View Full Version : Tamper-proof ePub Ebooks?!


fargo
12-08-2009, 09:39 AM
ePub has made it very easy for end users to reach ebooks' source code and change as they like. Contents and copyright information are wide open for anyone to change!

So, the question is: how can I ensure end users would not tamper with ebooks published in DRM-free ePub format?

deltop
12-08-2009, 09:42 AM
DRM-free epubs? Then you can't. Even if you add drm users can strip that. Trying to stop users manipulating data is futile.

It's not just epubs, mobi and eReader files can also be manipulated.

Can I ask why you would want to stop users tampering with your epub files?

Jellby
12-08-2009, 09:47 AM
If you want to certify that a given ePUB has not been modified, you can use a PGP signature, or a hash like MD5 or SHA-2. This does not prevent someone to modify the file, but you can tell (and let other people do the same) whether or not it has been modified.

fargo
12-08-2009, 10:03 AM
Why I need to protect my ebooks against tampering? A good question! Well, I know some people who wouldn't publish anything in any format other than password-restricted PDF format.

I've thought of using digest, but the problem is where to put it? I mean, anyone can open the .epub and remove the hash value. Readers wouldn't notice that since message digest is not part of the standard after all!

Jellby
12-08-2009, 12:28 PM
I've thought of using digest, but the problem is where to put it? I mean, anyone can open the .epub and remove the hash value. Readers wouldn't notice that since message digest is not part of the standard after all!

No, the only way is posting the right hash somewhere, like in your homepage, so that readers can check whether they have the correct and certified version. It won't warn readers of a modified version, but anyone can check if they have the original version or a modified one.

(PDFs can be modified too, password-protected or not :rolleyes:)

rhadin
12-08-2009, 12:31 PM
Can I ask why you would want to stop users tampering with your epub files?

If I was an author, I would want to prevent tampering because it is the only way I can assure consumers that they are getting the authentic product.

On another forum there was a discussion about ebooks vs. pbooks, and I was one of the few, if perhaps the only one, who believed that ebooks will come to dominate fiction but not scholarly work, at least for the foreseeable future, precisely because of the problems of vetting of authors and authenticity/accuracy of the text. Although I don't rely on fiction for anything more than entertainment, I do rely on scholarly works to expand my knowledge. It is in this ara that there is a need for the vetting process that scholarly publishers provide and for the pbook's (at least in today's world) assurance that I am getting what the author wrote and not what some unknown file manipulator wrote.

I suspect that fiction authors also take pride in their authorship and would be distressed to learn that their labor has been thwarted by some viral reader who manipulated their text and changed the story.

Rootman
12-08-2009, 01:15 PM
Yes, you can't have your cake and eat it too. No DRM means changeable - even DRM's can be cracked to allow change and most are.

Perhaps put the copyright info in a cover image on a noisy background? Someone would have to take a lot of effort to change it and if you would have to therefore warn your readers to look for the image to ensure they have a genuine article. It may help, just help mind you because there is nothing keeping someone from simply DELETING the image.

Also put your info at the FRONT and BACK of the book. Most pirates are lazy louts and may not look at the end.

fargo
12-08-2009, 01:54 PM
Thank you for the great post Richard.

(PDFs can be modified too, password-protected or not :rolleyes:)
Could you please direct me to a source or a tutorial explaining how to modify password-protect PDFs while preserving their certificates?

HarryT
12-08-2009, 01:56 PM
If I was an author, I would want to prevent tampering because it is the only way I can assure consumers that they are getting the authentic product.


Sounds like paranoia to me, I'm afraid. If you publish a paper book, what's to stop someone from "tampering" with that? Cutting out a page and replacing it with a different one?

There are lots of more important things in life to worry about, IMHO ;).

fargo
12-08-2009, 02:08 PM
Sounds like paranoia to me, I'm afraid. If you publish a paper book, what's to stop someone from "tampering" with that? Cutting out a page and replacing it with a different one?
Nothing would stop someone to do that to a pbook. I'm sure, though, that the tamperer would not find a publisher to publish 'hiz' new book. He and his grandson may be the only ones reading the counterfeit book :D

It is totally different with ebooks. A counterfeited book can spread as the authentic one, if not even wider.

Jellby
12-08-2009, 02:15 PM
Could you please direct me to a source or a tutorial explaining how to modify password-protect PDFs while preserving their certificates?

I have removed passwords from PDFs with some windows program (whose name I don't remember). I have removed print/copy restrictions from PDFs with pdftk (I had to modify the source code, but it was very, very easy).

Why do you need to preserve the certificates? Someone willing to alter the text would remove any certificate too, and the recipients of the modified file will have no way to know it has been modified (other than going to the original source and realizing that "hey! why doesn't my file have a password?", which is basically equivalent to providing a hash/signature/digest).

Valloric
12-08-2009, 02:38 PM
If I was an author, I would want to prevent tampering because it is the only way I can assure consumers that they are getting the authentic product.

On another forum there was a discussion about ebooks vs. pbooks, and I was one of the few, if perhaps the only one, who believed that ebooks will come to dominate fiction but not scholarly work, at least for the foreseeable future, precisely because of the problems of vetting of authors and authenticity/accuracy of the text. Although I don't rely on fiction for anything more than entertainment, I do rely on scholarly works to expand my knowledge. It is in this ara that there is a need for the vetting process that scholarly publishers provide and for the pbook's (at least in today's world) assurance that I am getting what the author wrote and not what some unknown file manipulator wrote.

