photo credit: Keyser_ Soze
It happens about once per month. I get an email a software programmer who believes that he or she has developed the perfect DRM solution. They send me the usual promotional copy about how great their product is and why I should promote it on this site.
Even though my faith in DRM as a solution to content theft issues has been completely shattered, it is hard for me to not get my hopes up a little bit. However, they are almost immediately dashed every time as I test the solution.
Usually within a few minutes I’m breaking the DRM scheme and emailing back the person their “protected” sample image. Though I offer a detailed analysis of how I was able to perform the feat and offer suggestions on how to improve the product, I never hear back from them.
This is in stark contrast to detection and licensing companies, such as Copyscape that have listened to my issues and made changes to fix them. In fact, many of these companies go on to become paid clients to take even further advantage of my beta testing and trouble shooting.
The DRM guys, however, disappear, They almost always resist even a simple email exchange and never defend their product against the flaws that I find.
This is not to say that all DRM schemes are unscrupulous, just that I have serious questions about the ones who have approached me. If there is a DRM solution out there that works, I want to find it and I want to give a chance to the legitimate DRM problem solvers to get their products reviewed.
However, to ensure that the playing field is fair, I’ve created a simple DRM challenge. A format by which any image DRM solution provider can submit their product, have it reviewed on this site and, potentially, win the prize of free advertising.
The rules are below.
The Big Idea
The big idea of this challenge is fairly simple. If there is a magic DRM solution out there, I want to feature it on this site. I haven’t found it yet and, currently, do not believe it exists, but I would love nothing more than to be proved wrong.
So, I wanted to give every DRM producer a chance to have their technology tested and reviewed on this site under a standard set of rules. If anyone can meet my criteria and beat all of my efforts to break your DRM, then I am offering a month of free advertising on this site (delivered in the form of a 200×200 button near the top of the sidebar), bearing in mind this site does not currently show ads, as well as a text link at the footer in the RSS feed for a week.
To get the prize though, you must meet the following rules.
How It Works
The premise of the challenge is easy. If you are a DRM solution creator and would like to take me up on the challenge, what you first need to do is email me with the following things:
- General information about your DRM solution, including name, how it works and any promotional information you wish to include
- A logo or other graphic to include in my review (if applicable)
- A link to an image that is protected using your technology
Please bear in mind that, right now, this is ONLY for image DRM solutions for simplicity reasons.
Once I have that email, when I am able to, I will attempt to break your DRM and email you either your image or the critical parts of it. To do this, I will bring a series of tools to bear including, but not limited to, the following:
- Source code snooping
- Browser tricks
- Screen capture tools
- Decompiler programs
- File extractors
If I am unable to break the DRM in a reasonable amount of time, approximately one hour of work (Note: the work may actually be over a period of many hours due to my schedule) I will then turn the system over to a friend that is even more savvy about breaking DRM and give them the same chance.
(Note: If you are interested in helping to break image DRM schemes, send me an email to firstname.lastname@example.org and let me know. I have some people in mind but if there are a lot of applicants I may need more people to keep the line moving.)
If the DRM system survives both attempts to break it and meets my other criteria, then it wins the challenge.
It is that simple.
However, since it is easy to lock down an image so that no one can get to it, including a legitimate viewer, I’m also laying out a series of usability criteria any such system must meet.
- No software install to view
- Must work on Mac, Windows and Linux
- Must work in at least IE, Firefox, Safari, Chrome and Opera
- Ideally, legitimate users should not even be aware of the DRM in place but the DRM should definitely not hinder normal viewing in any significant way
- It can not incorporate watermark as the goal of DRM is to prevent copying, not reduce effectiveness of any copies made
Please bear in mind that these are not absolutely all of the guidelines in this area and that any DRM that greatly hinders regular viewing of a file could be disqualified from the ultimate prize.
It will be up to me and readers that I poll whether or not a DRM system hinders viewing too greatly.
(Note: I am on the fence about slideshow systems such as Slideroll. Though these systems are relatively secure, they do hinder viewing of the images and have other vulnerabilities. I am seeking artist feedback on whether to allow such systems into the challenge.)
Before we go any further, here are a few miscellaneous rules to the challenge.
- You must be the creator or a representative of an image DRM system to apply. Users can not nominate a system for the challenge (but can suggest them to me informally for outreach).
- Once I have completed my testing of your system, I will email you with the results. You will have a 48 hour period to respond. If you don’t reply in that time, I will publish my article without your commentary.
- All systems submitted, whether they complete the challenge or not will be reviewed on this site, possibly including a screencast. By submitting your service, you agree to allow me to do so.
In short, if you submit a DRM system for this challenge and it is trivially broken or creates a horrible user experience, the world will know about it.
Objections and Questions
Finally, here are the answers to some of the more common questions/concerns many will have regarding this challenge.
This is impossible! No system can do this!
I’m on record saying that I agree. No image DRM system I have seen has been able to balance usability and provide good protection. Please bear in mind that I am not some kind of elite hacker or tech guru, I’m just a computer-savvy Webmaster with a lot of experience testing image DRM.
If your system can not survive my test then there is no way it will survive on the Web. The image only has to be jailbroken once for it to be all over the Web.
The inclusion of screenshots as a means to break DRM is unfair, those are low-resolution images.
This argument is suspect to me for many reasons.
First, there is no reason to post high-resolution images on the Web unless they are intended for printing. Posting extremely high-resolution images is, usually, a waste of bandwidth.
Second, as was shown during the first round of concern with Photobucket, low resolution images can still be used very successfully in prints.
Third, screen shot tools are almost universal now, built into every major operating system. It is the first way many amateur image plagiarists obtain an image.
Finally, the most common use for an illegally-copied image is on another Web site, for that, a screenshot is more than adequate.
Do you have to get the whole image?
No. I look at it from the artist’s perspective. If I can get the bulk of the image, enough to virtually replace the original work, then I will consider that a failure.
Though such omissions might help prove which image is the original, it doesn’t help the artist keep their work from spreading. However, there will be a note in my review that I was not able to get the full image.
What if my system doesn’t meet your usability criteria?
You can still apply to be reviewed, just understand that even if I can not break your DRM, you will not win the challenge. I realize that there may be works and artists that find such a trade off rewarding so I will not bar such products from this site, though I will be honest about any such issues.
What if my system doesn’t prevent copying but tracks it?
Those systems are not designed for this challenge. If you have such a system you wish me to look at, let me know. However, it is not eligible right now for this challenge. More on this later.
What if my system is commercial?
That is not an issue, I will mention the price in my review but so long as there is no charge for me to test it, I will not object. Such systems are still eligible to win.
When is the deadline?
There is none. This is an open-ended challenge until either someone wins or I decide to close it down. If I receive too many entries at once I may put a temporary halt on new submissions.
I will announce changes/closures on this page.
A Word About Rule Changes
I am writing these rules a bit by the seat of my pants. Remember this, the spirit of the competition is to create a DRM system for images that is both user-friendly to legitimate viewers but also difficult to impossible for a prepared computer-savvy user to break.
Please keep your submissions in the spirit of the competition.
I will likely be posting minor rule changes to this page over the coming days. If I have to change a rule between the time you submit an entry and when I test it, I will email you to let you know of the changes and make sure you agree.
I don’t expect anything drastic to change.
I encourage people to post questions about the contest in the comments form below so that I can give public answers. If you have a question that is specific to your system email it to jonathan at plagiarismtoday dot com.
If you want to enter the challenge and agree to all of the mess above, send me an email with the required elements to jonathan at plagiarismtoday dot com and I will let you know when to expect met to start work.
Thank you very much for your time and patience with this. I sincerely hope that there is a holy grail of image DRM out there and would love nothing more than to be proved wrong.
Bear in mind that, if such a system has been created, this challenge would not even be the beginning of what the creator could do. With so many artists clamoring for a means to control their images, such a system would almost certainly lead to much greater things.
On that note, I look forward to being challenged and to seeing what creative solutions the programmers of the world have come up with.