Hacker News new | comments | ask | show | jobs | submit login
There's No DRM in JPEG – Let's Keep It That Way (eff.org)
224 points by DiabloD3 on Oct 13, 2015 | hide | past | web | favorite | 120 comments



To be fair, ask webcomics guys and photographers about piracy - they get the worst of it. Big companies that would never dream of encouraging you to pirate videos and songs functionally encourage you to swap images around constantly, stripped and re-watermarked and whatnot.

So yes, I do feel a bit bad for small independant artists who watch the standards bodies work themselves into a fury to protect video and audio content while they have to deal with Google Image Search and 9gag.


Protecting a single image is far more difficult. Video and audio are "protectable" to the extent they are because there is a really low expectation of how they have to work. Start playback, stop playback - that's about it. No one expects to pre-render, use video as a buffer for other things, etc. You can realistically render video direct to the screen via hardware, in a protected path.

Doing the same for still images adds a ton of work for little payoff. And it still doesn't prevent anything. At least in video if the system remains uncracked, it's hard to make a copy. You can't just point a video camera at a screen and get good results.

Whereas for a still image? Pretty easy to reconstruct the exact pixels, 100%.

Anyways, this is doomed entirely. They provide the case of social media sites stripping off metadata. Well guess what, if your DRM is gonna prevent them from modifying the image, it's gonna prevent them from loading the image in the first place. Even if the JPEG folks add it, it has zero chance of going anywhere. You'd need support from the hardware, OS, and on up. (Like video has.)


> At least in video if the system remains uncracked, it's hard to make a copy. You can't just point a video camera at a screen and get good results.

It never was show-stoppingly hard. Push comes to shove, if MAFIAA invents something really good to stop you from copying a file, someone in Shenzhen will make a physical screen recorder that captures subpixels directly off your monitor and turns them back into data.


A video is just a succession of images. An image is a video with only one frame. You could use the exact same system that protects videos to protect an image, by making a video with one frame of very long (infinite) duration.


Which was incidentally a technique used by early blu-ray rippers. (Making a screenshot of each frame.)


I feel bad for them, too. It sucks for them that it is no longer a viable business model to sell non-bespoke art to the public. I'd love to do this for a living. But this is not going to change, no matter how much DRM you attempt to add.

The only things of value in the non-physical world are monopoly, reputation, and customisation.


> I feel bad for them, too. It sucks for them that it is no longer a viable business model to sell non-bespoke art to the public.

I'm not sure this was ever the case in Western society for all but the top 1% of artists in any given time period.


1% is surely far too generous.


DRM is protection of content from the consumer itself. The consumer is going to consume the data through an analogue channel. This channel will always be the source of extracting redistributable content. The very premise of DRM rules out any 100%-solution and sets it as obfuscation.

I feel it might be stupid idea but it is not impractical.

The effort of extracting content should be less than the maximum value that can be generated by redistribution. Thus, returns from piracy diminishes as you go from softwares to video to image to text. The effort of extracting an image is too easy via analogue hole. This is assuming an open technology ecosystem not exactly the RMS world but at least Linus or perhaps Mozilla. The enforcers of the DRM do the sensible thing of spreading their proprietary black boxes to as much people, until, they can shut down their doors to the rest of community. That is precisely when certain open source foundations too had to back down. That is how you can enjoy netflix only within your chrome browser.

What bothers me is why are they trying to make it into the standards. If it is built into the standards, it will be built into the downloaders as well. Remember what happened with HLS AES encryption, it is now built into the video downloaders itself. While I understand benefits of standardization, how it has given shape to tech, it might not be true with something so un-technical as DRM. If you do want obfuscation, at least do not make it standard procedure. You know very well that the strongest DRM can not be technically secure.


> The very premise of DRM rules out any 100%-solution and sets it as obfuscation.

> I feel it might be stupid idea but it is not impractical.

They are willing to fuck everything up to extract more royalties. Don't worry that you can't have a 100%-solution DRM now. When we get to the level of advanced optical implants or even brainchips, I'm willing to bet MAFIAA will be one of the biggest investors, in order to sneak in a DRM processor directly into your head and then force you to consume content only through legal and paid-for MAFIAA-certified brain chips.


That's increadibly cynical, but if cybernetics ever become a thing, I think it's painfully obvious what will happen.

Humanity is going to learn some very hard lessons if that class of technologies ever pans out.


I wish I could attribute it to just my cynicism. I'm not saying they will succeed, but I have no doubts they'll try very hard, like they do now with every single piece of technology. There are millions of marketers and executives whose only job is trying to figure out how to squeeze money out of something, burning any value in the process if necessary. I've worked with the types, they have a particular way of thinking that makes you blind to the fact you're fucking your customers - or the society - over. A kind of reverse reality distortion bubble, in which you believe the victims of your ideas are actually happy about them.


