Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
DRM Media Technology

DRM In JPEGs? (eff.org) 301

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.
This discussion has been archived. No new comments can be posted.

DRM In JPEGs?

Comments Filter:
  • by Anonymous Coward on Tuesday October 13, 2015 @09:03PM (#50722939)

    If ever there was a more stupid thing to try to put drm on...

    • by Tony Isaac ( 1301187 ) on Tuesday October 13, 2015 @09:10PM (#50722991) Homepage

      Oh, don't be so sure. They'll get Microsoft to update the Print Screen feature so it obeys the DRM also.

      • It's not at all implausible. The whole foundation behind video security is making sure that every component obeys the DRM. The graphics cards have tamper detection built in. Microsoft put up only minimal resistance against this.

      • by idji ( 984038 )
        That's not so funny. Microsoft doesn't let you record from sound devices anymore..
    • by nmb3000 ( 741169 )

      If ever there was a more stupid thing to try to put drm on...

      That doesn't stop them from trying [msdn.com].

    • Wow people still use JPEG? Surely this will only effect people who are into artifacts!
  • by Anonymous Coward on Tuesday October 13, 2015 @09:05PM (#50722953)

    So what's to stop me from taking a high def screen shot of the jpeg and uploading it anyway ?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Future versions of OS that stop being 'your' computer and start being 'their' computer which interface with 'their' Internet that will soon not support 'your' computer. And sad to say, most people will run screaming with glee towards it at the sight of OOH NEW AND SHINY they bundle with it.

    • For the same reason that you can't just split off the signal and record that when watching a video. The DRM won't run under operating systems that don't implement the proper security to prevent taking a screenshot. Sure there's a possibility of cracking the encryption, but ever since DVDs were cracked the media companies have been getting smarter about how to thwart people who want to exercise their legal rights.

    • The first thing that comes to mind is low-frequency watermarks. Not as easy to filter/crop out as a traditional mark.

      This idea relates to the Constellation of EURion (sic) [wikipedia.org] in that it would require servers (or other software) to recognize and reject images containing embedded features.
  • All this nonsense (Score:5, Insightful)

    by JustAnotherOldGuy ( 4145623 ) on Tuesday October 13, 2015 @09:06PM (#50722963) Journal

    All this nonsense, defeated by a simple screenshot.

    And I'm sure someone will quickly write a DRM-stripper to clean up these DRM-infected files.

    Let me be as succinct as I can regarding DRM in .jpg files: No. No, no, no.

  • by future assassin ( 639396 ) on Tuesday October 13, 2015 @09:08PM (#50722985)

    oh yah?! Click...

  • Awesome (Score:4, Interesting)

    by viperidaenz ( 2515578 ) on Tuesday October 13, 2015 @09:12PM (#50722993)

    How is the jpeg library supposed to know the intent? It's not even involved in the image upload process.

    Or is the website supposed to check and reject uploads with DRM?

    What's to stop me opening the file and saving as PNG, then uploading?

    • Re:Awesome (Score:4, Interesting)

      by 0123456 ( 636235 ) on Tuesday October 13, 2015 @09:15PM (#50723005)

      What's to stop me opening the file and saving as PNG, then uploading?

      The operating system won't let you. Any operating system which does let you will be banned under the 'free trade' treaty for breaking DRM.

      It's hard to tell whether the DRM fanatics are insane or just plain evil. But, either way, they have to destroy general-purpose computing to make it work.

      • The operating system won't let you.

        Someone will just write a nifty little program that will bypass that restriction.

        • Re:Awesome (Score:5, Informative)

          by Dr_Barnowl ( 709838 ) on Wednesday October 14, 2015 @07:12AM (#50724733)

          Have you read "The Right to Read [gnu.org]"?

          Thing is, all the technology it describes is possible now, and even in use on some platforms (think iOS, where all apps must be signed by Apple, and apps are specifically prohibited from allowing the execution of arbitrary code). The only gap is in legislation, but that legislation continues to be pushed forward aggressively.

