DRM Screws People Yet Again: Book DRM Data Breach Exposes Reporters' Emails And Passwords
from the was-that-really-worth-it? dept
I have a few different services that report to me if my email is found in various data breaches, and recently I was notified that multiple email addresses of mine showed up in a leak of the service NetGalley. NetGalley, if you don’t know, is a DRM service for books, that is regularly used by authors and publishers to send out “advance reader” copies (known around the publishing industry as “galleys.”) The service has always been ridiculously pointless and silly. It’s a complete overreaction to the “risk” of digital copies of a book getting loose — especially from the people who are being sent advance reader copies (generally journalists or industry professionals). I can’t recall ever actually creating an account on the service (and can’t find any emails indicating that I had — but apparently I must have). However, in searching through old emails, I do see that various publishers would send me advance copies via NetGalley — though I don’t think I ever read any through the service (the one time I can see that I wanted to read such a book, after getting sent a NetGalley link, I told the author that it was too much trouble and they sent me a PDF instead, telling me not to tell the publisher who insisted on using NetGalley).
It appears that NetGalley announced the data breach back in December on Christmas Eve, meaning it’s likely that lots of people missed it. Also, even though I’m told through this monitoring service that my email was included, NetGalley never notified me that my information was included in the breach. NetGalley did say that the breach included both login names and passwords — suggesting that they didn’t even know to hash their passwords, which is just extremely incompetent in this day and age.
So, from my side of things, this means that the company put me and my information at risk for what benefit? To make my life as a potential reviewer of a book more difficult and annoying, and limiting my ability to easily read a book? DRM benefits literally no one. And in this case, has now created an even bigger mess in leaking my emails and whatever passwords I used for their service (thankfully, I don’t reuse passwords, or it could have been an even bigger problem). For those who say that the DRM is still necessary to avoid piracy, that’s ridiculous as well. If the book is going to get copied and leaked online, it’s going to get copied and leaked online. And once one copy is out, all the DRM in the world is meaningless.
Rather than focusing so much on locking stuff up and making it impossible to read, while putting people’s personal info at risk, just stop freaking out, recognize that most people are not out to get you by putting your stuff on file sharing sites, and focus on getting people to want to buy your books, rather than putting their data and privacy at risk.