
A Brilliant Parody of DRM - jessaustin
http://www.forbes.com/sites/timothylee/2013/02/03/a-brilliant-parody-of-drm/
======
a_p
This reminds me of the terms of service of an old trolling site, adequacy.org,
which forbade port scans, OS detections, right clicking to view source, etc.

"Adequacy.org gives permission for its servers to be accessed by HTTP clients
specifically designed to represent the logical structure of the served
documents in a user readable format, or by mail transport agents legitimately
transporting email relevant to the site. Protocol handshake information
generated by our servers in a network transaction with your computer and
client program, including but not limited to HTTP headers or SMTP handshakes,
are Copyright (C) 2001, 2002 Adequacy.org; disclosure of the contents of such
protocol exchanges is strictly forbidden.

The HTML source to our web pages is also Copyright (C) 2001, 2002
Adequacy.org, and is only licensed to you for the purposes of reading and
responding to Adequacy.org content, not for direct examination of said HTML
source. Disclosure of the HTML source of any Adequacy.org page beyond the
perusal of article and comment content is strictly forbidden.

Any means of accessing Adequacy.org which violates these permissions,
including but not limited to telnet access to any port, port scans, operating
system detection programs, or any client or client feature specifically
designed to display HTTP header information in a normal network transaction
with our servers, or to display or store the physical structure of the HTML
documents served (as opposed to generating a user-visible display out of the
logical structure), are access control circumvention devices and thus not
allowed under the provisions of the DMCA. Use of such devices on our site
shall constitute unauthorized access (a.k.a. "hacking"). An example of such
client devices is the wget program, which by design displays protocol
information and does not render the HTML document for user consumption;
another one is the "Display Source" feature of Web browsers.

Also, we reserve the right to remove comments deemed inappropriate in tone,
factually false, or in violation of the law. We recognize this is an extreme
measure, and will thus apply it sparingly.

We will enthusiastically give out your IP address to the FBI. We live in
dangerous times, and Americans have to watch out what they say."

Link is here: <http://www.adequacy.org/special/tos.html>

------
tptacek
It's an interesting dilemma rightsholders find themselves in.

On the one hand, when people override trivial content protection measures,
Internet commenters are up in arms about attempts to take recourse in the law.
How can it be unlawful, commenters ask, for people to undertake actions that
any semiliterate technical person instinctively knows how to do?

On the other hand, when rightsholders attempt to employ anything approaching
sophisticated content protection, those same commenters are up in arms about
the extent to which they're inconvenienced. To rub it in, they never fail to
mention how content protection "doesn't stop pirates anyways".

What's a content producer to do? Give away their content for free, one
supposes, and eventually go out of business. The Internet has spoken!

 _Late edit:_

I think we get it, by the way. There's no worse sin that sacrificing
convenience. Convenience is such an important principle on the Internet that
it overrides practically all other concerns. "I would pay for this content",
says the Internet 'pirate', "but HBO won't let me pay $2.99 an episode for it,
so I'm entitled to take it."

But that's neither here nor there. I said the dilemma was "interesting",
because it is. I didn't say Javascript DRM was a good idea.

~~~
Tmmrn
That's a false dilemma. Your choices:

1\. Slight inconvenience 2\. Strong inconvenience 3\. Giving away "content"
for free

I propose 4.: No inconvenience for the users, charge as you wish and simply
sue the people making money illegally off your works.

Because the argument that it doesn't stop illegal copying anyway is correct.
Consumers don't like it: [http://www.amazon.com/Assassins-Creed-2-Pc/product-
reviews/B...](http://www.amazon.com/Assassins-Creed-2-Pc/product-
reviews/B001TOQ8R0/) <http://www.amazon.com/Spore-Mac/product-
reviews/B000FKBCX4/> Those people giving 1 star reviews, those are the people
who are interested in the game, research it, many of them probably pay money
for it and then they are dissatisfied.

For text articles I think the big problem is really if someone copies an
article and has some kind of decent traffic on the copy. This should be
trivial to find via a search engine and you can take appropriate action
directly.

For music and videos... I am not a friend of watermarks but it may be the best
method of just selling drm free and going after those people who share the
most "commercially".

~~~
jiggy2011
It's surprisingly difficult to sue people for IP infringement if they are
foreign unfortunately.

I have a friend who published a bunch of her artwork online and later found
out via google image search that it was being used by a fair sized company
with only slight modification for branding purposes without her being paid or
made aware.

She contacted the company in question directly who basically responded "LOL,
screw off". At that point she contacted an IP lawyer assuming it would be an
easy case. But was basically told the process would cost thousands of $ and
she would most likely lose.

~~~
bediger4000
Isn't that problem more-or-less another indication of the failure of DRM? That
is, only rich people (or other entities with personhood, like corporations)
can use the laws in question. DRM increases the cost of the content, and the
legal follow-up on real instances of "Intellectual Property Theft" is quite
expensive. Either way (increased cost to get content out, or expensive
policing) the DRM hurts personhood's with smaller amounts of cash.

