM.

~~~
gldsmth
> I disagree. I can always pay the monthly subscription equivalent of the old
> standalone license and then just torrent the DRM- and cloud-free version of
> Photoshop. The developer still technically gets paid, but I'm under no
> illusion that my actions are in any way justified.

I am not looking for justifications. I am passionate about what I like, and
what is essentially cultural content, rather than a tool. I don't see games
the way I look at software, I see no need to "preserve" software. I do see a
need for open formats, supporting interoperable standards etc though. But I
really don't care if an old version of photoshop, or whatever, stopped working
in a few decades. I'll still want to be able to run my favorite classics. I
don't want a world where the things I bought and greatly enjoyed might stop
working at some point. I am not looking for a moral justification or law or
whatever. I don't care. It is just something I am passionate about. I buy the
games not because the law requires me to do so, I buy them because I love
them, because I want to support the developers, even if I don't like the DRM.

> I tried to look up how "lengthy" this game exactly is going to be and I'm
> not content with my results. "Our goal is to make it as long as possible
> with the funding that we get from Kickstarter" is as bland response as it
> can get. And from the look of it Pillars won't have a decent voice acting.
> Path of Exile does, not only main characters taunts, but also NPC dialogs
> and environmental lore (journals, statues, inscriptions, etc.). Recently,
> they released an expansion pack which added more story and fully voiced
> NPCs. In my book this "Diablo-like" can hold candle to a "lengthy RPG" just
> fine.

Do you have any experience with branching storyline content ? RPGs like PoE
are extremely difficult to do well because we're talking about a particular
flavour of RPG, that of "Choice&Consequence", where you can have an impact on
the storyline, the way you handle quests, the way the world react to your
actions etc. PoE comes from the Fallout/Arcanum/Mask of the Betrayer lineage
of RPG when it comes to that kind of content. All these games tend to have as
a side effect a certain amount of bugs despite all the testing and Q/A that
goes through, it's inherent to the genre and both Fallout and Arcanum are
still getting new fan patches to this day, which is a testament to the
complexity involved. I have never seen a game with a certain amount of
branching that wasn't overly complex to handle. What games like Fallout/New
Vegas/Arcanum did with branching simply does not compare to what happens in
games like modern Bioware stuff, or Bethesda. The epilogue details all the
actions, and the consequences they brought, to all the places you visited, the
characters you interacted with etc. The games have a lot of reactivity. The
number of variables to keep a track of is overwhelming. This isn't like games
where the gameplay doesn't go beyond monster bashing.

Things like voice acting are honestly not in my list of priority in a game,
any game. Voice acting doesn't add complexity in development either, it
requires more funds to be spent on actors, funds I'd prefer to see being spent
on more quests, more branching complexity, more testing and polishing.

> What about roguelikes? Again, they might not be for everyone, but I had tons
> of fun with classics like Nethack and ADOM.

Nethack is a favorite of mine but I don't have any experience with ADOM. A lot
of great RPGs subgenres to go through and too little time.

------
majormajor
Where does the DRM part come into play? The description sounds like it could
be applied to just about any automatic sync-your-progress-across-devices
feature, which is a hugely desirable feature IMO (my Kindle would be worth a
huge amount less without it, since books almost always take multiple reading
sessions to finish), and it's also very useful for movies/TV...

~~~
mrj
Well, one reason: because if we had the freedom to use any ebook reader we
wanted, then we wouldn't have to rely on Adobe spyware. DRM prevents that.

------
higherpurpose
> Second, sending this information in plain text undermines decades of efforts
> by libraries and bookstores to protect the privacy of their patrons and
> customers.

Someone needs to sue Adobe over this. That way we can stop such future
invasions of privacy from DRMed machines in the future.

Also, Microsoft will do much of the same with Windows 10, collecting data not
just on ebooks, but _any_ file you might open, and even characters you may
type. Digital Editions is one app. Windows 10 is a whole OS, which makes the
whole thing a lot scarier:

[http://www.theinquirer.net/inquirer/news/2373838/microsofts-...](http://www.theinquirer.net/inquirer/news/2373838/microsofts-
windows-10-preview-has-permission-to-watch-your-every-move)

~~~
RubyPinch
sans file monitoring (though windows has been offering to send heuristics and
file signatures though windows defender for a while now)

isn't that stuff that most already have signed away on? iOS's autocorrection
for their keyboard, and cloud processing for siri? and same for android's TTS,
STT engines (both are cloud-based by default if I'm not mistaken)? (and the
google keyboard)

without asking the user to agree to such things, microsoft can't enter the
mobile device arena to the same degree as competitors

~~~
k-mcgrady
>> "iOS's autocorrection for their keyboard"

I'm pretty sure nothing you type leaves the device on iOS unless you give
permission (which you can do with third party keyboards).

