Hacker News new | comments | show | ask | jobs | submit login
Custos is using Bitcoin to turn digital pirates against each other (qz.com)
63 points by eddyg on July 17, 2017 | hide | past | web | favorite | 61 comments

> Custos embeds imperceptible bitcoin private keys in the digital files, with different keys for different advance copies of a movie or ebook. (...)

> At the same time, Custos makes a piece of free software that screens movie files for these private keys and markets the screener to content pirates. Pirates now have an incentive to check pirated movie files in case they contain a key. If a key is detected, the pirate can claim the bitcoin bounty—usually between $5 and $10—and is free to keep it. But once a bounty is claimed, Custos is alerted, and can begin the process of figuring out the origin of the leak.

This is really clever! A very interesting social experiment with some game theory dynamics on the way.

Seems pretty self-defeating. I'd just strip the keys and not claim the bounty. This whole system depends on pirates wanting $5 more than they want to pirate the thing, which from my 10 years around release and fxp groups in my younger days, I can say is barely ever the case.

I'm assuming the keys are embedded before it's leaked like a watermark of sorts. The leaker isn't the pirate in the scenario described _I think_.

Ah! I read the references to pirates as referring to the person sharing the file online from an original source. But someone just torrenting it or something makes a lot more sense as the target here.

Isn't this what watermarks have been doing for a while? Different theaters get different watermarks


Yes, but watermarks don't leave evidence in a public ledger when the movie is pirated, you have to go out and find the pirated copy and compare watermarks.

Using Bitcoin private keys, as long as some pirate prefers money now to the health of an illegal distributional chain in the future, creates an incentive to get someone else to provide that information to you via the blockchain.

Maybe I don't understand something?

John Doe, random employee working for Universal Studios leaks an advance copy of "The Revenge of the Avengers: The Revengers Strike Back" to their contact XPirateSepirothX for 250$ (or for free because they really want to get back at their boss for laughing at them).

XPirateSephirothX passes on the watermarked movie to their friendly neighbourhood reencoder IAmBecomeDeath who notices the watermark strips it, and reencodes the movie for general consumption.

The pirating public receives an unwatermarked copy and cannot claim any prize. IAmBecomeDeath, XPirateSephirothX and John Doe have no incentive to claim the prize because they will implicate themselves in copyright violation.

Are they implying the watermark is impossible to remove? That seems unlikely to me as pirates can be quite enterprising (and there may be some money on the line for them as well), so I'd expect them to reverse engineer the process and figure out how to strip it. Heck, this company is even offering an application that checks if the watermark is present or not which should at least give the pirates a measurement on whether their watermark removal method worked (on at least some version of the watermark detection logic).

Or maybe the plan is to play a constant game of cat and mouse, Custos will continually switch up their methods for watermarking and so the pirates will never be sure if they caught and successfully stripped the latest and greatest version of the watermark, preventing some piracy through uncaught watermarks and some piracy through fear?

The idea is that IAmBecomeDeath and XPirateSephirothX are not implicated, since they can claim it anonymously, by simply moving the coins to a random BTC address, and then using a tumbler or something to cover their tracks.

Of course, John Doe and whoever knows about this will never trust them again to spread leaked copies, so it's hard to see $5 being worth that loss.

On the subject of stripping the watermarks, Custos says this on their website:

    Custos employs three roles in the search for infringed media. 
    The first group is the bounty hunters who are anonymous 
    individuals in the piracy communities who use Custos’s freely 
    available bounty extraction tool for their personal gain. The
    second role is that of Custos’s trusted enterprise partners: 
    these are existing providers of web crawling solutions that 
    are enabled to search for Custos-protected content too. The 
    third role is that of Custos’s internal forensic team, who can
    also discover infringed content.
The note about their "Internal forensic team" implies that there will be a secondary watermarking system, whose implementation is kept a secret. This means leakers will never be able to be sure whether they have completely removed all of the watermark systems.

A little known unknown secret in the industry is that there are much simpler watermarking systems than what people think.

