Is Interoperable DRM Really Less Secure? 189
Crouch and hold writes "Are closed DRM schemes like FairPlay more secure than interoperable ones? Based on the number of cracks, it doesn't look like it. 'When it comes to DRM, what history actually teaches us is that one approach is no more secure than the other in practice, as they relate to the keeping of secrets. Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses.'"
Hang on, you can't have it both ways... (Score:5, Interesting)
How does that work?
Re:Hang on, you can't have it both ways... (Score:3, Interesting)
The summary states both PlaysForSure and Apple's DRM has breach, not just the one or the other.
Re:funny (Score:4, Interesting)
Re:+5 informative (Score:4, Interesting)
Closed DRM == one set of eyes for the "good" guys (arguably the bad guys in this case but whatever) == pwned by the freedom fighters.
licensed DRM == several sets of eyes, eyes with different corporate mentalities, eyes with different outlooks, thus sorta like OSS == less breaches.
-nB
Re:fairplay vs. wm? (Score:3, Interesting)
Indeed, and let's also note that a sample size of 2 is rather small to support the conclusion that licensing a DRM system doesn't make it less secure. From a purely statistical standpoint, isn't it obvious that the more people who know about a secret, the less likely it is to stay a secret? You can't license a DRM system without telling more people exactly how it works.
And to get conspiratorial for a moment, what if a competitor of Apple's decided to sabotage iTunes by releasing its secrets? That would be easier if there were licensees to target for espionage. Or what if the major labels set up an iTunes competitor, licensed FairPlay, then "accidentally" leaked the secret? They could then pull their music from iTunes, leaving themselves as the only legal source for the music.
I don't think those scenarios are likely, but I tend to believe Jobs when he says he doesn't want to take the extra risk.
Does it really matter? (Score:2, Interesting)
somebody comes up with a scheme. Take the digital broadcast / subscriber card hacker arms
race. They are already light years ahead of whatever Apple or Microsoft are cranking out
and they will be well prepared if "trusted computing hardware" comes out.
These people have phisticated lab equipment and are capable of cutting the chips wide open,
manipulating chip fuses, patching rom masks etc. They will extract Disney's latest singing
and dancing monkey mascot together with the accompanying mermaid from any and all DRM scheme.
Jobs' statements seem contradictory (Score:2, Interesting)
My hunch is that Fairplay is less about iPod lock-in and more like Zune lock-out. iTunes is your classic loss-leader* as it really only exists to add value to the iPod, which they make a tidy profit on. That being the case, there's no upside for Apple to sell at-cost music for devices they don't sell. The model would have to change, and I suspect that 99-cent downloads would become a thing of the past.
*Yes yes... i know that $0.99 downloads are more profitable than CD sales, but that's only for the MAFIAA. Apple only makes a few pennies off of that $0.99
Re:You missed a bit (Score:3, Interesting)
Not really. First, they would be careful who they licensed in such a case - bonds posted and so on.
Second, if you imagine the size of this in the real world, the record companies might have the right to withdraw the catalogue, but that would increasingly seem self defeating. All that would happen is, Apple would have to fix it going forward. Maybe by withdrawing the license? Maybe by firmware updates for everyone else. Don't start arguing there are no technical solutions, there will be.
Whatever the spin, there can be no serious doubt that the point of Fairplay as implemented is to lock in users to a combination of Apple software, the Apple music store and the Apple players. This is why sooner or later it will crash. The longer it goes, the worse the crash will be.
Re:It could just be poor implementation (Score:1, Interesting)
That leads me to believe that Apple never tried to design a complex, industrial strength DRM to lock down content which might consume Apple's engineering and developer resources. They are not interested in spending lots of money in a hacking-patching war with hackers. Rather, it's designed to be light and easily (and cheaply) updateable.
Re:+5 informative (Score:3, Interesting)
DRM is currently trying to hide the fact that each customer have the key, by hiding it deep down some complicated software, but hiding the key, don't solve the problem, that anyone really looking for it, will find it. (And once a single user have found it, it(Or the content it decript) can be shared with anyone).
Security Through Obscurity (Score:4, Interesting)
The only reason that PlaysForSure isn't cracked all the time is because no one really uses it on a large scale. Since Apple dominates the DRM music field, and most DRM'd music sold is from Apple and includes FairPlay, then of course people are going to attack FairPlay more than PlaysForSure. If it were the other way around, PlaysForSure would be just as insecure as FairPlay.
I don't really believe that, of course - but it was nice to turn the whole security through obscurity argument around for once so Windows fanboys could see how freaking STUPID it is.
Not a question of interoperability vs. security (Score:3, Interesting)
The point Jobs raised in his essay is that it's harder to propagate fixes to software that is broadly licensed across many vendors, which in turn means that vulnerabilities remain in the field longer. He also asserts that this could threaten the agreement between Apple and music companies, although you might want to add salt to that to suit your tastes.
Re:+5 informative (Score:3, Interesting)
While FairPlay only deals with download purchases, WMDRM not only handles purchased downnloads, but subscription downloads as well.
And while it is true that the number of "purchases" by iTunes dwarfs that of any other music services, if you count the number of subscription downloads, the numbers are much much closer.
Not to mention than subscription DRM is much harder problem than the straight purchase download DRM.
There is only one reason Apple is not licensing FairPlay - to protect its vast market share in portable music device sales.
Re:+5 informative (Score:4, Interesting)
Surely you realize that Microsoft's PFS and Zune are not making money because of ultra low revenues? That's why all the stores are tanking, and none of them brag about how many subscribers they have or songs they are selling.
Subscription/Rental DRM is harder to manage; it makes the player a less attractive product. And it's far more onerous.
Apple had eaten up market share long before the iTunes Store opened. Most iPod users aren't even using the iTS to a great extent - 25 songs on average is not holding people to the iPod. Outside regions with a store, there are plenty of people still buying iPods.