> At the same time, Custos makes a piece of free software that screens movie files for these private keys and markets the screener to content pirates. Pirates now have an incentive to check pirated movie files in case they contain a key. If a key is detected, the pirate can claim the bitcoin bounty—usually between $5 and $10—and is free to keep it. But once a bounty is claimed, Custos is alerted, and can begin the process of figuring out the origin of the leak.
This is really clever! A very interesting social experiment with some game theory dynamics on the way.
Using Bitcoin private keys, as long as some pirate prefers money now to the health of an illegal distributional chain in the future, creates an incentive to get someone else to provide that information to you via the blockchain.
John Doe, random employee working for Universal Studios leaks an advance copy of "The Revenge of the Avengers: The Revengers Strike Back" to their contact XPirateSepirothX for 250$ (or for free because they really want to get back at their boss for laughing at them).
XPirateSephirothX passes on the watermarked movie to their friendly neighbourhood reencoder IAmBecomeDeath who notices the watermark strips it, and reencodes the movie for general consumption.
The pirating public receives an unwatermarked copy and cannot claim any prize. IAmBecomeDeath, XPirateSephirothX and John Doe have no incentive to claim the prize because they will implicate themselves in copyright violation.
Are they implying the watermark is impossible to remove? That seems unlikely to me as pirates can be quite enterprising (and there may be some money on the line for them as well), so I'd expect them to reverse engineer the process and figure out how to strip it. Heck, this company is even offering an application that checks if the watermark is present or not which should at least give the pirates a measurement on whether their watermark removal method worked (on at least some version of the watermark detection logic).
Or maybe the plan is to play a constant game of cat and mouse, Custos will continually switch up their methods for watermarking and so the pirates will never be sure if they caught and successfully stripped the latest and greatest version of the watermark, preventing some piracy through uncaught watermarks and some piracy through fear?
Of course, John Doe and whoever knows about this will never trust them again to spread leaked copies, so it's hard to see $5 being worth that loss.
Custos employs three roles in the search for infringed media.
The first group is the bounty hunters who are anonymous
individuals in the piracy communities who use Custos’s freely
available bounty extraction tool for their personal gain. The
second role is that of Custos’s trusted enterprise partners:
these are existing providers of web crawling solutions that
are enabled to search for Custos-protected content too. The
third role is that of Custos’s internal forensic team, who can
also discover infringed content.
Yes each copy is tagged with multiple watermarks visible and cryptomarks in both the visual and audio channels.
However the most common mark is the "cut" mark, the studio will have multiple copies with slightly different cuts of a couple of scenes including sometimes very slight post production changes (e.g. items that appear or do not appear in a given scene).
These marks are as simple as adding or removing a few frames from several scenes that do not change the context of the scene or the movie.
With 10-20 scenes that can easily be manipulated you can produce a large number of marked copies that cannot be wiped without knowing what scenes have been touched.
The studio usually produces a few versions which are scene marked and for the individual copy marking relies on several layers of cryptographic and traditional water markings.
This means that even if all of the technical watermarkings fail the studio still knowns roughly who leaked the video then pinpointing the source is much easier in most cases.
Studios make multiple versions of movies with different cut tales also for other reasons such as to gauge audience responses to specific scenes or in cases where movies would have slight line differences for different regions.
Or wants the $$, so claims it, putting down a breadcrumb. (Atleast that's what the technology in the article is for.)
This model really only works when most encoders are not aware the tag is there at all, and don't strip it.
Alternatively (as some other comments suggested) Custos buries additional tags without revealing them, in which case they act just like all sorts of other watermarking companies doing the same thing (not terribly effectively).
Edit: To be clear, I understand that digital watermarking techniques can be resilient to a simple re-encode, but since Custos is providing the tool to claim the reward for free to pirates, it should be possible to reverse-engineer the tool to identify and destroy the watermark.
As with any watermarking, the intention is not to make it physically impossible to make an unauthorised copy, but make it accountable. If the leaker can't be sure that they're aware of all the methods that could be used to catch them, they may decide against leaking their copy.
One method may be to encode it cryptographically, in a way where it looks like noise until you have the key, similar to Code Division Multiple Access communication schemes.
Destroying the keys requires altering the file while leaving it functional, which requires more than reverse engineering the tool, because the tool doesn't need that capacity.
Of course, pirates are unlikely to care about such legal issues, but I'm still curious if there are any.
To what end?
IANAL, so I can't comment on the legality of what you are suggesting.
It would work if you encounter a movie that you wanted to watch, decide you want the money instead, and you report to Custos.
This is not how piracy works.
Instead, a pirate knows the value of the good they have. They know it's worth more to their reputation in the community than $5-10 dollars. By setting a bounty on it, you'll just have others willing to pay more to leak it themselves.
This is an experiment, not a business.