Yes each copy is tagged with multiple watermarks visible and cryptomarks in both the visual and audio channels.

However the most common mark is the "cut" mark, the studio will have multiple copies with slightly different cuts of a couple of scenes including sometimes very slight post production changes (e.g. items that appear or do not appear in a given scene). These marks are as simple as adding or removing a few frames from several scenes that do not change the context of the scene or the movie. With 10-20 scenes that can easily be manipulated you can produce a large number of marked copies that cannot be wiped without knowing what scenes have been touched. The studio usually produces a few versions which are scene marked and for the individual copy marking relies on several layers of cryptographic and traditional water markings.

This means that even if all of the technical watermarkings fail the studio still knowns roughly who leaked the video then pinpointing the source is much easier in most cases.

P.S. Studios make multiple versions of movies with different cut tales also for other reasons such as to gauge audience responses to specific scenes or in cases where movies would have slight line differences for different regions.

> IAmBecomeDeath who notices the watermark strips it, and reencodes the movie for general consumption.

Or wants the $$, so claims it, putting down a breadcrumb. (Atleast that's what the technology in the article is for.)

It's not lucrative enough. The product is worth far more than the measly bounty. Sure, claim that 15 dollars in bitcoin, and never receive another pre-release copy again, or... strip it and continue business as usual.

This model really only works when most encoders are not aware the tag is there at all, and don't strip it.

Alternatively (as some other comments suggested) Custos buries additional tags without revealing them, in which case they act just like all sorts of other watermarking companies doing the same thing (not terribly effectively).

Not putting down a breadcrumb, but implicating John Doe. Presumably because the watermark/key was created specifically for John Doe's copy.

If it is possible to strip the private key, e.g. by re-encoding, then an intelligent and determined leaker would simply do that before distribution. They likely won't be tempted to take the reward for themselves, given the consequences, and by stripping the private key they can prevent anyone else from claiming it. I suppose this would catch less savvy leakers, though.

Edit: To be clear, I understand that digital watermarking techniques can be resilient to a simple re-encode, but since Custos is providing the tool to claim the reward for free to pirates, it should be possible to reverse-engineer the tool to identify and destroy the watermark.

Custos could encode the key in any number of ways, while keeping them secret. They could later (maybe some time into the future) announce the method, and catch the source of the leak.

As with any watermarking, the intention is not to make it physically impossible to make an unauthorised copy, but make it accountable. If the leaker can't be sure that they're aware of all the methods that could be used to catch them, they may decide against leaking their copy.

One method may be to encode it cryptographically, in a way where it looks like noise until you have the key, similar to Code Division Multiple Access communication schemes.

Reading data out of an enclosed file is much less of a problem than altering that data without damaging the file. All you need for “screening” and “claiming” is to read out the keys and check if the funds have already been transferred out on the blockchain and, if not, transfer them out. There's no alteration to the file content involved.

Destroying the keys requires altering the file while leaving it functional, which requires more than reverse engineering the tool, because the tool doesn't need that capacity.

My point is that if you can identify how the private key is stored in the video, then it should be possible to develop a strategy to destroy that data without damaging the integrity of the file. Presumably the key will be hidden in such a way that it won't be obvious to viewers (that is, it won't be a literal watermark). If that's true, then it should be possible to destroy the key without making the video quality noticeably worse, e.g. by selectively re-encoding certain parts of the video in a certain way that ensures destruction of the private key. Of course I'm speculating, because I don't know exactly how the private key is stored in the video, but video quality is a lot more robust to bit massaging than a hidden digital private key would be.

When they release the detection tool, and I reverse engineer it to produce a tool to set arbitrary watermarks on arbitrary video files, what would be the legality of releasing such a tool?

Of course, pirates are unlikely to care about such legal issues, but I'm still curious if there are any.

>produce a tool to set arbitrary watermarks on arbitrary video files

To what end?

IANAL, so I can't comment on the legality of what you are suggesting.

This is neat, but I can't help but feel it's not going to work.

