Does anyone know how the supposedly free software DRM systems work?
My reading so far is that OpenIPMP is the only such project that has produced a releasable product, but nothing on their website or on the sourceforge forums says how it works. There's lots of talk about the Java, RSA, etc. technologies, but nothing about how they can give someone free software and prevent all the users from viewing the same media with versions modified to disable the rights-checking step.
The OpenIPMP website talks a lot about "reducing piracy" being their goal, so how can they be trying to do that with a free software DRM system?
Are they distributing the software and using the EUCD/DMCA to say that it is illegal to distribute the software if the rights-checking system is disabled?
Any info or pointers appreciated, ta.
On Thu, Nov 15, 2007 at 11:35:08PM +0000, Ciaran O'Riordan wrote:
Does anyone know how the supposedly free software DRM systems work?
Does anyone know how to make a Free Software DRM that can fullfill the DRM function?
Step 1. study the code Step 2. modify the code Step 3. Enjoy your civil rights limited by laws written by idiots with deep pockets.
sourceforge forums says how it works. There's lots of talk about the Java, RSA, etc. technologies, but nothing about how they can give someone free software and prevent all the users from viewing the same media with versions modified to disable the rights-checking step.
I'd say any Free Software DRM is snake oil, but I can be proven wrong.
Are they distributing the software and using the EUCD/DMCA to say that it is illegal to distribute the software if the rights-checking system is disabled?
Then it's not Free Software, since you will not hanve the freedom to modify it (hence, oxymoron of "Free Software DRM").
Rui
Rui Miguel Silva Seabra rms@1407.org writes:
Then it's not Free Software
Agreed. I think I said "supposedly free software" each time.
On Fri, 2007-11-16 at 00:38 +0000, Ciaran O'Riordan wrote:
Rui Miguel Silva Seabra rms@1407.org writes:
Then it's not Free Software
Agreed. I think I said "supposedly free software" each time.
AFAIK the only one that works and is maintained is here:
aka Interoperable DRM (iDRM). The software reference implementation is called chillout. I spent some time looking at their use case documents on http://www.dmpf.org/open/index.html to see if that could eventually work as a "real" free sw, but I realized it can't happen without leaving the holes that Rui correctly identifies.
The problem is that these guys have good connections at all levels and have convinced many leaders in all areas that their path is 'good', solves the ipod monopoly, empowers creatives bypassing the distributors, and creates wealth for society. And they are very well prepared to sustain their arguments (and I mean very well!). To counter their arguments shouting a la defectivebydesign should go side by side with developing scientific counter-arguments.
For the italian speakers, here one of the founder of the project has started a series of blog posts to explain why DRM can be good and he will go further saying why TPM is not necessarily bad: http://mimmocosenza.nova100.ilsole24ore.com/2007/11/stigma-e-drm.html
There is enough to keep us busy for months to counter his arguments.
Cheers stef
Stefano Maffulli stef@zoomata.com writes:
AFAIK the only one that works and is maintained is here:
The website's a bit of a mess and I can't see an explanation of how they plan to make it work.
to see if that could eventually work as a "real" free sw
So, what's their current technique? Do they withhold some of the source code? Use EUCD/DMCA threats?
On Fri, 2007-11-16 at 15:05 +0000, Ciaran O'Riordan wrote:
Stefano Maffulli stef@zoomata.com writes:
AFAIK the only one that works and is maintained is here:
The website's a bit of a mess and I can't see an explanation of how they plan to make it work.
It's a tactic. They seem to say: if you don't understand then you're too dumb to be take seriously; we OTOH know exactly what we are doing.
Look for "use case" and start reading those documents to get your feet wet (on http://www.dmpf.org/open/index.html)
So, what's their current technique? Do they withhold some of the source code?
They won't say that explicitly, you have to force them to admit it in public. I succeeded having such admission, but only in private conversations. By looking at the blog I mentioned earlier, they are getting ready for another phase of push, adding tpm in this round. /stef
On Fri, 2007-11-16 at 15:05 +0000, Ciaran O'Riordan wrote:
to see if that could eventually work as a "real" free sw
So, what's their current technique? Do they withhold some of the source code? Use EUCD/DMCA threats?
The ones I've seen are license distribution systems based on public key crypto. So, you can revoke people's [device's] keys and effectively bar them on a forward basis from the system.
Most of these systems are very much not aimed at desktop general purpose computers.
Cheers,
Alex.
On Fri, Nov 16, 2007 at 12:38:33AM +0000, Ciaran O'Riordan wrote:
Rui Miguel Silva Seabra rms@1407.org writes:
Then it's not Free Software
Agreed. I think I said "supposedly free software" each time.
Yeah, I was complementing it, not counter-argument :)
Rui
On 15/11/2007, Rui Miguel Silva Seabra rms@1407.org wrote:
Does anyone know how to make a Free Software DRM that can fullfill the DRM function?
Does anyone know how to make a Software DRM that can fulfill the DRM function?
Step 1. Decompile/Reverse engineer binary Step 2. Write new code or alter the binary (NOP out the calls to checking functions, falsify the results of function calls etc.) Step 3. Enjoy Civil Liberties.
Other approaches include extracting the decrypted content from memory. Extracting keys from disk or memory and using reverse engineered algorithms. Using reverse engineered algorithms and find a weakness in the cryptographic algorithm (more likely as it won't have been properly peer reviewed).
And my personal favorite (may only work in the U.K. if it works at all): Appeal to the secretary of state to issue an order to the distributer to give you means to execute your rights under the law. (Not sure if this has ever been attempted).
Just because you compile something doesn't mean it is secret.
Know the attacker. According to the MPAA (i can't find stats for TV piracy specifically)
The major U.S motion picture studios lost $6.1 billion in 2005 to piracy worldwide. http://www.mpaa.org/2006_05_03leksumm.pdf
Against an attacker with $6.1 billion whether it is free software or not has no impact what so ever. They can afford to reverse engineer the code. Or they would have more than enough money to bribe or, blackmail an employee at the DRM company to obtain the source code and documentation.
Making the software free software provides certain additional security, Algorithms are analysised by many security experts. This reduces the risk that someone can access the content without ever possessing the key. Employees are also significantly safer as the risk or them being tortured or blackmailed is greatly reduced.
I'd say any Free Software DRM is snake oil, but I can be proven wrong.
I would say any software DRM is snake oil, I doubt I will be proved wrong.
If you want more examples of why DRM doesn't work why don't you use Google?
DVD-CSS broken. HD-DVD/Blu-Ray broken and keys exposed. HDCP, unless it was changed this was badly broken. In a paper presented at a DRM conference it was shown that with a set of 40 public/private key pairs (spanning a certain set the signing authorities secret could be recovered and an attacker could generate as many key pairs as needed. Windows Media DRM has been broken as well.
It really annoys me when people claim that "Free Software" DRM and thus can't be used. Non-Free Software DRM is also insecure. If you want a secure Software DRM solution then you don't understand what software is. It can't happen.
If you don't mind insecure DRM then Free Software DRM can fulfill that.
Compilation is NOT a secure transformation. Maybe you should read GCC's source code if you think that compilation secures your algorithms in any way. It doesn't. It's also not possible for other compilers to encrypt algoirithms, the CPU needs to be able to execute the instructions.
Of course if you add hardware assistance to the DRM system then it may be stronger but there is no guarantee. It is also widely considered immoral and in many countries illegal to secure the last part of the video transmission. (from the screen to the human).
Also to whoever said that it's not Free Software because US Law won't let you tamper with it, does that not mean that GPG is not free software because there are restrictions in some countries relating to the possession, use and distribution of cryptography?
Andy
On Fri, Nov 16, 2007 at 02:46:21PM +0000, Andy wrote:
It really annoys me when people claim that "Free Software" DRM and thus can't be used. Non-Free Software DRM is also insecure. If you want a secure Software DRM solution then you don't understand what software is. It can't happen.
Yeah!
If you don't mind insecure DRM then Free Software DRM can fulfill that.
algorithms in any way. It doesn't. It's also not possible for other compilers to encrypt algoirithms, the CPU needs to be able to execute the instructions.
Have you read "Trusting Trust"?
Rui
Am Freitag 16 November 2007 schrieb Ciaran O'Riordan:
Any info or pointers appreciated, ta.
The only way it could work is the "tivo-ization", meaning you have some kind of software where you can get the source, you're also allowed to modify the source, but you can't run the modified source, because your hardware will stop it from working without some kind of signature.
But to call this "free software" is imho a big fat lie, because it's completely bogus to allow something and afterwards make it technically impossible. And the "freedom to modify" should mean I'm able to modify it, not only allowed to where I can't do it in reality.