On Wed, Aug 08, 2001 at 10:12:10AM +0100, Michael Skeggs wrote:
> On my Palm III I have a program called Peanut Reader that allows me to
> read e-books purchased from http://www.peanutpress.com/ It encrypts
> the books at the point of sale with the credit card number you used to
> pay for it as the password.
>
> This is by far the most innovative protection scheme I have seen, as
> it is not too onerous for users, requiring the cc number to be entered
> once when you open the book on the Palm, and it very effectively
> discourages distribution of the texts, as to be useful they require
> your cc number. Additionally, presumably it would be almost trivial
> to find this cc number with a brute force attack, so a distributor of
> protected material risks compromising their credit card. Clever.
clever, yes...but still fundamentally flawed. as soon as someone figures
out the algorithm, they can decrypt the text and share it with their
friends (or the world) without needing to give out their credit card
number.
if the reader software wont work with unencrypted text then they can
re-encrypt it with a fake CC number. or use another reader that will.
digital content protection is snake oil. it relies on
security-by-obscurity, i.e. either the key or the algorithm (or both)
needs to be secret BUT both the key AND the algorithm are right there in
the user's hands whenever they read the book. all they have to do is run
it under an emulator and/or debugger and the secret is no longer secret.
CSS was broken in essentially this way. and it turned out to be a
trivially simple cryptographic scheme, made even easier to crack by the
fact that dozens of decryption keys had to be on the CDs in order for
the thing to work. decss was inevitable.
as soon as any e-distribution encryption format gets popular enough
(i.e. as soon as there's enough content for it to be worth the fairly
minor effort for someone to crack it) then it will be cracked. that's
inevitable.
publishing companies may scream and squawk, and software companies can
make sternly reassuring announcements about the security of their scheme
but the fact is that copy protection & digital watermarking don't work
and can't work.
> If I think a little further, it almost supports fair use. I would
> probably "lend" a copy to a family member or close friend, as they
> could be trusted not to run amok with my cc number, but it precludes
> me from distributing it more widely. Quite similar to a real book.
i certainly wouldn't give my credit card number to even a close friend
or family member. even my partner doesn't know my CC or ATM PIN number
and i don't know hers.
it's not a matter of trust, it's a matter of appropriate paranoia :)
> At this stage of evolution, I would suggest e-books would need to
> be priced at a quarter of the cost of paper versions to pick up
> customers.
i'd agree with that.
for $15-$20 i want a real book, something tangible. i like books and
enjoy handling them as well as reading them, and i enjoy browsing my
bookshelves trying to find something i want to read.
$3 to $5 is OK if all i'm getting is a data file.
> The final idea I would put forward to people speculating on the
> form of a successful e-book reader is to borrow a Palm and visit
> http://www.peanutpress.com/ and try out the service with one of the
> free
i'll check it out one day, but i still don't have a palm pilot. it's on
my list of useful things to buy but not at ~$600.
(yeah, i know you can get older cheaper pilots...but they're not as good
as the new ones...and generally don't have a lot of memory)
if there was enough reasonably priced ebook content then i might be more
inclined to think it was worth the price. i guess it's a chicken and egg
problem...which means that ebooks must be cheaper if only to seed the
market.
craig
-- craig sanders <cas@taz.net.au>Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:03 EST