It would work if you encounter a movie that you wanted to watch, decide you want the money instead, and you report to Custos.

This is not how piracy works.

Instead, a pirate knows the value of the good they have. They know it's worth more to their reputation in the community than $5-10 dollars. By setting a bounty on it, you'll just have others willing to pay more to leak it themselves. This is an experiment, not a business.

You don't "report" to CustOS directly, rather you simply move the money from one of the CustOS "bounty" private keys into one of your own.

Effectively it does the same thing but I think psychologically it's pretty different. For one thing you know that the bitcoin transaction will be very hard to trace (you can't be betrayed by your IP address or something like that) and you don't really rat anybody, you're just moving bitcoins. If you don't have any direct relationship with the original leaker (say, you downloaded the file through bittorent on some private tracker) there's really no incentive not to claim the bounty. It's free money.

I wonder what happens if a legitimate recipient of one of these copies decides to claim the bounty without actually leaking anything. Could they be in trouble? If people accuse them of leaking a copy and they show that they have control of the coins, will they be off the hook? Do they have to sign something that forbids them from using the key?

One would hope that CustOS has learned the lesson from Dr. Strangelove [0] and will tell screener recipients that there is a countermeasure, and that they'll be held in breach of contract if that bitcoin account is touched. And for anyone who receives screeners, their financial incentive to keep receiving those screeners is far in excess of a single $5. A random pirate? Not so much.

[0] https://youtu.be/cmCKJi3CKGE?t=3m44s

If I were a pirate/leaker/sharer, I would be very tempted to just paste the key on some completely unrelated forum to lay down a false trail.

What does that get you? If I understand correctly, I don't think the content owner finds out who uses the private key. They find out that the key has been used, which normally means that someone leaked the file to a pirate, and tells them who leaked.

Plausible deniability? Since there's an other way for somebody in the wild to have had access to the key without IP violation you could claim that you never leaked the file in the first place.

Of course it's one of these smartass "hacker technicalities" that may not hold much water in a court of law.

So your defense would be that you didn't leak the file but you did leak the key?

The Bitcoin key is only to identify the leaker, not the pirate. Each copy has a different key.

So the leaker will quickly find a way to remove the bitcoin watermark just like they do with traditional watermarks, instead of trying to cash out the coins.

The other counter-attack would be to distribute the scanning software to all the people who got the screeners so that there are a bunch of transactions and no way to know which one leaked vs. just took the $5. Probably too small an amount to get many takers, but it would muddy the waters even if only a few did it.

> It would work if you encounter a movie that you wanted to watch, decide you want the money instead, and you report to Custos.

What do you mean “instead”; draining the Bitcoin wallet identified in the bounty watermark doesn't make your copy (or any identical copy) stop working, it just let's Custos know (by reading the blockchain) that the original from which it was copied had the corresponding Bitcoin wallet drained.

There may be a trade-off about future content from the same root source, but not the current piece of content.

I think the idea is that the original pirate takes on more risk, since whoever they pass the copy around to may trigger the alarm by getting the $5-10. The real question is how easily can this private key be removed from the content?

Or embed your own bounty so the leaker knows if he is being betrayed.

The pirates aren't going to claim the bitcoin, it's the people who download the pirated files.

It seems like a good way to drive awareness of digital watermarking in the file sharing community.

The big disadvantage with this scheme is that the publisher needs to pay the reward in advance for every copy they want to protect. That‘s why the rewards can‘t be big. (The publisher could of course keep the private keys and redeem unclaimed rewards themselves after some time, only risking currency fluctuations)

How much do they have to actually stock though? 50-100k USD ($5-10 over 10000 screeners) is a good bit of money but they'd probably only pay out a tiny portion of that and compared to the budgets of a large blockbuster it's not that large of an outlay.

If they can reliably embed multiple private keys into the screener DVDs they could get by with having fewer account and using the combination of accounts as the key. Though really if they're able to embed a whole private key in a way that survives encoding why bother with the bounty, though I guess that saves them the trouble of having to go find torrents/rips themselves.

