How 4 Microsoft engineers proved that the “darknet” would defeat DRM

[wraith808]

How 4 Microsoft engineers proved that the “darknet” would defeat DRM (via Ars Technica)
...and almost got fired doing it.

Can digital rights management technology stop the unauthorized spread of copyrighted content? Ten years ago this month, four engineers argued that it can't, forever changing how the world thinks about piracy. Their paper, "The Darknet and the Future of Content Distribution" (available as a .doc here) was presented at a security conference in Washington, DC, on November 18, 2002.

By itself, the paper's clever and provocative argument likely would have earned it a broad readership. But the really remarkable thing about the paper is who wrote it: four engineers at Microsoft whose work many expected to be at the foundation of Microsoft's future DRM schemes. The paper's lead author told Ars that the paper's pessimistic view of Hollywood's beloved copy protection schemes almost got him fired. But ten years later, its predictions have proved impressively accurate.

[Renegade]

Good article. This seemed a bit telling:

Yet the content industry continues to try, and fail, to produce secure DRM schemes. Biddle believes this strategy has proved counterproductive because it inconveniences legitimate customers without stopping piracy.

"I'm now finding that for some kinds of content, the illegal is clearly outperforming legal," Biddle said. "That blows me away. I pay for premium cable. It's easier to use BitTorrent to watch Game of Thrones. HBO Go is trying very hard to do a good job," he said, but the user experience just isn't as good. Because HBO Go is a streaming service, he said, it's more vulnerable to network congestion than simply downloading the entire episode from the darknet.

Bang on there.

I've bought video content that was only available streamed. I very quickly hacked around and downloaded the content as I HATE watching streamed video due to bandwidth issues. Downloading is far superior. e.g. In what universe does it make sense to entirely reload a video because you rewound 30 seconds?

[IainB]

Interesting.
I become very impatient with jerky broadband video streaming. I won't watch streamed content for longer than about 5 minutes. I download it and watch it in a timeframe that is convenient to me. If I can't download it because of DRM or obscure paywalls or something, then I won't watch it and never return to it.

[Josh]

I, for one, cannot stand DRM and cannot stand streaming content either. However, that said, I have had a VERY positive experience using the VuDu rental service on my playstation 3. My family just rented Brave and it worked great. Granted, this was due to my connection being available.

On the other hand, I am completely for offline storage. With hard drive prices going down, it is easier to download a file and store it than to rely on the cloud. I have almost completed ripping my 850 DVD collection to MP4 for storage on our media server. This will be complete once I am able to setup a Raid 1 array of about 4TB. Right now, I am stuck at 2TB on a single disk. Once I get a new enclosure, I will setup a Windows-based raid mirror (hardware raid is flaky unless you invest in a reliable controller, not those cheap promise boards).

[Renegade]

On the other hand, I am completely for offline storage. With hard drive prices going down, it is easier to download a file and store it than to rely on the cloud. I have almost completed ripping my 850 DVD collection to MP4 for storage on our media server. This will be complete once I am able to setup a Raid 1 array of about 4TB. Right now, I am stuck at 2TB on a single disk. Once I get a new enclosure, I will setup a Windows-based raid mirror (hardware raid is flaky unless you invest in a reliable controller, not those cheap promise boards).

-Josh (December 01, 2012, 06:28 AM)

Kind of OT, but... Have you looked at FreeNAS? Someone recommended it to me in another thread and it's been wonderful.

[40hz]

On the other hand, I am completely for offline storage. With hard drive prices going down, it is easier to download a file and store it than to rely on the cloud. I have almost completed ripping my 850 DVD collection to MP4 for storage on our media server. This will be complete once I am able to setup a Raid 1 array of about 4TB. Right now, I am stuck at 2TB on a single disk. Once I get a new enclosure, I will setup a Windows-based raid mirror (hardware raid is flaky unless you invest in a reliable controller, not those cheap promise boards).

-Josh (December 01, 2012, 06:28 AM)

Kind of OT, but... Have you looked at FreeNAS? Someone recommended it to me in another thread and it's been wonderful.

