Terminally Incoherent

I realized something today - we are in the wrong industry guys! We should all be writing DRM software! I mean, at least in theory. I would never do it because I find the idea of DRM morally reprehensible and intrinsically flawed. In fact, I think most self respecting programmers think the same way and stay away from that sector of the market. But it must be a fucking cash cow!

Ok, you don’t see it yet. Let me explain. Imagine doing highly abstract cryptography for people who are so technologically inept that they can’t even spell the word cryptography. Imagine working on products that no one actually expects to work. Let’s face it, even the big fat movie studio executive that just paid few mill to some shifty software company is expecting their DRM to actually prevent the final product from hitting usenet and torrent boards. And best yet - you don’t even have to do much quality assurance because your client doesn’t really give a fuck how this software will affect the machines of their clients. Even if you fuck up, and write something that actually can damage end-users optical drives (hi there Starforce!) you still get paid. It’s your client, not you will need to deal with the customer support, the bad PR, refunds and etc.. Hell, maybe they will even hire you back to write another DRM scheme for them.

What was the last big DRM thing? BioShock? Yes, it’s old news but I don’t recall anything more recent - I haven’t been paying much attention. That one however generated so much buzz it actually registered on my radar (few things do these days). Personally I haven’t used it, but I hear that the game has not only a built in rootkit, but also multi-step online activation process, and that it calls home all the time. In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

If you were to slow, I will repeat it for you slowly:

In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

Yes, DRM is such a pain that legit customers are cracking their own legally purchased copies (invariably breaking the DMCA) because the copy protection is such a pain. Can you see the irony here? The copy protection which was supposed to maintain the integrity of the package and prevent this sort of thing from happening is being easily removed by a widely available patch that appeared a week after the release of the game.

I guess we can’t forget about ACS and they lovely t-shirt I bought that has their super-sekrit encryption key printed on it. DRM is really a joke - and not particularly funny one at that.

Remember Bob, Alice and Eve from your cryptography lessons? Bob and Alice always try to communicate, while Eve is listening. Most cryptographic problems involve securely passing information between Bob and Alice while protecting it from Eve. DRM poses a peculiar problem because it does not follow this model. When you work with DRM you want to send messages between Bob and Alice while protecting them from… Alice. After all, Alice can’t be trusted as she might share them with Eve. You can probably see why serious security researchers don’t actually bother working on one of these problems - it’s stupid, and unsolvable. If Alice can read and comprehend the message, she can pass it to Eve. Period. Entertainment industry calls this “The Analog Hole” while the rest of us refers to it as “The Reality”. The problem with this supposed hole is that it can’t be closed with software. That’s just how it works - you have to use hardware. Can you see where this is going?

Nah, you don’t see it. I didn’t see it at first either so let me tell you. Who do you blame when your DRM gets cracked? Anyone? Anyone? The hardware vendor of course. You thought I’m gonna say “the previous developer” but no - that’s who you blame at a real software shop. At a DRM shop you blame the hardware vendor for dropping the ball, and not making their shit impeccable, and impervious to everything including a voltmeter and a soldering iron attack. At some point the data must be analog, unless they figure out a way to directly stream content into a wetware DRM chip implanted into your head. So really, this is all a matter of where do you patch into the electronic system to recover the data.

Hardware folks know it, but they must play ball or they will be locked out of the content. What good is a next-gen DVD player if it can’t play any of the next-gen DVD’s? So you end up with a system that has two broken components: software that doesn’t work, and hardware that is intentionally slow, complex and expensive which doesn’t work either.

Since plugging the analog hole is an engineering task on par with building perpetum mobile, hardware people will always struggle with implementation. If you are behind the schedule, give the hardware folks a half assed incomplete spec to work from and then change it 3 or 4 times. Oh, and remember to revert to a previous spec at least once in that process to get them totally confused. Then you can blame them on delays. If the client asks why the spec is so shitty, or why you change it so often tell them details leaked out on the internet and you have to do this to keep implementation details secret. Sigh… I wish we all could play this game, but out in the real world developers are actually expected to deliver software which works, is on schedule and doesn’t mess up your system. Only DRM makers can churn out some piece of garbage that doesn’t really do anything beyond making your machine unstable, and still get paid.

But let’s get back to Bob and Alice again. There is a second part to this equation that few people talk about. Bob actually doesn’t send the message himself. He dictates the message to Eve who then encrypts it and hand delivers it to Alice. Confused? Think about it - I’m talking about the human element. How do you get a zero day scene release?

Ok, there is more than one way - I’ll grant you that. But more often than not you get a zero-day by having a supplier close to the source. Usually there are thousands of people involved a movie production, post production, publishing and distribution. They all have internet access and most of them probably have been known to download stuff without paying for it. Any one who touches the source can leak it and tracing such a leak is extremely difficult because copying digital data usually leaves no evidence. The only way you can work is backwards - if you nab the uploader you may or may not be able to work your way back to the supplier.

This is what I mean by Eve encrypting and delivering the message to Alice. Most movies get leaked onto the interwebs long before they get the DRM treatment. So you are really building software to protect something that is already available out there.

Let’s summarize:

1. you build cryptography software for a client that doesn’t understand cryptography
2. you are working on a problem that is known to be unsolvable
3. your client does not expect your software to actually work
4. stability of end-user’s machine is not an issue
5. compatibility with hardware/software on end-users’s machine is not an issue
6. ethics are not an issue - your client doesn’t care if you use a rootkit or a trojan
7. support is mostly not an issue - at most you might just need to provide an un-installer for the rootkit
8. if all else fails you can blame the hardware vendor for delays

All you are really expected to do is to cripple user experience to the point where they will just go and download illegal copy. So you make a shitty piece of software cobbled together any which way, make it do some hard-core math to facilitate your half-assed encryption, then charge the gullible but unreasonably wealthy client an arm and a leg and move on to the next victim. Pure profit.

Naturally, I bet the DRM industry does have some honest, hard working people who take pride in their work. They will probably come here and yell at me for talking shit. I’m not knocking you guys - I admit, cryptography is a fascinating subject. I’m sure that the software you build uses very cool ideas, and is actually very effective. I’m really happy that you get to work on those hard and challenging issues - I really am. In fact, I will think about all the hard work you did next time I’m watching (or playing) a pirate copy of the movie (or a game) that your software was supposed to protect.

I need help locating the new heads of the unstoppable hydra that is Bittorrent. Since Demomoid, my primary source of all that is good was shut down again I need new places that have good stuff in high quality and high volume. Anyone else is bummed out about this story? I will miss the little green daemon but the show must go on!

So, where do you guys get your illicit goods these days? I’m still using TPB, Mininova and Sumo and they all do have good content for the most part, but I want to learn about new and exciting places. Anyone has an über private site that has the best shit under the sun? Wanna send me an invite? Email is in the Contact Me section. I’m pretty much a model citizen - I seed, and I don’t flame n00bz in forums/comments.

Also, I don’t really Blame Canada for this because as far as I know CRIA is not really representing any prominent Canadian artists. It’s really just a Canadian division of RIAA at this point.

As a side note, I know that migrating to a new host is almost always a pain in the ass but it sure as hell beats shutting down the site completely. Maybe they should get in touch with Brokep of TPB who could hook them up with their awesome host that is not scared of RIAA and MPAA impotent legal threats.

If any of you guys thought that UK had a copyright law that is any less retarded than ours, think again. Apparently, over there you can actually go to jail for linking to copyrighted material illegally hosted on a foreign site. Sin, the maintainer of tv-links.co.uk who commented on here several times, was arrested the other day and his website was shut down.

Yes ladies and gentlemen - UK is all kinds of fucked up. In some ways even more so than we are. I don’t recall anyone being put in the slammer for linking to youtube, stage 6 and dailymedia. So watch out guys.

In the meantime, let’s try to find a good replacement. This might be a good place to start.

Post your favorite tv-links like site. Also, shameless link whoring is allowed, as long as your website is on topic (ie posts free streaming TV shows and movies).

Dear Entertainment Industry,

If you belong to organization whose name ends in AA, this post is for you. I’m writing this, because I would like to introduce you to this relatively new concept of Internet. You see, this globe spanning computer network was designed for one thing - and one thing only: to move bits of data from one machine to another. Despite of what misconceptions you have nested in your underdeveloped brain, all that Internet does is move small electric charges between computers. These charges encode various types of information.

Now, you may think that you own some of that information - some songs or movies protected by copyright law. There are even laws that let you exercise control over that information. Unfortunately the very nature of information is that it flows freely, and expands like a viral infection. Given proper conduit channel, any piece of information, no matter how complex can travel the globe and be copied millions of times in a matter of seconds. Internet is precisely such a conduit. Once you make something publicly available on the internet you no longer have any control of how it is distributed.

Conversely any time you make something publicly available it will eventually end up on the internet. Why? Because information flows and expands - people have natural tendency to share knowledge. This natural urge to exchange data allowed us to build civilization, develop technology and create empires. The fact is, we can measure progress of mankind in the efficiency in which we transmit and share information. We continuously research ways to communicate faster, more efficiently and to share larger amounts of data. As sharing data becomes easier, protecting special kinds of content becomes more and more difficult. And there are no indications that this thread will ever stop.

The only way to stop the free flow of data is to fundamentally change the way internet works. As it is right now, any attempts to censor or control the way content is distributed online are bound to fail. Why?

“The Net interprets censorship as damage and routes around it.” John Gilmore (EFF)

For every instance of content you manage to take down using DMCA or a lawsuit, there are 15 new ones uploaded by people all over the globe - mainly out of spite. When you try to contain content locally, it simply moves off-shore to foreign lands. And it will continue to move around, until it’s too expensive, or virtually impossible for you to control it. The global community routes around silly things such as one countries information suppression laws.

You can target each file sharing protocol in turn, but there will always be new ones that we can use. The only way you can be a 100% sure no one is sharing your copyrighted data digitally is to kill the internet. But, that would only resurrect the bootleg market.

Lawsuits and threats against individual citizens? Don’t make me laugh! How many people have you sued so far? Few thousand give or take a few? How many of file sharing cases have you won? One? It’s a drop in the bucket my friends. A drop in a bucket. There are more file sharers than there are IP addresses currently in use. On average you will get 2 or 3 sharers per household. And this statistic will only continue to grow with every generation. Sure, today many senior citizens do not own, or know how to use a computer. But hey, one day the current largest file-sharing demographic (which is teenagers, and 20-30 crowd) will be senior citizens.

Ever day few people who do not know how to share data online die. And at the same time, few new people are born into a world where transmitting bits of data across the globe is as natural as breathing. Our numbers are growing, and so is our bandwidth. Your resources are limited, and you will never be able to sue everyone who owns a computer. Statistically, getting sued by RIAA or MPAA is akin to winning a lottery. It’s a really crappy lottery, but the odds are similar. So in most cases it’s a fair gamble that most people (not counting the overly paranoid) are more than willing to take.

Yes, protecting copyrighted content is a noble idea. But it becomes less and less practical every second. Anyone who bases their business model on outdated notions about intellectual property and copyright that were formed in the pre-intenret era is heading towards complete and total irrelevance at the speed of Moores Law. Every cent you spend towards the goal of stopping the flow of data, brings you closer to eventual bankruptcy.

The sooner you learn to embrace this new reality, the faster you can learn to monetize it. There is money to be made in a world where your distribution costs are exactly zero, and your market penetration is measured on a global scale. Your customers already know this and so do artists and content creators you claim to represent. One by one they come to a conclusion that they do not need you. You are the third wheel in the relationship between the content creator and the customer. Your services are outdated, your distribution models are flawed in the digital age, and your prices are obscene. Oh, and you treat all the customers as filthy thieves. Your customer base is already slipping - but it’s mostly your fault. You fail to adapt, you insult the customer at every step, and spend millions of dollars to make his life harder. When an illegally downloaded copy of a product is easier to use and provides a better customer experience than the original, you are doing something wrong. Your talent base will slip too - as soon as they realize what how horribly you treat their fans, and how little you really do for them.

You can call me naive, demented, idealistic or stupid. You can claim I’m wrong. This changes nothing. You can’t be that blind. Just look around. Copyright was a great idea, but we sadly moved past it. It still has application with regards to physical media. Owning a nice looking album or a DVD you can put on a shelf is still very nice. People will continue to buy physical things because we like to collect crap like that, regardless of online availability of the data they store. But stopping the flow of information is a fool’s errand.

You are in a losing position. There is nothing you can do to change this. You can’t stop technological progress, you can’t change human nature and you cant censor all electronic communication. You must adapt or perish. And for one, I’m not going to miss you when you are gone. So for your own sake please get with the program and stop making such asses of yourselves.

Thanks,

I talked to several people lately who expressed interest in BioShock. I told them straight up: no matter what you do, don’t buy that shit. If you do, you will just get brutally fucked up the ass by SecuRom, online activation and the 57 million of other DRM features that 2kgames decided to put in it. If you download it on the other hand you get a safe copy that includes no rootkit, and will still work 20 years from now when 2kgames no longer exist, and you for some reason are in a mood to play the old abandonware shit.

I usually don’t advocate copyright infringement here but I can’t in good conscience recommend to anyone paying money for software that will fuck up their system. We live in a seriously fucked up day and age where the legal software contains very shady, very dangerous mallware.

Especially since the DRM has no effect on the file sharing at all. BioShock was cracked in 11 days. Was the revenue gained during these 11 days worth the bad PR, alienating thousands of customers who paid for the game but were not able to play it without uninstalling crucial tools like debuggers and process monitor they use for their real life work every day?

I’m not playing BioShock - I’m boycotting that game because of the DRM. But I got fucked by this kind of DRM some time ago when my brother bought me Brothers in Arms: Earned in Blood which contains Starforce - an evil piece of shit that destroys your optical drives. So I have that game - it’s a legal copy, I have the box and set of CD’s but I can’t fucking play it. Or rather I can, but not without risking damage to my optical drives and rendering my system unstable.

But, if I downloaded the game, it comes with a crack that removes Starforce. Same goes for BioShock and SecuRom - if you download it, you get the game without the dangerous components. Anyone who is passionate about the game, and has half a brain will opt to download rather than buy games that are protected this way. The only people who buy them are those who don’t know about the rootkits, or are to clueless to understand what they do.

If you are a game publisher, do the math - implementing DRM the rootkit way will:

1. possibly increase sales in first week or two (not guaranteed though - people who were planning to download it will just hold off and wait anyway)
2. cause massive backlash from loyal fans
3. cause loss of customers who will never buy your products again
4. very, very bad PR in independent online forums
5. mainstream gaming media may pick up the story after the massive outrage in independent media
6. you become infamous in security industry. IT people across the globe hate you giving you more bad PR outside the gaming circles
7. possible class action lawsuits
8. sharp decline in sales caused by the rootkit news reaching more and more people
9. loyal fans who were backbone of your customer base boycot your products or turn to illegal downloads

Is it worth it? Personally I don’t think any DRM is worth the diminished customer experience. There is just no trade off here. You shit on your customers as if they were thieves and in exchange you get… 11 days - if you are lucky. It makes no sense.

No matter what kind of business you run, the golden rule always was “customer is always right”. Somehow music, movie and PC gaming companies decided that “customer is a filthy thief that must be punished” is a reasonable alternative. How long can you run your business the Soup Natzi style?

This extends beyond gaming. Every time you put a piece of DRM on your product you are essentially making it less marketable and less valuable than the cracked copy available on just about every torrent site out there. People want to rip their CD’s to mp3 files. If you prohibit this via DRM they will just download the mp3’s they want. And next time they will remember that you sell crippled CD’s so they will just hit up P2P instead of the record store.

The same argument is now becoming more and more valid for video as well. More and more people own video ipods, smart phones or other hand-held devices which have massive storage space and are capable of displaying video. Why should we be forced to buy movies in 5 different formats to be able to play them on all the different devices that you own? You download once, and then you just use the same copy on all the different portable players - this is what consumers want. And yet, movie studios consider such behavior reprehensible.

All these people lock down their products in ways that makes them either unusable, or actually dangerous to use and then complain that people prefer the unlocked, un-encumbered and inherently safer copies, that also incidentally can be downloaded for free. You have to remember that some people will never pay for your products. If they can’t download it, they will simply ignore it. When you use DRM you are simply alienating the rest of the people - those who were willing to give you money, but now they don’t because they can get a a copy that is of much better quality for free online.

I’m amazed how few people understand this simple dynamic.