How to drive away customers: prioritize your unproven loss of income over making an attractive product. Accuse all your users of copyright infringement.
It is unbelievable that the entire comment thread is filled with people saying it's a bad article, it can be worked around, etc, when:
1. The article is an experiment on techniques and what can be achieved.
2. At the VERY BEGINNING of the article, the author links to his own comment in a previous HN post which said "I do not advocate using any of the techniques, please don't use it, it's terrible and will give your users headaches! I'm against ressource "protection" on the web, what's on the internet should be fully consumed by users of it! The article describes just a few experiments I set up to see how far someone could go if it WAS important."
3. The article acknowledges these techniques are ultimately stupid.
What is this attitude? Would you have the same attitude with someone experimenting with XSS flaws, hacks and so on to figure out what is possible? Did you all forget than, in order to do good, you have to know what is bad first?
Totally agree. Articles like this are awesome and ideally HN would be filled with them. It's about a set of interesting hacks, that are ultimately still just hacks, but stimulate the hacker mind and add to an archive that can be drawn upon when/if the reader ever encounters the need to solve a similar problem (hopefully with better practical applicability). Articles like this are amusing, interesting, and inspiring, and embody the spirit of Hacker News.
The person you're responding to didn't say "it's a bad article" or that "it can be worked around". I'm guessing that the root comment was simply a reaction to the title. I bet they didn't even read the article. However, you must be aware that the majority of the technical user community hates DRM.
Regarding your points 1, 2 and 3... where does it stop? Should we always be enthusiastic about experimentation for the sake of experimentation? At what point would you say "that's stupid"?
For instance, what if the title was: How To Dump Toxins In Your Local Water Supply
Would you read the article and then come here and congratulate the author on their efforts? I bet most people would glance at the article and then come here and complain about too many toxins in the water and what a jerk the author is.
Congratulations on hitting as many fallacies as you possibly could in a single comment. You managed to compare, literally, "poisoning the water supply" with... web development.
You know where it stops? It stops when you start putting people in danger. I cannot believe you're seriously asking that question (and yet, I have to believe you are seriously asking that question, because the alternative is that you're an awful troll).
I would like to encourage you to read my comment, and then read it again, and keep doing that until you understand the difference between killing people and blogging on the internet.
I would then like to encourage you to read up on things such as "white hat hacking", pentesting and so on to give you an insight as to why, in the IT world, if the good guys don't push the limits first, the bad guys will.
Fallacy schmallacy. I was talking about blogging about experiments in poisoning people (just a bit, not killing them :) Anyway, you don't think people are harmed by DRM? Of course they are. Time and water are among the most valuable things we have and DRM steals away everybody's time so a few can profit.
Let's try another hypothetical title: How To Force Your Neighbors Take Out Your Trash or, How To Write A Virus That Steals Banking Information...How To Really Embarrass Your Coworkers...9 Ways To Enrage Internet Commenters...(this is fun!)
Would you applaud those experiments? I'm guessing YES since "It stops when you start putting people in danger." and nobody is being put in danger.
(BTW, I'm just doing my own experiment here - I guess I should have said that. You're not being a very good sport though ;) Seriously - I'm sitting here trying to understand your point of view and I made some POLITE arguments. You mis-represented one of my arguments and then patronized me to the extreme, so is that the kind of behavior that you're promoting?
Obscurity is a far more common problem than plagiarism. The best solution for this is to put a signature in the image. Most people aren't trying to steal an image without attribution, they just want to share something they liked.
> Most people aren't trying to steal an image without attribution, they just want to share something they liked.
As an amateur photographer you'd be amazed how many people think nothing of taking an image and slapping it on their website, or in their print media.
People routinely use services like imgur.com to rehost images they have no permission to use, and can and will strip watermarks and be silent when asked for attribution.
I'm used to it now, but damn it's frustrating when you take that _one_ great shot and find it everywhere on the internet the next day with no credit.
I just can't sympathize, at all. I would prefer (I realize this is not the law) an internet that was considered public domain. If you don't want you picture copied, don't put it in the public domain.
I do understand hard work, and skill, and putting in the time that made you the great photographer that you are, and I understand the need to earn a living, and I understand capitalism, economic profits, and accounting profits and economic profits.
But a large number of highly trained and skilled people put a lot of hard work and effort into writing the open source software that is running the internet and the webservers that your images are on.
I understand your perspective: you'd rather buy a proprietary microsoft operating system and a proprietary microsoft webserver so you could run a proprietary Oracle database to keep track of your DRMed photos.
