有有效的 DRM 方案吗?
我们帮助客户在线管理和发布他们的媒体 - 图像、视频、音频等。 他们总是问我的老板是否可以阻止用户复制他们的媒体,他问我,我总是告诉他同样的事情:不能。 如果用户可以查看媒体,那么足够坚定的用户将始终能够制作副本。 但我说得对吗?
今天又被问到了,我答应老板我会在网上问这个问题。 那么 - 是否有可行的 DRM 方案? 一种能够阻止用户复制而不阻止合法观看媒体的技术?
如果没有,我该如何说服我的老板?
We help our clients to manage and publish their media online - images, video, audio, whatever. They always ask my boss whether they can stop users from copying their media, and he asks me, and I always tell him the same thing: no. If the users can view the media, then a sufficiently determined user will always be able to make a copy. But am I right?
I've been asked again today, and I promised my boss I'd ask about it online. So - is there a DRM scheme that will work? One that will stop users making copies without stopping legitimate viewing of the media?
And if there isn't, how do I convince my boss?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(24)
不会。如果您让他们查看,他们随时可以复制所看到的内容。 你可以让这种情况更难发生,但最终你无法阻止一个意志坚定的攻击者。
No. If you let them view it, they can always make a copy of what they saw. You can make it harder for this to happen, but in the end, you can't stop a suitably determined attacker.
如果无法提供专门定制的硬件(这就是微软通过其可信计算“Palladium”计划推动的),答案是否定的,你无法阻止他们深入研究。
即使在专门定制的硬件的情况下,具有足够技能和资源的攻击者仍然可以获取您的内容,您只是极大地减少了攻击面。
当然,在许多情况下,摄像机也能发挥同样的作用,然后您就必须使用一组特定的电视/显示器来应对这种情况。 它很快就不再具有经济可行性。
要说服老板,只需告诉他更容易理解的事情即可:你无法阻止某人在电视机前放置摄像机。
Short of supplying specifically tailored hardware (which is what Microsoft is pushing with its Trusted Computing 'Palladium' initiative) the answer is no, you can't stop 'em to get to the bits.
Even in the case of specifically tailored hardware an attacker with enough skills and resources can still get to your content, you just reduce the attack surface enormously.
Of course a video camera will work just as well in many cases, you'd then have to counter that with a specific set of television/monitors. It shortly stops being economically viable.
To convince the boss, just tell him what's easier to understand: you cannot stop someone from placing a camera in front of the television.
没有什么是完美的,但你可以让复制变得更加困难=不那么值得。
恕我直言,任何 DRM 尝试都会让合法的最终用户感到烦恼,所以我不会推荐它。
也许您可以通过要求您的老板提出一种有效的 DRM 方法,然后演示如何克服它来说服她?
Nothing is perfect, but you can make copying a little more difficult = less worthwhile.
IMHO, any attempt to DRM is annoying to legitimate end users, so I wouldn't recommend it.
Perhaps you can convince your boss by asking her to come up with an effective method of DRM, and then demonstrating how to overcome it?
简而言之,不,不存在。 任何可以查看的内容都可以复制。 这根本没有例外,除非你能改变物理定律对你有利:)
Simply put, no, there isn't. Any content that can be viewed can be copied. There's no exception to this at all, unless you can bend the laws of physics in your favor :)
长答案:只允许用户通过访问您的办公室并使用位于那里的机器来浏览您的网站 - 当然,在严格的监督下。
简短回答:不。
Long answer: Only let users browse your site by visiting your office and using a machine located there - under strict supervision, of course.
Short answer: No.
无论如何都无法阻止 DRM 的原因如下:想象一下银行金库。 必须有办法把钱取出来。 如果有办法进去,那就意味着有人可以从那条路进去,因此它并不是坚不可摧的。 如果金库无法穿透,那就意味着没有人可以进入——这意味着没有人可以将钱存入或取出,即使是合法有权使用这笔钱的人也不能。
The reason you can't stop DRM no matter what is as follows: imagine a bank vault. There has to be a way in to get the money out. If there is a way in, that means someone could get in that way, therefore it is not impenetrable. If the vault is impenetrable, that means no one can get in -- meaning no one can get the money in or out, not even the people who legally have the right to access the money.
