
Spore's Piracy Problem  - nickb
http://www.forbes.com/2008/09/12/spore-drm-piracy-tech-security-cx_ag_mji_0912spore.html
======
halo
I've been thinking about it lately and I've decided the problem isn't
inherently DRM itself. The problem is that when companies use DRM without
giving back and, in particular, use horrible invasive DRM that is a pain for
the genuine customer.

Case in point: Steam. Steam is basically one big DRM wrapper that also
prevents resale. However, one key difference is that it offers multiple
advantages to users in the form of unlimited redownloads, community features,
not requiring a CD, no DRM driver ugliness, banning hackers in multiplayer
games, works as a decent launcher and also has an extremely convenient online
marketplace. The end result is that it has been given a much warmer reception
than the typical DRM scheme - people are willing to give up some of their
rights in exchange for the added convenience which is a much fairer trade. I'm
not saying Steam is perfect but it seems like the direction companies like EA
should be going.

~~~
silencio
Agreed. Personally, I pirate lots of things I buy anyway because the DRM
becomes a pain (Adobe and Microsoft products, for example). What's interesting
is that I pirated Spore because I didn't want to put up with the DRM and the
European/Australian/etc. edition was out on torrent sites before it was
released in North America (for the record, I purchased Spore Galactic Edition
and Spore Origins for my iPhone...). I'm not sure why companies want to give
their customers a headache. I've had huge headaches dealing with genuine
Windows installs that went away when I just pirate WGA cracks for XP and
Vista. It's not cool when pirates have a simpler time than legitimate
customers just because the companies want to discourage pirates so badly
they're willing to sacrifice customer satisfaction in the process.

On the other hand, I'm very unlikely to pirate something easily available on
Steam..in fact, I'm not sure I ever have. For exactly the reasons you
outlined.

------
reitzensteinm
I went to pre order Red Alert 3 the other day, the $120 nzd collectors
edition. I was typing in my credit card when it clicked - wait... EA... DRM. I
did a Google, found out it uses a relaxed version of the Spore DRM (5
installs), and killed the order. My cofounder said to buy the game and use a
pirated version, but I refuse to support this crap, and that's with the sequel
to my favourite game of all time. They are _nuts_ if they don't think this
happens.

What has the world come to when the pirated version is the version that does
_not_ install spyware?

------
tdavis
I take a very simple stance on this and all DRM-related matters: I buy
something, I own it. I can install on 20 computers if I have that many. Play
my music on 10. Use the object I paid for without being connected to the
Internet or any other nonsense. License key? Fine, whatever, not that it's
really a deterrent.

If I can't do that I download it at-will, for free, sans any sort of
protection and the seller gets jack. A very simple system where (a)
seller/creator doesn't do ridiculous bullshit to keep me from using their item
and (b) I reward them with money.

~~~
there
why do you think it's acceptable to pirate/"steal"/whatever that product for
free instead of simply choosing not to purchase it?

i can understand a person purchasing a real copy of a game and then
downloading a pirated version that has the DRM removed, or someone buying a CD
and then downloading the same album on waffles in a variety of formats simply
because it's easier/faster.

but if you don't like the DRM, wouldn't it make more sense to speak with your
dollars and not purchase it? why do you feel justified in using what they
created without any compensation?

~~~
cturner
I don't know a single person who's actions reflect a genuine respect for the
stupid world of software licensing. Your comment contains the sort of conflict
I'm talking about.

Why do you think it's acceptable not to? How is it that it is OK to do some
things that displease the gods of protected content creation, yet still
necessary to pay them certain forms of tribute? Why should people dance to the
beat of a notion that is so obviously impractical? Should a couple of very
specific business models be protected from natural progression of the digital
revolution? Why should the onus be placed consumers to purchase things we
clearly don't need to, and not on producers to create business models that
actually make sense (e.g. steam, dongles, iphone store, support contracts,
server-centric software)? What is it about your ethic that makes it something
other than completely arbitrary?

------
froo
_As of Thursday afternoon, "Spore" had been illegally downloaded on file-
sharing networks using BitTorrent peer-to-peer transfer 171,402 times since
Sept. 1_

That number seems awfully low, I'm having a real hard time believing this
figure to be true, I just did a quick count-up of downloads on the various
torrent sites I know of and I came up with about 300k, no doubt there has been
more downloads when you factor in other protocols and direct downloads (eg,
rapidshare type links)

I'm guessing the "research firm" probably just went to ThePirateBay and
counted there - I don't think they took networks/trackers into account that
aren't as recognisable as TPB.

~~~
Zev
If you're looking on public sites, keep in mind that they all tend to archive
the same trackers. So make sure each torrent you add up is unique and not the
same one being reported multiple times from various places.

~~~
froo
I did, otherwise that number would be in the several millions.

------
jacobscott
Do publishers just have their head in the sand? DRM is a hassle to real
customers and an interesting challenge to pirates.

I consider the following talk on DRM by Cory Doctorow at MSR from 2004 to be a
must-read, and I do not think that age has affected its accuracy:
<http://craphound.com/msftdrm.txt>

~~~
tptacek
It hasn't hurt iTunes, which remains (for all intents and purposes) unbroken.
It's a tightrope. Requiring reauthorization every 10 days, so that if I forget
to play, the game doesn't work on the airplane --- that's a total fuckup. But
if 95% of your users aren't even going to notice the DRM, and the DRM is hard
enough to provide 1-5 days of lead time for the title (during the most
lucrative window for the publisher), it's hard to see why publishers wouldn't
do it.

Spore's DRM does appear to suck. Windows game titles are notorious for crappy
DRM. StarForce, for instance, apparently hooks both INT3 and the kernel idle
loop. So, I'm going to concede Spore to the bOING bOING crowd.