-Renegade (December 01, 2012, 06:31 AM)

@Josh - +1 w/Ren on FreeNAS. It's a great solution. Before you commit to using Windows, consider giving FreeNAS a try. It won't cost you anything other than your time to try it out. You may be surprised to find it's everything you need - plus a whole lot more.

Although I'm not too big on recommending RAID for most personal uses and/or skill levels, it does have it's place. And the software implementations of RAID running under the NIX environment have proven extremely reliable in my experience. And I do servers for a living. So I see a few more of them in operation than most people do.

Just my    

[Renegade]

^^ Continued the off-topic portion about FreeNAS here: https://www.donation....msg308760#msg308760

[TaoPhoenix]

Getting sorta back on topic, would stuff like Apple's restrictions through the App Store count as a new form of DRM? For an easy example, some videos on Youtube are blocked to mobile browsers. I'm sure my betters have ideas around that. (Browser header changing and all that jazz?)

[Renegade]

Getting sorta back on topic, would stuff like Apple's restrictions through the App Store count as a new form of DRM?

-TaoPhoenix (December 01, 2012, 09:35 AM)

No. DRM is DRM. Apple is just a douchier form of DRM.

For an easy example, some videos on Youtube are blocked to mobile browsers. I'm sure my betters have ideas around that. (Browser header changing and all that jazz?)

-TaoPhoenix (December 01, 2012, 09:35 AM)

Not sure what you mean there in that context.

[TaoPhoenix]

For an easy example, some videos on Youtube are blocked to mobile browsers. I'm sure my betters have ideas around that. (Browser header changing and all that jazz?)

-TaoPhoenix (December 01, 2012, 09:35 AM)

Not sure what you mean there in that context.

-Renegade (December 01, 2012, 09:52 AM)

Well, last I understood DRM it meant restrictions & rights on digital media, right? So would coding videos on YouTube count as DRM? Or is there some implicit extra factor that the DRM has to be attached and embedded as some kind of software encoding?

In other words, I see similarities between things like WMA music files and non-mobile or region-blocked YouTube files.

[wraith808]

For an easy example, some videos on Youtube are blocked to mobile browsers. I'm sure my betters have ideas around that. (Browser header changing and all that jazz?)

-TaoPhoenix (December 01, 2012, 09:35 AM)

Not sure what you mean there in that context.

-Renegade (December 01, 2012, 09:52 AM)

Well, last I understood DRM it meant restrictions & rights on digital media, right? So would coding videos on YouTube count as DRM? Or is there some implicit extra factor that the DRM has to be attached and embedded as some kind of software encoding?

In other words, I see similarities between things like WMA music files and non-mobile or region-blocked YouTube files.

-TaoPhoenix (December 01, 2012, 12:34 PM)

The files aren't blocked.  The service is blocking it.

[TaoPhoenix]

The files aren't blocked.  The service is blocking it.

-wraith808 (December 01, 2012, 01:31 PM)

I saw some similarities in the end effects. So then I guess you're saying that DRM is something that travels with the file.

[wraith808]

The files aren't blocked.  The service is blocking it.

-wraith808 (December 01, 2012, 01:31 PM)

I saw some similarities in the end effects. So then I guess you're saying that DRM is something that travels with the file.

-TaoPhoenix (December 01, 2012, 02:27 PM)

Correct.  If I password protect an area of my own site, or make it so that I program that you can't get to it if your IP is in a certain place, that's not the file's fault.  That's the delivery mechanism.  With DRM, it happens no matter where or when you open the file.

[tslim]

On the other hand, I am completely for offline storage. With hard drive prices going down, it is easier to download a file and store it than to rely on the cloud. I have almost completed ripping my 850 DVD collection to MP4 for storage on our media server. This will be complete once I am able to setup a Raid 1 array of about 4TB. Right now, I am stuck at 2TB on a single disk. Once I get a new enclosure, I will setup a Windows-based raid mirror (hardware raid is flaky unless you invest in a reliable controller, not those cheap promise boards).