在某一时刻,您将不得不放弃您正在使用的任何编码/加密,以避免制作非法副本并将内容显眼地显示给用户。 最新的是,此时用户可以简单地捕获内容并进行复制。 这意味着,如果您无法控制您的用户是谁(或者他们如何使用您的技术),您就无法阻止他们进行复制。
现在,假设复制未加密的内容可能不是最有效的复制方式(其中之一 - 取决于捕获的位置 - 它可能不会被压缩(例如,捕获发生在视频卡和显示器之间) ),因此可能会占用大量空间)。
根据上述内容,技术答案 - 除非您有足够的控制权 - 是不,您无法阻止用户制作非法副本。
但是,您可以使用加密或其他 DRM 相关技术使他们更难以所需格式制作这些副本。 根据您的用户和内容的受欢迎程度,颠覆 DRM 技术所需的努力可能会高于您的用户愿意支付/投资的程度。 是否存在这一点完全取决于您的业务和受众的性质。
At one point you will have to abandon whatever coding/encrypting you are using to circumvent the making of illegal copies and show the content to the user in plain sight. The latest, at that point the user can simply capture the content and make copies. Which means that if you cannot control who your users are (or how they are using your technology), you cannot stop them making copies.
Now, granted that making copies off the unencrypted content might not be the most efficient way of copying (for one -- depending on where it was captured -- it might not be compressed (e.g. the capturing took place between the video card and the monitor), and therefore might take up a lot of space).
Based on the above, the technical answer -- unless you have enough control -- is that no, you cannot stop users to make illegal copies.
However, you can make it much harder for them to make those copies in the desired format by using encryption or other DRM-related techniques. Depending on your users and the popularity of your content, there might be a point where the effort required to subvert the DRM technologies is higher than what your users are willing to pay/invest. Whether there is such a point solely depends on the nature of your business and your audience.
任何可以被人类查看和理解的东西都可以被计算机查看和存储。
你能做的最好的事情就是混淆并尝试混淆,但任何适当确定的用户都会成功。 您可以将文本作为图像、带有水印的图像、带有公钥/私钥的加密文件来传递,但最好的情况是允许您跟踪谁“泄露”了某些内容,而不是阻止它被泄露。
Anything that can be viewed and understood by a human can be viewed and stored by a computer.
The best you can do is obfuscate and attempt to confuse, but any suitably determined user will succeed. You could deliver text as an image, an image with a watermark, an encrypted file with public/private keys but the best that will happen allowing you to track who 'leaked' something rather than stopping it from getting leaked.
现在我看到 12 个答案都同意答案是“否”。
如果您的企业依赖于受保护的客户媒体发布,那么您的企业可能已经陷入困境。 您需要与客户开始对话,了解他们正在生成的内容、为什么生成这些内容以及他们希望从中获得什么。 看起来他们的商业模式可能已经过时,在这种情况下他们也可能面临危险。
客户所说的他们想要的可能是他们为解决他们没有告诉你的问题而做出的最佳尝试。 尝试更深入地了解他们的实际问题是什么。 也许可以看看五个为什么来寻找灵感。
我绝对不认为我现在想在 DRM 上规划长期职业生涯......
Right now I can see 12 answers all agreeing that the answer is "No".
If your business relies on your clients' media being published with protection, then your business may already be in trouble. You need to start a conversation with your clients about the content they're generating, why they're generating it and what they hope to get from it. It rather looks like they may have an out-of-date business model, in which case they may be in danger as well.
What the clients are saying they want may be their best attempt to stipulate the solution to a problem that they're not telling you about. Try digging a little deeper into what their actual problem is. Maybe look at the Five Whys for inspiration.
I definitely don't think I'd want to be planning a long-term career on DRM right now...
至于说服你的老板,把事情归结为基本的 DRM。 你卖掉了一些有价值的东西。 为了防止您的客户复制它,您将其锁在一个盒子里。 为了允许您的客户使用它,您需要向他们提供盒子的钥匙。
希望此时你的老板已经开始明白了。
技术不是解决方案。 我们有一套法律体系来处理未经许可的知识产权复制行为。 盗窃在一小部分人口中很普遍。 我的建议是,不要试图销售吸引可能偷窃的人群的数字媒体。
As far as convincing your boss goes, boil things down to essential DRM. You sell something valuable. To prevent your customers from copying it, you lock it in a box. To allow your customers to use it, you give them the key to the box.
Hopefully, the light is beginning to dawn on your boss by this point.
Technology is not a solution. We have a legal system to deal with unlicensed replication of intellectual property. Theft is prevalent in a small segment of the population. My advice would be don't try to sell digital media that appeals to a demographic likely to steal.
您需要确定的主要内容是您希望阻止复制内容的用户的级别。 你永远无法阻止 1337 h4xx0r 复制你的东西并将任何黑客知识传递给更有能力的技术人员。
当您沿着技术能力较差的路线徘徊时,您可以采取更多措施(例如通常的 DRM)来阻止他们尝试复制您的内容。 当您遇到白痴用户时,您可能可以执行多种技巧,这些技巧足以让他们认为自己无法复制内容,但是他们所需要的只是遇到一位有能力的技术人员并让他们提供一个链接,以便他们能够进入下一个级别。
这是一种收益递减的情况,但仍然有用户认为,仅仅因为网站禁用了右键单击,他们就无法下载图像。
如果您的客户想要瞄准这些用户(并提供大量资金),那么可能值得进行一些混淆,但这是一种收益递减的情况,您的客户需要认识到他们所购买的一切只是薄薄的伪装。
The main thing you need to identify is the level of user you wish to prevent from copying the content. You will never stop a 1337 h4xx0r from copying your things and passing any knowledge of hacks to more competent techies.
As you wander down the line of the less technical able there is more you can do (such as the usual DRM) to dissuade them from attempting to copy your content. As you get to idiot user there are probably a variety of tricks you can perform that are effective enough to fool them into thinking that they cannot copy the content, however all it takes is for them to meet a competent techie and for them to provide one link for them to be able to step up to the next level.
It's a case of very much diminishing returns but there are still users out there who think that just because a website disables the right click that they cannot download the images.
If your clients want to target those users (and offer substantial monies) then it might be worth pursuing a bit of obfuscation but it is a case of diminishing returns and your customers need to appreciate that all they are purchasing is a thin disguise.
我相信你误解了你老板的问题。 也许他甚至不知道该问什么问题,所以我会给你应该的问答。
老板:我们能阻止每一个坚定的用户复制我们客户的媒体吗?
你:不,这是不可能的。
Boss:我们能否让它变得困难,让绝大多数坚定的攻击者无法突破我们的内容保护?
你:是的,这是可能的。
Boss:能否以一种不影响媒体播放性能、不给我们的合法用户带来不便的方式来完成?
你:是的,这很有挑战性,但很容易处理。
老板:实行这样的保护制度经济上可行吗?
您:这取决于我们与媒体提供商的合同细节。 如果一些提供商因为我们不愿意为他们保护所需的内容而不愿意向我们授权,那么这可能是一种经济上的需要。 如果您决定采取这种方式,我们应该聘请一名或多名数字版权管理专家来实施该系统。
I believe you have misinterpreted your boss's question. Perhaps he doesn't even know the right question to ask, so I'll give you the Q&A that should have occurred.
Boss: Can we stop every determined user from copying our clients' media?
You: No, this is impossible.
Boss: Can we make it difficult, such that the vast majority of determined attackers will be unable to break our content protections?
You: Yes, this is possible.
Boss: Can it be done in a way that does not impact performance of media playback such that it becomes inconvenient to our legitimate users?
You: Yes, this is challenging, but tractable.
Boss: Is it economically feasible to implement such a protection system?
You: That depends on the details of our contracts with media providers. If some providers are unwilling to license desirable content to us because of our unwillingness to protect it for them, it could be an economic imperative. We should hire one or more experts in digital rights management to implement the system if that is the route you decide to take.
答案很简单:不
the answer is simple : no
不,他们无法阻止用户使用相机拍摄屏幕截图,或使用录音机录制电影、歌曲或其他任何内容。
如果您谈论的是防止制作数字化内容的“精确”副本,答案仍然是一样的:不。
No, their is no way to prevent a user to use its camera to take a screenshot of the screen, or its recorder to record a movie, a song or anything else.
And if you're talking about preventing making "exact" copy of a digitalized content, the answer is still the same: NO.
您无法停止观看,但通过在每个观看者的视频中添加序列号,您可以跟踪副本。 例如,在视频的右上角放置一个该用户独有的小数字。 如果他们复制视频并上传,您就会知道是谁干的。 您还可以在长视频中移动它或使其随机出现以使其更难以删除。
只是一个想法。 我其实是反对DRM的。
You cant stop the viewing, but by possibly putting a serial number in each viewers video it will allow you to track copies. E.g. in the top right of the video put a small number that is unique to that user. If they copy the video and upload it you will know who did it. You could also move it around during long videos or make it appear randomly to make it harder to remove.
Just an idea. Im actually anti DRM.
您可以拥有极其复杂的 DRM(自定义播放器,每次播放/加载某些内容时都会激活),但它仍然不能 100% 防黑客。 老实说,这不值得这么麻烦,
尽量让诚实的人保持诚实; 要么根本没有 DRM,要么只是一些简单的、易于实施的、适用于 80% 的公众,别管另外 20% 的人,他们可能技术足够好,无论如何都不会被阻止。
You can have extermly complex DRMs (custom player, activation each time something is played/loaded), but it still won't be 100% hacker proof. And honestly, it's just not worth the trouble,
Try to just keep the honest people honest; either have no DRM at all, or just some simple ones that's easy to implement and will work on 80% of general public, leave the other 20% alone, they are probably techie enough and won't be stopped no matter what.
请允许我说,答案实际上是“是的,有资格”。 创建一个足够难以破解的 DRM 系统是可能的,这样非技术用户将无法复制和重新分发内容,而高技术用户只能这样做好容易。
所以原来的答案是正确的:一个“有适当动机”的黑客总是能够得到他想要的东西。 但可以将标准设置得足够高,以使具有适当动机的黑客数量大约等于零。
Allow me to argue that the answer is actually "Yes, with qualifications". It is possible to create a DRM system which is sufficiently difficult to crack, such that non-technical users will not be able to copy and redistribute the content, and highly technical users will only be able to do so with great difficulty.
So the original answer is correct: a "suitably motivated" hacker will always be able to get what he wants. But it's possible to set the bar high enough so that the number of suitably motivated hackers is approximately equal to zero.
使用当今使用的硬件,您无法阻止用户复制您的媒体。 而当前(主要的)DRM 技术甚至与此无关。
DRM 是为了烦扰想要复制的用户。 希望他们中的大多数人不会复制。
问题是,如果惹恼了用户,你就会惹恼所有用户。
这就是为什么我几乎从不购买任何受 DRM 保护的东西。 当我这样做时,只有在我获得了无 DRM 的副本之后,所以我确信我实际上能够听到/看到该产品的副本。
With the hardware in use today, you cannot stop users from copying your media. And current (major) DRM-technologies is not even about that.
DRM is about annoying users who wants to copy. Hopefully so much, that most of them won't make copies.
The problem is that by annoying the users, you annoy all users.
That is why I almost never buy anything DRM-protected. And when I do, it's ONLY after I've got a DRM-free copy, so I'm sure that I'm actually able to hear/see a copy of the product.
为了说服你的老板,你可以尝试这本散文书中科里·多克托罗的论点。
他有一些非常好的观点。
我认为最好的论据是,您将花费大量程序员资源来编写用户不喜欢的功能。 没有人希望他们的播放器说:“你不能听这首歌,因为它已经在你的电脑上”,而实现此功能将会很痛苦。
As to convincing your boss you might try arguments from Cory Doctorow from this essay book.
He has some very good points.
I think the best argument is that you will be spending much programmer resources on writing features that your users will dislike. Noone wants their player to say: 'you can't listen to this song because it is on your PC already', and implementing this feature will be pain.
如果可以查看,就可以复制。
如果一个人可以复制它,他就可以将其发送给其他一百万人。
因此,让它难以复制是没有意义的,因为总有人能够复制它,然后他们会继续将其发送给所有不能复制的人。
DRM 唯一做的就是让消费者更难合法使用内容。 但这是有意为之的 - 媒体提供商不希望您备份 DVD 并将其转换为在 iPod 上播放:他们希望您以 iPod 格式再次从他们那里购买同一部电影。
这才是 DRM 的真正原因。 他们知道阻止海盗是行不通的; 他们确实知道这将有助于阻止合法的合理使用。
If it can be viewed, it can be copied.
And if one person can copy it, he can send it to a million other people.
So its meaningless to make it hard to copy, because there's always people able to copy it, who will then proceed to send it to everyone who can't.
The only thing DRM does is make it harder for consumers to legitimately use content. But this is intentional--media providers don't want you to backup your DVDs and convert them to play on an iPod: they want you to buy the same movie again from them in iPod format.
That is the real reason for DRM. They know it won't work to stop pirates; they do know it will work to stop legitimate fair use.
是的,有一个基本上未破解的 DRM。 它称为超级音频光盘 (SACD),是一种出色的 5.1 环绕声格式,旨在取代原始 CD。 别以为它真的像创作者所希望的那样受到索尼的欢迎,但仍然有大批狂热的发烧友追随。
它在很大程度上牢不可破的主要原因是因为你需要一个特殊的播放器来读取光盘,它们不能在计算机或 CD 播放器上播放,除非它们是双层的。 意思是SACD和CD数据在一张光盘上,然后他们只能翻录CD数据而不能翻录SACD。
因此,如果您有想要分享的音乐并且您的客户喜欢高端音频。 如果您想要牢不可破/不可共享的音频/音乐,那么 SACD 可能是您的最佳选择。
Yes, there's is a largely uncracked DRM in place. It's called Super Audio Compact Disc (SACD), a fantastic 5.1 surround sound format that was made to supersede original CD's. Don't think it really caught on as much as Sony, the creator had hoped, yet there's still a large following agmonst audiophiles.