But understand that I wouldn't, I'd rather have a public domain web where photographers share their work like artists do and computer programmers and graphic designers and bloggers and everybody else.
I'm just not that excited by your great photo, there are a lot of great photos.
full disclosure: I took a significant news photo once and made money selling it. I enjoyed spending the money. I don't chase around the internet stopping people from duplicating it.
> If you don't want you picture copied, don't put it in the public domain.
Most of my pictures are prints, hanging on walls. But you need a portfolio to attract (paying) clients, so images have to exist!
> I understand your perspective: you'd rather buy a proprietary microsoft operating system and a proprietary microsoft webserver so you could run a proprietary Oracle database to keep track of your DRMed photos.
So if I said I'm an ex-Debian developer who's released a pile of open-source software, for free? And does so regularly?
Seriously you're getting too personal there, and just wrong. Photography started as a hobby because I love people - in the same way that woodworking is a hobby because I like doing things with my hands that are "real".
But there are costs involved, I've probably spent close to 10,000 in camera-equipment, to have people steal your work, means that stuff doesn't pay for itself any more.
You mention proprietary software? How would you feel if you wrote open-source software and people abused the licenses? That's copyright infringement, and the same thing is a huge deal in the photography world.
Sure everybody has a camera, and fly-by-night people will take money for pictures. But that's like hiring a self-taught PHP-programmer instead of a kernel developer. There are skills, styles, niches, and similar involved that clearly differentiate photographers.
> and the same thing is a huge deal in the photography world.
Is it big enough to start deploying the lawyers? That's what software companies have to do. If you're not doing that, then it must not be a big enough deal to you. If you CAN'T do that, then I think you should get out of the biz.
But, I bet you won't because you are probably getting something more than money out of your career. Maybe you enjoy the work. If it were all about money, you would have become a banker, right?
No sympathy here either. You have no natural right to get paid every single time one of "your" images is used. (Oh and who owned the stuff you took a picture of? Should you pay them to photograph it? Should they get paid every time the image is used?) With no natural rights, you have to use the legal system. Nobody cares if you sue some big corporation, but please...complaining about people posting stuff to imgur.com? What money was lost because your image showed up there? Did you try sending them a cease and desist? I bet they'd take it right down. If you don't do that, then you're not trying hard enough.
OK so you don't believe that people should be rewarded for their creativity, that people should have their licenses honoured in any field of endeavour.
I have sent cease and desists in the past, in the same way that I've sent DCMA takedown notices against people who post documentation I've written with no attribution, and against people who've forked my code and pretended to have authored it.
Specifically on the topic of photography though - Do you feel that the owner of the object of your photograph should get paid every time the image is shown though? Where does that end? For instance, if you shot a famous building - do you think the architect should get paid? What about the construction workers? The current owner?
That was really my main gist. Sorry for not being sympathetic. I thought I made a pretty good argument. I was not trying to be impolite, but I can see how it could be taken as such. Could you just answer that one question? I'm really interested in the fine line that is being discussed here.
> strip watermarks and be silent when asked for attribution.
If the watermark can be removed without making the image largely useless then you're not watermarking properly. Sure, its not pretty, but this isn't a pretty world. I never understood the lazy bottom-right watermark. Its trivial to remove and sites like reddit reward fraud because people like to pretend its their content as narratives like "Oh i bought a camera and took my first photo" are eaten up by low-information voters (who i imagine are the plurality of votes on reddit).
Get a good C&D template. In this day and age, it's the only protection IP holders have. If someone isn't worth pursuing legally, it's not worth worrying about whether they're providing proper attribution or cutting out your watermarks, just let those people go. If you get ripped off by a commercial publisher, send some letters and get the remuneration you deserve.
Newspapers, big online sites that should know better. They take pictures and half the time you never even know unless you use tineye, or a friend/colleague will share a link with you "Hey nice work getting included in the New York Times", etc.
Do you agree that it's sometimes desirable to communicate in a way that doesn't produce a written record? (e.g. insisting that you talk privately in person rather than over email)
If yes, then I think you agree in principle with the goal here, even if you disagree with the specific use case.
I really dislike this attitude on HN. You can have great products that make no money because cracks get popular (I have done testing with my own software and know for sure this is the case) and get higher results than the original product listing on google, Adblock, and many other methods thought to be "rights".
Even look at music piracy. Pirates did the big labels a favor: small, independent artists can't make a living anymore because everyone just expects it to now be free. They now are almost forced to go with a big label if they actually want to make any kind of living.
