Amazon Kindle and Sony Reader Locked Up: Why Your Books Are No Longer Yours

[pilotbob]

Quote:

Originally Posted by Steve Jordan

Jon, just for the record, how would you feel if DRM was based on a single number, like your SSN, say, that you entered into any and every device you owned, guaranteeing you could read your content on anything you owned and could transfer them around?

They should use asymetric encryption (Public/Private key) like PGP.

YOU generate your key pair... you upload your public key to a key server. You put your private key on any device that needs to decrypt stuff.

When you buy a book it is decrypted using your public key found on the key server based on your name/email address. All book stores should maintain a history of what you bought so if you need to revoke a key (cause you lost the private key or it was comprimised) you can redownload it reencrypted with your new public key.

This is also similar to how client side certificates work. However, with client side certs a third part creates and signs the certs.

The problem with PublicKey/PrivateKey is that you are incharge of the private key. If YOU want to keep the encrypted stuff safe then you keep the private key safe. But, if you don't care, then you can just share your private key.

Of course, a file encrypted with a public key is tied to that key. So, you can always see what public key it was encrypted with and look it up on the key server to see who it belonged to. If the private key for that signature was being shared the key generator could be "delt" with.

BOb

[Taylor514ce]

But, how does this prevent piracy?? Sorry, couldn't resist: https://www.mobileread.com/forums/showthread.php?t=22262, see the comments.

[Steven Lyle Jordan]

Quote:

Originally Posted by TallMomof2

*Whew* Life interferes with my internet time and I come back to umpteen more pages.

That'll teach you to let life get in the way of your internet!

Quote:

Originally Posted by TallMomof2

As long as the DRM doesn't prevent my content from complete portability on *my* personal devices that's acceptable. Still don't want any DRM, because all it does is keep honest people honest. Also, ebook prices need to be much, much lower. It's ridiculous to pay even 50% of the pbook price when all you get is a license, you can't legally lend the ebook to a friend. If ebooks were around the $2 level then you could buy your friend their own legitimate copy.

You could... but how many people actually would, if they didn't have to? How many people wouldn't just "make a copy" for their small circle of friends (justifying their actions because it's just a few copies, "not for the entire campus"), get similar copies from them, and essentially continue the whole process of file sharing?

[pilotbob]

Quote:

Originally Posted by Steve Jordan

You could... but how many people actually would, if they didn't have to? How many people wouldn't just "make a copy" for their small circle of friends (justifying their actions because it's just a few copies, "not for the entire campus"), get similar copies from them, and essentially continue the whole process of file sharing?

I'm confused. Don't you sell DRM free books? It seems that you are advocating the use or DRM.

BOb

[Steven Lyle Jordan]

Quote:

Originally Posted by pilotbob

The problem with PublicKey/PrivateKey is that you are incharge of the private key. If YOU want to keep the encrypted stuff safe then you keep the private key safe. But, if you don't care, then you can just share your private key.

Of course, a file encrypted with a public key is tied to that key. So, you can always see what public key it was encrypted with and look it up on the key server to see who it belonged to. If the private key for that signature was being shared the key generator could be "delt" with.

If you provide bogus private info when you create the key, you don't care about giving it away, and it's easy enough to avoid being caught... and it's too easy to use bogus info. If it was tied to a verifiable number that was your personal ID, and something you did NOT want others to have (like your SSN), it would be more secure by virtue of your not wanting to reveal it.

[JSWolf]

Quote:

Originally Posted by Steve Jordan

Jon, just for the record, how would you feel if DRM was based on a single number, like your SSN, say, that you entered into any and every device you owned, guaranteeing you could read your content on anything you owned and could transfer them around?

That would be social DRM and that would work especially if you had to put in your full name and your SSN. eReader format does that with your name and credit card number used to purchase the eBook. That works. Means it's unlocked for reading but if you give it out, you give sensitive info.

[Steven Lyle Jordan]

Quote:

Originally Posted by JSWolf

That would be social DRM and that would work especially if you had to put in your full name and your SSN. eReader format does that with your name and credit card number used to purchase the eBook. That works. Means it's unlocked for reading but if you give it out, you give sensitive info.

