

Ask HN: How should I secure my ebooks? - demosthenes

I'm about to publish an ebook and am looking for ways of securing it.<p>The target readers are high school students so it might have to be fairly robust. On the other hand, a light-touch approach and a friendly notice about paying if you think it's worth it might be enough.<p>So far, every solution I've looked at seems either insecure (eg. IP restricted / expiring download links) or annoying for users (custom readers, plugins). Also, much of it is limited to Windows.<p>Do you have any experience of this? Any advice? Recommendations?
======
m03p
Imo it's just not worth it, if somebody can read it he can make a copy of it
and redistribute it "illegally". Only thing you'll accomplish is pissing of
the ones who retrieve it legally and the "harder" (harder for the average Joe)
you make it the more annoying it'll be.

Only reliable "secure" way of publishing an ebook is not publishing it as an
ebook at all.

~~~
demosthenes
We realize there'd no way to eliminate piracy altogether.

We're just looking for the simplest way to make casual piracy tricky enough to
discourage anyone who might want to pay for it. And of course a way that
doesn't piss off paying users.

I'm not too concerned about piracy by people who would never have paid in the
first place.

------
apage43
If you use -any- sort of DRM, it will be extremely restrictive to the end
user. Personally, I think really what is needed is for it to be convenient for
the end user. This is what keeps me buying music from Amazon MP3. I don't even
need any software other than a browser if I'm buying a single song. There's
nothing to stop me from sharing my files with a few friends but Amazon MP3
probably makes up for whatever sales that would be lost this way because I
like the service so much I recommend it to people all the time. Just give the
user a raw, non-drm PDF file. If you really need to do -something-,
dynamically insert a unique user ID on the last page of the book, just on the
page, no steganography, write "Purchased by user #12345." PDF is pretty much a
read-only format, so this wouldn't be easy to remove.

This probably won't keep people from casually sharing the book with their
friends but will probably effectively put them off of sharing it publicly on
the internet or p2p.

~~~
earl
That approach -- making paying more convenient than not -- only works for
adults, ie people who have an surfeit of money and a lack of time. High school
students are the opposite.

~~~
apage43
I'm personally fresh out of high school, still 18 in fact. If your price point
is so high that your target audience will actually -look- for a pirated
version before they even consider a purchase, you are not going to have very
good sales. The rule of thumb for DRM is pretty much if anyone can view the
content, then the content can be cracked and distributed. Any significantly
good, well-known product will be available for free somewhere, it's just a
question of how hard it is to find.

Consider that many high school students can't purchase things online anyway,
lacking credit cards, which means no matter what, "stealing" the product is
more convenient for them.

------
kqr2
How about using Mobipocket Creator Publisher Edition to encrypt your ebooks?
End users can then use the free mobipocket reader software.

[http://www.mobipocket.com/dev/article.asp?BaseFolder=prcgen&...](http://www.mobipocket.com/dev/article.asp?BaseFolder=prcgen&File=building.htm/drm)

BTW, this is pretty much the same format / drm the the Amazon Kindle uses.

------
zackattack
I've thought of this before and here is what I came up with. Each ebook
purchased should be unique. This does not have to be a manual process. You
should take the transaction ID of the ebook purchase, use it to generate a
steganographic image, and patch that somewhere into your PDF file. A good way
to do this might be to use Least Significant Bit encryption. Directly quoted
from Wikipedia:

>>>For example: a 24-bit bitmap will have 8 bits representing each of the
three color values (red, green, and blue) at each pixel. If we consider just
the blue there will be 28 different values of blue. The difference between
11111111 and 11111110 in the value for blue intensity is likely to be
undetectable by the human eye. Therefore, the least significant bit can be
used (more or less undetectably) for something else other than color
information. If we do it with the green and the red as well we can get one
letter of ASCII text for every three pixels

Now, there are two main problems here, as I see:

1\. The text can still be scraped from the ebook and redistributed as a .doc
file. For this reason, you may also want to include some text steganography
(e.g., draw some ASCII art with varying characters; change the order of people
you thank on the "dedication" page).

2\. The pirate-distributor could insert pixel noise randomly all over the
file. Then, your trans-id information encrypted in the LSB-image would be
lost. In my opinion, however, this is unlikely, because the security I've
described is not (at least typically) used in practice (with eBooks, as far as
I know).

These aren't preventative measures [1]. But if something does end up
circulating on the net, you have a unique ID and can then probably sue their
parents. Be sure to explicitly forbid them from circulating the PDF/consent to
being sued if they do/what have you, in the terms of service.

[1] Unless you explain that each ebook is uniquely secured, which may prove
something of a deterrent; unfortunately, one measure of security is to not let
people know that the property is secured in the first place. This may make the
steganography more vulnerable to attack.

~~~
slackenerny
> _text steganography_

<http://lcamtuf.coredump.cx/soft/snowdrop.tgz>

[http://coderrr.wordpress.com/2008/03/23/simple-text-
watermar...](http://coderrr.wordpress.com/2008/03/23/simple-text-watermarking-
with-unicode/)

