copy protection / IP protection

J

James McGill

I hardly doubt that many people
would be returning the product if they found out it needed to be
activated
after they had already paid money for it.

I'm a real world example of the problem. I am a musician with a home
recording studio. And I completely refuse to do business with certain
of the big players in the audio software business because their copy
protection schemes place me in the untenable position of putting more
importance on THEIR copyrights than on my OWN. There are circumstances
with software licensing that I cannot enter into. These companies have
their products being flagrantly distributed, after they have taken such
draconian measures as to alienate their own market. The irony seems to
be toally lost on the vendors.
 
J

James McGill

I'm sorry but I think you are taking the simile a bit too far.

Some hacked copies of software are generally considered acceptable.
However, the security of a house being compromised seems a little
more
serious

I don't even know about that. I lived for many years in a boarding
house that never had the front door locked. The security was
encapsulated in the understanding that one of the large, angry, punkass
bikers that lived in the house would pretty much literally kill anybody
who didn't belong there. People were coming and going constantly, but
you'd have to be a suicidal fool to try to rob the place.
 
L

Luc The Perverse

James McGill said:
I'm a real world example of the problem. I am a musician with a home
recording studio. And I completely refuse to do business with certain
of the big players in the audio software business because their copy
protection schemes place me in the untenable position of putting more
importance on THEIR copyrights than on my OWN. There are circumstances
with software licensing that I cannot enter into. These companies have
their products being flagrantly distributed, after they have taken such
draconian measures as to alienate their own market. The irony seems to
be toally lost on the vendors.

The cards are stacked against vendors, especially small time vendors who
rely on word of mouth.

It reminds me of the napster days when all the music pirates were chanting
that they wouldn't buy CDs from groups that didn't support file sharing.
Irony indeed!
 
G

g

Hello,

I like the idea of using Aspect Orient programming: AOP.

I am also considering the following:

The trial software ships with a 1 in 4 chance of working incorrectly
(say an infinite loop 25% of the time!). The only way to remove this 1
in 4 chance "feature" is by adding more code.

1 in 4 chance:
Say there are 1000 lines of code. It may be possible to weave 1000
points that each one having a 1 in 4000 chance of breaking. So the
code breaks everywhere not just in one place.

Basically the target software will sell for $200 bucks. If it cost
more than $200 bucks to hack then most folks will realize it is in
there interest to pay the $200 bucks.

Cheers,
G
 
R

Roedy Green

Basically the target software will sell for $200 bucks. If it cost
more than $200 bucks to hack then most folks will realize it is in
there interest to pay the $200 bucks.

That's not how it works. Someone hacks it just for fun and puts it up
for free download on various pirate sites.

My idea to solve this is to stop selling software and instead to rent
it. Then you can change it every day if you want, and the pirates have
a moving target. By making people continually check in, you can keep
tabs on the size of the piracy problem and don't waste time on extreme
measures until they are needed.

I used a variant of this with a client who was very bad about paying
his bills. I had the password set to automatically change about 2
months after I had installed a new custom version for them. When they
paid, I told them the new password.
 
B

Bent C Dalager

Real copy protection involves punitive terms in the lease contract and a
stipulationt that no one shall have physical access to the system except
while accopmained by your representative.

You can get real copy protection if you can control the hardware (and
the user can not control the hardware). While denying physical access
is one way of going about it, it is not the only one. For a while now,
dongles have been used (e.g. I/O port based or using CDs as dongles)
but they have generally been too passive to provide the same level of
protection.

You _can_ get that protection now by shipping your software on a smart
card. Put some of the most important or most sensitive algorithms on a
smart card, require your customer to have a card reader and even if he
copies the PC-based part of your software, he'll be missing all the
juicy bits. (The PC-based part will mostly be a customized Eclipse
distro or somesuch framwork anyway.)

Obviously, most people don't have smart card readers so this isn't
workable for consumer software yet. And it remains to be seen if
today's consumers are as put off by physical dongles as people used to
be. It is, nevertheless, a very effecient way of protecting your
software.

Eventually, smart card technology might get integrated on the media
itself, removing the hassle of an extra dongle. Of course, by this
time, such media might be competing against a market based on
downloading applications :)

Cheers
Bent D
 
L

Luc The Perverse

Bent C Dalager said:
You can get real copy protection if you can control the hardware (and
the user can not control the hardware). While denying physical access
is one way of going about it, it is not the only one. For a while now,
dongles have been used (e.g. I/O port based or using CDs as dongles)
but they have generally been too passive to provide the same level of
protection.

You _can_ get that protection now by shipping your software on a smart
card. Put some of the most important or most sensitive algorithms on a
smart card, require your customer to have a card reader and even if he
copies the PC-based part of your software, he'll be missing all the
juicy bits. (The PC-based part will mostly be a customized Eclipse
distro or somesuch framwork anyway.)

Obviously, most people don't have smart card readers so this isn't
workable for consumer software yet. And it remains to be seen if
today's consumers are as put off by physical dongles as people used to
be. It is, nevertheless, a very effecient way of protecting your
software.

Eventually, smart card technology might get integrated on the media
itself, removing the hassle of an extra dongle. Of course, by this
time, such media might be competing against a market based on
downloading applications :)

Cheers
Bent D


I think dongles suck. Most people think dongles suck. Dongles have a
terrible track record.

HD-DVDs have a unique approach - secure encryption that is never decoded on
the computer. It has to travel encrypted to the monitor where it is
decoded. This means we will need special video cards and special monitors.

I'm sure a similar approach could be made for computers, but there is a
problem when you need to take away the ability of the OS to see what code is
being run, what the registers are etc. Virus checkers need to be able to
watch that stuff, system debuggers need to look.

What I'm afraid of is that Microsoft will use DRM to gain massive market
control, not afraid of being a black box. They could have a zero profit
program to deploy tools for dongles and hardware based DRM with on chip
(Intel and AMD) systems. Make creating DRM apps almost completely painless,
give people a way to upgrade their systems to run DRM code (a low voltage
PCI card DRM coprocessor, albeit inefficient would work) History will
repeat itself, tens of millions (more?) of extra OS copies will be sold
because all the cool games and apps are being released DRM. It will take
about 4 years for an opposition to mount and their influence will be
minimal.
 
L

Luc The Perverse

Roedy Green said:
I used a variant of this with a client who was very bad about paying
his bills. I had the password set to automatically change about 2
months after I had installed a new custom version for them. When they
paid, I told them the new password.

ROFL!
 
L

Luc The Perverse

Roedy Green said:
this sounds like a variant of my "dark room" idea. See
http://mindprod.com/jgloss/darkroom.html

Wow! I had thought about public key encryption with embedded keys on the
processor, but you have thought about it a lot more it would seem!

As RSA is vulnerable to quantum computing, I believe a standard like NTRU
will come forward. (NTRU seems like the only reasonable competitor to RSA
which is not vulnerable to Quantum Computing.) I have long since predicted
Microsoft will be buying NTRU, if another big company doesn't beat them to
it. NTRU isn't doing anything with their patents except making me unable
to use their products in shareware that I might otherwise write.
 
R

Roedy Green

As RSA is vulnerable to quantum computing, I believe a standard like NTRU
will come forward.

Imagine the havoc the day it is announced public key and many other
cryptographic systems are now vulnerable. People will be glad they
used one time pads for anything that has to stay secret.
 
B

Bent C Dalager

HD-DVDs have a unique approach - secure encryption that is never decoded on
the computer. It has to travel encrypted to the monitor where it is
decoded. This means we will need special video cards and special monitors.

Once trusted computing has made its way through the entire hardware
chain, you will have this. The customer's computer will then take over
the function of the smart card in my description. Effectively, the
owner of the computer is denied access to his computer's internals and
so the software developer can trust that computer not to make
unauthorised copies of the software.

The major difference is that smart cards are here today while a fully
trusted hardware chain is a way off yet.
I'm sure a similar approach could be made for computers, but there is a
problem when you need to take away the ability of the OS to see what code is
being run, what the registers are etc. Virus checkers need to be able to
watch that stuff, system debuggers need to look.

Virus checkers (well, the big ones) will have the certificates
necessary to be given permission to look so this isn't a technical
problem. The OS will be the most trusted software on the computer,
most likely, and so will be able to look around quite a bit. It won't
trust the user though, so the OS cannot be used to make unauthorised
copies of software.

Users won't need system debuggers.

Cheers
Bent D
 
O

Oliver Wong

Roedy Green said:
Imagine the havoc the day it is announced public key and many other
cryptographic systems are now vulnerable. People will be glad they
used one time pads for anything that has to stay secret.

Except for those who encrypted their one time pads with their
private/public key pairs.

- Oliver
 
M

Monique Y. Mudama

Once trusted computing has made its way through the entire hardware
chain, you will have this. The customer's computer will then take
over the function of the smart card in my description. Effectively,
the owner of the computer is denied access to his computer's
internals and so the software developer can trust that computer not
to make unauthorised copies of the software.

The major difference is that smart cards are here today while a
fully trusted hardware chain is a way off yet.

The more I know about the direction computing is going, the more I
think that Luddites have a point.
 
M

Monique Y. Mudama

Imagine the havoc the day it is announced public key and many other
cryptographic systems are now vulnerable. People will be glad they
used one time pads for anything that has to stay secret.

All security methods are matters of degree. They're all crackable.
So you have 4zillion bit encryption -- it doesn't help if the machine
on which you're typing the password has a keystroke sniffer.

Etc.
 
B

Bent C Dalager

The more I know about the direction computing is going, the more I
think that Luddites have a point.

It shall be interesting to see if the market will accept trusted
computing or if it will reject it in disgust. The current DRM struggle
might give some indication of this.

Once people realise that the "trust" in "trusted computing" really
means that your computer will be programmed not to trust you, perhaps
they will decide this is not for them.

And if trusting computing does successfully enter commercial
mainstream, it shall be interesting to see if non-trusted computing
(presumably mostly represented by open source projects), unfettered by
the barriers to entry represented by trusted computing, will outpace
it in terms of innovation and quality.

Cheers,
Bent D
 
O

Oliver Wong

Bent C Dalager said:
And if trusting computing does successfully enter commercial
mainstream, it shall be interesting to see if non-trusted computing
(presumably mostly represented by open source projects), unfettered by
the barriers to entry represented by trusted computing, will outpace
it in terms of innovation and quality.

Note though that there exists some important figures in the open source
community who are not opposed to implementing DRM into their software (Linus
Torvald is one example, or so I've heard).

- Oliver
 
B

Bent C Dalager

Note though that there exists some important figures in the open source
community who are not opposed to implementing DRM into their software (Linus
Torvald is one example, or so I've heard).

I am aware of this, but I don't believe it has much negative impact on
non-trusted competitiveness. If anything, it is likely to augment it
since it means Linux would remain a viable platform for both trusted
and non-trusted software and so there wouldn't necessarily be much
brain-drain from non-trusted to trusted development projects.

What impact this all will have on GNU software and developers'
interest in the GNU license (v3) remains to be seen of course. This
could go either way: trusted computing is likely to be a strongly
polarizing influence on the copyleft vs open source debate. A lot of
people are likely to jump off the fence on one side or the other.

Cheers
Bent D
 
L

Luc The Perverse

Bent C Dalager said:
Virus checkers (well, the big ones) will have the certificates
necessary to be given permission to look so this isn't a technical
problem. The OS will be the most trusted software on the computer,
most likely, and so will be able to look around quite a bit. It won't
trust the user though, so the OS cannot be used to make unauthorised
copies of software.

I'm sorry - I cannot imagine how this would work.

Now something I can imagine is a signing authority for software which
ensures that it is safe. All DRM software has to be digitally signed by a
trusted source, OR it can be non DRM and be virus scanned.
 
L

Luc The Perverse

Oliver Wong said:
Note though that there exists some important figures in the open source
community who are not opposed to implementing DRM into their software
(Linus Torvald is one example, or so I've heard).

I don't doubt this. But I do not think Linux supporting DRM will be quite
the same as Microsoft shoving it down everyone's throats.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top