~~~
stcredzero
_> Isn't that problem more-or-less another indication of the failure of DRM?
That is, only rich people (or other entities with personhood, like
corporations) can use the laws in question._

Until this changes, DRM will be a failure. Likewise, when "property rights"
are just a way for rich folks to oppress everyone else, there is no rule of
law, and such rights are just a legal pretext for the rich to hire soldiers to
bully others. However, when property rights apply to everyone, then they
become an expectation of society as a whole. Thieves are successfully
prosecuted, the law can act as a deterrent, and the resulting stability allows
for the accumulation of wealth in the general populace.

The Internet isn't to that point yet. We're all still barbarians, and if you
can take another's livestock and horses, you're clever and a hero to be
admired.

~~~
tptacek
Wait, what? In what sense are "property rights" over content a tool
exclusively for the powerful? Apart from "Glee", what content provider
routinely appropriates and resells independently produced content? Moreover,
without the protection of the law, how does any market for independent content
exist?

I don't think you've thought this point through carefully.

Finally, your invocation of "might makes right" is comfortably made on Hacker
News, where you feel like you have a good sense of both the ability of your
peers to screw you over and the causes to which they'd put those abilities to
use. Let me just once again inform you that people on HN are far less
"mighty", as regards technology, than they think they are. In particular,
money buys a whole lot of "might" when it comes to software security.

~~~
stcredzero
_> Wait, what? In what sense are "property rights" over content a tool
exclusively for the powerful?_

You misunderstand me. Property rights were once a tool of the powerful. Now
they are distributed, for the better. Likewise DRM, except in some limited
contexts, is primarily a tool of big companies. It would be better for it to
be primarily a tool of the masses.

 _> In particular, money buys a whole lot of "might" when it comes to software
security._

You've made my point. It's just like when firearms were the province of rich
people who could afford them. Someone is going to figure out how to sell and
market the same tech (polymorphically customized, or with a white box
encryption layer) to the masses, who can actually make better use of it than
big companies who must oppose whole hacker communities at once.

------
gyardley
Whatever the merits or demerits of the copy-paste blocker's argument are,
surely I'm not the only person who highlights text on the Internet as I read
it, or who regularly right-clicks and uses commands from the context menu.

I doubt I'll be visiting that guy's site again, but in case I run into the
WordPress extension he's using on another site, the 'frustrate_copy.js' file
it uses has gone into my filter list.

~~~
jiggy2011
Yes, I also copy and paste words or phrases from articles into google if I
want to know more about something.

------
stcredzero
_> Circumventing conventional DRM isn’t quite this easy, but no DRM scheme has
withstood serious efforts to circumvent it._

This "truism" is vague, and therefore misleading in some way. Before Sony
decided to piss off the entire internet, their DRM stood for the better part
of a year. Motorola's had some phones that weren't rootable for months on end.
In one sense, it's true: the economic forces will ensure that everything
highly visible and in high demand will have any DRM broken. What entrepreneurs
should notice, is that not everything is subject to the same economic forces.

There is a valuable analogy in physical locks. Since the industrial
revolution, inventors produce a constant supply of new lock designs which get
broken by clever locksmiths. Nothing stands forever. Yet, people still make
money selling locks, and they have actual utility. Most of the possible uses
for locks are for content which is far less known and far less sought after
than someone's rare Ferrari or the bragging rights on the newest lock at the
world expo.

Many would say digital goods are different. I say that's primarily wishful
thinking. Cash is highly fungible, but is still successfully secured with
chintzy little locks in many cases. I think it's high time for _people_ to get
their own DRM. It's hopeless for big corporations, but ordinary people are
actually in the right economic position to benefit from DRM.

~~~
MichaelGG
This old argument? The difference is that with safes/locks, every thief needs
to overcome the lock, and there is usually other safeguards. With digital
goods, one master cracker does the work once, and everyone else can just
download that directly.

Also, with cash, you don't hand over the entire box to someone and say "you
can only take a few dollars out and then must give us the rest back", but
that's what DRM does, to keep with pointless analogies.

~~~
stcredzero
_> This old argument?_

No, it's not. Congrats on being another knee-jerk reactor.

 _> With digital goods, one master cracker does the work once_

Your analogy only fits the use of DRM by big companies. With a lock guarding
long tail or personal data, there isn't one lock to be broken just once. There
are millions of locks. Sure, a cracker can get Jane Doe's data and post it to
the Internet, but someone could also break into her house and steal her
grandmother's old brooch. In both cases, the damage is done and can't be
undone. The point is -- is there enough economic incentive to make it happen
all the time? No, there isn't. The value is too diffuse to normally attract
intensive hacking.

Instead of guarding something everyone on the Internet cares about, why not
use the tech for guarding stuff only a few care about, in a context where the
parties involved are largely trustworthy. There's still a need there, as
evidenced by very weak physical locks used by small parties as deterrents to
crimes of opportunity.

 _> Also, with cash, you don't hand over the entire box to someone and say
"you can only take a few dollars out and then must give us the rest back", but
that's what DRM does, to keep with pointless analogies._

You think you're being clever, but just have missed the point. In this case,
it's more like the lock box at the local church Bingo. It's not much security,
but it doesn't have to be. There is still value in being able to prevent
crimes of opportunity and tremendous unacknowledged need.

~~~
jessaustin
How would this work? This proposal seems to assume that the situation of
private individuals and their personal data is similar to that of big content
companies and their content, except for a slightly different threat model. In
fact the two situations are quite different. Jane Doe isn't publishing her
credit card number and "protecting" it with DRM, as silly as that would be.

~~~
stcredzero
_> In fact the two situations are quite different._

Yup. My point exactly. Congrats on being another careless knee-jerker who
applies big-company context as a straw man and doesn't read carefully or think
it through.

~~~
jessaustin
You're going to have to spell it out for us morons. How on Earth could DRM
help the average person?

~~~
jessaustin
[crickets]

------
sitharus
I remember many years ago having to explain to a client that disabling right
clicks to prevent 'image stealing' wouldn't work. They weren't really
concerned with how difficult it made normal usage, but the astonishment when I
demonstrated disabling JavaScript was quite impressive.

~~~
jiggy2011
Right click disabling is especially annoying because it prevents me from using
the context menu to do back->forward->reload which I do out of habit.

And since it's usually implemented as an alert() you get that "thunk!" noise
every time you try (unless like me you disable all event sounds).

You don't even need to turn off JS to rip the pages usually, just doing "save
as" will do the job.

The way I have heard people justify this is "Even if it doesn't work, at least
it warns people" though I'm pretty sure site rippers know exactly what they
are doing.

Indecently, I have found that when site rippers rip your site they don't
usually bother to change the src="" for assets and will continue to serve JS
from your domain.

In such a case you simply need to do a referrer check when you serve up the JS
scripts and you can inject whatever you want into the ripped page including a
redirect back to your own site (or any site of your choosing).

------
politician
You can bypass this absurdity directly from most browsers by pressing Ctrl-P
and printing the page to PDF. The PDF does not have any restrictions on
copying, and the user doesn't have to know what JavaScript is.

------
mrposty
It's telling that the code of Gene's script is named "Frustrate_copy". it's
all right there, really.

[http://www.ipwatchdog.com/wp-
content/plugins/digiproveblog/f...](http://www.ipwatchdog.com/wp-
content/plugins/digiproveblog/frustrate_copy.js?v=2.13)

------
keithpeter

       w3m url > file
    

The 'large entities' referred to may well have access to bash and a text mode
browser. And wget in mirror mode can duplicate the whole site of course.

~~~
Natsu
JavaScript has to be whitelisted before my computer will even run it, so I
wouldn't even know that his protections existed without the news article. Even
if I had JavaScript on, I don't use right click to copy to begin with.

So this is all kinds of useless.

------
snarfy
Sadly, the author can probably be jailed under the DMCA for explaining how to
circumvent this DRM scheme.

------
hawkw
DRM is quite frequently a brilliant parody of itself.

------
danso
It's worth pointing out that, in my experience, very few non tech
professionals know how to bypass such an otherwise trivial security feature.

Disabling JavaScript is an option...but not one that I would even use given
how that option is buried in different ways for different browsers.

Viewing source: very few people who have not done web dev understand that HTML
is just text, never mind have the ability to not panic when they see a jumble
of source. I haven't seen any recent studies on this, but I've heard using
Ctrl-F is something the average user almost never does.

I'm not belittling the OP's point, just saying that if this implementation
fools the originating blogger, it will fool most of his/her audience. Also, I
continue to think (and wish) that using the web inspector was a basic web
skill that was taught, and something more worthwhile than the majority of
5-week HTML basic courses I've yet seen.

~~~
_dark_matter_
I think what the authors point is that yes, most people won't truly be able to
disable it. But for those that want to (say, to copy and paste the entire
article for personal gain), it's trivially easy. And it is. Even if they know
nothing of web dev, they can google for five minutes and find out how to
disable the security "feature".

~~~
danso
I don't know about that, though. The problem is that many people, especially
the type who don't already know how to bypass this, will not even know that
the solution is one google search away. It could be a day's worth of hacking
into their own browser, for all they know...and that is enough to prevent them
from investigating further.

The amusing part of this is tha the blogger in question assumes his material
is something people want to copy and paste. If it is the case that most of
them never wanted to copy and paste in the first place, the blogger will go on
thinking that his solution worked, and will continue to stew in his own
ignorance

------
bediger4000
Timothy B. Lee: another victim of Poe's Law
(<http://en.wikipedia.org/wiki/Poe%27s_law>). Let us remove our hats and have
a silent moment of meditation in his honor.

...

Now that the silent moment is over, I exhort everyone to double and redouble
their efforts at preventing commone folk from being victimized by Poe's Law.