I suspect that fiction authors also take pride in their authorship and would be distressed to learn that their labor has been thwarted by some viral reader who manipulated their text and changed the story.

We've had file checksums for a very, very long time. In fact, knowing that you can produce the checksum and compare it to the publisher provided one (which could in turn be explicitly authenticated with public key cryptography) makes electronic publishing much more secure than p-books if needed.

Anyone can replace a page in a p-book, as Harry said. Or even the whole book. You'd be none the wiser.

Jellby
12-08-2009, 02:46 PM
Anyone can replace a page in a p-book, as Harry said. Or even the whole book. You'd be none the wiser.

Hey! You can even change the author of a p-book (http://www.mobileread.com/forums/showpost.php?p=672771&postcount=19)! ;)

HarryT
12-08-2009, 02:51 PM
I'm afraid that it strikes me as a rather odd thing to worry about. You have the protection of copyright law, should someone be silly enough to actually do it.

clarknova
12-08-2009, 02:57 PM
It is totally different with ebooks. A counterfeited book can spread as the authentic one, if not even wider.
How? By hijacking the distribution site of the eBook? A counterfeited book can be spread to people who are infringing on copyrights. I don't see why an author or publisher should really care whether or not people who didn't buy the book get the real one or not?

Even if the ebook is freely redistributable, why would someone bother downloading it from anywhere besides the original source?

You're inventing problems that don't exist.

Valloric
12-08-2009, 04:03 PM
How? By hijacking the distribution site of the eBook? A counterfeited book can be spread to people who are infringing on copyrights. I don't see why an author or publisher should really care whether or not people who didn't buy the book get the real one or not?

Even if the ebook is freely redistributable, why would someone bother downloading it from anywhere besides the original source?

You're inventing problems that don't exist.

These too are perfectly valid points.

delphidb96
12-08-2009, 05:02 PM
ePub has made it very easy for end users to reach ebooks' source code and change as they like. Contents and copyright information are wide open for anyone to change!

So, the question is: how can I ensure end users would not tamper with ebooks published in DRM-free ePub format?

Don't write the books! Don't *think* about writing the books! Don't even *FANTASIZE* about writing the books!

In fact, take any book ideas you have by the neck, strangle them until they're dead, stuff them, along with a couple of bricks, into a burlap sack, tie it shut and toss the sack into the nearest ocean, preferrably a few miles from shore.

Other than that, you have to do what anyone else would do. Copyright the book, and keep an eye out for anyone who's taken it and tried to pass it off as their own work and sue the hell out of them.

Of course, this presumes that someone actually wants to steal your work and pass it off as their own. Most people won't do that. Pirate copies for their own reading pleasure, sure. But as it's so easy to spot a plagarized work, there's just not that much reward for the risk involved.

Derek

delphidb96
12-08-2009, 05:07 PM
If I was an author, I would want to prevent tampering because it is the only way I can assure consumers that they are getting the authentic product.

On another forum there was a discussion about ebooks vs. pbooks, and I was one of the few, if perhaps the only one, who believed that ebooks will come to dominate fiction but not scholarly work, at least for the foreseeable future, precisely because of the problems of vetting of authors and authenticity/accuracy of the text. Although I don't rely on fiction for anything more than entertainment, I do rely on scholarly works to expand my knowledge. It is in this ara that there is a need for the vetting process that scholarly publishers provide and for the pbook's (at least in today's world) assurance that I am getting what the author wrote and not what some unknown file manipulator wrote.

I suspect that fiction authors also take pride in their authorship and would be distressed to learn that their labor has been thwarted by some viral reader who manipulated their text and changed the story.

But I don't understand why anyone would feel the need to protect an entire story, or even non-fiction work, from being ripped off. There are too many tools out there now that can spot plagarism in the text files to make it worthwhile to do so.

Okay, I just thought of one way to do so. Run the original work through a language translator and then back through to the target language. Chances are that the dual translation would make sufficient changes to fool a plagarism detector. But it would also probably destroy any informational or (for fiction) plot/storyline value.

IOW, why bother?

Derek

delphidb96
12-08-2009, 05:15 PM
Nothing would stop someone to do that to a pbook. I'm sure, though, that the tamperer would not find a publisher to publish 'hiz' new book. He and his grandson may be the only ones reading the counterfeit book :D

It is totally different with ebooks. A counterfeited book can spread as the authentic one, if not even wider.

You're not aware that there are several fine tools for detecting plagarism?

And further, unless the publisher is a very small company, chances are that no publisher is going to take on the risk of publishing a work that is so similar to one already out there. After all, you're talking about an essentially *exact* word-for-word copy. That's already protected by copyright laws and any publisher who knowingly goes along with such an attempt is going to find itself in deep cow-dung, legally. And even if the publisher doesn't notice the plagarism, it will certainly act on it as soon as the original author detects it and brings suit.

Ebooks are covered the same way as pbooks.

Further, if you have an idea that a particular person is going to attempt to do this, I must ask, why are you associating with that person. And if you don't have current contact with such a person, why worry about it?

Stories follow certain general plot groups. It is not unlikely that a fiction work you create will have similarities to other works. But consumers are usually smart enough to tell when a given work is simply another work with the names changed to protect the guilty.

Derek