The main reason it's largely unbreakable is because you need a special player to read the discs, they cannot be played on a computer or CD player, unless they're dual layers. Meaning SACD and CD data on one disc, and then they can only rip the CD data not the SACD.
So if you've got music you want to share and your clients are into high end audio. Then SACD is probably the way to go, if you want unbreakable/unshareable audio/music.
我倾向于同意,从实际意义上讲,可能没有万无一失的方法来防止复制,但我可以证明这一点吗? 不,我还没有听到任何无懈可击的证据。
复制是正常计算中固有的,并且是不可逆的。 例如,
当执行语句 2 时,无法反转它,因为 X 不记得其先前的值。 这就是复制的本质——忘记复制品是被复制的。
据我对量子计算和密码学的了解,在该领域,所有过程都是可逆的,因此可以保证始终可以检测到副本。
回到正常计算的世界,如果可以控制信息的查看者,就可以尝试确保任何副本都被降级并且不如原始版本。 例如,水印的想法可以使其几乎不可见。 或者可以添加未显示但显示图像所需的附加信息。
我并不是说在普通计算中可以实现强大的 DRM。 我只是说如果不是的话,这就是一个强有力的主张,我希望看到一个无懈可击的证据。 这个领域有许多曾经被认为不可能的事情,例如公钥密码学和 Dijkstra 互斥算法。
I'm inclined to agree that in a practical sense, there may be no foolproof way to prevent copying, but can I prove it? No, and I haven't heard any airtight proof yet.
Copying is inherent in normal computation, and it is irreversible. For example
When statement 2 is executed, there is no way to reverse it because X has no memory of its prior value. That is the essense of copying - forgetting that a copy was made.
From what little I know of quantum computing and cryptography, in that realm all processes are reversible, so it is possible to guarantee that copies can always be detected.
Back in the world of normal computation, if one can control the viewers of information, one can try to ensure that any copy is degraded and not as good as the original. For example, there is the watermark idea, which can be made practically invisible. Or additional information can be added that is not displayed, but which is required to show the image.
I'm not saying strong DRM is possible in normal computing. I'm just saying if it isn't, that's a strong claim, and I'd like to see an airtight proof of it. This field has a number of things once considered impossible, such as public-key cryptography and Dijkstra's mutex algorithm.
用微软工程师的话说“如果你的解决方案能持续 6 个月,那就是永恒”。 是时候转向 DRM 解决方案的更新实施了。 因此,我们不能保证 DRM 解决方案万无一失。 然而,我们可以通过使加密程度较低的数据变得清晰,从而使其变得非常难以破解/破解。
In words of a microsoft engineer "If your solution lasts for 6 months, thats eternity". Time to move to a newer implementation of the DRM solution. Hence we cannot guarantee a fool proof DRM solution. However we can make it very hard to crack/hack though by making less encrypted data in clear.
尽管“看得见、可以复制”在理论上显然是正确的,但这并不一定会敲响 DRM 的丧钟。
如果 DRM 能够足够好地控制硬件,一直到显示介质,以便在显示之前不会泄漏数据,那么由显示构成的任何“副本”都可能是不完美的。
例如,多厅影院中的摄像机 - 当然,观看的数据已被复制,但高度次优。
为了使这种“查看;复制”数据达到最佳状态,需要一个记录设备能够完美地记录数据的每一个“位”(并且可能是实时工作的)。
展望未来,您可能会获得 DRM 技术,该技术可以在存在能够复制产品的设备时防止查看产品。
Although "what can be viewed, can be copied" is clearly true in theory, this does not necessarily sound the death knell for DRM.
If the DRM can control the hardware well enough, through to the display medium, so that there is no leak of data before the display, then any "copy" which is made of the display will likely be imperfect.
For example, a camcorder in a cinema multiplex - certainly, the viewed data has been copied, but highly sub-optimally.
For this "viewed; copied" data to be optimal, it requires a recording device which is able to record every 'bit' of data perfectly (and perhaps work in real-time).
Looking forward, you might get a DRM technology which prevents a product from being viewed when a device capable of copying it is present.