I'm so glad I grew up in an era where people's only concern was making things work AT ALL. Trying to make things work for licensed users only, or only for certain devices, or anything else is just bullshit.


A different way of looking at this is, we figured out how to make things work at all. Now people are trying to figure out how to get paid for the work they do on those cool new things.

Struggling to make sure you get paid is nothing new, either.


It's not struggling to make sure you get paid that's the problem - it's people fighting to get paid more, and people who starts expecting to get paid for things they weren't being paid before. Both of those problems, reluctance to accept that not everything you do will bring in monetary compensation, are greed that drives invention of things like DRM.

The only worse thing is people who notice something is cool and decide to come in and monetize it.


The choice I see they have is either stop doing it anymore, or enforce payment. Continuing to do it with out pay, whether they were originally paid or not is no longer viable.


I see they have a choice to not be greedy and bitch about lost sales. This actually earns respect from the consumers. You have to accept that you're not going to capture all the value you're creating.

EDIT: also, happy 2^11-day :).


You presume this "not being greedy" won't mean their going out of business. Look at newspaper journalism for an example of free redistribution of copyrighted content literally killing an industry's worth of companies.


Yet we still have newspapers, online and in print.


Yeah, and at this point it wouldn't hurt if they all just died - they provide negative utility to society by oscillating between mostly writing lies and clickbait bullshit.

(INB4 you reflexively downvote me for saying bad things about Respectable Newspapers, take a moment to think about the last time they wrote something in your area of expertise and note how big a mix of lies, bullshit and misunderstanding the article was. There is no reason to assume that everything else they cover is true.)

Journalism has a much bigger problem than just their business model being ruined by digitization. They need to figure out a business model that incentivizes actual, honest reporting.


If we could get rid of copyright there'd be much less resistance toward embedding information about who created the work.

I'd very much like that we could abolish fines for copying but keep fines for stripping author signature from work, or not propagating original author signature to works that are derived.

This way you could have a trail to reach actual author of the part of work that you find awesome to commission some new work from him.

This could be much more valuable for way more people than current copyright schemes that only seem to benefit fatcats.


I write books. I publish the contents for free online, too.

But I still want copyright. If there were none, someone else could take my work, attribute it, put it on some SEO'd site and outrank me.

What recourse would I have? Very few people are going to find the original source, search it, get past the SEO and find my site.

And zero readers have commissioned a work. I make money, but not that way.

Trust me, copyright isn't just for fatcats. Though I suspect it's mostly fatcats who propose unreasonable applications of copyright.


The problem is you're right, but you're not in good company.

I want copyright too, and for pretty much the same reasons as you. But right now supporting "copyright" means you're taking the same side as assholes who insists on a term of 70 years after the death of the author, or more. Some people even at HN think copyright ought to have infinite duration. It means you're on the same side as those who want to send people to prison or put them in the poorhouse for putting a video on Youtube. The same side as jerks who want to deploy bots all across the web to indiscriminately take down content whether it infringes or not, and who wheel and deal with distribution channels when the draconian laws they bribe governments to pass aren't enough. Seriously, fuck these people.

The political climate in much of the world eschews nuance on basically any issue you can name, and copyright is no exception. I want reasonable copyright terms of ten to twenty years from publication and to wipe my ass with the DMCA. If I can't have that, and if the choice is between copyright maximalists and those who would abolish copyright completely, I'll support shit-canning the idea altogether. It might not be the most fiscally or culturally sound solution, but it at least shows a basic understanding of how human culture even works, which I can't say for the maximalists.


You're throwing the baby out with the bathwater. This comment in another part of the thread put it well. Do you have a response to the argument below?

"If that happens, the web as we know it would cease to exist. Without a legal recourse to stop plagiarism and stolen content, people who are actually creating new content stop completely and move into other areas of work. Websites that produce original and unique content close up shop. Instead you're left with a bunch of low-quality rip off sites that have nothing original of their own. Then it the entire web stagnates over the years as very few new things get added to the net as a whole. And that's just the effect on the internet, that doesn't take into account real world publishing.

I wish people would consider all of the consequences of these things before making statements like that. I haven't even begun to consider the consequences of eliminating copyright completely and just from what I can come up with off the top of my head makes it a non-starter."

https://news.ycombinator.com/item?id=10384178


IMO it's a very bad argument - it assumed most, or best, content is created in order to make money, whereas I believe that the best content is created by people who feel they have something to share, for the purpose of just it being out.

It's strange how as a culture we started to believe creating is just an instrument to make money. Adults are insane; they lose understanding they had as kids, that creating something and/or solving a problem can, and should be, a terminal value in itself.