-Josh (December 01, 2012, 06:28 AM)

Kind of OT, but... Have you looked at FreeNAS? Someone recommended it to me in another thread and it's been wonderful.

-Renegade (December 01, 2012, 06:31 AM)

@Josh - +1 w/Ren on FreeNAS. It's a great solution. Before you commit to using Windows, consider giving FreeNAS a try. It won't cost you anything other than your time to try it out. You may be surprised to find it's everything you need - plus a whole lot more.

Although I'm not too big on recommending RAID for most personal uses and/or skill levels, it does have it's place. And the software implementations of RAID running under the NIX environment have proven extremely reliable in my experience. And I do servers for a living. So I see a few more of them in operation than most people do.

Just my   

-40hz (December 01, 2012, 07:20 AM)

IMHO, it is not worth the trouble and risk to use RAID for video collection. (particularly RAID 1)

Normal setup of HDD is fast enough for video playing (even HD movie).
If you raid a pair of 2TB HDD, you risk to lost all 4TB video files when either one is down and that is all for the sake of performance gain that you hardly notice when openning a video file (not when playing it)

If you are talking about RAID 0, again a synchronizing  program which synchronizes between a pair of 2TB HDD periodically seems to be a better solution then RAID 0, because you can copy file to the HDD faster.

In brief, I find in unwise to use RAID 0/1 for a passive storage, like video collection.

[wraith808]

^ Agreed.  Totally.  It's a bit of a hassle to switch between storage from the streaming device if you have more than one drive, but the peace of mind I get is totally worth it.  Especially as I've been burned by RAID1.

[40hz]

IMHO, it is not worth the trouble and risk to use RAID for video collection. (particularly RAID 1)

-tslim (December 02, 2012, 08:37 AM)

IMHO it's hardly ever worth ripping movies to a server drive to begin with.

For music CDs it makes some sense since songs seldom run longer than 5 minutes each and it's nice to be able to create playlists or flip around. But the average movie runs about 90 minutes to two hours - so I could never see what the hassle was with just loading a DVD into a player before settling in for an hour or two to watch it. But maybe that's just me?

As far as RAID goes, I agree it's seldom justified for personal use. My comments about RAID in this context were about how software RAID implementations in Linux are quite reliable based on my experience. And that FreeNAS is an excellent storage solution purely as far as storage solutions go. What it's appropriate to use it for is a whole other discussion however.

And I agree - doing a mirror storage array for a static media collection (likely already on hard media unless the collection is mostly "acquired through alternate distribution channels"  ) does strike me as being a bit of overkill.

But that's probably just me too.

[Jibz]

What are your thoughts on the promoted reader comment:

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

Are we busy arguing over how bad DRM is while they are pulling the hardware out from under our feet?

[40hz]

Are we busy arguing over how bad DRM is while they are pulling the hardware out from under our feet?

-Jibz (December 02, 2012, 01:55 PM)

Absolutely.

Since they can't control it via software anymore (far too many coders and open platforms) the other option is too restrict it via hardware - which is easier since not everybody can manufacture a chip.

That may not deter the heavy techno crowd - but they're a relatively tiny a minority, and they provide the benefit of free troubleshooting for DRM systems anyway. Joe Blow on  the street however is going to be stopped in his tracks. Or will be until the Sim Lim Square gray market starts offering limited quantities of unlocked hardware just like they did with "region free" DVD players.

UEFI/SecureBoot is the forerunner of what's planned. Since it would be too heavy handed to attack Linux directly, it's far easier to just make sure that in ten years time there's very little it will run on. Apple and Microsoft have perfectly capable operating systems and both companies are into doing DRM from way back.

I'm guessing about 85%-90% of the public won't care. Which is what I think they're really hoping to accomplish with DRM. Stop the "casual pirate" or copier.

The naughty boys and girls will always be around. But I think the industries have come to acknowledge that. All they're out to do now is keep that small element's philosophy and practices from becoming the norm. They can always prosecute the violators piecemeal once they're sufficiently marginalized and isolated.