------
walterbell
Processor-level support for DRM will make future cases more interesting,
[https://www.virusbtn.com/virusbulletin/archive/2014/01/vb201...](https://www.virusbtn.com/virusbulletin/archive/2014/01/vb201401-SGX)

 _" If software and hardware could be ‘sealed’ in some way to prevent an
attacker from examining data in main memory, even if the attacker had
administrator level privileges on the machine, not only could the
confidentiality and integrity of data in the cloud be protected, but the
algorithms and design of cloud hosted applications could also be hidden from
prying eyes."_

~~~
userbinator
_the device ID, which is a 128-bit unique number tied to the processor._

15 years ago Intel tried this, and there was enough opposition that they
removed the feature in later models:
[http://en.wikipedia.org/wiki/Pentium_III#Controversy_about_p...](http://en.wikipedia.org/wiki/Pentium_III#Controversy_about_privacy_issues)

When SGX gets implemented in a future processor, will the users once again
fight strongly against it, or will they submissively accept it without
resistance, looking only at the claimed "security benefits"? I really hope
it'll be the former.

Reading the rest of that article and the linked Intel documents just... gives
me a very bad feeling about the direction things are heading.

~~~
walterbell
Devil is in the details, e.g. in all processors or optional? Can hardware
owners set root keys? How will enclaves interact with client Hyper-v, Yosemite
OS X hypervisor, html5 drm, open-source virtualization & crypto, etc.

~~~
visarga
Protecting content from users is a failed game. This kind of protection is
useless. At the very least, they need to decrypt information before it passed
through our eyes and ears - that's the weak link in the chain.

~~~
joelanders
I think the weak link in the chain is only _after_ decryption, but _before_
uncompression (for lossy formats, so books excluded). See, for example, [1]
and [2], where the authors look at randomness and entropy measures of I/O to
find where the decrypted-but-compressed buffers are.

[1] [http://moyix.blogspot.de/2014/07/breaking-spotify-drm-
with-p...](http://moyix.blogspot.de/2014/07/breaking-spotify-drm-with-
panda.html)

[2] [https://www.usenix.org/node/182951](https://www.usenix.org/node/182951)

------
steve19
Fortunately Kindle DRM is so trivial to remove. I wish it had none but at
least I know my books are mine forever and my reading habits are not being
actively tracked if I use free non-Amazon ebook software.

Amazon seems to turn a blind eye to it, probably because so few readers can be
bothered using de-drm software.

~~~
NolF
I learned to de-DRM my Amazon books due to the concerns of their licencing.
Now I can put them on my phone and listen to the books with TTS. The kindle
App for Android doesn't have the feature...

~~~
nyolfen
if the kindle app for ios is the same it does, highlight speech and tap the
speaker icon at the bottom right

------
jurassic
Adobe is taking a pummeling this week. This news is nicely timed for the
launch week of Affinity Designer, a serious competitor to Illustrator on the
Mac App Store for casual and not-so-casual users who don't use Adobe products
heavily enough to justify the cost of a monthly subscription. I tried it
yesterday and was ready to cancel my Creative Cloud single-app subscription
after about 20 minutes of experimentation. It's more than sufficient for my
vector graphic needs as an indie developer.

~~~
michaelbuddy
Yup, I'm stoked on Affinity Designer. It also nicely promotes Serif software
as an alternative to the Creative Suite. Serif has a lot of educational
customers and casual users and probably would have more if people knew about
them and their prices. I'm going to revisit their stuff. It's been about 10
years since I checked out their page layout program. But Affinity is
fantastic. They put in a lot of great ideas into it in the UI. Xara on Windows
and Affinity on Mac will be my go-to apps for vector drawing. Illustrator for
me is basically just an app for conversion to make sure a file is ready to
share. I hate working in it, clunky app.

~~~
estefan
There are also loads of great serif fonts. I've been using them for a while
now. It's really great to see them moving into software.

------
vlunkr
I could be wrong, but it seems to me that DRM is useless. People who like to
pirate will pirate, no matter what safeguards you put in place, it's been
proven over and over. It's just a nuisance for people who want to obtain media
legally. If I paid for something, why can't I use it on any device I own with
any software? It makes the purchase so much more valuable.

------
devindotcom
Given the scale of incompetence required to have your 'spyware' transmitting
common and expected book data and metadata in plaintext, I have to say we
should employ Hanlon's Razor here, and not attribute to malice what can
adequately be explained by stupidity.

That said, there's probably a little malice in there, too. And either way,
this is probably a crippling blow to this branch of Adobe.

~~~
Crito
When a drunk driver crashes into somebody, we do not care that they had no ill
intent. Why should it matter here?

Sufficiently advanced incompetence might as well be malice.

------
userpasswd
We do what we must

Because

We can