But there are DRM systems that are working: iTunes, DirecTV, Blu Ray BD+.

It's an interesting CS problem and it rankles me when people are dismissive of
it. Not that you were.

~~~
jacobscott
If 1-5 days lead time is the problem, why not promise to disable it
afterwards?

iTunes DRM has been broken and patched multiple times. The vast majority of
its content is also available on CD/DVD.

I don't keep up with DirecTV, but I know there was at some point an active
cracking community; while BD+ is still unbroken, AACS fell. These systems have
been almost entirely deployed in embedded systems, which clearly makes them
harder to crack. Still, the xbox360 and the wii have been cracked (can be
modded).

I do not think DRM has a good track record and I think it is fundamentally
wrongheaded. I don't find the current solutions to DRM that interesting --
from what I understand they just lock down as much as possible (from TCM to
HDCP). However, if/when Sun's DReaM stops being a pipe-DReaM, I'll definitely
pay attention.

~~~
tptacek
Disabling DRM after opening week is not at all a bad idea.

iTunes DRM has been broken repeatedly. But the latest incarnation has survived
multiple years, despite large incentive for a public break. It's been hard
enough to break that what has been done has been kept private, for commercial
reasons. Like it or not, it's a success story.

DirecTV had an active cracking community 7 years ago. Then they contracted a
famous cryptography team to develop what appears to be a white-box crypto
scheme implemented directly in hardware gates. Nobody has been able to do
anything with it since. It's a major success story. What was there in 1999
wasn't so much a "community" as a cottage industry, and now it's dead.

BD+ actually has been broken. Title. By. Title. Even if that trend continues
for the next several years, it's still a win for Blu-Ray, because SlySoft
hasn't gotten a crack out within opening week yet, and they have to dedicate a
team to refreshing their product at the whim of the publishers.

I don't have a moral concern about DRM. I'd rather use unencumbered CDs. Sure,
I'd also rather not pay for satellite TV. But as a CS problem, it's really
interesting. The things that people say make it "impossible" actually make it
Hard. Hard problems are fun, and we learn from them.

~~~
jacobscott
Thanks for further fleshing these out; I think you're right that the three are
success stories.

Just to play devil's advocate, can you think of anything (reasonably popular)
for sale on iTunes/Blu-ray or shown on DirecTV that can't be found free
(illegally) online? What do you think about the darknet paper?

<http://crypto.stanford.edu/DRM2002/darknet5.doc>

~~~
tptacek
I don't like this paper. It makes a facile argument ("DRM systems will leak"),
and then supports it with inaccuracies. For instance, the notion that
watermarking is unlikely to succeed owing to technical challenges with the
"embedding layer" --- huh? This irritates me on general principles! Watermarks
are covert channels, something most security disciplines try to _eliminate_ ,
and generally concede to be unstoppable.

What I think really happened here? This paper came out roughly a year after Ed
Felten busted the SDMI watermark, and simply took his results and generalized
them. Of course, SDMI is a crappy watermark; Ed Felten broke it in a matter of
weeks.

~~~
jacobscott
Feel free to let me know if I am beating a dead horse; but it seems (e.g.
matasano etc) like you have extensive expertise/knowledge here and I'm
interested in your opinion.

My next questions are about DRM in the general context of content protection.
Do you think it will ever be difficult to (find and) download an unprotected
Top 40 single from the Internet? An HDTV rip of a television show? Will the
"DRM ecosystem" be able to secure popular content in the future, thereby
having a significantly detrimental effect on piracy? Is the security of BD+
the beginning of a trend in next-generation content protection, or an anomaly?

What I'm really trying to puzzle out is whether DRM prevents, or will prevent
in the future, enough piracy (and convinces pirates to purchase? Very hard
metric to quantify) to warrant the substantial inconvenience it places on
legitimate customers.

~~~
tptacek
iTunes DRM _doesn't_ inconvenience the typical iTunes customer. DirecTV
content protection _doesn't_ inconvenience DTV subscribers. Blu-Ray BD+
_doesn't_ inconvenience most Blu-Ray customers (almost none of whom "back up"
their DVDs).

That's a big part of why they work.

The trouble I think most people have in analyzing DRM is that it's not an all-
or-nothing problem; it's an economic one. There will always be cammed copies
of first-run movies for sale on the street and circulating on BitTorrent. But
as long as it's easier to buy than to copy --- at least in the first 2 weeks
of a release --- DRM is working. To achieve that, DRM vendors just need to
make the cost of a break more expensive than those first couple weeks are
worth in piracy costs.

I don't really have a horse in this race. I'm not sold on DRM either. I've
worked professionally on both sides of this problem. What I think right now is
that CS types are underestimating the next generation of DRM systems. Software
and content protection is getting more sophisticated. It also dovetails more
effectively with systems security than it did 10 years ago. We want locks on
our platforms so they don't get enrolled in botnets; those same locks will
help content providers enforce contracts.

------
vaksel
Personally I don't see why everyone is going apeshit over this game. Sure its
nice graphics and has some good game play...but its soooo short. You'll spend
4 hours going through the stages, and then its an open ended game where you
really don't have anything to do except repeating the same formula over and
over again

~~~
unalone
It's because the game is so incredibly revolutionary on every level at once. I
haven't played the game and I'm going apeshit over it, because I don't care
about the things you mentioned, I want to mess with every single editor and
travel out to the universe and see every neat thing that every single player
has made. And a Brian Eno-programmed soundtrack is pretty neat too.

Think of it like the Sims - easy gameplay but incredibly addictive - combined
with Legos.