Effectively it does the same thing but I think psychologically it's pretty different. For one thing you know that the bitcoin transaction will be very hard to trace (you can't be betrayed by your IP address or something like that) and you don't really rat anybody, you're just moving bitcoins. If you don't have any direct relationship with the original leaker (say, you downloaded the file through bittorent on some private tracker) there's really no incentive not to claim the bounty. It's free money.
I wonder what happens if a legitimate recipient of one of these copies decides to claim the bounty without actually leaking anything. Could they be in trouble? If people accuse them of leaking a copy and they show that they have control of the coins, will they be off the hook? Do they have to sign something that forbids them from using the key?
Of course it's one of these smartass "hacker technicalities" that may not hold much water in a court of law.
The other counter-attack would be to distribute the scanning software to all the people who got the screeners so that there are a bunch of transactions and no way to know which one leaked vs. just took the $5. Probably too small an amount to get many takers, but it would muddy the waters even if only a few did it.
What do you mean “instead”; draining the Bitcoin wallet identified in the bounty watermark doesn't make your copy (or any identical copy) stop working, it just let's Custos know (by reading the blockchain) that the original from which it was copied had the corresponding Bitcoin wallet drained.
There may be a trade-off about future content from the same root source, but not the current piece of content.
If they can reliably embed multiple private keys into the screener DVDs they could get by with having fewer account and using the combination of accounts as the key. Though really if they're able to embed a whole private key in a way that survives encoding why bother with the bounty, though I guess that saves them the trouble of having to go find torrents/rips themselves.
I think that would be a pretty safe bet - there'd be no need for the bounty post dvd/bluray release of the movies - while for some blockbusters that's a long time - I'd warrant typically there are only a few screener leaks of each movie - once a copy is out, there's no need for anyone to risk being caught leaking a copy - and release groups tend to be very active in promoting that they were the first to release a film (at a certain quality, screeners being somewhat of a sweetspot between cam releases and waiting for dvd/bluray relases).
So I imagine sending out 10.000 copies, each with a 20 dollar bounty would effectively cost less than 100 dollars in bounty pay outs - with the remainder being at risk for currency inflation.
There'd be little incentive to leave the reminder bounties up after the film is released to DVDs or BluRay.
IMO this is quite a clever idea because even after pirates start scrubbing the key off, there will always be an incentive to claim the money, perhaps much later when someone can get many of them at once. It will seed distrust that'll be hard to weed out.
A movie usually just leaks once or twice, these leaks get replicate everywhere. So if you are looking for a specific movie, just get a pirated copy from anywhere and check the watermark yourself. It's trivial to check if there is a leak at all and also trivial to find that leaked version and test it. No need to throw 15 bucks per copy on it, just let the intern monitor some torrent trackers.
Of course, it's hard to see such person being in a position to receive many leaks in the future, after burning the original leaker, so the incentive seems quite small.
Furthermore, their response times are pretty awesome (if they are in fact true):
> Van Rooyen claims once a leaked copy containing a bounty hits the dark web, it takes just five minutes on average for the bounty to be claimed and Custos and its client to be alerted. On social networks it takes 42 seconds; and offline, like if a movie is copied or shared on a DVD or USB drive, it’s 28 minutes.
- Finding and downloading the file is more work than just monitoring a set of bitcoin wallets. If the file gets leaked multiple times, and some of them end up in more obscure places, it might be much harder to find them.
- The regular watermark can perhaps be defeated by tech-savvy pirates, but the bitcoin watermark would need the leaker to be tech-savvy. I think leakers are selected by the content owner, and not in general for their tech-savviness, so this might be pretty safe.
Reminds me of my Primary school teacher :)
Custos did it masterfully.
In reality only a few screeners seem to leak for any given movie.
You just can't effectively watermark data intended for human consumption, our tolerance for intentionally induced noise is too high.
>You just can't effectively watermark data intended for human consumption, our tolerance for intentionally induced noise is too high.
If this were true, steganography would be useless in practice (it isn't).
I would suggest reading up on digital watermarking.
Of course you do, or you wouldn't end the comment with "I suggest you read up on."
Stenography is only useful when it's unknown or impractical to investigate possible payloads, either do to volume of possible hits or lack of knowledge how to decode the payload out of the source. If you tell an opponent: here is the decode technique and here is where the message is likely to be, you've basically defeated your own stenography.
Which is simply not true! That kind of misunderstanding suggests that you are unfamiliar with the kinds of digital watermarking that are used TODAY, hence my suggestion that you read up on it. If the comment came off as rude, I certainly apologize, but I stand by the point I was trying to make.
>If you tell an opponent: here is the decode technique and here is where the message is likely to be, you've basically defeated your own stenography.
I agree with you on this point 100%. I also made a post to that effect elsewhere. But that is not the same argument you made in your previous post!