It's an interesting dilemma rightsholders find themselves in.
On the one hand, when people override trivial content protection measures, Internet commenters are up in arms about attempts to take recourse in the law. How can it be unlawful, commenters ask, for people to undertake actions that any semiliterate technical person instinctively knows how to do?
On the other hand, when rightsholders attempt to employ anything approaching sophisticated content protection, those same commenters are up in arms about the extent to which they're inconvenienced. To rub it in, they never fail to mention how content protection "doesn't stop pirates anyways".
What's a content producer to do? Give away their content for free, one supposes, and eventually go out of business. The Internet has spoken!
Late edit:
I think we get it, by the way. There's no worse sin that sacrificing convenience. Convenience is such an important principle on the Internet that it overrides practically all other concerns. "I would pay for this content", says the Internet 'pirate', "but HBO won't let me pay $2.99 an episode for it, so I'm entitled to take it."
But that's neither here nor there. I said the dilemma was "interesting", because it is. I didn't say Javascript DRM was a good idea.
For text articles I think the big problem is really if someone copies an article and has some kind of decent traffic on the copy. This should be trivial to find via a search engine and you can take appropriate action directly.
For music and videos... I am not a friend of watermarks but it may be the best method of just selling drm free and going after those people who share the most "commercially".
It's surprisingly difficult to sue people for IP infringement if they are foreign unfortunately.
I have a friend who published a bunch of her artwork online and later found out via google image search that it was being used by a fair sized company with only slight modification for branding purposes without her being paid or made aware.
She contacted the company in question directly who basically responded "LOL, screw off". At that point she contacted an IP lawyer assuming it would be an easy case. But was basically told the process would cost thousands of $ and she would most likely lose.
Isn't that problem more-or-less another indication of the failure of DRM? That is, only rich people (or other entities with personhood, like corporations) can use the laws in question. DRM increases the cost of the content, and the legal follow-up on real instances of "Intellectual Property Theft" is quite expensive. Either way (increased cost to get content out, or expensive policing) the DRM hurts personhood's with smaller amounts of cash.
> Isn't that problem more-or-less another indication of the failure of DRM? That is, only rich people (or other entities with personhood, like corporations) can use the laws in question.
Until this changes, DRM will be a failure. Likewise, when "property rights" are just a way for rich folks to oppress everyone else, there is no rule of law, and such rights are just a legal pretext for the rich to hire soldiers to bully others. However, when property rights apply to everyone, then they become an expectation of society as a whole. Thieves are successfully prosecuted, the law can act as a deterrent, and the resulting stability allows for the accumulation of wealth in the general populace.
The Internet isn't to that point yet. We're all still barbarians, and if you can take another's livestock and horses, you're clever and a hero to be admired.
Wait, what? In what sense are "property rights" over content a tool exclusively for the powerful? Apart from "Glee", what content provider routinely appropriates and resells independently produced content? Moreover, without the protection of the law, how does any market for independent content exist?
I don't think you've thought this point through carefully.
Finally, your invocation of "might makes right" is comfortably made on Hacker News, where you feel like you have a good sense of both the ability of your peers to screw you over and the causes to which they'd put those abilities to use. Let me just once again inform you that people on HN are far less "mighty", as regards technology, than they think they are. In particular, money buys a whole lot of "might" when it comes to software security.
> Wait, what? In what sense are "property rights" over content a tool exclusively for the powerful?
You misunderstand me. Property rights were once a tool of the powerful. Now they are distributed, for the better. Likewise DRM, except in some limited contexts, is primarily a tool of big companies. It would be better for it to be primarily a tool of the masses.
> In particular, money buys a whole lot of "might" when it comes to software security.
You've made my point. It's just like when firearms were the province of rich people who could afford them. Someone is going to figure out how to sell and market the same tech (polymorphically customized, or with a white box encryption layer) to the masses, who can actually make better use of it than big companies who must oppose whole hacker communities at once.
I think that if your entire business model is based around your content not being easy to copy then you are probably doomed.
We can argue about whether or not this is a good thing or not but the writing seems to be on the wall.
The only other alternative would be legislation governing internet usage that would basically amount to strict enforcement of usage of heavily locked down devices to anybody without a "general computer license" or similar.