It's a fantasy that there's any large amount of content that will be altruistically produced. Must content people enjoy are the popular, highly commercialised kind. You mightn't like it, but it's the reality. Taking money for content is a validation that the content is valuable.


Have you seen github?


Github (and indeed most open source) projects are not created out of a sense of altruism. How many people treat github as an online resume? These projects are meant primarily to show off people's coding capabilities in order to sell services, and are not the primary means of making money. These people get a full-time salary writing custom code for businesses.

This approach does not apply to most artists. Nobody is going to pay an author a full-time salary to write new books just for them, or a musician to make new music just for them. The better option for most artists is to invest in creating the best work they can and sell it for commodity prices to a lot of people.


> How many people treat github as an online resume? These projects are meant primarily to show off people's coding capabilities in order to sell service

That's what it is now, and the reason it happened was because Github was full of projects created out of a sense of altruism and fun, and it got respected this way. Yes, the respect and popularity Github has stems not from code-resume-builders, but from the altruists and people doing fun shit for fun that came before.

You see, this is a pattern that repeats all over software industry, the whole Internet included. First you start with people doing something to actually do it (i.e. as a terminal goal). Then whatever useful and/or fun they made gets recognized, popularized, and some people smell a money making opportunity (i.e. doing stuff as an instrumental goal, to get money). The business comes and the whole environment turns to shit.


> This approach does not apply to most artists. Nobody is going to pay an author a full-time salary to write new books just for them, or a musician to make new music just for them.

That's exactly how it worked before invention of phonograph.

> The better option for most artists is to invest in creating the best work they can and sell it for commodity prices to a lot of people.

That's absolutely absurd. For one person that strikes gold and makes comfy living, five will make some living and hundreds will have no money from their creative bets. Create something in hope someone will buy it is most of the time very inefficient way to attempt to make money. It's way easier to find people who will buy your stuff and make it for them.


"I like your music. Would you like to compose something for our movie/game?"

Is this too far fetched?


I think that really overstates what the effect of copyright elimination would be. A lot of traditional methods of monetization would be harder to make profitable, but stuff like Patreon or Kickstarter would probably still work pretty well. At worst, we'd be left with people making content in their spare time and not for profit or to make a living. That would suck, no doubt, but I don't think it sucks as much as a copyright term effectively limitless in duration.

It also ignores what we're missing out on now because of our copyright regime. Anyone should be able to make a Star Wars movie by now, or a Spiderman open-world RPG, or an epic poem detailing the later exploits of Meriadoc Brandybuck, or whatever the hell else. There is a shitload of derivative works we're missing out on because of onerous copyright restrictions, even on works where everyone involved with their creation has been dead for fifty years.

Anyway, the main point of my previous post was not to support eliminating copyright. Mainly, it was to point out that if you support dramatically reforming copyright - twenty years and no DMCA would get nearly as much opposition from special interests as would eliminating copyright altogether - you've got a real uphill battle and no clear allies, despite having more in common, probably, with people who what to eliminate copyright rather than the maximalists. So I'm sympathetic to the view of "fuck it, let's just get rid of it, then" even if there would be some negative consequences to that.

Finally, there is something to be said for taking an extreme opposite position even if it goes further than you would prefer. I think I'm more likely to see reasonable copyright happen in my lifetime if I support people who want to abolish copyright, than by trying to reason with people who want it to be limitless in scope and duration.


>Finally, there is something to be said for taking an extreme opposite position even if it goes further than you would prefer. I think I'm more likely to see reasonable copyright happen in my lifetime if I support people who want to abolish copyright, than by trying to reason with people who want it to be limitless in scope and duration.

That's a good point. As a practical matter opposing all copyright is probably the most realistic way to get it back to a reasonable level.


Fashion, dance, most of automobiles, and recipes don't have copyright protection.

Are you honestly saying that fashion, choreography, dance and cooking is void of original unique things? That they lack creativity? Are you saying that nobody produces automobiles because they don't have a greater incentive of protections?

I think you have a homo-economicus way of looking at the world. The reality actually seem to be something quite different.

The premise for what copyright is supposed to do is based upon a view of the world that really doesn't seem to actually exist. It's a theory based on an elaborate fiction. That's a terrible way to run a society.


>Are you honestly saying that fashion, choreography, dance and cooking is void of original unique things? That they lack creativity? Are you saying that nobody produces automobiles because they don't have a greater incentive of protections?

No, I'm not saying that. I'm saying text is different. It's far simpler to replicate text than a dance.

I'm not saying no text works will get produced without copyright. Just that a lot of things we take for granted or even things that are free now actually depend on copyright as part of their creation.


The best content on the original web was written by people doing it for fun, hosted on university servers and/or free webhosts with a single banner ad to pay for the servers. The writers all did it for the love.


