Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

Digital rights management

From Consumer Action Taskforce
Jump to navigation Jump to search


Digital rights management (DRM) broadly refers to any kind of access control technology that is used to deliberately restrict the usage of media content or devices after the sale. It is typically used by a seller to prevent unauthorized distribution or replication of their product. Implementations of DRM can range from very simple (such as a basic disc check) to extremely complex executable binary protection (such as Denuvo).

DRM creates a damaged good; it prevents you from doing what would be possible without it. – Defective by Design[1]


DRM in video content[edit | edit source]

Attempting to protect video content is one of the most common uses of DRM. The idea of using copy protection on video content predates the term "DRM", such as the "Automatic Gain Control" requirement in VCRs, to enforce the "Macrovision" copy protection scheme.[2][3] This resulted in VCRs not being able to record commercial VHS tapes and DVDs.

DVDs also feature the "Content Scramble System," which was cracked.[4] Later, HD-DVD and Blu-Ray would implement the Advanced Access Content System.[5] The AACS key was similarly cracked, and the AACS Licensing Administrator began to issue cease-and-desist letters to websites to which the key was posted.[6] Another form of Blu-Ray DRM, called Cinavia, exists, and it is known for its self-destructive tendencies.[7]

To attempt to prevent ripping video via a capture card, modern displays, optical disc players, and computers use the High-Definition Content Protection system to encrypt display signals.[8] For example, Netflix will refuse to stream content at the full resolution that the customer has paid for if the user is not using an HDCP-enabled video card and display.

DRM in audio content[edit | edit source]

DRM's strangest inclusion was within audio content, which was not quite commonly put to use due to audio's analog nature compared to video and software, which made it questionable to be capable of blocking the replication of the data. The most notable application of audio DRM was MediaMax[9], which essentially functioned as malware to combat simply playing these audio discs on Windows and MacOS operating systems. There was also the less-notable Extended Copy Protection[10] (XCP) DRM, however it did leave Sony in hot water[11], dubbing this form of DRM also as the Sony Rootkit

DRM in software[edit | edit source]

Most in the DRM discussion often correlate the usage of DRM to the protection of software in some form, from the simple product key, to the infamous Denuvo DRM. Historically, DRM started off with more simple physical techniques; decoder wheels and LensLok[12]. The efficacy of these systems varied, and many cracking groups simply found ways around this system, especially since 2nd-hand copies of software that used these primitive forms of DRM could easily become lost or damaged, or worse, not even function with some forms of hardware.[13] This has sparked essentially a game of cat and mouse that continues to fester especially for the gaming community to this day.

Issues with DRM[edit | edit source]

DRM, by definition, is designed to make content less compatible with devices. This means that there is an elevated chance of a software or hardware product refusing to play content due to buggy or overly-restrictive DRM. For example, with the aforementioned Netflix HDCP requirement, it is not enough for the display where you are going to watch the content to support HDCP - all monitors connected to the system must support it.[14][15][16] This means that if you have a multi-monitor setup on your PC, you cannot use an older but perfectly working monitor as a secondary screen, without breaking Netflix's DRM.

Such requirements are not always clearly disclosed. If they are disclosed, they are often buried in a ToS, or in the case of Netflix, require you to follow several links around the FAQ pages. Furthermore, some content may surreptitiously install DRM without the knowledge or consent of the user, such as in the Sony Rootkit scandal.[17] Such software may contain exploits that can compromise the security of the user's PC.[18]

DRM in video games is often implemented in such an intrusive manner that the game takes longer to load, and reduces framerate in the game.[19]

DRM failures can also come as a surprise. For example, with a YouTube Premium subscription, you can "Download videos to watch offline," but such videos are only available for 48 hours if you do not have an internet connection.[20] This is confusing and problematic, as a user might want to download videos if they will know that they will not have an internet connection for a while. They may even take the extra step of turning off their internet connection to ensure that the videos still play offline. Once the 48 hours have expired, however, the user is surprised to find that the videos that they thought they had downloaded for offline consumption actually require an internet connection to work.

Ineffectiveness of audio and video DRM[edit | edit source]

Non-interactive content such as audio and video is nearly impossible to protect from copying. Many HDMI splitters[21] and capture cards[22] are capable of decrypting HDCP and copying the video stream. As long as at least one bypass exists at the HDCP level, all streaming content can be trivially ripped.

Audio DRM is even more trivial to bypass, as the audio must be decrypted into a plain analog signal at some point in order to drive the physical speakers or headphones.

DRM degradation[edit | edit source]

The development of some forms of DRM, such as Games For Windows Live[23], are reliant on special processes within some operating systems that end up becoming unsupported or depreciated as time goes on. Legacy SecuROM-protected titles (released roughly between 1998 and 2005) are notoriously known for not running on operating systems newer than Windows XP[24][25] and for those interested in playing their legitimate copies, have to spend an extensive amount of time merely circumventing the DRM (or otherwise using more illicit methods) just to merely play the games they own.[26]

This DRM degradation has the worst effects for those who own physical licenses to products that they own, since unlike a digital installation, if a physical copy of a game's DRM stops being supported by modern hardware, a developer cannot simply distribute a patch that directly modifies the code on a disc, and online patches cannot last forever.

Always-online DRM[edit | edit source]

Some DRM requires a constant internet connection. While this may make sense in something that inherently requires an internet connection such as a streaming service or multiplayer-only video game, this has also been employed in games with single-player content, rendering the customer unable to use their purchase if they do not have an active internet connection.[27] Conversely, if operations are shut down for these services, users even with legitimate pieces of software they may own, and have access to the internet, simply cannot run their games without first needing to hack their games.[28][29] Ubisoft has historically been known for server shutdowns and transfers cutting off access to games for many players.[30]

References[edit | edit source]

  1. https://www.defectivebydesign.org/what_is_drm
  2. 17 U.S. Code § 1201 - Circumvention of copyright protection systems, K.1.A.i
  3. Macrovision Demystified, Stanford CS181.
  4. http://www.cs.cmu.edu/~dst/DeCSS/FrankStevenson/mail1.txt
  5. https://web.archive.org/web/20070302130221/http://www.aacsla.com/specifications/specs091/AACS_Spec_Common_0.91.pdf
  6. http://www.chillingeffects.org/notice.cgi?sID=03218
  7. https://www.anandtech.com/show/5693/cinavia-drm-how-i-learned-to-stop-worrying-and-love-blurays-selfdestruction/2
  8. https://www.digital-cp.com/about_dcp
  9. https://en.wikipedia.org/wiki/MediaMax
  10. https://en.wikipedia.org/wiki/Extended_Copy_Protection
  11. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
  12. https://en.wikipedia.org/wiki/Lenslok
  13. https://www.eurogamer.net/banging-the-drm-article?page=2
  14. https://old.reddit.com/r/pcmasterrace/comments/1avkwtb/netflix_requires_all_monitors_to_be_hdcp_22_how/
  15. https://old.reddit.com/r/netflix/comments/mam2l9/how_do_i_get_netflix_working_at_4k_on_my_second/
  16. https://help.netflix.com/en/node/23931
  17. https://web.archive.org/web/20150317040653/http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx
  18. https://web.archive.org/web/20061116191907/http://blog.washingtonpost.com/securityfix/2005/11/virus_writers_exploit_sony_ant.html
  19. https://80.lv/articles/testing-reveals-games-with-denuvo-launch-up-to-four-times-slower/
  20. https://support.google.com/youtube/answer/6141269
  21. https://old.reddit.com/r/PS3/comments/19dohrh/bypassing_hdcp_in_2024/lbtqiky/
  22. https://old.reddit.com/r/PS3/comments/19dohrh/bypassing_hdcp_in_2024/kj7cu60/
  23. https://en.wikipedia.org/wiki/Games_for_Windows_%E2%80%93_Live
  24. https://www.lucadamico.dev/papers/drms/securom/ArabianNights.pdf
  25. https://web.archive.org/web/20220226230919/http://www.reversing.be/article.php?story=20061015153108847
  26. https://www.youtube.com/watch?v=vjkqI7dBDVg
  27. https://www.forbes.com/sites/erikkain/2012/05/17/diablo-iii-fans-should-stay-angry-about-always-online-drm/
  28. https://keowu.re/posts/Rewriting-completely-the-GameSpy-support-from-2000-to-2004-using-Reverse-Engineering-on-EA-and-Bungie-Games/
  29. https://www.slashgear.com/gamespy-shuts-down-may-31-will-your-game-be-affected-04323788/
  30. http://pc.gamespy.com/articles/121/1218211p1.html Archive