MobileRead Forums - View Single Post

KevinH · 01-27-2011, 09:36 PM

Hi,

Even if you can get enough people to agree to your new security device, exactly what is it buying for you? People jailbreak their mobile devices (and even locked down ones like iPads) quite easily. So unless you encrypt it somehow I can simply jailbreak it to get the file if I want to move it to another reader or archive it to prevent its loss. There simply really is no such thing as a perfectly locked down device.

To prevent me from copying it, you would have to encrypt the book data in some way and the software to do that will require a key to decrypt it so that I could read it. You can simply reverse engineer the encryption algorithm (and you can do that even with obfuscated code on a locked down machine - after jailbreaking by doing a memory dump to see the decrypted code, and then reverse the encryption algorithm since the key has to exist in some form on the reading machine.

This is being done currently, so I don't know how your additional security (proving who the reader is) can help unless you plan to never allow the reader to have the book on their system and just view pages remotely through some sort of website or service (but again, once jailbroken you have access to whatever is on the service and could simply capture the pages).

So you invent the perfect security and employ it. People who dislike it and value their privacy will simply stop buying those ebooks, and others will simply defeat whatever system that exists and we are back to square one.

And yes virtually any way to prevent anonymous transactions that records biometric or other data is an invasion of privacy and a security concern.
Luckily most of Europe has much stronger privacy laws, and hopefully Canada will follow that model and not that of the US.

Perhaps it is time to go play with your full body scanner some more! ;-)

01-27-2011, 09:36 PM	#93
KevinH Sigil Developer Posts: 8,870 Karma: 6120478 Join Date: Nov 2009 Device: many	Hi, Even if you can get enough people to agree to your new security device, exactly what is it buying for you? People jailbreak their mobile devices (and even locked down ones like iPads) quite easily. So unless you encrypt it somehow I can simply jailbreak it to get the file if I want to move it to another reader or archive it to prevent its loss. There simply really is no such thing as a perfectly locked down device. To prevent me from copying it, you would have to encrypt the book data in some way and the software to do that will require a key to decrypt it so that I could read it. You can simply reverse engineer the encryption algorithm (and you can do that even with obfuscated code on a locked down machine - after jailbreaking by doing a memory dump to see the decrypted code, and then reverse the encryption algorithm since the key has to exist in some form on the reading machine. This is being done currently, so I don't know how your additional security (proving who the reader is) can help unless you plan to never allow the reader to have the book on their system and just view pages remotely through some sort of website or service (but again, once jailbroken you have access to whatever is on the service and could simply capture the pages). So you invent the perfect security and employ it. People who dislike it and value their privacy will simply stop buying those ebooks, and others will simply defeat whatever system that exists and we are back to square one. And yes virtually any way to prevent anonymous transactions that records biometric or other data is an invasion of privacy and a security concern. Luckily most of Europe has much stronger privacy laws, and hopefully Canada will follow that model and not that of the US. Perhaps it is time to go play with your full body scanner some more! ;-)