This argument flies in the face of plainly observable reality so much that it feels to be intended as sarcasm.

No good stuff is created for fun? And the stuff that's created for fun is crap? Like that thing that Andy Weir wrote and self published for free on his website and only made 99cents Kindle version because people were bothering him about it?


> could take my work, attribute it, put it on some SEO'd site and outrank me

Attribution should be made in the way you want it to be made. Your domain name or email or unique random string one could google, could be part of your signature that would be obligatory for others to include if they want to share or build upon your work.

> Very few people are going to find the original source, search it

If I like something that somebody made I usually look him up to find out if he has other cool stuff. I do it with musicians, I do it with authors, with actors, with directors ... less so with graphic designers because they are way harder to find because information about authorship is almost never carefully retained for images.

Same way as with code. If I find cool project I'm looking for original repo and most prominent forks.


For public domain content first search results are usually non-profit online libraries like Wikibooks and Project Gutenberg.

In Russia where illegal book sharing is widespread most popular piracy libraries now are non-profits like Flibusta and Library Genesis.


How does that help the original author monetize their work? I don't care whether the first result is non-profit or not. I care whether it's me.

If I can't monetize works, I won't make them, I'll do something else. Are their Russian authors making money with working business models under their system of non-enforced copyright?


I incorrectly thought that your problem was that somebody else could monetize your work.

Copyright is enforced here, sites are banned and people go to jail for installing unlicensed software. Piracy is widespread because of many cultural, historical and economical reasons. There are 3 main business models Russian authors use: crowdfunding (there are few platforms specialised on books), appealing to audience without internet access, and receiving support from the government.


Selling copies is insane way to monetize something. When I want to make money programming I'm looking for a person that needs a program and write it for him often requesting at least portion of money up front.

Writing programs in hopes of selling them in the future is like trying to strike gold. Even if you are not horribly wrong and someone will buy copy of your stuff and not immediately request a refund it will most likely be insanely cheap (from your point of view) and expensive for the people who can get that copy for free because it is almost as easy (often easier) than paying for it.


> If we could get rid of copyright

If that happens, the web as we know it would cease to exist. Without a legal recourse to stop plagiarism and stolen content, people who are actually creating new content stop completely and move into other areas of work. Websites that produce original and unique content close up shop. Instead you're left with a bunch of low-quality rip off sites that have nothing original of their own. Then it the entire web stagnates over the years as very few new things get added to the net as a whole. And that's just the effect on the internet, that doesn't take into account real world publishing.

I wish people would consider all of the consequences of these things before making statements like that. I haven't even begun to consider the consequences of eliminating copyright completely and just from what I can come up with off the top of my head makes it a non-starter.


That's bullshit. Probably the first thing that would die would be the crappier part of the web - the one made to earn lots of money. Bye bye ad-sponsored clickbait image bullshit sites. Hello again honest communities. Sure, there would be lot of plagiarism, but it wouldn't stop people from creating content. Best content is often created by people who want to create something so that it exists, not just to make a buck out of it. Open source code is not an exception, it's the rule.


> That's bullshit. Probably the first thing that would die would be the crappier part of the web - the one made to earn lots of money. Bye bye ad-sponsored clickbait image bullshit sites.

No, it wouldn't. Because if copyright vanished, I'd be one of the people trying to take advantage of it. It would be open season. A lot of my buddies would do the same.

I think you underestimate just how greedy people are.


> Best content is often created by people who want to create something so that it exists, not just to make a buck out of it.

While true to some extent, if we want these people to keep making more of this "best content", we should also enable them to "make a buck out of it". Else they will (and do) go do something else to make a buck and we'll be worse off for it.

> Open source code is not an exception, it's the rule.

How often do people get paid for open source projects? How often do people get paid for writing custom, proprietary code? If your answers to these questions don't make obvious the fallacy of your statement above, all I can say is you're living in a bubble.


> While true to some extent, if we want these people to keep making more of this "best content", we should also enable them to "make a buck out of it". Else they will (and do) go do something else to make a buck and we'll be worse off for it.

I agree, but there is a subtle difference in mindset here I think a lot of people miss - creating something to make money is a different thing from creating something and making money on it. Instrumental vs. terminal values. We want to have more people building things so that those things exist (i.e. making fun movies so that they're fun, or building tools to solve a problem), support them by e.g. making sure they aren't bothered by stuff like food and shelter - paying them. What we want to have less is people making things in order to make money off it, because their incentives are to create worst possible thing that still sells.

> How often do people get paid for open source projects? How often do people get paid for writing custom, proprietary code? If your answers to these questions don't make obvious the fallacy of your statement above, all I can say is you're living in a bubble.

