DRM

Denuvo's DRM Now Being Cracked Within Hours of Release (arstechnica.com) 109

Denuvo, an anti-tamper technology and digital rights management scheme, isn't doing a very good job preventing PC games from being copied. According to Ars Technica, Denuvo releases are being publicly cracked within a day of their launch. From the report: This week's release of South Park: The Fractured but Whole is the latest to see its protections broken less than 24 hours after its release, but it's not alone. Middle Earth: Shadow of War was broken within a day last week, and last month saw cracks for Total War: Warhammer 2 and FIFA 18 the very same day as their public release. Then there's The Evil Within 2, which reportedly used Denuvo in prerelease review copies but then launched without that protection last week, effectively ceding the game to immediate potential piracy. Those nearly instant Denuvo cracks follow summer releases like Sonic Mania, Tekken 7, and Prey, all of which saw DRM protection cracked within four to nine days of release. But even that small difference in the "uncracked" protection window can be important for game publishers, who usually see a large proportion of their legitimate sales in those first few days of availability. The presence of an easy-to-find cracked version in that launch window (or lack thereof) could have a significant effect on the initial sales momentum for a big release. If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers.
DRM

Hollywood's International War on Kodi Plugins And Video-Streaming Boxes (eff.org) 57

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.

The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."
DRM

Corporations Just Quietly Changed How the Web Works (theoutline.com) 248

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."
Electronic Frontier Foundation

EFF Resigns From Web Consortium In Wake of EME DRM Standardization (eff.org) 221

New submitter Frobnicator writes: Four years ago, the W3C began standardizing Encrypted Media Extensions, or EME. Several organizations, including the EFF, have argued against DRM within web browsers. Earlier this year, after the W3C leadership officially recommended EME despite failing to reach consensus, the EFF filed the first-ever official appeal that the decision be formally polled for consensus. That appeal has been denied, and for the first time the W3C is endorsing a standard against the consensus of its members.

In response, the EFF published their resignation from the body: "The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew -- and the large corporate members continued to reject any meaningful compromise -- the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. [...] Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. Effective today, EFF is resigning from the W3C."
Jeff Jaffe, CEO of W3C said: "I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant. And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users. My main hope, though, is that whatever point-of-view people have on the EME covenant issue, that they recognize the value of the W3C community and process in arriving at a decision for an inherently contentious issue. We are in our best light when we are facilitating the debate on important issues that face the web."
DRM

HTML5 DRM Standard Is a Go (arstechnica.com) 154

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.
Music

EU Sides With RIAA, Says YouTube Underpays For Music Streaming (mercurynews.com) 82

Profits from both CD sales and digital downloads are declining, while online streaming now accounts for the majority of the $7.7 billion U.S. music market, according to a new article. And the music industry's newest complaint is that 25% of music streaming is happening on YouTube, which they believe is paying them too little. An anonymous reader quotes the San Jose Mercury News: Now, the battle is heating up as the European Union is expected to release new rules later this year for how services such as YouTube handle music, potentially upending some of the copyright protections that undergird the Internet... The E.U. has formally recognized that there is a "value gap" between song royalties and what user-upload services such as YouTube earn from selling ads while playing music... How such a law would address the gap is still being decided, but the E.U. has indicated it plans to focus on ensuring copyright holders are "properly remunerated." Even the value gap's existence is disputed.

A recent economic study commissioned by YouTube found no value gap -- in fact, the report said YouTube promotes the music industry, and if YouTube stopped playing music, 85 percent of users would flock to services that offered lower or no royalties. A different study by an independent consulting group pegged the YouTube value gap at more than $650 million in the United States alone. "YouTube is viewed as a giant obstacle in the path to success for the streaming marketplace," said Mitch Glazier, president of the Recording Industry Association of America... YouTube pays an estimated $1 per 1,000 plays on average, while Spotify and Apple music pay a rate closer to $7... The music industry claims YouTube has avoided paying a fair-market rate by hiding behind broad legal protections. In the United States, that's the "safe harbor" provision, which essentially says YouTube is not to blame if someone uploads a copy-protected song -- unless the copyright holder complains.

YouTube argues that its automatic Content ID system recognizes 98% of all copyright-infringing uploads -- and that each year they're already paying the music industry $1 billion in royalties.
DRM

EFF Officially Appeals Tim Berners-Lee Decision On DRM In HTML (techdirt.com) 149

Last week, the World Wide Web Consortium (W3C) decided to officially recommend the use of Encrypted Media Extensions (EME) for protecting copyrighted video on the internet. This will enable web surfers to watch media in a browser that requires Digital Rights Management copy protection without the need for browser-based plugins. "It moves the responsibility for interaction from plugins to the browser," the consortium states at the time. "As such, EME offers a better user experience, bringing greater interoperability, privacy, security, and accessibility to viewing encrypted video on the web." TechDirt shares an update: It's been a foregone conclusion that EME was going to get approved, but there was a smaller fight about whether or not W3C would back a covenant not to sue security and privacy researchers who would be investigating (and sometimes breaking) that encryption. Due to massive pushback from the likes of the MPAA and (unfortunately) Netflix, Tim Berners-Lee rejected this covenant proposal. In response, W3C member EFF has now filed a notice of appeal on the decision. The crux of the appeal is the claimed benefits of EME that Berners-Lee put forth won't actually be benefits without the freedom of security researchers to audit the technology -- and that the wider W3C membership should have been able to vote on the issue. This appeals process has never been used before at the W3C, even though it's officially part of its charter -- so no one's entirely sure what happens next.
DRM

FSF Sees Hopeful Signs Before Sunday's 'Day Against DRM' (defectivebydesign.org) 124

The Free Software Foundation's anti-DRM initiative "Defective By Design" argues that since last year's annual Day Against DRM, "we've seen cracks appearing in the foundation of the DRM status quo." The companies that profit from Digital Restrictions Management are still trying to expand the system of law and technology that weakens our security and curtails our rights, in an effort to prop up their exploitative business models. But since the last International Day Against DRM, the TPP trade agreement -- a key pro-DRM initiative -- crashed and burned. And our allies at the Electronic Frontier Foundation brought major legal and regulatory challenges against DRM in Washington DC... If we play our cards right, this may be the beginning of the end of DRM.

On Sunday, July 9, 2017, we will channel this momentum into the International Day Against DRM. We'll be gathering, protesting, and making -- showing the world that we insist on a future without Digital Restrictions Management. Will you join us? Here's what you can do now:

They're asking supporters to plan a protest, translate their fliers into more languages, voice support in videos and blog posts, or make endorsements. And you can also join the "DRM Elimination crew" mailing list or their Freenode IRC channel #dbd for year-round conversation and collaboration with the anti-DRM movement -- or simply make a donation to show your support.
Businesses

Tim Berners-Lee Approves Web DRM, But W3C Members Have Two Weeks To Appeal (defectivebydesign.org) 137

Reader Atticus Rex writes: A high controversial Web standard has received a seal of approval from Tim Berners-Lee, the inventor of the Web and its chief technical decision-maker. Opponents like the Free Software Foundation and Electronic Frontier Foundation say that the standard, Encrypted Media Extensions, is a step backwards for freedom, privacy, and a host of other rights on the Web.

There's still a two-week window in which members of the W3C can appeal the decision, and the Free Software Foundation is asking people to email and encourage them to do so.
Update: The W3C has announced that it would publish its DRM standard with no protections and no compromises at all.
Books

O'Reilly No Longer Selling Individual Books, Videos Online 82

dovf writes: Just got an email from O'Reilly Media that as of today, they are no longer selling individual books or videos online -- rather, they are encouraging people to sign up for Safari. They are continuing to publish books and videos, "and you'll still be able to buy them at Amazon and other retailers." They also make it clear that we will not lose access to already-purchased content, updates to such content, etc. More details can be found in the FAQ. No mention, though, of whether the content sold at these other retailers will remain DRM-free... From the FAQ: "You can buy all of the books (ebooks and print) at shop.oreilly.com from Amazon and other digital and bricks-and-mortar retailers. We're no longer selling individual books and videos via shop.oreilly.com -- but we are definitely continuing to publish books and videos on the topics you need to know. And of course, every O'Reilly book and video (including O'Reilly conference sessions) is available instantly on Safari." The only mention of "DRM" in the FAQ is in regard to what happens to the digital content you have in your account at members.oreilly.com. According to O'Reilly, "Your DRM-free ebooks and videos are safe and sound, and you'll continue to have free lifetime access to download them anytime, anywhere."
Anime

New 'Lupin III' Commentary Track Celebrates The Glories Of Ignoring Copyrights (terrania.us) 71

In 2004, film critic Roger Ebert "realized that auteurs weren't the only ones who had things to say about movies, and suggested that experts in other fields or even just fans of the movies could create MP3 commentary tracks to discuss their favorite films, which could then be downloaded and played alongside them." This inspired Slashdot reader #14,247 to produce his own commentary on Hayao Miyazaki's first movie, Lupin III: Castle of Cagliostro -- and 13 years later, to release a new commentary track celebrating the film's 35th anniversary. Robotech_Master writes: Among other things, it offers proof that excessive copyright really harms creativity by restricting the uses people are able to make of prior art -- by showing what can happen when people get away with ignoring copyright and creating anyway. Not only were Lupin III and Cagliostro effectively inspired as "fanfic" of characters and works that had come before, many of those characters and works were effectively fanfic themselves -- and Cagliostro in turn inspired parts of a number of other works that came afterward, including a couple by Disney.
Anyone else have a favorite example of a movie that bends the rules of copyright law?
Movies

Studio-Defying VidAngel Launches New Video-Filtering Platform (yahoo.com) 201

Last December VidAngel fought three Hollywood studios in court for the right to stream filtered versions of movies. Now fogez reports that "they have come up with a new tactic in their attempts to bring filtering choice into the streaming media equation. Instead of leveraging the legal loophole that landed them in court, VidAngel is now going to insert themselves as a filtering proxy for services like Netflix and Amazon." From the Hollywood Reporter: Its new $7.99 per month service piggybacks on users' streaming accounts. Customers log into the VidAngel app, link it to their other accounts and then filter out the language, nudity and violence in that content to their heart's desire... "Out of the gate we'll be supporting Netflix and Amazon and HBO through Amazon channels," says Harmon, adding that Hulu, iTunes and Vudu will follow... Harmon says it remains to be seen if the studios will fight VidAngel's new platform, but his biggest concern is how Amazon and Netflix will respond. He says his company has reached out to the streamers, and he hopes they'll raise any concerns through conversation instead of litigation... "VidAngel's philosophy is very libertarian," he says. "Let directors create what they want, and let viewers watch how they want in their own home. That kind of philosophy respects the views of both parties."
The original submission describes the conflict as a "freedom of choice versus Hollywood."
DRM

'Rime' Developer Keeps Promise, Removes Denuvo DRM After Game Gets Cracked (cinemablend.com) 133

An anonymous reader quotes CinemaBlend: Tequila Works and Grey Box had previously announced that the DRM for the PC version of Rime would be removed if it were cracked. Well, in just five days the DRM was cracked and a cracked version of the game was made available online. So, now the DRM will be removed...

Five days after the PC launch of Rime, the cracking scene managed to get into the executable and spill all of its guts, removing the DRM and putting the exe back together so it could be distributed across the usual sites. One of the things noted by the cracker was that he found Denuvo executing hundreds of triggers a second, which caused major slowdown in the performance of Rime on PC. This form of digital rights management resulted in every legitimate customer having to deal with a lot of slowdown and performance hiccups... The sad reality was that those who pirated Rime and used the cracked file essentially gained access to a game that had improved performance and frame-rates over those who actually paid for the game.

The Courts

The Lawyer Who Founded Prenda Law Just Got Disbarred (engadget.com) 62

Long-time Slashdot reader lactose99 writes: One of the original copyright trolls finally got their comeuppance. From TFA: "John L. Steele, a Chicago lawyer who pled guilty to perjury, fraud and money laundering resulting from alleged 'honeypot' schemes, has just been disbarred by an Illinois court." John L. Steele, as you may know, is one of the principals of Prenda Law, a notorious copyright troll who has been featured on /. several times. The article goes on to describe how the Prenda lawyers used honeypot-like tactics to trick people into downloads and then subsequently scammed them for copyright violations.
Their operation brought in $6 million in settlement fees, reports Engadget, adding "While it is illegal to download copyrighted files from file-sharing sites, it is also against the law to extort downloaders."
Security

Stealing Windows Credentials Using Google Chrome (helpnetsecurity.com) 53

Orome1 writes: A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially-crafted SCF shortcut files, DefenseCode researchers have found. What's more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim's username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.
Android

Netflix Says No To Unlocked Android Smartphones (androidpolice.com) 255

An anonymous reader writes: Last week Netflix app started showing up as "incompatible" on the Play Store for rooted and unlocked Android devices. However, the app itself continued to work fine, leading some to think it could have been an accident. However, Netflix has now confirmed to blog AndroidPolice that blocking modified devices from downloading the app was intentional. This is the full statement: "With our latest 5.0 release, we now fully rely on the Widevine DRM provided by Google; therefore, many devices that are not Google-certified or have been altered will no longer work with our latest app and those users will no longer see the Netflix app in the Play Store."
Electronic Frontier Foundation

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org) 158

The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
DRM

FSF Supports Today's Boston March Against DRM In HTML5 (defectivebydesign.org) 89

Atticus Rex writes: A small artist-led group called Ethics in Tech is joining the long-simmering struggle between streaming video giants and Internet freedom activists over whether the Web should include Digital Rights Management in its technical standards. This Saturday, Ethics in Tech will lead a march on the W3C, the body -- led by Web inventor Tim Berners-Lee -- that decides on Web standards.
The Free Software Foundation is promoting the march, and their "Defective By Design" site is sharing this quote from the march's organizers. Dear W3C: we demand you comply with UNESCO and international civil and political rights. Halt EME -- ensure the protection of a secure, accessible, and open web. Make ethical standards or stand on the wrong side of history.
DRM

DRM Will Be Gone By 2025, Predicts Cory Doctorow (theregister.co.uk) 191

An anonymous reader writes: It's been two years since Cory Doctorow joined the EFF's campaign to eliminate DRM within 8 years -- and he still believes it'll happen. "Farmers and the Digital Right To Repair Coalition have done brilliantly and have a message which is extremely resonant with the political right as well as the political left." And now even the entertainment industry seems to oppose extending the DMCA to tractors. "The entertainment industry feels very proprietary towards laws that protect DRM. They really feel that they lobbied for and bought these laws in order to protect the business model they envisioned. For these latecomer upstarts to turn up and stretch and distort these laws out of proportion has really exposed one of the natural cracks in copyright altogether."
Doctorow also says that "If there's anything good that might come of Brexit, it's that the UK will renegotiate and reevaluate its relationship to the Organisation for Economic Co-operation and Development and other directives. The UK enjoys a really interesting market position if it wants to be the only nation in the region that makes, exports, and supports DRM-breaking tools."
DRM

An Open Letter on DRM To the Inventor of the Web, From the Inventor of Net Neutrality (boingboing.net) 46

Tim Wu, a law professor at the Colombia University, and best known for coining the term "net neutrality," has published an open letter to Tim Berners-Lee, the creator of the web and director of the World Wide Web Consortium (W3C). In the letter, Wu has asked Berners-Lee to "seriously consider extending a protective covenant to legitimate circumventers who have cause to bypass EME, should it emerge as a W3C standard." Cory Doctorow, writes for BoingBoing: But Wu goes on to draw a connection between the problems of DRM and the problems of network discrimination: DRM is wrapped up in a layer of legal entanglements (notably section 1201 of America's Digital Millennium Copyright Act), which allow similar kinds of anticompetitive and ugly practices that make net neutrality so important. This is a live issue, too, because the W3C just held the most contentious vote in its decades-long history, on whether to publish a DRM standard for the web without any of the proposed legal protections for companies that create the kinds of competing products and services that the law permits, except when DRM is involved. As Wu points out, this sets up a situation where the incumbents get to create monopolies that produce the same problems for the open web that network neutrality advocates -- like Berners-Lee -- worry about.

Slashdot Top Deals