> Pirates did the big labels a favor: small, independent artists can't make a living anymore because everyone just expects it to now be free.
This is a point I hear often, but there seems to be no consensus. If I understand you correctly, are you saying that small, independent artists used to make a living just from CD sales?
I've only met in person poor musicians, those that make money either from street concerts or the occasional gig, which were consistent with Courtney Love's position[1] that CD sales are not really important when it comes to revenue. But I'd love to hear an argument from the other side.
> And this is my favorite part: I am 100% certain that the hacking of entertainment industry's security features provides better entertainment for these kids than the entertainment we're trying to prevent them from stealing. Let that sink in for a second, then try not to bust up laughing.
> Every subsequent game we will never use any DRM anymore, it’s just over-complicating things…We release the game. It’s cracked in two hours, it was no time for Witcher 2. What really surprised me is that the pirates didn’t use the GOG version, which was not protected. They took the SecuROM retail version, cracked it and said ‘we cracked it’ — meanwhile there’s a non-secure version with a simultaneous release. You’d think the GOG version would be the one floating around.”
That is the thing the Content owners do not get...
The people releasing the content do not care about the actual content, they are not fans, hell most of them probably never watched/played/listened to the movie/show/game/song they are releasing.
The Act of cracking, releasing, encoding, etc is the entertainment for them... The content is irrelevant
Regardless of what you believe I am not going to patronize you if you treat me like a thief, likewise I'm going to fight tooth and nail to ensure that I am the one that controls the device I physically own, not a content business.
That attitude is realism. It's not unreasonable to take minor steps to make casual copying easier - the clear GIF overlay is a good example of that - but there ain't no such thing as perfect digital restrictions management. Anything beyond those minor steps becomes an inconvenient nuisance for your real customers and the risk/reward paying just isn't worth it.
Imagine you have a stock photo website. Basically honest potential customers might try right-clicking a photo once to download it, and failing that will whip out their credit card. Basically dishonest non-potential customers aren't going to pay you and see your protections as something fun to be worked around.
There just isn't a business case for heroic measures that can ultimately be trivially defeated.
>>Basically dishonest non-potential customers aren't going to pay you and see your protections as something fun to be worked around.
You have no idea how much time I've spent on sites doing weird things to try and stop the user from downloading their content. Like online schools that don't want anyone to save the class-lesson videos. I don't even want the media, I just find it irresistible to understand and ultimately defeat their protection.
To be able to do this on browsers is foolish. Devices might be workable, though they would only be on the same level of deterrent as a cheap lock. A user could always take a photograph of the screen.
I don't think anyone is saying piracy is not hurting anyone. To what extent, I would say there is a great deal of disagreement. If a perfect DRM existed (completely prevents privacy while leaving paying customers unaffected) everyone would implement it. However, the message is that you shouldn't stoop to making your own product worse or punish paying customers just to combat piracy. For example, if you're selling software and someone wants to buy it, they shouldn't have to jump through hoops to get it and/or use it. On the other hand if someone wants your product and doesn't want to pay for it, there is a significant probability that is a lost sale regardless of DRM efficiency. Just because a ton of people use a pirated version of your software doesn't mean that a ton of people would have bought it if you had better DRM.
You may feel it was a "great product" but apparently people were not willing to pay for your great product. Several companies and people get paid giving away their software.
I suspect that your DRM was so overly burdensome that it turned away any potential customers, you in effect screwed yourself.
If the DRM does not get in may way, or require me to do anything(i.e it is invisible to me) then I might buy that software, for example Steam Games, Spotify, etc have DRM that is invisible to the End User. I will grin and bear this level of DRM, begrudgingly. However if you go much beyond this no thank you.
If your software has Activation Keys, Installation Limits, Locks itself to my Motherboard that I change ever 6mos, or other crap like that then you would never get a single dollar from me.
This is not my experience. I work in a space that is seeing impressive numbers from up and coming acts. To me it seems like the variety and quality of music offered to the consumer has increased leading to more people seeing Joe Blow's act instead of going to Cher or Britney Spears.
I am glad that this guy tried. I found some of the techniques pretty clever and I enjoyed reading the article. I do not believe you can stop people from taking screenshots and stealing images but I never considered some of the techniques the author explained. He was much closer to solving this than I expected.
Yeah, sometimes it is worth taking a shot at problems that are thought to be unsolvable. It helps you gain deep insight into the problem domain and become a better thinker.
Instead of that, the author could just talk about why interlacing was used in video in the past. No need to bring any DRM context in the discussion. The tone of the article is what's offending, not the technical details.
Just the notion that DRM is something that should be used in general. I find the concept of DRM to be insulting towards the users.
Also this part:
> seems like there is a problem — let’s solve it for fun and profit
It's like saying: "Police state struggles with policing measures. Let's help it for fun and profit". I hope you get the idea why this can sound offending.
I don't see anything wrong with developing a better bike lock for fun and profit. Not to build a straw-man argument but isn't that the same line of thinking?
Why would anyone want to do such stupid thing? It would prompt users to bypass it just because. And there are tons of ways to make a series of screenshots or even a video of the screen.
Ksnapshot, imagemagick (import), ffmpeg, avconv etc. etc.
> let’s assume things on the web should be protected…
Let's assume DRM is a dumb and nasty idea which always leads to very crooked practices. Period. As if we don't have enough of this EME nonsense.
The evidence shows that DRM in the service of corporations and businesses tends to be nasty. But there are reasons to believe that DRM, if used to protect the data and privacy of individuals would be very valuable, with the caveat that it would have to be implemented in a trustworthy way.
What if there was a way to provide access to your medical records to people who need them, only for as long as they need them? What if even the provider of the service couldn't easily circumvent this?
> But there are reasons to believe that DRM, if used to protect the data and privacy of individuals would be very valuable, with the caveat that it would have to be implemented in a trustworthy way.
DRM can not be trustworthy by its mere definition (because trust is a mutual thing, and those who deploy DRM don't trust you - the user. So you have every reason not to trust them in return). And it never can be valuable since it's not only unethical and insulting towards users (since it uses presumption of guilt and police state ideas), but it's also completely ineffective and all it does is punishing paying customers, while the vast majority of actual pirates don't deal with it. DRM should just die out for good.
> What if there was a way to provide access to your medical records to people who need them, only for as long as they need them?
Authentication and information security has nothing to do with DRM, even though both can have features like encryption. Let's not mix unrelated subjects.
tl;dr - Let's please think about the economics! Let's not just believe emotionally charged Internet aphorisms, but examine things thoughtfully.
Authentication and information security has nothing to do with DRM, even though both can have features like encryption. Let's not mix unrelated subjects.
What is the limiting of who can have my personal data and when, but Digital Rights Management, or DRM? One cannot stop at authentication, because to be complete, one has to prevent copying data. Without this, it becomes problematic to trace who has released information, and without some legal support, nothing at all is practical.
DRM can not be trustworthy by its mere definition
Sorry, but this is fluff. You could apply this "logic" to authentication as well. DRM has to involve some mutual trust and cooperation to the same extent that any protocol involves mutual trust and cooperation.
The key is to realize that DRM as practiced by corporations is evil and unworkable because the economics were utterly unrealistic. Really, where DRM could help individuals would be the elimination of trivial deniability on the part of corporations. Right now, when your data privacy is breached, there is no cost to "break" anything and it's very hard to pin this on a particular corporation. Add a DRM mechanism, and then there is something tangible to apply protection laws to and a labor cost with definite intent to breach an individual's privacy. In aggregate, the cost and potential legal liability becomes too high to for virtually any corporation to contemplate. We would arrive at a situation where corporations could afford to violate the privacy of a few select individuals, but could no longer do so to the public wholesale. Ordinary citizens would enjoy a measure of protection, though rich individuals and corporations would not.
Sounds pretty good to me.
Underlying everything, I'm not so much advocating DRM, as I'm calling to question emotionally charged "magical thinking" combined with naive induction. Let's not just leave things at "DRM is bad" devoid of real examination of what's happening.
EDIT: It also occurs to me that the historical factual differences between individuals and corporations should be used to modify the current formulation of "legal persons." "Legal Persons" should be considered as "persons" only in terms of a few specific factors, like the owning of property. The historical difference between actual and legal persons with regards to data privacy abuses would be an important corpus of information in support of this.
Let me repeat it again. Authentication is OK. DRM is not. If you don't get the difference, let's explain. Authentication is simply ensuring that you are you. Normal security mechanism, nothing wrong with it.
DRM can employ authentication in itself, sure. But DRM is not about ensuring that you are you. DRM is about limiting what you can do with your own system in various ways and / or spying on you (even when it already knows that you are you). Simply because DRM is preemptive policing.