Of course people are paid more for writing propertiary code, and I'm also aware of the trend to pay people for making open-source code which will be then monetized by e.g. charging for support. But this is irrelevant to the topic. Even most of the tools you use for your daily work as a programmer would still exist if suddenly no one got paid for code anymore.

My point is - code and art is something better if done by someone who cares primarily about them than by someone who cares primarily about the paycheck for them.


> Instead you're left with a bunch of low-quality rip off sites that have nothing original of their own.

Isn't that what we mostly have now? Before the net was commercialized, it was mostly people sharing things they had created or discovered and talking about things that interested them - original content. People would also post interesting scientific papers, books, etc. and discuss them.

Once people decided to monetize the net it filled with spam and duplicated content alongside payperclick ads. People started cranking out 'original content' that isn't very original and doesn't have much content either just to make a few bucks on the ads. Those papers and books that used to be shared became imprisoned behind paywalls. The volume increased a lot, but signal-to-noise ratio dropped significantly.

That's not really an argument to eliminate copyright, but vigilant legions of lawyers were never been needed to produce content, suing people doesn't increase its quality, and the net wouldn't necessarily be a worse place if a lot of that was gone. At least some places are opening up and starting to share educational content.


> Once people decided to monetize

You have it backwards friend. Once people decided you could make money off the internet, innovations came at a breakneck pace. It was the money that fueled web growth. See: the previous internet bubble. As long as you can make money from the internet, there will always be innovation & content. Once that money disappears, so does the innovation since there's no need to innovate since there's nothing in it for people.


> Without a legal recourse to stop plagiarism and stolen content, people who are actually creating new content stop completely and move into other areas of work.

Copyright doesn't prevent plagiarism; plagiarism can exist without copyright violation and vice versa.


Copyright prevents creative impersonation. If I take your creative work and try to pass it off as my own--whether for profit, reputation, etc.--copyright gives you a legal tool to stop me.

Without it, anyone could get away with pretending to have done anyone else's creative work.

To illustrate with a recent example, Andy Weir wrote "The Martian," and distributed it online for free, originally. Without copyright, Crown books could have copied the text, put a different author name on it, sold thousands of copies and kept every dime. Same with the movie--they could have just copied the story and made a movie without paying Andy anything.


That's the aspect of copyright I'm willing to support, but it doesn't require DRMs, just a working justice system.

Also, sadly, publishers have many different tricks to rob authors out of the money from book sales. Bigger ones probably don't care, but there are a lot of smaller "entrepreneurs" willing to lie and cheat, so one has to be careful (as my physics professor learned in a painful way).


Sounds like applying a license similar to the GPL instead of copyright would solve this problem?


GPL only works because of copyright. Without copyright there is nothing to license (since there is no right).


It would be possible to create laws respecting a right of correct attribution without actually having copyright as it is known today.


> Copyright doesn't prevent plagiarism; plagiarism can exist without copyright violation and vice versa.

Well yeah. Murder laws don't stop people from murdering but that doesn't mean we should do away with the laws since people still get murdered. It's a punishment & massive deterrent. Especially when used in conjunction with the DMCA.


Hmm? The stripping of metadata is done for privacy reasons. People accidentally expose too much info when they take a photo if the metadata is left intact. When sharing a picture online, user's don't expect that they are also sharing the datetime, location, camera model and settings, and possibly their name (or the camera owner's name).

The number of people that intentionally add their info to EXIF and want it to stay there is dwarfed by the people that would view that as a privacy violation.


It'd be straightforward enough to define metadata tags that are specifically not to be automatically added at source, intended to use specifically to survive privacy stripping. Of course that'd depend on tools actually respecting the intent and not adding them other than when explicitly requested to.


But your proposal doesn't help the archaic business models stay afloat. They're fighting us and the progression of technology to stay relevant :(. Great idea though.


Copyright is important. A limited monopoly on the distribution of your work means you can recoup development costs and actually make money.

What needs changing isn't abolishing copyright, but making it less draconian and returning to the original principle: a monopoly for a limited time (not an infinite one), perhaps ten or twenty years, or varying by field.


I don't see how that would work — not all copyrightable acts can convey the author information in the body of the work, and more importantly, you wouldn't be able to recover damages if someone used your work for profit.

Sure, an image might be watermarked, but if someone plays a song without a license do you expect each recording to include a copyright statement before the music?

If you remove penalties for copying then what would stop a private gallery from showing your photography and charging admission? All you get is attribution note, not a cut. Likewise, anyone could use your music on any commercial, radio station, movie without royalties.


> recover damages if someone used your work for profit

What's the damage?

> if someone plays a song without a license do you expect each recording to include a copyright statement before the music

Even if you play live on the street you can have flyers that state who composed music, who wrote text, who are you trying to imitate.

> If you remove penalties for copying then what would stop a private gallery from showing your photography and charging admission?

Nothing. And that's bad because...?

> All you get is attribution note, not a cut.

Great. That means if somebody likes my work he comes to me for more.

> Likewise, anyone could use your music on any commercial, radio station, movie without royalties.

Sure. Again. I'd very much liked my music or whatever used in Hollywood movie or commercial or whatever without even if I can't get a penny for that if they will display or say my name and website address each time it's seen or heard by people.


This seems like a technical solution to what's a political problem. Those don't usually work out as one would like, or worse, get enshrined in some standard that doesn't solve anything and which makes things worse for the few people that have supporting programs.


JPEG DRM is not a political problem. It's more of a copyright problem although, more accurately, it's a digital content management problem, because content doesn't have to be copyrighted to use DRM. For something to be political it can't just be related to government (because everything is related to government in some way), or even managed by government. For that word to have any meaning at all, it needs to be a more direct reference to government and politics.

And technical solutions to actual political problems have worked great. The recent revamping of government websites has made information more accessible to the public than ever. I can't imagine Obamacare holding much value if it wasn't possible to make healthcare.gov so people could actually navigate through the complexities.


Political problems are any that involve issues of power and control. The issue of who gets to decide what you view on a computer is an eminently political one.


>For that word to have any meaning at all, it needs to be a more direct reference to government and politics.

wait...what?

politics are everywhere: at home, at the office, in your local bowling league. it doesn't apply exclusively to government.


One of my side projects is a photo water marking SaaS. I was surprised when people actually started paying for it years ago, as I figured, "there's a ton of watermarking apps out there". But it turns out there's a lot of demand from amateur and semi-pro photographers who believe, rightly or wrongly, that they're being ripped off (and want a simple way to watermark their photos). For pros, There are other services out there that actively scan the internet looking for infringers and send DMCA takedown, or similar, notices. These services are generally two pricey for the type of customers my side-project has.

I guess my point is - there is a pretty big demand to protect images online. I suspect DRM will end up being implement in some form or another.


Yeah, some amateur photograhers are silly like that (source: I know a few), they behave like little children - shoot some photos, put a big watermark on them to both show pride and make sure nobody "rips them off", and then get mightly annoyed anyway when somebody reposts their photo on Facebook without linking back, because they thought it was cool. Only few later realize that nobody really cares who made a photo (unless they're known to make more quality photos) - a work created has social value on its own, and holding it to yourself only because you're an author is actually little antisocial (also, if you don't fight, people tend to appreciate the work as a gift and will often happily attribute it to you themselves; but I digress).


Would this stop me from screenshotting the image, saving it as a .png, and distributing that?

Because I and many people would do just that. Sure, the DRM might work for my grandparents and a few other non-techies but over time I can teach my grandparents how to screenshot an image and others would catch on. People would even make chrome apps to "click a picture and resave it in a shareable format".

I'm not sure what this DRM would solve, if anything, other than pissing off users and giving photographers and other digital-sharing artists a false sense of security.


> Would this stop me from screenshotting the image, saving it as a .png, and distributing that? Because I and many people would do just that.

The "fix" for this with video was mandating a new "secure path* signal protocol which rendered all existing HDTVs and receivers and related equipment obsolete.

This is happening again right now with 4k for those who wonder. Yay.

Oh. And the OS would need to enforce the secure signal path thing at kernel level, with GPU drivers having to support this.

Pretty much a crazy amount of work to prevent piracy for everyone involved, except those who want their content "protected". And it still doesn't work. So all that effort was utterly wasted.

But yay, let's repeat it!

> I'm not sure what this DRM would solve, if anything, other than pissing off users and giving photographers and other digital-sharing artists a false sense of security

You pretty much just described all DRM. I don't see how this is different on any philosophical level.


stuff like intel SGX goes a long way to making something like this possible.

http://theinvisiblethings.blogspot.com/2013/08/thoughts-on-i...


Ah, but the JPEG displayer would only run on a Trusted system, whose screenshot function honors DRM. You could try to snap a picture of your screen with your digital camera, but the camera manufacturer also embedded DRM inside the camera.

I'm not convinced he analogue hole won't ever be plugged.


> I'm not convinced he analogue hole won't ever be plugged.

The analogue holes for visual media are the two holes in your skull where your eyeballs sit. The analogue hole won't be plugged until you can implement a secure path into the human brain.


"Until" being the operative word here. Electronic implants are an active area of development, and it's only a matter of time before media companies see them as a way to further advance DRM protections.


You just reminded me of a properly funny UnNews story from back in the days:

http://uncyclopedia.wikia.com/wiki/UnNews:RIAA_CEO_discusses...