This is a brilliant idea! Since we expect only a handful of leaks, each screener could contain lets say around 100 bounties of $10, with 200 bounties total. Then the first leak would be worth $1000, the second leak $500 (expected value) etc, and the studio only needs to pony up $2000 in total. We are guaranteed to be able to identify the first leak, I'm not sure if we can identify further leaks (there is probably some kind of trade-off between payout for the first leak, total amount of bounties, and probability of being able to identify further leaks, but the mathematics of this is probably not trivial.

> redeem unclaimed rewards

I think that would be a pretty safe bet - there'd be no need for the bounty post dvd/bluray release of the movies - while for some blockbusters that's a long time - I'd warrant typically there are only a few screener leaks of each movie - once a copy is out, there's no need for anyone to risk being caught leaking a copy - and release groups tend to be very active in promoting that they were the first to release a film (at a certain quality, screeners being somewhat of a sweetspot between cam releases and waiting for dvd/bluray relases).

So I imagine sending out 10.000 copies, each with a 20 dollar bounty would effectively cost less than 100 dollars in bounty pay outs - with the remainder being at risk for currency inflation.

There'd be little incentive to leave the reminder bounties up after the film is released to DVDs or BluRay.

How many advance copies do they send out? Paying a thousand dollars on advance copies of a big blockbuster estimated to earn millions is nothing.

According to the article "tens of thousands" of advance copies are sent out. So if you want the reward per leak to be $10, the cost would be hundreds of thousands of dollars. Maybe that's worth it to a studio, but it definitely is a significant junk of money.

Studio pays out that amount in case every single receiver of advance copy leaks it, is it the case? I would guess that there are only a few who leak it. Also, I think, studio can start legal action against the leakers, so it could collect fines in case of leak.

The problem is that they must pay the bounty for every leak in advance! (As I said, they could redeem unclaimed bounties after some time, but they must put up the full amount in advance, and are thus vulnerable to exchange rate fluctuations)

I looked around their web page but I couldn't find the "freely available bounty hunter tool" they are talking about. Does it exist somewhere or is this not actually launched yet? They are saying that individuals in pirate circles are already hunting bounties with this tool...?

tl;dr: Scenario: Studio sends 10ks advanced copies of their film to reviewers before screening. One of them gets leaked. They want to know who leaked it. Custos embeds a "watermark" in the copies that contains a private key of a bitcoin wallet containing 5$. Each copy has a different wallet. When anyone down the pirate chain decides to take the money, Custos knows who the leaking source was. Benefit over traditional watermarks is that they only have to monitor the wallets.

IMO this is quite a clever idea because even after pirates start scrubbing the key off, there will always be an incentive to claim the money, perhaps much later when someone can get many of them at once. It will seed distrust that'll be hard to weed out.

If cashing out were delayed well past the statute of limitations, it'd be interesting to see the repercussions.

I see no advantage over traditional invisiblee watermarks.

A movie usually just leaks once or twice, these leaks get replicate everywhere. So if you are looking for a specific movie, just get a pirated copy from anywhere and check the watermark yourself. It's trivial to check if there is a leak at all and also trivial to find that leaked version and test it. No need to throw 15 bucks per copy on it, just let the intern monitor some torrent trackers.

I think the difference is that the person who spreads the movie over the trackers, who is not necessarily the original leaker, now has an incentive to report it, whereas with regular watermarks they'd simply remove it before distributing over those public channels.

Of course, it's hard to see such person being in a position to receive many leaks in the future, after burning the original leaker, so the incentive seems quite small.

Calling "Insider gets the master private key list, steals all the bounties" as the way this turns out.

I don't get it. Any 'damage' to the studio happens when the movie is publicly leaked, at that point just download the copy yourself and check for a watermark, telling you where the leak originated without ponying up $5-$10 (which is a paltry sum to begin with).