And does that work for you? What about everyone else?

[nekokami]

Even encryption that relies on something like the SSN doesn't work if the software to read it isn't supported on a platform you want to use, or loses support over time. eReader is a good example-- won't run on the iLiad or the eBookwise, the two systems I use.

People who don't re-read books tend not to see a problem with any of these schemes. Those of us who re-read extensively don't want any DRM whatsoever, and will continue to use utilities to remove it as soon as we encounter it.

[Alisa]

I wouldn't want to give my SSN out to a store. At least with a credit card, I can cancel it fairly easily. The more sensitive the information you're required to give, the more cautious people will be about buying. People might trust a well-established company like Amazon but the smaller etailers would be out of luck.

Maybe if your PGP key was also tied to your account with the shop, that would be a bit of a disincentive. It's harder to make a new account every time if you have to tie it to a credit card with a billing address. If someone tried to make multiple accounts with the same billing info, that would be a red flag.

[Alisa]

Quote:

Originally Posted by nekokami

Even encryption that relies on something like the SSN doesn't work if the software to read it isn't supported on a platform you want to use, or loses support over time. eReader is a good example-- won't run on the iLiad or the eBookwise, the two systems I use.

I think the idea is that this would be like a universal DRM that anyone could use. However, this doesn't quite get you past what people do with the file once they've unencrypted it to read it. If you don't need to use their proprietary software to read it, then they can't lock you down from copying or printing it like the current reading software does.

[Steven Lyle Jordan]

The point would be to permanently encrypt the file so it could only be read with readers sporting the same encryption code (which is why SSN was suggested... it's yours and yours alone). Someone else's reader, with their code based on their SSN (or whatever), wouldn't be able to read it. But every device you owned would.

It wouldn't restrict a file to 1 device. But it would restrict the file to 1 user. This might satisfy publishers looking for a rampant sharing solution.

[Taylor514ce]

Where have I heard this before? Hmmm...

[pilotbob]

Quote:

Originally Posted by Steve Jordan

The point would be to permanently encrypt the file so it could only be read with readers sporting the same encryption code (which is why SSN was suggested... it's yours and yours alone). Someone else's reader, with their code based on their SSN (or whatever), wouldn't be able to read it. But every device you owned would.

It wouldn't restrict a file to 1 device. But it would restrict the file to 1 user. This might satisfy publishers looking for a rampant sharing solution.

Still there are a few flaws here.

1. It would require allowing a "user defined" encryption key to be used in the device. So, I could change the key in my device to match the files I need to read.
2. It would well define the range of keys to perform a brute force attack.
3. People could share there SSN with other people to share books. It is basically like giving someone the "password" to a file.
4. There is no way for a store to verify the SSN that you give them. So, you could give them a bogus one, then just share it with the files on the bit torent site.

I hate to say this for the 10th time...

DRM does NOT work to protect digital assets. There is ALWAYS a way around it by someone clever enough (see Blu-Ray has been cracked). So, the only thing DRM does is inconvenience legitamate customers.

BOb

[DaleDe]

Quote:

Originally Posted by Steve Jordan

The point would be to permanently encrypt the file so it could only be read with readers sporting the same encryption code (which is why SSN was suggested... it's yours and yours alone). Someone else's reader, with their code based on their SSN (or whatever), wouldn't be able to read it. But every device you owned would.

It wouldn't restrict a file to 1 device. But it would restrict the file to 1 user. This might satisfy publishers looking for a rampant sharing solution.

Obviously SSN will only work in the USA.

Dale

[DaleDe]

Quote:

Originally Posted by pilotbob

Still there are a few flaws here.


DRM does NOT work to protect digital assets. There is ALWAYS a way around it by someone clever enough (see Blu-Ray has been cracked). So, the only thing DRM does is inconvenience legitamate customers.

BOb

Just because the most advanced crooks can crack DRM doesn't mean that everybody can crack it does it? Surely DRM stops some people from stealing something. Otherwise why would Microsoft do it?

Dale