Actually, there is another way of dealing with this. Specifically you can drop any attempt to enforce copyright among private individuals, avoiding any entanglements with their moral rights, and restrict the application of the law to incorporated entities, which have no moral rights.
That would mean private people could do literally anything they like with digital media, making money included. But it would also mean that any commercial operation that got big enough to warrant incorporating would be exposed to crushing penalties if they knowingly and willingly violated the copyrights of others in the course of doing business.
It's one thing for a kid to know nothing about copyright, to care less, and to be free from the burden of compliance with law that was never intended to govern the private conduct of individuals. However, if you're doing real business and copyright protected material is helping your bottom line, then you need to comply with the law and help cover the cost. This is actually how much of the copyright protected world operated before the internet, so as a practical matter, the means to manage this risk are already well-developed, reflected in law, and supported by precedent.
In practice, this would mean that clients of ad networks would need to know their vendors, or risk lawsuits stemming from business done with shady players. For instance, if a site owned by an incorporated entity is serving pirated content to attract the traffic it sells inventory against, we're no longer talking about people swapping hard drives in their dorm rooms. We're talking about large, publicly-facing companies paying the bills of pirates and getting commercial advantage in return. Presently, the content creators at the heart of this trade get nothing. What they really need is to be able to sue those fuckers into oblivion - networks AND advertisers.
Again, this isn't an unprecedented situation. Broadcast networks have always been liable for infringing material they air. That's why they always require producers to both certify that they have the rights to everything they're selling to the broadcasters, and carry Errors & Omissions insurance that indemnifies broadcasters in the event that some clearances were missed. (Unlike patent trolls, copyright trolls can be insured against). A producer with too many insurance claims against him will get dropped by his underwriter, rendering his work commercially untouchable. This is a mature and well worked out system, not a theoretical approach.
An extension of this system into the ad-supported space would make advertisers (who ultimately pay for everything) liable in cases where their ads run on dicey networks and sites. That would make E&O a mandatory part of running a site, and place the burden for securing clearances on any commercial distributors of content. You want to host User Generated Content? Super, feel free. You want to sell ads against it? Watch out.
The real point is that people who say "there's no way of dealing with this" are not correct. They are simply reflecting their own lack of knowledge, curiosity, and imagination, along with total indifference to the legitimate and unavoidable economic needs of the content creators who remain a vital part of any attention-based ecosystem.
Problem is that this favours people who sell copyrighted stuff to businesses vs those who sell to individuals. For example movie companies will overwhelmingly make their revenues from individuals.
You also have the issue that companies who profit from piracy can simply move their operation abroad to where this does not apply.
For one, it's just not true that movie studios make their money from individuals. Theme parks aside, they are almost entirely B2B. Think about it, have you ever bought a film directly from Universal Studios (for instance)? No. You have always gone through a theater or a retailer (online or physical). That is to say, you have done business with a commercial distributor who could not sell to you without making a deal with Universal. And one thing you won't find on the Universal Studios site is e-commerce. Here, see for yourself - they don't do business with individuals. http://www.universalpictures.com/
Also, companies that "profit from piracy" cannot simply move offshore when they're major companies that depend on the American market for a very large part of their revenue. If they, or a subsidiary, are incorporated here, then they can be sued in US court. Sure, a pirate site could operate from wherever, but how could they attract enough Blue Chip advertising revenue to cover their bandwidth if the advertiser knew they could get sued for allowing their ads to run on a pirate site?
That's the whole point of E&O. It forces distributors to do business only with legitimate producers, while purging producers who expose underwriters to liability. By placing advertisers in the line of fire, it forces them to do business with legitimate ad networks only (i.e. ones that don't depend on pirated content), while driving illegitimate ad-supported networks into commercial oblivion.
People buy movie from the distributors, but if they also have a legal option to buy it for free (or very cheaply from some guy selling pirate copies out of a truck) then the incentive for distributors to buy product from the content producers practically disappears since they are competing with something that will always undercut them.
Pirate sites tend not to carry advertising from blue chip companies, last I checked it was mainly snake oil penis pills, weight loss pills and "fuck girls in <geolocation of your IP address>". Most of these companies are likely located offshore also.