For this, the company has to first find the leak version. This means they need people to monitor all kind of sites for this material. With the bitcoin method, the company only needs to monitor a bunch of bitcoin wallets and, as soon as a transfer is made, the are aware of the leak immediately (with much less men power. Furthermore they also don’t need people who have access to those “private” torrent exchanges).

Furthermore, their response times are pretty awesome (if they are in fact true):

> Van Rooyen claims once a leaked copy containing a bounty hits the dark web, it takes just five minutes on average for the bounty to be claimed and Custos and its client to be alerted. On social networks it takes 42 seconds; and offline, like if a movie is copied or shared on a DVD or USB drive, it’s 28 minutes.

I was wondering about that. I had two thoughts, neither of which I'm confident is very significant:

- Finding and downloading the file is more work than just monitoring a set of bitcoin wallets. If the file gets leaked multiple times, and some of them end up in more obscure places, it might be much harder to find them.

- The regular watermark can perhaps be defeated by tech-savvy pirates, but the bitcoin watermark would need the leaker to be tech-savvy. I think leakers are selected by the content owner, and not in general for their tech-savviness, so this might be pretty safe.

“You just need a single rotten apple in that group,” he says.

Reminds me of my Primary school teacher :)

Custos did it masterfully.

Hah, now some pirate is going to try and figure out how to get all of the private keys :P

Beyond just hacking into Custos and stealing them or Custos using a somehow predictable keygen (not even sure that's really a thing?), in doing that they'd be tracking down all the leaks which is exactly what Custos and their customers are wanting.

In reality only a few screeners seem to leak for any given movie.

What's to stop the intended recipient of the movie from intentionally and unabashedly claiming the bitcoins for themselves.

1) It marks them as a "leaker" 2) If you keep claiming the bitcoins, you are going to stop getting videos sent to you. This could have professional implications.

You can claim the bounty without leaking the film, though as you point out, this could prevent you from being sent films in the future.

It's a great idea from a game theory perspective, but I think an adversarial neural network plugin built into vlc as a preencoding step would probably defeat it pretty quickly with minimal quality loss.

You just can't effectively watermark data intended for human consumption, our tolerance for intentionally induced noise is too high.

I don't want to be confrontational, but I really don't understand the point you're trying to make. Why a neural network, why VLC? I understand that you are suggesting it would be possible to strip the watermark, but the way you've said it sounds a lot like "create a GUI interface using visual basic, see if I can track an IP address"[0]. Which is to say, you've not said what you would do to defeat it, but how you think it would be implemented... which doesn't really tell us anything about HOW you think it could be defeated.

>You just can't effectively watermark data intended for human consumption, our tolerance for intentionally induced noise is too high.

If this were true, steganography[1] would be useless in practice (it isn't).

I would suggest reading up on digital watermarking[2].

[0] https://www.youtube.com/watch?v=hkDD03yeLnU [1] https://en.wikipedia.org/wiki/Steganography [2] https://en.wikipedia.org/wiki/Digital_watermarking

> I don't intend to be confrontational

Of course you do, or you wouldn't end the comment with "I suggest you read up on."

Stenography is only useful when it's unknown or impractical to investigate possible payloads, either do to volume of possible hits or lack of knowledge how to decode the payload out of the source. If you tell an opponent: here is the decode technique and here is where the message is likely to be, you've basically defeated your own stenography.

It is true that my intention was not to be rude. My "I suggest you read up on" comment was in response to your claim:

>You just can't effectively watermark data intended for human consumption, our tolerance for intentionally induced noise is too high.

Which is simply not true! That kind of misunderstanding suggests that you are unfamiliar with the kinds of digital watermarking that are used TODAY, hence my suggestion that you read up on it. If the comment came off as rude, I certainly apologize, but I stand by the point I was trying to make.

>If you tell an opponent: here is the decode technique and here is where the message is likely to be, you've basically defeated your own stenography.

I agree with you on this point 100%. I also made a post to that effect elsewhere. But that is not the same argument you made in your previous post!

That's not what this is. It's a simple snitch system, made easy due to the ease of using bitcoin (pseudo)anonymously.

Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact