W3C home > Mailing lists > Public > public-html-media@w3.org > February 2013

Re: DRM nonsense

From: David Singer <singer@apple.com>
Date: Tue, 12 Feb 2013 16:39:47 -0500
Message-id: <B73F4A64-9332-40AD-B8D1-75DC3CA40F85@apple.com>
To: "public-html-media@w3.org" <public-html-media@w3.org>

On Feb 12, 2013, at 16:29 , Florian Bösch <pyalot@gmail.com> wrote:

> On Tue, Feb 12, 2013 at 9:51 PM, Mark Watson <watsonm@netflix.com> wrote:
> Please see my other comment about the different things being protected.
> I don't know what weird bizarro world you live in where you think you can "protect" anything that goes on a users computer. Let me break it to you the hard way, you can't. End of story. That's it. As soon as you have anything running on a users computer, the user can do anything to your "trusted" software whatsoever. This my friend is the world where you intercept and fake syscalls, disassemble binaries, grab memory from living ram, instrument foreign binaries, compile your own drivers, compile your own browser, compile your own kernel and a pleathora of other techniques to completely root your scheme. What you call "protection" is nothing more than a slight of hand. It's nothing more than cheap obfuscation. It's not magic. It's a magic trick. It only works on those who don't know how it works. And it only takes one who knows, to break it for everybody. You're talking as if the implementation of that DRM will be the grand masterpiece of integrity. It's not. It's cheap parlor trick. People 10x or 100x as intelligent as you or me will read your code and will break in a matter of minutes, and they put on bittorrent, pastebins and on bitbucket, github and gists. There is no such as a "secret" once you have thing on a users computer, none whatsoever. Please stop fooling yourself. And please stop fooling your clients, because, they don't know any better. They can't even imagine what I'm talking about. When you go into meeting and tell your clients "this runtime is secure" you're lying. You're lying out of your arse. There's no such thing in DRM as secure. None whatsoever. You cannot protect anything at all. Just stahp. Alright? I'm not as dumb as the content people you have meetings with.

I think your rhetoric may be running away with you. For a start, you might be surprised at how difficult to break some schemes have proved.

Nonetheless, the goal of DRM is basically to alter the balance between honesty and dishonesty.  In theory, yes, all schemes can be broken, but once the trouble to find or use a break greatly exceeds its value, why bother?  Many DRM schemes are attempting only to put a lock on the front door, not construct Fort Knox.  People who break in past the lock know they have done it, and may well leave traces that they have done it, and doing it may give them 'free' access to content that would only have cost them less than the cost of the break-in.

People used to talk a lot about 'friction-free copying' -- it's way easier to copy an eBook than photocopy a paperback.  DRMs fundamentally add friction.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 12 February 2013 21:40:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 15:48:32 UTC