(Probably needs a trigger warning in this day and age.)


Film cameras to the rescue. DRM that, buddy!


Sure, you can use your film camera. Then what do you do with the picture? Scan it? Your new scanner has DRM preventing you to do that. Circumvent the scanner's DRM with a mod chip? The software refuses to display it. Use unofficial software that shows you the image? Your screen refuses to display it. Mod your screen, encrypt the image, share it on a darknet using steganography to disguise your traffic as web surfing. Congrats, dozens of cypherpunks are now able to see the image.

I don't think such a scenario is likely, because it requires far too much cooperation between hardware manufacturers, but it is possible. The move to mobile makes this scenario much more plausible than it was a year ago.


Snail mail prints to my friends. I'm joking of course, but what a horrible future - imagine if a 1984-like government used this tech to completely censor anything deemed against the "Party"?


Perhaps it will use some form of code/time division so that the image is never displayed in full but is displayed in such a way as to exploit human vision idiosyncrasies (persistence of vision, inversion, colour saturation). You flash a couple of different saturated images over a small time period in order to give the impression of the image required, simple screencaps would fail [like how CRT uses the phosphor and the speed of the electron beam scanning to give the impression of a single image; and like rasterisation builds an image in two parts - but instead building it in many parts].

Not undefeatable, of course.

/spitballing


My grandparents take pictures of their monitor and sends them to me. Right click save as is about as foreign as screenshots to them.


How long until this is used to lock down the independent "publishing" of images? This seems like a great foundation upon which to build software ecosystems that discourage user-generated content w/o the imprimatur of an authorized publisher attached.


Especially when combined with new copyright/DRM laws from TPP/TTIP/TISA, https://news.ycombinator.com/item?id=10363500


Couldn't we just stop using JPEG? I realize this is a can of worms, but it's an option, right?


Couldn't we just keep using JPEG without enabling any DRM features? Is there an actual practical issue with JPEG that theoretically supports DRM, or is this more of a stand on principles?


It's mostly a stand on principles. I don't have any reason to believe that there's anything wrong with JPEG in it's current form. I commend the EFF for representing the internet at large but I want to remind the hacker community that we can do something about it if we don't like the outcome.


> I commend the EFF for representing the internet at large but I want to remind the hacker community that we can do something about it if we don't like the outcome.

Some will call it undemocratic and thus bad, but I say it sometimes is the only way to restore sanity.

To quote one of my favourite lines of Nick Fury, "I recognize that the Council has made a decision, but given that it's a stupid ass decision, I have elected to ignore it."

[0] - http://youtube.com/watch?v=mOEr7kiysrE


We could maybe create a DRM blocker plugin for JPEG files with this property, just as the way people are using AdBlocker. But the difference with AdBlocker is that we accept format that conform to our standard.


How does switching formats affect the will of content providers to stuff DRM in your pictures?


But why? It seems to be a decent format. And what's the other option?


Sure it's a decent format and it's quite widespread. However, if the committee decides to make the format worse by incorporating DRM, we can easily decide to move away from that format. Easier said than done, but still an option.


Or ... just not implement the DRM feature? After all, everyone from the OS on up is gonna have to agree to respect this JPEG DRM feature.

In fact, for it to work at all, it'll have to be implemented in hardware or hardware-equivalent software (i.e. not in Firefox or anything where you can dump RAM or modify the software).


PNG and WebP


FLIF is very promising too: http://flif.info/


FLIF is not really a format so much as an experiment. There isn't a spec that I can find, nor is there any sort of formal description of the format. Right now, the only available spec is the source code and that leaves a lot of open-ended questions about what to do about inconsistencies in implementations. I hope it develops into something good, but for now it doesn't seem a viable option.


If we're going to use WebP anyway, we might as well drop PNG too in favor of the lossless mode. I don't know of any downsides to this. But mandatory chroma subsampling means WebP can't completely replace JPEG.


Sure it’s an option… but look how long it’s taking us to move to IPv6.


The trouble there is that so much hardware and infrastructure is built for IPv4.

With file formats however, it's only software. Add supports to mainstream browers and operating systems and you've got a fully functional new format. Look how quickly webm came into existence.

JPEG is an oldy, but support for a new format that does all JPEG does is certainly possible, and it would slowly win out. Much like how png killed gif (until social media brought it roaring back... egh).


One problem with JPEG's adoption is its prevalence in firmware actually - cameras. Some might not go away for decades. The IPV6 comparison is not entirely unwarranted.


That's a fair point. I was thinking cameras usually use a raw format, but that's not true of many devices.


Wouldn't this DRM require every implementation of the JPEG standard to honor the DRM or am I missing something?