This sounds great in theory, but how do you deal with individuals that mass distribute digital media to other individuals, say to thousands or even millions, if you live off selling it directly? eventually you are bound to go out of business, as this "mass distribution" becomes more and more popular.
If they never feel the need to incorporate, then this framework doesn't stop them from getting as big as they can. But if the money they're making is enough to live on well, they're going to find themselves under more and more pressure to incorporate. The (obviously untested) assumption is that fear of operating a real business with unlimited liability will keep most people away from it, while many of the fools who do rush in will end up getting culled by their own recklessness.
JavaScript requires whitelisting for me (NoScript). I wouldn't have even known about his protections without this news article. They do nothing to stop scrapers, so in terms of accomplishing his goal, this measure is worse than useless.
The basic solution, incidentally, is to do right by your fans, monetize the uncopyable parts of your performance (access, exclusivity, etc.) and turn piracy into free advertising.
You can see that sort of model in action with web comic authors. Howard Tayler of Schlock Mercenary is a great example of a very business-savvy web comic author and is doing very well for himself in spite of giving away the goods for free.
Make it easier to get the content legitimately than, say, downloading it via torrent.
That's the problem with complex DRM schemes. In their effort to make the product more difficult to pirate, they also make it difficult for the legitimate user to consume it.
I'm sorry, but what? You think iTunes is "too hard" to use? You have a problem figuring our Netflix? Is Amazon more than your tiny brain can take?
This isn't 2002. Online commerce isn't some repellent hellscape of overpriced goods and failed transactions. Aside from outliers like HBO and feature films in the window between theatrical and home release, there's very little that isn't wildly obscure that can't be bought easily, legitimately, and for economically reasonable prices.
At this point, if you're still having "trouble" paying, it's because you don't have money, not because you can't spend money you have.
Thanks for the reply. I'm sorry if i've hit a nerve with what i said, but, yes, i do think that purchasing things legally is still, in a lot of cases, more difficult than, say, going to The Pirate Bay and downloading a torrent. This comic, for example, illustrates that quite well and it's not from 2002: http://theoatmeal.com/comics/game_of_thrones
> You think iTunes is "too hard" to use?
On Linux, yes, it's quite hard (compared to native Linux media players).
> You have a problem figuring our Netflix?
It wasn't too long ago that Netflix came to Argentina. If it'd had more content then i would consider using it, but frankly, with the current little content they have, i see no much of a use for it.
> Is Amazon more than your tiny brain can take?
Actually, Amazon is quite good for buying things like tablets or laptops. They end up costing like double or 50% more than what they cost on the US, but that's usually still quite less than what they cost buying them here.
But for "smaller" things, like e-books i wouldn't consider using Amazon, especially if i lose the freedom to copy or share that book thanks to some stupid DRM polices.
> At this point, if you're still having "trouble" paying, it's because you don't have money, not because you can't spend money you have.
Well, that's also quite true. Legitimate movies or videogames for some reason cost quite a lot here.
I remember that not long ago, before Blockbuster Argentina closed, an original PS3 or XBox game was about AR$ 500 (which was like $125 at that time); that's a substantial fraction of the monthly salary for most people (a normal middle-class salary being around 4000 and 8000 AR$). No wonder why Blockbuster broke here; people can but those same games for AR$ 10 on a pirate stand, and they are even easier to install :S
I'll probably won't convince you, but at least i'd like you to consider that the things that are easy for you are not easy for everyone else, and not necessarily because they are stupid or have "tiny brains". In case of replying, i'd appreciate you dropping those unneeded personal attacks.
iTunes is unusable, a mess, an abomination - and even if you do like it for some reasons I cannot even begin to imagine, it's a bad 'solution' for people that don't own a Mac, don't use an i(Pad|Pod|Phone).
"Sorry, Netflix is not available in your country yet."
I do buy a _lot_ at Amazon. Heck, the one single credit card I have (for .. Amazon, mostly) is Amazon branded.
I'd agree with the GP: It's still not easy enough. Your emotional reply won't change my opinion and probably neither his.