I have no problem with authentication, same way I have no problems with you using a lock on your door (normal security). I have problems with DRM, same way I'd have problems with police putting their camera in someone's house (overreaching preemptive policing).
Hopefully this makes it more clear. I often see people confuse DRM with merely security / authentication / encryption etc. That's plain wrong.
> The key is to realize that DRM as practiced by corporations is evil and unworkable because the economics were utterly unrealistic.
No. It's evil because it's using police state methodology of treating everyone as potential criminal and employing presumption of guilt, which results in overreaching policing measures which violate one's privacy and security.
> Isn't that what you're doing when you lock your doors though?
No. You lock your doors to protect your house from external threats. Here it's completely reversed. DRM invades your private digital space (your computer, your system, the programs you run etc.) for the sake of policing you. I.e. it's not like a lock on your house doors. It's like a police camera placed inside your house. That's exactly what makes it overreaching and unacceptable.
Policing itself is a not an evil idea in general. But it's evil when it's overreaching. Saying - "let's prevent crime" is OK. Saying "let's place police cameras in everyone's house to prevent crime" is not OK.
The previous poster is talking about personal DRM. You keep misunderstanding what they are saying.
In the personal DRM case it would not be invading "your private digital space", you would be using it to protect your digital space.
It is not like "a police camera placed inside your house." It is the equivalent of the homeowner placing a security camera themselves to protect their property.
There is no such thing as "personal DRM". That's what you and the previous poster fail to understand. DRM is always about policing others by invading their digital space.
Protecting your own digital space is called security. Let's be clear on terms usage, otherwise time will be wasted because of misunderstanding.
No. You fail to understand that DRM as practiced by Sony et al is just one application. In one way, it's understandable if you had not been exposed to the academic literature early enough, because after a certain point, political activism, popular accounts, and corporate literature swamp anything more academic and general.
DRM is always about policing others by invading their digital space.
Or about voluntarily giving some autonomy up. In the case of organizations like Facebook, they would be giving up autonomy, such that they would only run certain audited versions of certain software. Given that such companies have large numbers of computers aggregated in a relatively small number of locations, the economics of verifying these mechanisms is much more favorable than the inadvisable "traditional" use of DRM has been.
You are not going to be able to process ideas like this properly, if your only background is uneducated Internet backlash.
Protecting your own digital space is called security. Let's be clear on terms usage, otherwise time will be wasted because of misunderstanding.
Throughout, you have been insistent on an imprecise, popularized usage of terms. I will agree, however, that time has been wasted because of misunderstanding.
> You fail to understand that DRM as practiced by Sony et al is just one application.
They created the term and they polluted it for good. Trying to whitewash it now serves no useful purpose except causing confusion. If you want to talk about concepts of protecting your personal information - just use another term, otherwise misunderstanding is guaranteed (like above).
> popularized usage of terms
No, it was you who tried to create your own interpretation of DRM which differs from what its designers put into it. That's up to you, but don't expect anyone to understand you.
Trying to whitewash it now serves no useful purpose except causing confusion.
Again proof that you have no familiarity with the abstract concepts or its history, prior to the popularized furor. Nor do you care or are particularly curious, or are capable of processing the logical implications of such new information.
No, it was you who tried to create your own interpretation of DRM which differs from what its designers put into it.
Let me assure you that the designers of DRM had the other interpretations in mind the whole time. You are basically arguing for your own ignorance.
don't expect anyone to understand you.
In other words, I should expect only uninformed rubes on the Internet.
Let me repeat it again. Authentication is OK. DRM is not. If you don't get the difference, let's explain.
Let me explain AGAIN -- I'm not talking about such a system running on your machine. I'm talking about such mechanisms running in Facebook's, Apple's, Google's, and the NSA's server farms. It's about 4 messages into this thread. Please get a clue.
That's the same pie-in-the-sky "what if" that loser corps have been pursuing forever. Whatever scheme they come up with, someone else breaks it shortly thereafter, whether it's DiVX, or DVD encryption, or BluRay encryption, or any of that silly bs.
That's the same pie-in-the-sky "what if" that loser corps have been pursuing forever.
1) That's the same kind of half-baked wishful thinking that's been going around the Internet since before the web. 2) I'm not advocating doing what loser corps have been pursuing. I'm advocating flipping the economics around 180 degrees.
someone else breaks it shortly thereafter, whether it's DiVX, or DVD encryption, or BluRay encryption
It's wishful thinking to ascribe magical powers to anything, even hacking over the vast labor pool of the Internet. Modern content encryption based on VMs gets broken but takes labor to break, and only works as well as it does for mass-distributed media because enough people care about it. (I'm not talking about DVD encryption and earlier. Keeping a single symmetric key secret is fundamentally broken.) Flip around the economics, so equally powerful protections are applied to data only a few people care about, and the addition of a little legal support would be enough to form an effective deterrent.
It is fundamentally broken -- for corporate mass distribution. But that's not the only thing it can be used for.
> "The industry will take whatever steps it needs to protect itself and protect its revenue streams... It will not lose that revenue stream, no matter what... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source - we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC... These strategies are being aggressively pursued because there is simply too much at stake."
Evidently you either simply didn't read or understand my proposal, and you mistakenly believe I am writing in support of corporations using DRM against individuals. That is the complete opposite of the truth.
What is fundamentally broken is the idea of overreaching preemptive policing (DRM).
The record clearly shows that applied to individuals, DRM becomes "fundamentally broken overreaching preemptive policing."
The same record clearly shows that turned around 180 degrees, DRM is entirely appropriate. What's broken for protecting a single piece of information the whole Internet wants becomes viable for protecting information chiefly valuable to the individual. DRM applied in reverse against corporations is "economically viable historically supported policing."
"Digital Rights Management" -- you know, words mean something. If it's digital, and it's used to manage rights to that digital information, then it applies. Also, if you had a clue to the academic and research origins of DRM, you'd know it's also "trusted execution." DRM as you are aware of it in the hands of Sony et al is just one single application of DRM/trusted execution. Just like HTML is just one application of the more general SGML or the abstract notion of markup languages in general.
I think you simply use the term DRM incorrectly. You think DRM means information security. It doesn't. "Turning it around" makes it not DRM anymore.
I think I've made the mistake of discussing while assuming the wrong level of information background amongst the participants.
> "Digital Rights Management" -- you know, words mean something.
They mean what they were designed for. And that is excessive preemptive policing. About "trusted execution" you are wrong. Original meaning of trusted execution is exactly about security, not about DRM. Actual usage of that term is more than often happens to be about DRM (which is conflicting with security actually, because DRM can be viewed as a security risk).
If you constantly mix up security, authentication, trusted execution with DRM, I think you should consider your own level of knowing what you are talking about. I explained everything above.
Cool, I love counterintuitive (and even counterproductive) solutions just for their own sake. I tried to do a similar thing with text a while ago: http://nbush.github.io/headache/
"Tired of people stealing your content? Looking to make copying HTML text a huge pain for your users? Sick and tired of useful, well-made Python scripts?
Headache will make it so users cannot select, copy or paste html text without getting a bunch of garbage as well. Try copying this sentence. No, seriously, try it. Yeah that's right. Now try pasting it somewhere.
Now the only way you can steal my sweet, sweet content is by writing it out letter by letter or writing your own noble script that filters out all the junk. Checkmate.
You might say that this solution is unintuitive, massively inefficient and completely unnecessary. Well that's not the true Hacker Spirit now, is it?
"
;)
As a challenge I wanted to see how hard it would be to circumvent this. Here's a bookmarklet:
javascript:void(function(s,i){for(i=0;i<s.length;i++)if(window.getComputedStyle(s[i]).color=='transparent')s[i].style.display='none'}(document.getElementsByTagName('span')))
That should be one line with no spaces if gets line wrapped.
Nice work! Here's another solution posted in an earlier thread: javascript:d=document.createElement("div");d.innerHTML="<style>span:nth-child(odd) {display:none;}</style>";document.body.appendChild(d);
I don't think there's any easy way for the obfuscation to stay ahead of JS reversal. Thanks for taking a look!
I think maybe you could do this. What about the new, controversial DRM extensions? They're for video, but you could just show a 1 frame video on loop as an image, right?
If those support HDCP then it's encrypted all the way to the display, and it would be challenging to screenshot it.
(Of course, you could take a photo of the screen, but that's a substantial degradation).
Yup. In audio copy protection this is referred to as the 'analogue hole' (http://en.wikipedia.org/wiki/Analog_hole), and there's pretty much nothing you can do about it.
You're still sending the picture across the network to the screen in your most valiant attempt, but by using the inspector's resources, you can get a url link to the cat image[1]. Like you say at the end of the article, it's not really worth it.
The site being slow is a better deterrent than anything written in the post. 9 Seconds to first byte[2].
1) Build a library for hiding encrypted information inside images. It should be hard to detect (indistinguishable from random) and robust (e.g. survive printing and scanning).
2) Build a web crawler, coupled with a key store. Crawl the internet for images that contain our encrypted info.
3) The copyright owners will be our paying clients. They will display images only to logged in users, use our service to embed the user information in the image, and deposit the encryption key with us.
4) Whenever the crawler finds a stolen image, we notify the copyright owners and send them the details of the user who leaked it. We don't notify the user, of course.
You could just use TinEye[1], which looks at the actual image data to find copies. I know some artists use it to track down illegal copying, but I'm not sure how accurate and effective it is.
I was under the assumption that image/theme services did that already, especially with website themes?
That may be an idea for a copyright troll, btw. Disseminate not-for-commercial-use for free, then charge dozen of thousands of dollars when infringement is found.
I gather there was a distinct suggestion that at least one infamous copyright troll had done something like that because the only place their content had ever been found was on The Pirate Bay, uploaded by them, which they subsequently threatened users for downloading.
(You can guess how well that turned out for them.)
Sneakily, Blizzard did (does?) that to include an account ID, seemingly so that they could catch people exploiting and then proudly posting screenshots (but editing out their character name).
I've got to hand it to them, that is sneaky, but a bit underhanded. And you could sort of see something was a bit off in screenshots of the more gradiented blue skyboxes (in which it was more visible), but I'd thought that was just a poor JPEG encoding routine, until someone looked closer of course.
Shuffle an image, re-assemble with a bunch of divs with background offset and just the right amount to bring the picture back. If you download the image you get a scrambled imaged.
I was curious and tried his live demo URL. and I used OS X's built in screen capture while using Chrome. The screen capture worked, no special tricks needed. I didn't see any visual degradation between my screen shot and the original.
That also happened to me. But then I realized I set the browser to display everything in 110% by default. If you go back to 100% indeed you can't do a proper screenshot...
When will website authors learn that you control the content but the client, by virtue of owning their computer, controls the presentation. At best you can make suggestions. At worse you're at the total mercy of the user.
If you want to give out indelible images then go back to print.
That demo messed with my eyes. Even though it is interlacing faster than the eye can see for some reason it still felt weird to look at it. Overall, not worth the trouble or the decline in user experience.
I'm pretty sure it's not interlacing faster than the eye can see, which is the whole problem.
For this to work perfectly, your monitor refresh rate would need to be at least 2x higher than what your eyes can detect. And why would anyone build hardware with such a fast refresh rate?
It's a cute idea, but in the end it ruins the image for normal uses just like the watermarks do.
Well, the website's down, so I can only speculate, but, how is the website to know the screen's refresh rate? If the site assumes, say, 60 Hz, but the rate is actually 72 Hz, you'll see an odd "fading" effect between the two interlace frames at a rate of 12 Hz, which is very noticeable.
EDIT: Ah, I see he uses window.requestAnimationFrame [1] to sync with the frame rate, so this is not a problem.
It doesn't actually have to know. There's a JavaScript API called requestAnimationFrame which asks the browser to invoke a callback for the next display refresh. Invoke requestAnimationFrame again from that callback, and you'll get a steady stream of callbacks at the display refresh rate, or whatever the browser thinks it is.
Here's the relevant code from the demo:
var work = (function() {
var toggle = false;
return function tester() {
frame1.style.opacity = toggle?.5:1;
frame2.style.opacity = toggle?1:.5;
toggle=!toggle;
requestAnimationFrame(tester);
};
})();
requestAnimationFrame(work);
me too, it actually gives me a bit of a headache. almost like when you get used to your work laptop being 60Hz and your home monitor being 120Hz. you can't really see it but you can feel it. nope. don't like it one bit.
Lesson learned: LCD monitors are absolutely horrible at interlacing. And you can, of course, put them back together with one line of JavaScript. As he says, it's futile. People should stop doing this. Yawn.
I am associated with a... certain industry... (ahem) which frequently finds its content reposted (and it wouldn't be right or proper of me to identify any further, but I'm sure it's a moderately generalised problem).
One must be realistic about these things - if we're going to publish things, some people are going to pirate them and that's that. It leaves our control to some degree when we let it loose, regardless of what legal rights we may have. We're going to find them plastered all over Tumblr or TPB or something no matter what we (or Tumblr!) do. That is not necessarily all a negative, especially if it might drive interest and traffic, which may be worth more than any one or two pieces of content for some. If we get enough customers to support ourselves and what we do, that's fine (and we can thank our loyal repeat customers for that; many others are simply not in such a position).
"The invisible wall" might be worth it as a courtesy "please don't save this image" thing, but developer tools exist in browsers, so that really is only a courtesy thing: anything else is a fantasy and nothing else is really workable, but perhaps it presents a sort of reasonable-ish balance, if it doesn't degrade anyone's experience and if people are at least aware we'd prefer that not to happen on balance. I feel the same about any light DRM (for example, for PC gaming, I'd say Steam is fairly "courtesy DRM" compared to its peers, excepting its peers like GOG that have no DRM at all).
(I'm also a reverse-engineer of some experience, so I've found myself analysing others' solutions in other industries quite a lot over the years - it's interesting to look back and see how my own opinions on this matter have evolved from a vehement rejection of any DRM as a matter of principle, to a slightly more nuanced position that it is occasionally not devilspawn but we'd still have a better world without it and anything that may cause users any inconvenience is completely unacceptable.)
Fairly discreet and tasteful watermarking is all we've ever found to be a reasonable solution. What we see when people do repost them, as a result, is more sales - when a few people obviously like what they saw and looked it up. Not a lot, but some. Yay. Have we gained more than we've "lost" (not that we ever had those in the first place)? I don't know, I don't have a crystal ball to guess at events that have never happened, but we've gained some as a result of this, and some is always better than none.
Except those people who edit or crop out the watermarks then reblog them. Fuck those people. That gets right up my nose; there's piracy, and then there's plagiarism, and that's how I interpret that one - it feels like they're taking credit for it (and if they are, that's dangerous: people might think they know what they're doing and get themselves in dangerous situations), or at least they're definitely removing ours, which is irksome particularly when you see a comment thread asking for, as the parlance goes, "sauce" (the source of the content). Those are people who wanted more, dammit, and you cropped out the thing that could have linked them where to get more, and since it's been reposted, they probably don't even know. That's just putting barriers in people's way for no good reason. (Thank you for those few that do reverse image searches in such cases and find us that way anyway, you're heroes. ♥)
This article (which I enjoyed) reminded me of a paper [1] I co-authored a long time ago about protecting 3D content using a remote rendering system. The big advantage that we had over 2D content (images) is obviously that we never gave clients a full representation of the protected asset.
I found this fairly clever but pretty impractical. If you put an image online you must assume that it is public domain. The only real way to prevent true theft is to offer a lower quality image but this defeats the purpose of putting your image online in the first place.
Nonetheless there are pretty smart ways to monetize content like this and any professional source will pay to use it.
There is a silly Russian saying which school teachers usually use on that really smart asshole kid in the class -- "a fool got blessed by smart head".
Somehow reading this made me think of that.
Also think of the environment, how much power will you waste on this useless hack if it were to get wide adoption (not going to happen of course, but _if_)
It took 20 years to get image interoperability down to "solved problem" status, so let's get start from scratch by coming up with something that you have no idea will work on cheap tablets, will eat up CPU on battery powered devices, and makes unwarranted assumptions about display technology! Yay!
It broke my firefox :( First, a popup error message reporting:
SyntaxHighlighter
Can't find brush for :jscript
and then the whole browser became unresponsive and needed to be restarted. On the plus side, you've helped Firefox development by discovering a new bug!
So, the demo obviously blinks (at least on my monitor), and the first time I took a screen shot, I got the whole image (though I only got half the second time). So, it doesn't actually work all that well.
interesting article and method. when viewed from remote desktop, the image always appears interlaced.
otherwise, on a regular screen its barely noticeable. at first glance it looks fine, but then i get the feeling something is off. if i blink or look away quickly, i can see some of the interlacing. but overall, interesting idea of treating the images more as movies rather than images
This can be automated in javascript. There is no need for photoshop. I won't be surprised if someone comes up with a browser extension to neutralize it.
That was not the point of the article. In fact, had you read the article, you'd find that your point has been addressed three times over and that the author acknowledges it's all futile anyway.
I don't think he quite does. His conclusion is basically that image protection isn't worth it, because more exposure is better. That's different from declaring it to be futile.
Exactly. I read the article. At the end he declares it isn't worth it, which is a different sentiment altogether. He seems to believe that his last-minute addressing of the screenshot "attack" is adequate, even though earlier he was talking about an audience which is a developer themselves. For such an audience, his mitigation of the attack isn't really effective at all. That's what I was pointing out. He just forgot about the standard he set up in first part of his article when writing the update.