          The author of that nifty little program could well find themselves in a nifty little jail cell. They've already tried it [wikipedia.org], more than once [wikipedia.org] ; and they will keep trying, with the force of these new international treaties like TPP behind them.

          • Have you read "The Right to Read [gnu.org]"?

            Yes, years ago.

            The problem is that there are literally billions of us and not very many of them. The Chinese have tried stuff like this for years and still can't do it. The Great Firewall of China has been a resounding flop for anyone who wants to get around it. It's got more holes than a New Orleans whorehouse.

            No matter what they come up with there will always be a way around it. Until they put a chip in our brains I don't see them winning at this game.

        • And then you'll be liable under the DMCA/TPP/whatever trade agreements have been signed in secret.

          See, the corporations have the American government so firmly on the payroll that the treaties being pushed by America these days are pretty much 100% skewed in favor of large corporations.

          So you bypassing this? Well, you'd be an international criminal.

          Because corporations have more rights than we do these days.

          • Anything is possible, but I don't see it coming to pass.

            It's super-duper-mega illegal to download movies, and that hasn't seemed to stop it.

            I suppose you could pack all the jails full of people accused of downloading The Hurt Locker or Dr Who Episode #462346, but honestly...I just don't see it happening.

            They can make something as illegal as they want, but that won't stop people from doing it. Look at the "War On Drugs", they filled the prisons with people who smoked or sold pot, and it didn't even scratch t

    • by gl4ss ( 559668 )

      well quite simply you wouldn't be allowed to open it in gimp, photoshop or similar.

  • DRM Does Work (Score:5, Insightful)

    by rsmith-mac ( 639075 ) on Tuesday October 13, 2015 @09:16PM (#50723011)

    From TFS:

    explains why cryptographers don't believe that DRM works

    While I fully agree that DRM isn't foolproof, I disagree that DRM doesn't work. The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users. And to that end DRM works very well.

    Any DRM system that's built half-way decently won't be possible to trivially bypass, and that's enough to deter casual infringement. You don't see people going Napster with iOS apps, you don't see everyone and their mother pirating DirecTV like they once did, and you can't pick up pirated PS4 games off of your local shady games shop. Why? Because the DRM systems that are in place are good enough that it's no longer easy and convenient to pirate this material. So casual piracy stops.

    DRM shouldn't be implemented for a whole other host of reasons, least of all because it prevents users from fully controlling works they've purchased. But to argue that it doesn't work is disingenuous. It works to stop the most threatening form of piracy, casual piracy, and with every generation the underlying technology gets harder and harder to break.

    • by elvesrus ( 71218 )

      If DRM works why is it that customers generally have a worse experience with products than others that didn't pay?

    • Re:DRM Does Work (Score:5, Interesting)

      by Dutch Gun ( 899105 ) on Tuesday October 13, 2015 @09:46PM (#50723139)

      DRM works reasonably well in closed ecosystems and on closed hardware. That includes consoles, handhelds, phones, and so on. It can be bypassed, but it's a pain, and most people don't do so. This is because the DRM is implemented in hardware, and in ways that are extremely difficult to unravel, and so aren't really worth attacking except for people who are mostly doing it for the technical challenge.

      Where DRM typically fails is on open platforms like the PC. There are only two forms (that I can think of offhand) of DRM to really succeed on the PC. One is the "leave most of the code on the server" sort of DRM, essentially online-only games, and that's a pretty draconian solution for single-player games. The other is high-end software that uses a hardware encryption dongle to protect it. Other than that, the only way to make software-based DRM work on the PC is to make it a closed device like consoles, and although I'm sure some companies wouldn't mind seeing that happen, with declining PC sales as is, I just don't see it happening.

      DRM in JPEG images is a pipe dream. Even if it were technically possible in the first place, do you really think anyone and everyone is going to bother implementing whatever extensions would make it possible? It's ridiculous. Note that the ONLY way I can think to implement this would be an image handling library with root-level privileges on every computer system on the planet. Did we fucking learn nothing from Stagefright?

      • by Lennie ( 16154 )

        Open platform you say ?