It's the long game we're playing now.

And I'm afraid the completely open general purpose personal computer will go the way of the dodo before it's over.

Open computing is a disruptive technology. Business doesn't want it. Government definitely doesn't want it. And they're both in the position to do something about it.

And romantic techno-ninja notions aside, the big boys very likely will succeed in putting an end to open computing before it's over.

The PC is dead. Long live the PC!

[wraith808]

IMHO it's hardly ever worth ripping movies to a server drive to begin with.

-40hz (December 02, 2012, 12:13 PM)

Really?  I have mine on my server and access it all over the house.

[40hz]

IMHO it's hardly ever worth ripping movies to a server drive to begin with.

-40hz (December 02, 2012, 12:13 PM)

Really?  I have mine on my server and access it all over the house.

-wraith808 (December 02, 2012, 09:35 PM)

I think this is one of those YMMV situations. 

In my case, I do all my watching in one place in my house. And I have a fairly large collection of movies on hard media that I really don't feel a pressing need to rip and possibly convert to run off a media server. Because (to me) it's hardly worth having everything available at the click of a mouse button to play in any room of the house - because that's not something I actually ever do. It's much easier and more enjoyable for me to go and sit in the den and watch something after putting a disk in the DVD player.

 

[wraith808]

I have over 1000 DVDs.  Keeping track of them and storing them is becoming prohibitive.  And I have a living room TV and a TV in the man cave that I watch them on.  Add to that the fact that the kids watch on their computers sometimes, and my wife watches them in the bedroom, and having them in one place and accessing them over the network is just more convenient.  And I specifically have devices that I don't have to decode them with.  There's also no compression; I have them all in MP4 in a MKV container.  I'm still working on ripping them all... I've just about filled up 2TB and that's only a quarter of the collection.  But it just works for me.

[40hz]

^Wow! That is one awesome collection!  

Like I said earlier: YMMV - and you definitely have a lot more 'mileage' to cover than I ever will.  

[tslim]

I have over 1000 DVDs.  Keeping track of them and storing them is becoming prohibitive.  And I have a living room TV and a TV in the man cave that I watch them on.  Add to that the fact that the kids watch on their computers sometimes, and my wife watches them in the bedroom, and having them in one place and accessing them over the network is just more convenient.  And I specifically have devices that I don't have to decode them with.  There's also no compression; I have them all in MP4 in a MKV container.  I'm still working on ripping them all... I've just about filled up 2TB and that's only a quarter of the collection.  But it just works for me.

-wraith808 (December 02, 2012, 10:30 PM)

I am also storing my DVD collection (much smaller than yours) in a 2 TB HDD.

Just curious, why don't you rip your DVDs and keep them in ISO format (like I do)?
If you convert them into mp4 format, you tend to loss quality, further more what about the DVD startup menu? Are you doing your own authoring work?

May I also ask this, what is the advantage of keeping a movie in mp4 format contained in a mkv file than directly keep it as mp4 file? (Isn't mp4 file sort of container by itself?)

[f0dder]

so I could never see what the hassle was with just loading a DVD into a player before settling in for an hour or two to watch it. But maybe that's just me?

-40hz (December 02, 2012, 12:13 PM)

DVD/BR players are noisy, and then you have to deal with all the annoying menus, copyright warnings and trailers that can't be skipped.

A .mkv on the fileserver (generally pretty quiet, and located in the next room) starts instantly, no nonsense, no fuzz.

[f0dder]

If you are talking about RAID 0, again a synchronizing  program which synchronizes between a pair of 2TB HDD periodically seems to be a better solution then RAID 0, because you can copy file to the HDD faster.

-tslim (December 02, 2012, 08:37 AM)

Eh... wat? Copying a file to a single harddrive is no faster than copying it to a raid mirror. The same data chunk can be written to all mirrored drives in parallel, and there's practically no CPU overhead. There's a fair amount of filesystem traversal (which means both CPU and HDD overhead) if you do periodic syncing.