And, please read your post again, notice the tone and the couple of direct attacks against the GP's person. Frankly, those are unnecessary to make any kind of point.
Um, we're talking about one click shopping. ONE. CLICK. And that's still too much? It is? Right, you've just crossed into the asshole zone. And by the way, people like you are the reason that stores have those anti-theft tag readers by their front doors.
And @darklajid: who says I'm here to change your mind? Perhaps it's really about pointing out how people who think like this are just being monumental pricks. Whether or not you're comfortable with that is up to you. But if you think you can be a prick and not get called on it, well, guess again.
One more thing: not paying is stealing. Copy all you want, that's not theft (making isn't taking, etc.) But just understand that the second you make a copy, you own the artist money. And if you decide to keep that money, you're holding onto something that is no longer yours. Which, as we all know, is explicitly wrong.
It's like bouncing a check. Sure, the money to back it will be in your account (i.e. your possession) for a few days after, but that doesn't mean it's your money, in that spending it on something else will land you in legal trouble if doing so causes the check to bounce. It's different in that the artist doesn't know you stole from them by keeping money to which you're not entitled, so it's not such a direct violation of trust. But it's still wrong. And since the artist has no moral obligation to make a transaction seamless, you can't put yourself back in the right by saying "well, I found that paying was harder than breathing, so that means the artists forfeits completely."
Sorry, but that's not how the law or ethics work. And I think you know it.
You are a hypocrite, you're just frothing at the mouth claiming anything you'd like even if it's self-contradictory. Coupled with the ad hominem attacks, we all know it is you that is the "monumental prick".
So let me get this straight, you say you've got a problem with ad hominem attacks, but that doesn't stop you from personally attacking others. And when you do, the term of abuse you employ is...(wait for it)...hypocrite.
Unbelievable.
Just out of curiosity, do even know what the words you're using mean? Specifically can you define "hypocrite" and use it properly in a sentence?
It would be nice if you had wrote about this dilemma without making a strawman argument.
It's a fact that DRM only inconveniences the paying customers. You of all people should know that. The laws preventing people from getting around it certainly aren't going to stop the one guy that rips a DVD and sends it out, but they are put to good use against the one guy that wants to help you use your Playstation hardware as you wish. Not to mention your phone. Or the guy selling you reasonably-priced watches from abroad. Their price segmentation is more important than the doctrine of first sale, right?
Nobody thinks a content provider should give it away for free, and many people arguing against copyright ridiculousness are also against piracy. Many people remark that maybe if the content providers weren't charging fistfuls for a shitty experience they might have better luck. Plenty of people would buy a movie DRM-free for $3 but don't feel entitled to download it.
The fact is that there is an old distribution model getting its knees broken by a new form of communication. Is it right? The market will do what it will do without paying attention to what is or not right.
> The fact is that there is an old distribution model getting its knees broken by a new form of communication. Is it right? The market will do what it will do without paying attention to what is or not right.
What the market does is also shaped by social convention and law.
This reminds me of the terms of service of an old trolling site, adequacy.org, which forbade port scans, OS detections, right clicking to view source, etc.
"Adequacy.org gives permission for its servers to be accessed by HTTP clients specifically designed to represent the logical structure of the served documents in a user readable format, or by mail transport agents legitimately transporting email relevant to the site. Protocol handshake information generated by our servers in a network transaction with your computer and client program, including but not limited to HTTP headers or SMTP handshakes, are Copyright (C) 2001, 2002 Adequacy.org; disclosure of the contents of such protocol exchanges is strictly forbidden.
The HTML source to our web pages is also Copyright (C) 2001, 2002 Adequacy.org, and is only licensed to you for the purposes of reading and responding to Adequacy.org content, not for direct examination of said HTML source. Disclosure of the HTML source of any Adequacy.org page beyond the perusal of article and comment content is strictly forbidden.
Any means of accessing Adequacy.org which violates these permissions, including but not limited to telnet access to any port, port scans, operating system detection programs, or any client or client feature specifically designed to display HTTP header information in a normal network transaction with our servers, or to display or store the physical structure of the HTML documents served (as opposed to generating a user-visible display out of the logical structure), are access control circumvention devices and thus not allowed under the provisions of the DMCA. Use of such devices on our site shall constitute unauthorized access (a.k.a. "hacking"). An example of such client devices is the wget program, which by design displays protocol information and does not render the HTML document for user consumption; another one is the "Display Source" feature of Web browsers.