        Let's see:
        - game consoles -> most are closed
        - smart TV -> most are closed ?
        - mobile -> some are closed and Android is slowly getting more closed (or less useful when not using closed software)
        - pc -> Mac isn't closed yet, but Mac OS X now has System Integrity Protection, next step is to close the hardware. Windows ? Well Windows already has an app store and 'Secure Boot', we all know what comes next
        - even monitors include some DRM protocols

      • There are only two forms (that I can think of offhand) of DRM to really succeed on the PC. One is the "leave most of the code on the server" sort of DRM, essentially online-only games, and that's a pretty draconian solution for single-player games. The other is high-end software that uses a hardware encryption dongle to protect it.

        The former works, but it's not DRM. It's a server-client architecture. The latter doesn't work. Basically all of those hardware keys have been defeated. At some point there has to be software involved, and you attack the software.

    • The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users. And to that end DRM works very well.

      That depends on who is implementing the DRM. The MPAA always seems convinced that they've got something new right around the corner that is unbreakable. Their goal is to prevent piracy completely. The same can be said for Intel and HDCP, which would instantly become pointless once broken.

      Also DirecTV's crypto is more intended to be conditional access rather than DRM.

    • You don't see people going Napster with iOS apps

      No, but that's because Napster became a legitimate music service which later became Rhapsody, thus it is no longer a filesharing service where this would be possible. There is plenty of .ipa piracy in the jailbreak world; they just use other services that still exist.

      • How many customers does Nap/sody have now? Because the only thing that the original Napster and the post-legitimatisation company have in common is the name, and now they don't even have that.

    • by urdak ( 457938 ) on Wednesday October 14, 2015 @01:42AM (#50723873)

      From TFS:

      explains why cryptographers don't believe that DRM works

      While I fully agree that DRM isn't foolproof, I disagree that DRM doesn't work. The reason DRM is being implemented is not to prevent all piracy ever - simply put, that's impossible - but rather to prevent common, casual piracy among low-skilled users.

      That is a common misconception. When DVD CSS (the DRM on DVDs) came out, they claimed it was to stop piracy. That was a joke - it only took the effort of one pirate to strip out the DRM and create an unencrypted file, and from then on the movie becomes available to pirates, and "casual", "low-skilled" pirates started copying *those* unencrypted fils, not the original DVDs. All these pirates needed to know was how to copy files - they didn't need any special "hacking" skills.

      Moreover, not only did CSS not stop DVD piracy, movie producer started to use it to limit users with things that have nothing to do with copying - for example region coding (you cannot play a movie you bought legally in another country) and unskippable ads (in some places in the video, fast-forward did not work). And who didn't have to suffer this crap? Of course, the pirates. The pirates - either copying files over bittorrent or buying a DVD from some pirate DVD manufacturer - will get a DVD without all that crap. What a wonderful business move.

      It's gotten to the point where the first thing I do after getting a DVD is to rip it to an unencrypted file, delete the silly "FBI warning" and ads, and save that file. I don't need my children to see FBI warnings and ads before watching a movie I paid for. Nothing in "copyright" law allows the copyright holder to force me to watch this crap - any more than book manufacturers can force me to read the first page of the book every time I want to read it.

    • by Kjella ( 173770 )

      I think the difference goes far more between interactive and non-interactive content, or data and executables if you will. If you copy any audiovisual work (photo, video, music, books etc.) into a DRM-free format you're pretty much done. Even if you have closed source players checking for watermarks like Cinavia they're going to get tracked down and found. Executables are a different story, first of all to patch code you must download code from various dubious sites on the Internet. Secondly, you never know

  • by JazzXP ( 770338 ) on Tuesday October 13, 2015 @09:16PM (#50723013) Homepage
    I produce a lot of JPEGs that earn me money and find me clients (photographer)... DRM? Nope, do not want.
  • I think JPEG 2000 has DRM as a add on.

    But to add it to JPEG?? What happens to all of the open source JPEG tools?

  • by Todd Knarr ( 15451 ) on Tuesday October 13, 2015 @09:21PM (#50723047) Homepage

    It won't stop uploading. Tools like wput and Curl don't read the contents of files before uploading, and wouldn't be modified to support one closed-source feature for one specific file format.

