The general details about Booxtream's digital watermark DRM have been known since someone deconstructed a Harry Potter ebook from Pottermore in 2012, but have you ever wondered about the specific technical details?
Thanks to an anonymous hacker going by the name of Paigey the Book Pirate, now we know.
Late last night an email graced my inbox with a link to a file on Pastebin which detailed the various parts of Booxtream digital watermark DRM as used by Verso Books. I can't share that link (it had someone's personal info in it) but I do have a copy of the file for you sans PII.
The file is worth a read both for the technical details and for the humor. This is at least the second time I know of that someone has posted a detailed technical analysis of Booxtream DRM, but it is the first to use a humorous tone:
The Institute for Biblio-Immunology specialises in textual pathogen identification and antigen synthesis. Several vials of in vivo samples suffering from a "social DRM" watermarking infection were recently brought to the attention of our cellar scientists. In this, our inaugural communique, we will explore our dissection of said samples and offer an initial expatiation regarding the contaminant undesirables discovered therein, as well as offer preliminary guidance for a successful course of treatment.
Prudence tells us that the only time books should be used as weapons of terror is if they are thrown, gleefully aflame, through a publishing conglomerate's window. Instead, we find that the publishing company Verso Books is using books to facilitate the surveillance of readers. By embedding uniquely-identifiable personal information in individual copies of ebooks, Verso (and the company they are relying on for the actual watermarking, BooXtream) are turning vectors for cultural transmission into, effectively, tracking beacons designed to identify who is sharing said ebooks, so as to then neutralise said ostensibly undesirable (by Verso) knowledge transmission paths. This will not stand.
While I don't share Paigey's opinion about the evils of digital watermark DRM, I can appreciate their hard work.
The text file above details seven different ways that Booxtream adds identifiable info to an Epub. (Booxtream can also embed digital watermarks in a Mobi file which can be read on the Kindle, but that is not covered here.)
In addition to adding a unique serial number to the names of files found inside the Epub ebook, Booxtream also embeds the original buyer's name and email on the title page as well as in a footer at the end of each chapter. The digital watermarks can also be found in image metadata and the CSS file, and there's a time stamp which records the specific time the original ebook was downloaded.
All in all, this file is a great read for anyone who wants to know how they are being tracked as well as anyone who wants more details on digital watermark DRM.
It will probably not, however, be very useful for stripping the digital watermarks from an ebook you buy. Booxtream is already aware that some of their technical secrets have been revealed, and they will undoubtedly be taking steps to change how they apply digital watermark DRM.
image y Mark Morgan Trinidad A