Don't Buy The Open Source DRM Hype

from the useless dept

Back in 2005, we wrote about Sun’s doomed plans to offer an “open source DRM” solution. Not surprisingly, that went nowhere fast. Last year, Tim Lee took apart the claims of “Marlin,” a supposedly new “open source DRM” solution. As Tim noted, open source and DRM are a contradiction in terms. So, it’s not clear why last week some were celebrating the latest version of Marlin. As some pointed out, just because it’s open source, doesn’t mean that it should be “blessed” by the tech crowd. DRM is about destroying options for what you can do with bits. Open source is about multiplying the options. To mix them together makes no sense.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Don't Buy The Open Source DRM Hype”

Subscribe: RSS Leave a comment
Shaun Wilson says:

Re: Re: Nooo..

The problem here is the definition of open source – I think we have to note Richard Stallman’s objections here.

“Free Software” is about freedom for both users and developers, with the necessity of it also being “Open Source” to comply with that definition.

“Open Source” on it’s own is more as Aiwanei stated being about “sharing source code so projects can be designed better..”. Granted most “Open Source” software is “Free Software” leading therefore to most of the “Open Source” community to also be part of the “Free Software” community but there are exceptions.

Microsoft, for example, is starting to enter the “Open Source” community (quite possibly for their famous Embrace, Extend, Extinguish approach) but it is doubtful that they would ever produce “Free Software” or be part of that community without a major shift in direction.

Stephen says:

DRM is going to die, be it if the companies producing the product have to pay for the software to manage the licenses, be it if the said companies get the DRM management software for free and continue to develop it in-house, or if said companies have to PAY the end user to use the service. When my machine dies due to reload/hard drive failure/upgrade, and after the song/movie/game/whatever dies, why did I put my money into whatever it was I `rented`?

Piracy is rampant. I get it. I also know companies want to protect their product. I’m a software author and I am very fortunate that in a very niche market so the general public is not going to get my software, or have any real interest in my software. Yes, I DO have a type of PROTECTION in the software that at least informs me of how many times the software has been installed, just like Microsoft has with their Certificate of Authenticity. I allow the company to install the software on *WHATEVER* computer they want to. I understand upgrades. I understand hard drive failures. I understand viruses. I understand bad ram nuking the OS requiring a reload because of registry corruption. DRM doesn’t understand ANY of that *ESPECIALLY* when their servers go offline. Hell, I look forward to when Microsoft starts not-validating XP as I’ve pretty much decided to never purchase Vista or Windows 7. Can’t wait for that fireworks display.

Commercial DRM, open source DRM, pay-the-user DRM… DRM is a losing fight. It doesn’t make sense. You cannot trust DRM other than you know the server you purchased it from will go down one day.

d0n0vAn says:

Re: when Microsoft starts not-validating XP

Stephen, great comments. I do a lot of experimenting with my desktop at home. I ran XP for years and years while installing versions of BSD and Linux. Needless to say, I have wiped quite a few drives. I guess I’ve done this enough times that Microsoft will no longer validate my copy of XP Pro. At first I was unhappy, but then I realized that they did me a favor. I’ve also decided that I don’t need Vista or Windows 7.

PaulT (profile) says:

Now that DRM is starting to be rejected by the music industry, hopefully this won’t matter anyway and other industries will follow suit.

However, one of the big, unspoken problems about DRM is that is reinforces existing monopolies. Just as you still can’t play DVDs and MP3s out of the box on a Red Hat install thanks to patent worries, so Linux in general will have problems breaking into the desktop market while a rival OS maker can lock down the content to its own products. I’ve heard many people complain that Linux “sucks” because game DRM stops WINE from being able to run the thing or because they can’t play their iTunes DRM crap. While everything about Linux is improving at an incredible rate – everything from software installation to hardware support – this is going to be one sticking point that will be impossible to overcome while a competitor holds all the keys.

While I despise DRM, this is why I think that Marlin is an important project. While, in many ways, open source and DRM are incompatible concepts, there can only be positives to having a DRM that’s not tied to the platforms that one company deems fit. A DRM that can actually work on any platform, be it Linux, BSD, Windows, an old Amiga that someone found in a cupboard, whatever, would bee great. It could remove both the built-in obsolescence of DRM as well as the muscle it gives to maintaining monopolies.

DRM is the devil’s work of course, and the sooner we’re rid of it completely the better. Like it or not, Marlin is one backup plan that we need to have in case the idiots in charge of the content don’t accept the fact that locking it down is a very bad thing for them and for us.

Jan says:

Why contradictory?

Why would open source and DRM be a contradiction in terms? Yes, I also hope that DRM is going to die out… but this has nothing to do with open/closed source dichotomy. Open source is about open _source_ and not about open content.

We can also have open source encryption tools and it is not at all contradictory with having closed emails and stuff that we encrypt with those tools.

Open source is (and I think it should be) just about source and nothing else – BTW that’s why I don’t like GPLv3 because I think that it’s not reasonable to ‘give’ someone your code and expect them to ‘give’ you code AND access to hardware or content or anything else.

Mike M (user link) says:

Open Source DRM

The original article and some of the comments are just way out there. The fact of the matter is that there are several open source technologies used everyday by all sizes of business to control content; DRM is no different.

Just because the DRM stack is open source doesn’t mean that the DRM will be more easily crackable (take a look at OpenSSL for a good comparison).

Open source is a far too often used term that people apply to a movement, a method of software release, community sourced projects and so on and so on. I think you’ll find that many members of many open source communities still protect their data (sometimes, gasp!, with open source operating systems).

Open source is about providing the source of your software allowing others to benefit from the lessons it can teach. It’s also many times about allowing others to alter the software for their own purposes. This benefits the community AND the project. Nothing in there precludes protecting the data used by open source applications.

Now a creative commons DRM solution would be wacky, but not an open source DRM solution.

Dan says:

DRM will change

Face it. DRM is here to stay. but it will change. Imagine, if you will, instead of restricting how it is used, identification tags buried deep in the code of mp3s, tying that song to a specific person. They could freely distribute if they want, but unless they scrub the IDs, it can be traced back to a specific person as the uploader.

Most people wouldn’t bother to strip out that kind of DRM, because it doesn’t adversely affect them.

Allen says:

Why open source DRM won't work

consider this psudo code
if (validateSoftware())
} else

To break the DRM all i would have to do is change it to this

Basically it will “validate” no matter what you do, and being open source there would be nothing to stop me from substituting their code for mine.

Mike M (user link) says:

Open Source DRM


You are assuming that the data is in a format that can be read (i.e. not encrypted) and if so you are correct. Any DRM system that is worth it’s salt (excuse the pun) won’t allow this to happen. Part of the validation, (PermitProgram) will result in a key that can be used to decrypt the managed data.

Changing PermitProgram(), or validateSoftware() isn’t going to be able to result in a key that makes the data usable any more than existing DRM solutions are crackable.

Peter says:

DRM Encryption

I thought the main problem with DRM schemes (open or otherwise) is that the “secret” used to prevent you reading the data straight has to live on you device (or at least be accessible to it). Therefore, the only thing preventing you from decrypting the data and saving it in an unencrypted (non-DRM encumbered) form was a convoluted secret algorithm. If that algorithm is freely available, it should be trivial to hijack it to save plain-text versions of the data. That’s why DMCA includes “don’t tamper with the DRM”: to stop you from doing the obvious.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...