    It won't affect Web sites. Web servers don't read the contents of files before serving them, files are just blobs of bytes to the server. The sites of interest to the DRM people are running open-source Web server software too, and I seriously doubt Apache or nginx are going to add closed-source code for one specific file format. IIS would, but it's at best the third-place player in the large-volume-site space.

    And finally, it'll be cracked. My bet is that before it becomes widely implemented someone'll crack the system and there'll be browser extensions easily available that simply strip the DRM off the JPEG before uploading, displaying or saving it. Those extensions'll be widely used too, it won't be long before anyone having problems viewing images on Pinterest/Tumblr/Twitter/etc. will just get told to install the extension and it'll fix the problem. Users won't know or care how it fixed it, just that it fixes it.

    • by nashv ( 1479253 ) on Tuesday October 13, 2015 @09:48PM (#50723145) Homepage

      You're not getting this. Most likely, adding DRM will make JPEG files unreadable without a license/key. Tools that don't read contents and decrypt will not be able to view it. So irrespective of whether you can upload it or serve it, no one without proper rights will be able to view it. Think of this like locked PDFs.

      This will be the end of JPEG. Nothing to worry about, PNG is better anyway.

      • by Trogre ( 513942 )

        Well, it won't be the end of JPEG. It will just be another format that nobody uses. Like JPEG2000.

      • Comment removed based on user account deletion
      • This will be the end of JPEG. Nothing to worry about, PNG is better anyway.

        The only thing that PNG is better at than other formats is being a GIF. JPEGs are smaller, lossless JPEGs are better-supported, etc. PNG kicks the crap out of GIF, but uh... so? That's cool for web themes, but pointless everywhere else.

    • by AHuxley ( 892839 ) on Tuesday October 13, 2015 @10:06PM (#50723211) Journal
      An advanced always internet connected "free" US operating system might have to send back details on any moved, copied, created or altered image under a 'free' anti virus, malware feature.
      It would just be a small dataset created from details, names, embedded strings about all files visible, open when the the screen image captured.

      All files would be looked at for expected, listed virus or malware and if an image was moved, copied against existing international police databases.
      The transmission of a set of small checksums would not be difficult given the amount of other data most big brand modern operating systems send back.
      For the average user the file would be reported on by the OS in near realtime for 'free' anti virus efforts with the free operating system.
      The user can then run any application to try and convert, remove, transform the image but the report of a copy made would have been sent. Downloading and using any such rights altering application could also be logged :)

      Such efforts are usually done now for any images in free email, cloud or other networked products as part of law enforcement image tracking efforts over the years.
      Just push the tech down into the users 'free' OS computers and let the publishing/media community add every image checksum they have.
      No action if the image stays in a deep part of the OS for say allowed web browsing, if moved to a new folder or captured the rights owner gets the ip, time, unique hardware details of the computer.

      The sites will be a walled garden. Users will have to load and enjoy the site everytime without been able to save data.
      The OS will phone home the possession of the saved image or creation of a screen capture with the protected image in it. The free gift of AV software at the OS level gets to look at every file in realtime, why not report on DRM files too :)
  • by SJ ( 13711 ) on Tuesday October 13, 2015 @09:23PM (#50723055)

    Joint Photographic Expert Group trying to think of things to justify their relevance.

    • ITU, FIM, FIA, FIFA, IOC all useless bodies that are there to create some "structure" but wind up being bloated and corrupt.

  • by Anonymous Coward

    JPEG with DRM will fail because the biggest use of JPEGs (on facebook & Instagram) will require that users upload images without DRM. By necessity, facebook & instagram require you to assign them full rights to use an image, thereby making any DRM from the original owner of the content pointless. Similarly, facebook & instagram (as licencees to use the work but not owners) are not in a position to impose DRM on said images (they don't own the content and thus can't decide or enforce rights manag

  • We've repeatedly covered the obvious concerns that we all spotted instantly, so let's have them laid out. In order of rejection:

    1) It won't be fair. It treads on everyone, both creators and consumer sides. It's morally wrong.

    Don't care?

    2) It won't deliver. I'll say it more bluntly than TFS: "Whatever corporatefag gains you think will result, won't. Financial, control, influence, whatever you thought." It's motivationally wrong.

    Don't believe?

    3) It won't work. Screenshots, metacode strippers (c
  • by andymadigan ( 792996 ) <.moc.liamg. .ta. .nagidama.> on Tuesday October 13, 2015 @10:11PM (#50723223)
    JPEG can add this to the standard, but nobody will implement it. Think about it, why would Google or Mozilla decide to make these images work in their browsers? Why would Microsoft or Apple implement it?

    DRM on video (and to a lesser degree music) only worked because there was a captive market. Blu-ray players, DVD players, and iPods would implement whatever DRM the movie/music industry specified. Browsers and smartphones won't. Without them the audience is so small that it won't matter.
    • why would Google or Mozilla decide to make these images work in their browsers? Why would Microsoft or Apple implement it?

      I dunno, why did all those guys cave on the DRM added to HTML 5?

  • by swell ( 195815 ) <jabberwock@poetic.com> on Tuesday October 13, 2015 @11:41PM (#50723497)

    no, I'm not going to finish that by saying '1000 words'. That would be insulting to those who already despise the stupid phrase.

    But what is a picture worth? I spend my days at one of the most attractive places on earth where thousands of visitors from everywhere snap the same photos. One scene in particular must have been shot millions of times over the last 100 years. They line up so that they can stand in the exact spot for the best view. Each photographer walks away proud of their new acquisition.

    Certain pictures do have value and are well protected. The hollow inside of Fort Knox. The Dead Sea scrolls (yes, the ones they haven't told you about). The blueprints for the Star Trek phaser weapon. The Royal Personage picking her nose...

    But really, who would use this DRM? Web sites with sale-worthy photos show thumbnails and sell the full resolution image via email. Not much problem there. It's true that stock photo sellers have been ripped off badly and I'm sorry about that, but I assume they have watermarks, etc, offering some protection. Even Playboy magazine has come to realize that photos just aren't that compelling anymore.

    • Even Playboy magazine has come to realize that photos just aren't that compelling anymore.

      Wrong. They're realizing that people want their social commentary and their porn separate. They want their social commentary on paper because it's good for reading, and they want their porn on a screen because there are no pages to stick together.

  • by grahammm ( 9083 ) <graham@gmurray.org.uk> on Wednesday October 14, 2015 @12:31AM (#50723641)

    Most JPEGs are created by ordinary people, with their digital cameras and phones. So will Joe Public who has taken a photo be able to define the rights on the image? Will he be able change the rights depending on where he sends or stores the image? Or will it only be the media conglomerates who are able to manage the rights to their images?

  • Created by Compuserve to save bandwidth, and used for years with no complaints. When WWW took off Gif's were the format of choice of many; their value in that Gif's could be made invisible. 2006 A lawsuit claiming rights to the Gif format I took as a joke at first, yet Unisys and IBM both applied for patents in 1983.

    It caused some major concern to big business and the PNG format.

    http://www.freesoftwaremagazin... [freesoftwaremagazine.com]

    I haven't searched but take this just as joke worthy as IIRR the Jpg format was release to the pu

  • by Lumpy ( 12016 ) on Wednesday October 14, 2015 @05:57AM (#50724469) Homepage

    This already exists, it's called EXIF data.

    if your "DRM" is to convey an easily identified data inside the photo than tell your members to stop being stupid and use the EXIF copyright and owner fields.

    Oh wait, I'm betting you want to CHARGE MONEY for using the DRM and using EXIF data fields you can do that...... I understand now.

  • No sweat. We've got better alternatives. [bellard.org].
    Something like this would give BPG a nice boost in usage and move JPEG to the awkward wayside together with GIF.
    Go right ahead, I say.

  • Of course people wouldn't be asking JPEG to add DRM if it wasn't popular, and it wouldn't be popular if it had DRM.

Support bacteria -- it's the only culture some people have!

Working...