Also, we reserve the right to remove comments deemed inappropriate in tone, factually false, or in violation of the law. We recognize this is an extreme measure, and will thus apply it sparingly.
We will enthusiastically give out your IP address to the FBI. We live in dangerous times, and Americans have to watch out what they say."
Whatever the merits or demerits of the copy-paste blocker's argument are, surely I'm not the only person who highlights text on the Internet as I read it, or who regularly right-clicks and uses commands from the context menu.
I doubt I'll be visiting that guy's site again, but in case I run into the WordPress extension he's using on another site, the 'frustrate_copy.js' file it uses has gone into my filter list.
> Circumventing conventional DRM isn’t quite this easy, but no DRM scheme has withstood serious efforts to circumvent it.
This "truism" is vague, and therefore misleading in some way. Before Sony decided to piss off the entire internet, their DRM stood for the better part of a year. Motorola's had some phones that weren't rootable for months on end. In one sense, it's true: the economic forces will ensure that everything highly visible and in high demand will have any DRM broken. What entrepreneurs should notice, is that not everything is subject to the same economic forces.
There is a valuable analogy in physical locks. Since the industrial revolution, inventors produce a constant supply of new lock designs which get broken by clever locksmiths. Nothing stands forever. Yet, people still make money selling locks, and they have actual utility. Most of the possible uses for locks are for content which is far less known and far less sought after than someone's rare Ferrari or the bragging rights on the newest lock at the world expo.
Many would say digital goods are different. I say that's primarily wishful thinking. Cash is highly fungible, but is still successfully secured with chintzy little locks in many cases. I think it's high time for people to get their own DRM. It's hopeless for big corporations, but ordinary people are actually in the right economic position to benefit from DRM.
This old argument? The difference is that with safes/locks, every thief needs to overcome the lock, and there is usually other safeguards. With digital goods, one master cracker does the work once, and everyone else can just download that directly.
Also, with cash, you don't hand over the entire box to someone and say "you can only take a few dollars out and then must give us the rest back", but that's what DRM does, to keep with pointless analogies.
No, it's not. Congrats on being another knee-jerk reactor.
> With digital goods, one master cracker does the work once
Your analogy only fits the use of DRM by big companies. With a lock guarding long tail or personal data, there isn't one lock to be broken just once. There are millions of locks. Sure, a cracker can get Jane Doe's data and post it to the Internet, but someone could also break into her house and steal her grandmother's old brooch. In both cases, the damage is done and can't be undone. The point is -- is there enough economic incentive to make it happen all the time? No, there isn't. The value is too diffuse to normally attract intensive hacking.
Instead of guarding something everyone on the Internet cares about, why not use the tech for guarding stuff only a few care about, in a context where the parties involved are largely trustworthy. There's still a need there, as evidenced by very weak physical locks used by small parties as deterrents to crimes of opportunity.
> Also, with cash, you don't hand over the entire box to someone and say "you can only take a few dollars out and then must give us the rest back", but that's what DRM does, to keep with pointless analogies.
You think you're being clever, but just have missed the point. In this case, it's more like the lock box at the local church Bingo. It's not much security, but it doesn't have to be. There is still value in being able to prevent crimes of opportunity and tremendous unacknowledged need.
How would this work? This proposal seems to assume that the situation of private individuals and their personal data is similar to that of big content companies and their content, except for a slightly different threat model. In fact the two situations are quite different. Jane Doe isn't publishing her credit card number and "protecting" it with DRM, as silly as that would be.
Yup. My point exactly. Congrats on being another careless knee-jerker who applies big-company context as a straw man and doesn't read carefully or think it through.
It's worth pointing out that, in my experience, very few non tech professionals know how to bypass such an otherwise trivial security feature.
Disabling JavaScript is an option...but not one that I would even use given how that option is buried in different ways for different browsers.
