Is it good for you if people crack DRM?

| Comments (5) | TrackBacks (5) |
Jon Johansen has just released pymusique (linke /.ed, try cache) a piece of software that lets you download DRM-free music from the iTunes Music store. It seems that when you download music from ITMS, iTunes adds the DRM itself, so pymusique just doesn't add it.

I don't really understand the point of this kind of thing from the pespective of the average user:

  1. DRM always requires the cooperation of the software that the user uses to display the content.
  2. Without trusted hardware, it will always be possible to coopt that software. You're going to hear a lot in the next week or so about how Apple's design was incompetent so of course it was cracked, so it's important to bear this point firmly in mind: there is nothing Apple could have done to make cracking impossible, just more inconvenient. It's true that this probably wasn't the best design decision, but it just doesn't matter.
  3. Every time someone figures out how to coopt the client side, the manufacturers respond by changing the formats or software. (In this particular case, the obvious fix is to add DRM on the server).
  4. Every time the formats change, it's an inconvenience to the legitimate customers, who generally have to upgrade their software. (It's also an inconvenience to the people who are using the DRM-cracking software since they need to update that.)

In other words, every time Mr. Johansen or someone else figures out how to crack Apple's DRM, the main effect is to inconvenience Apple and you the consumer. Yes, yes, it demonstrates the futility of software-only DRM against a determined attacker, but so what? We all knew that already. The chance that Apple will respond by removing DRM seems slim. The chance that when they rev the format it will involve new inconvenient restrictions (whether justified for security reasons or not) is high. What's in it for me again?

UPDATE: Chris Lightfoot argues in the comments that: "By creating an inconvenience every time the DRM is compromised, the attacker creates a disincentive for people to buy from companies which use DRM."

Absolutely true, but that serves their interests, not yours. The question here is how you should react when you hear that someone has broken Apple's (or anyone else's) DRM. What I mostly hear is "Stick it to The Man!", but I suspect a more rational response would be "Those darn hackers are at it again."

5 TrackBacks

Listed below are links to blogs that reference this entry: Is it good for you if people crack DRM?.

TrackBack URL for this entry:

brother sister sex father and son incest pics free incest sex stories incest art incest sex Read More

roulette software from roulette software on August 17, 2005 6:45 AM

roulette software Read More

salvia divinorum from salvia divinorum on September 5, 2005 6:16 AM

salvia divinorum Read More

TITLE: gelmut texas URL: IP: BLOG NAME: gelmut texas DATE: 09/19/2005 12:45:37 AM Read More


Well, you could look at it as a kind of direct action. By creating an inconvenience every time the DRM is compromised, the attacker creates a disincentive for people to buy from companies which use DRM.

This kind of thing is also going to drive adoption of trusted computing. Recently /. talked about how TPM chips are becoming much more widespread, Once M$ comes out with Longhorn companies will be positioned to start using these chips to enforce DRM much more securely. These breaks just hasten that day, and also increase the chance that Apple will hop on the TC bandwagon.

"Those darn hackers are at it again." -- well, that's one way to look at it, but history shows that consumers don't always react to (e.g.) strikers this way. That doesn't mean it's a useful prediction of how people would react in this case, but if consumers can be persuaded that fighting against DRM is in their eventual interests, they might not be too pissed off.

Oh, and a quick "trusted computing" question. So far as I understand, the basic point of this is to do remote attestation; e.g., the iTunes server can establish that the program that's talking to it is a known iTunes binary, running on a known Microsoft Windows kernel, with known drivers for the sound card, etc. etc. etc. Once it's verified that all the software on the machine is sound, it starts sending you your music. But how do you keep the database of checksums of bits of software from becoming unmanageable?

Chris - From what I understand, in Microsoft's system (which is supposedly being redesigned), the remote configuration detection is limited to a sort of micro-kernel that runs in parallel to Windows. This would have less variation than the whole complex of software that is part of Windows. The other thing that can be done to limit the impact of variations is to let the software developer sign an approved set of binaries, then to return these signatures as part of the attestation.

Leave a comment