The Dark Side of DRM: What You Need to Know About Protection of Readers Today

26 August 2019

In April, Microsoft closed the e-book store and announced that it would delete all purchased files from users' gadgets. This happened because of the closure of the DRM server, which provided technical means to protect copyrights. The magazine Wired called what is happening the DRM-apocalypse. Let's look at what DRM is and what the future holds for this technology.

What is a DRM system?

DRM is a technical means of copyright protection. If you buy a DRM-protected product you just get a license to use it. It can be revoked at any time and you will lose your favorite book, game or movie.

This technology controls the use of the media files and software you have purchased. It restricts any type of action: you can't change, resell, or lend protected files. The software can track your actions to tighten your control.

How it works

The ancestor of today's DRM is Adobe PDF Merchant. Its job was to exchange data between the client device and the server.

But the DRM PDF Merchant was not secure because the encryption key was sent to the device in a prepackaged form. Decrypting the file was easy - you just had to get the key out of the RMF document.

Today, there is no single standard for DRM systems. For example, to date, passwords are still used to protect PDF files, while Amazon and Barnes & Noble have developed their own technologies to protect media files.

Amazon has created an entire ecosystem for reading: the Kindle on e-link, a cross-platform app of the same name, and Fire tablets.

It has a peculiarity: the system does not recognize open formats of readers, for example, popular ePub or FB2. You can open files in two formats: MOBI and AZW.

E-books made by Amazon Kindle are bound both to the serial number of the gadget and to the PID. The latter is assigned to the user during registration. The key for decrypting the downloaded books can be found using the Kindle serial number and its PID. Cracking the DRM protection on the Kindle is not difficult - many detailed instructions can be found online.

The Kindle iPad and iPhone files are encrypted with a cryptographic key generated from the user's account information. Getting information out of the Apple device is not an easy task, but it can be done.

Another major bookstore chain in the United States, Barnes & Noble, uses the ePub format, which is protected by Adobe Digital Editions (ADEPT).

ADEPT operates on a cryptographic scheme, but it can hardly be called reliable. The files are encrypted using a unique AES key and the key itself is protected by an RSA key. It is generated based on the user's email and encrypted with the application key.

To break this scheme, hackers first needed to find the session key. It is protected by an RSA key, with which the AES key is encrypted. AES key, as we already know, is used to encrypt files. Experts say that untangling this chain is more of a tedious undertaking than a complicated one.

DRM: pros and cons

Microsoft users saw the incident with the removal of the e-books as an attack on basic principles of commerce. Even the fact that people would get their money back and compensation for marks and annotations did not save the situation.

Buying media on the Web, users expect the same rights as they have with physical media. Everyone wants to be able to dispose of, lend and give away what they bought.

"I think that if a company says you 'buy' a digital product, then that product, not access to it, should be permanent, irrevocable, available offline and allow the user to back it up," writes a user with the nickname topkai22 on ycombinator.

Microsoft's example is not the only one. The policy of some stores allows books, movies and music to be removed from access without warning. As a result, users feel cheated.

The experts see another danger in DRM: these are private systems of content protection. DRM protection has now become an option to "lock" the user into its ecosystem. Reading and listening to purchases in a convenient way is not welcomed by many IT giants.

Proponents of DRM argue that the technology keeps files safe from piracy, and abandoning it would lead to disaster. But practice shows that hackers can break almost any protection. DRM is not the most effective anti-piracy tool.

Day of Resistance to DRM

May 6 is the international Day of Resistance to DRM. It was declared by the Free Software Foundation company.

The head of FSF Richard Stallman believes that DRM infringes on the personal freedom of users. On the site the company explains why DRM should be abandoned. Many organizations have supported the Free Software Foundation. For example, the publishing company Oreilly sells DRM-free books at a 50% discount.

There is another portal, FCKDRM, which is available in Russian. It was launched by digital distribution service GOG. The site has links to resources that support DRM-free systems - Wikisource, Bandcamp, Itch and others.


Many people don't like DRM - it's true. Such protection makes users uncomfortable and reduces customer interest. Every DRM protection has vulnerabilities that are exploited by hackers.

But until there is a decent alternative in terms of anti-piracy protection, the pros of DRM outweigh the cons for publishers. Until lawyers along with IT professionals work out a new copyright protection system, DRM will live on.