Viewing source: very few people who have not done web dev understand that HTML is just text, never mind have the ability to not panic when they see a jumble of source. I haven't seen any recent studies on this, but I've heard using Ctrl-F is something the average user almost never does.
I'm not belittling the OP's point, just saying that if this implementation fools the originating blogger, it will fool most of his/her audience. Also, I continue to think (and wish) that using the web inspector was a basic web skill that was taught, and something more worthwhile than the majority of 5-week HTML basic courses I've yet seen.
If you are the sort of person savvy enough to know how to rip and republish webpages this won't stop you.
The fundamental broken thing about DRM is that once you have a single DRM free copy in circulation along with computers that will run arbitrary code/content the barrier is lowered for everyone else considerably.
Same as the difference between knowing enough ASM to beat a copy protection scheme in a game vs knowing how to copy over a "fixed" .exe.
As an aside , I know a few non tech savvy people who figured out how to turn off JS years ago in order to copy porn images from various websites and install browser plugins to rip streams from the free tube websites.
I think what the authors point is that yes, most people won't truly be able to disable it. But for those that want to (say, to copy and paste the entire article for personal gain), it's trivially easy. And it is. Even if they know nothing of web dev, they can google for five minutes and find out how to disable the security "feature".
I don't know about that, though. The problem is that many people, especially the type who don't already know how to bypass this, will not even know that the solution is one google search away. It could be a day's worth of hacking into their own browser, for all they know...and that is enough to prevent them from investigating further.
The amusing part of this is tha the blogger in question assumes his material is something people want to copy and paste. If it is the case that most of them never wanted to copy and paste in the first place, the blogger will go on thinking that his solution worked, and will continue to stew in his own ignorance
I remember many years ago having to explain to a client that disabling right clicks to prevent 'image stealing' wouldn't work. They weren't really concerned with how difficult it made normal usage, but the astonishment when I demonstrated disabling JavaScript was quite impressive.
Right click disabling is especially annoying because it prevents me from using the context menu to do back->forward->reload which I do out of habit.
And since it's usually implemented as an alert() you get that "thunk!" noise every time you try (unless like me you disable all event sounds).
You don't even need to turn off JS to rip the pages usually, just doing "save as" will do the job.
The way I have heard people justify this is "Even if it doesn't work, at least it warns people" though I'm pretty sure site rippers know exactly what they are doing.
Indecently, I have found that when site rippers rip your site they don't usually bother to change the src="" for assets and will continue to serve JS from your domain.
In such a case you simply need to do a referrer check when you serve up the JS scripts and you can inject whatever you want into the ripped page including a redirect back to your own site (or any site of your choosing).
You can bypass this absurdity directly from most browsers by pressing Ctrl-P and printing the page to PDF. The PDF does not have any restrictions on copying, and the user doesn't have to know what JavaScript is.
JavaScript has to be whitelisted before my computer will even run it, so I wouldn't even know that his protections existed without the news article. Even if I had JavaScript on, I don't use right click to copy to begin with.
Timothy B. Lee: another victim of Poe's Law (http://en.wikipedia.org/wiki/Poe%27s_law). Let us remove our hats and have a silent moment of meditation in his honor.
...
Now that the silent moment is over, I exhort everyone to double and redouble their efforts at preventing commone folk from being victimized by Poe's Law.
On the one hand, when people override trivial content protection measures, Internet commenters are up in arms about attempts to take recourse in the law. How can it be unlawful, commenters ask, for people to undertake actions that any semiliterate technical person instinctively knows how to do?
On the other hand, when rightsholders attempt to employ anything approaching sophisticated content protection, those same commenters are up in arms about the extent to which they're inconvenienced. To rub it in, they never fail to mention how content protection "doesn't stop pirates anyways".
What's a content producer to do? Give away their content for free, one supposes, and eventually go out of business. The Internet has spoken!
Late edit:
I think we get it, by the way. There's no worse sin that sacrificing convenience. Convenience is such an important principle on the Internet that it overrides practically all other concerns. "I would pay for this content", says the Internet 'pirate', "but HBO won't let me pay $2.99 an episode for it, so I'm entitled to take it."
But that's neither here nor there. I said the dilemma was "interesting", because it is. I didn't say Javascript DRM was a good idea.