Yes it would - but that's how all DRM systems work, plus an attempt to make the image unreadable to "unauthorized" JPEG implementations.


How, if some Future JPEG (FJPEG) is a standard, does one make a standard FJPEG image unreadable to unauthorized FJPEG implementations? Either the standard itself has to be kept secret or the FJPEG implementation has to contain some secret, right?

If the standard is kept secret, by maybe charging a tidy sum for it, and getting all buyers to sign an NDA in blood, we'll all have fewer implementations of FJPEG viewers. There would probably be no "open source" implementations of FJPEG. We would all loose, as the market for FJPEG viewers has barriers to entry, and therefore would serve buyers poorly. That's standard, Free Market economics.

If FJPEG viewers have to contain some secret (an algorithm or a key both come to mind as things that have happened in the past) the same sorts of things happen - barriers to entry to sell in the market, higher costs, fewer options to consumers.

Of course the 3rd option is to legally mandate some kind of overall DRM at the operating system level, which would have much the same effects, except that we'd have a narrow choice of Windows or Mac OS, with maybe a larger choice of FJPEG viewers.

All of these options should be repugnant to Free Market believers such as myself. I predict the Republican Congress will laugh this out the door.


Yeah, those are the only options. The second option is what Blu-Ray and EME currently do, for example.

But yeah, basically no one is going to use this ever.


Just like they did with the DMCA, right?


I'm sorry, but could you elaborate on this? I'm not understanding the connection with DMCA.


Not necessarily, for example a few MSBs of Y, Cr, and Cb DC and AC could be encoded with the current JFIF markers and new ones used the for rest in an encrypted representation. In that manner a current decoder could produce a lower fidelity version still:

http://www.jpeg.org/items/20150910_privacy_security_summary....


No, that would be unenforceable. If your implementation doesn't honor the DRM, they won't provide you with the encryption keys in the first place.


Then you end up with a key distro problem. And unless the idea is to do it with hardware-protected keys, it's pretty much DOA for such low-bandwidth, simple-format as a still picture.

Otherwise, as an example, Firefox wouldn't be able to decode these images without some plugin. And that plugin would be just as subject to key-dumping.


> subject to key-dumping

Not if you are running a skylake CPU with the new SGX instructions that encrypt RAM.

https://software.intel.com/en-us/blogs/2013/09/26/protecting...

    6, Enable software vendors to deliver trusted applications and updates 

    8. Enable applications to define secure regions of code and data that
       maintain confidentiality even when an attacker has physical control
       of the platform and can conduct direct attacks on memory.
By "trusted", Intel almost certainly means "trusted computing"/"trusted execution environment". It took a decade, but Palladium (NGSCB) is here.

Firefox already caved and ships the EME plugin, so obviously they would cave to an image-DRM plugin as well.

/* this is why it's so incre4dibly important to take a hard-line stance against DRM; it's a lot harder to reverse course once you cave and start accepting some DRM */


SGX doesn't provide a way to secure output at the moment. It's awesome for remote attestation. Like, you could run a probably secure Bitcoin tumbler. (Well I'm not sure how the key verification part works.) But it does not provide a way to stop me from pressing PrintScreen.

I agree that they may expand it (MS's waste of engineers during the Vista period in their rush to provide Protected Media Path comes to mind.)

But I'm also saying that web comics could do this today. But I'm guessing that they don't want to sacrifice the UI of just loading images.


Yes, all DRM systems are inherently impossible to make fully secure with only local data.

However, several other options exist:

* Needing to contact an external server to view an image (of course, you could always take the opportunity to save the now-viewable image then share it)

* Charging a large fee / legal contracts for the information on how to decode (security through obscurity)

* Making circumvention illegal and enforcing this with fines or jail time. This is probably the only option that "actually works" as you've turned the technical problem into a social problem. People would still break it, but you could simply arrest them if they try to help others do the same.


I'm not sure these approaches work for images. Certainly web comics could require special clients even now, yet they don't. I'm guessing they want the ability for their pictures to still work normally, but "without saving".


Yes, that none of these systems will ever actually work is the point ;)


Isn't this problem better solved by watermarking anyway? People want their work distribute publicly but want attribution to attract users. Buyers need a redistributable license most probably as they are interested in the media most probably as part of some communication effort.

Drm is not going to help after buyer redistribute the purchased work in any way, especially if there is a medium conversion involved - i.e. printed issue.


Watermarking is either too easy to cut out or damages the image. I can understand the reason they want to look for other solutions, for the same reason I would pay for a tool that reliably cleared watermarks out of pictures - not because I want to steal content, but because I want to consume it in high quality.


More attempted fencing off of the commons. Yay.


countdown until mozilla folds like wet cardboard


like it did for Adobe Primetime CDM


this comment is too real


WebP anyone?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: