Researchers Reveal Booxtream’s Digital Watermark DRM
The general details about Booxtream’s digital watermark DRM have been known since someone deconstructed a Harry Potter ebook from Pottermore in 2012, but have you ever wondered about the specific technical details?
Thanks to an anonymous hacker going by the name of Paigey the Book Pirate, now we know.
Late last night an email graced my inbox with a link to a file on Pastebin which detailed the various parts of Booxtream digital watermark DRM as used by Verso Books. I can’t share that link (it had someone’s personal info in it) but I do have a copy of the file for you sans PII.
The file is worth a read both for the technical details and for the humor. This is at least the second time I know of that someone has posted a detailed technical analysis of Booxtream DRM, but it is the first to use a humorous tone:
The Institute for Biblio-Immunology specialises in textual pathogen identification and antigen synthesis. Several vials of in vivo samples suffering from a "social DRM" watermarking infection were recently brought to the attention of our cellar scientists. In this, our inaugural communique, we will explore our dissection of said samples and offer an initial expatiation regarding the contaminant undesirables discovered therein, as well as offer preliminary guidance for a successful course of treatment.
Prudence tells us that the only time books should be used as weapons of terror is if they are thrown, gleefully aflame, through a publishing conglomerate’s window. Instead, we find that the publishing company Verso Books is using books to facilitate the surveillance of readers. By embedding uniquely-identifiable personal information in individual copies of ebooks, Verso (and the company they are relying on for the actual watermarking, BooXtream) are turning vectors for cultural transmission into, effectively, tracking beacons designed to identify who is sharing said ebooks, so as to then neutralise said ostensibly undesirable (by Verso) knowledge transmission paths. This will not stand.
While I don’t share Paigey’s opinion about the evils of digital watermark DRM, I can appreciate their hard work.
The text file above details seven different ways that Booxtream adds identifiable info to an Epub. (Booxtream can also embed digital watermarks in a Mobi file which can be read on the Kindle, but that is not covered here.)
In addition to adding a unique serial number to the names of files found inside the Epub ebook, Booxtream also embeds the original buyer’s name and email on the title page as well as in a footer at the end of each chapter. The digital watermarks can also be found in image metadata and the CSS file, and there’s a time stamp which records the specific time the original ebook was downloaded.
All in all, this file is a great read for anyone who wants to know how they are being tracked as well as anyone who wants more details on digital watermark DRM.
It will probably not, however, be very useful for stripping the digital watermarks from an ebook you buy. Booxtream is already aware that some of their technical secrets have been revealed, and they will undoubtedly be taking steps to change how they apply digital watermark DRM.
image y Mark Morgan Trinidad A
stephan June 20, 2016 um 12:21 pm
We started using another watermark DRM from Legimi – piracy in Poland undoubtedly is very high, that’s why we trusted experts who tested it on their domestic market. And we find it very clever underneath. It’s not an advertisment, I just recomend it because it’s good + they support audio and PDF files.
Bill Rosenblatt June 20, 2016 um 1:46 pm
I am just sick and tired of people using the term "DRM" to suit their ignorance and/or agendas. Booxtream may have followed the lead of Bill McCoy of IDPF in calling its technology "social DRM," but that’s about as far as it goes. Other vendors of e-book watermarking technology, such as Legimi (see above) and Digimarc, take pains to distinguish their technologies from actual DRM. You are doing no one any favors by misusing the term.
Come on, even the EFF knows better than this (https://www.eff.org/press/mentions/2008/1/11-0).
Nate Hoffelder June 20, 2016 um 2:09 pm
I describe it as DRM because there is a whole host of publishers (Pottermore, and a bunch in Germany) who use digital watermarks when selling direct and harder forms of DRM on ebooks sold through Kindle, iBooks, etc. They are saying with their actions that the two forms, digital watermarks and encryption DRM, are equivalent.
And given that there is a cost for applying digital watermarks or encryption DRM, I’d say they have more in common with each other than digital watermarks have with DRM-free.
Bill Rosenblatt June 20, 2016 um 2:46 pm
So by that rationale, music labels still use DRM on iTunes and Amazon because they use a form of DRM on Spotify. And Hollywood studios use DRM for late-window movies on free-to-air TV (and free streaming services like Crackle) because they use DRM on DVDs. So do all the self-published authors who give e-books away on their own websites while selling with DRM on Amazon. It’s all DRM, right Nate?
Seriously. Did you just invent this now, or has that been your rationale all along?
Nate Hoffelder June 20, 2016 um 2:59 pm
That is what I have written in the past, yes.
Bill Rosenblatt June 20, 2016 um 5:22 pm
I stand corrected. I had forgotten your previous misunderstanding of watermarks in the music industry.
Bill Rosenblatt June 20, 2016 um 1:51 pm
Oh, and O’Reilly uses (proprietary) watermarking on their PDFs. I’m sure they be thrilled to hear that someone is calling this technology "DRM."
Chris Meadows June 20, 2016 um 2:42 pm
The watermarking is applied for the purpose of helping publishers manage their works' digital rights…so how, then is it not DRM? For all the noise anti-DRM advocates make, DRM actually does have an actual real acronym expansion, and the middle word in that one isn’t "restrictions."
Bill Rosenblatt June 20, 2016 um 2:48 pm
OK, so a copyright notice in an e-book (which is not required by law for a work to be protected by copyright) is DRM too, right?
1 June 20, 2016 um 5:32 pm
The difference is copyright notices don’t attempt to actually enforce rights, just tell you about them in the hopes that you will follow them.
Digital watermarks are supposed to be used to enforce the copyright holders rights, by allowing them to identify you if you start giving the digital item to pirates.
Bill Rosenblatt June 20, 2016 um 6:00 pm
Right but not all watermarks have user identifying information. Such as the ones that Nate was confused/misinformed about in the music industry. The music industry has never (other than small scale experiments) used what we call session-based or transaction watermarks, just static watermarks that identify the retailer (e.g. iTunes), not the end customer.
There are lots of ways to enforce copyrights without watermarks or (actual) DRM. Too many to enumerate here. That’s why calling something DRM that isn’t DRM is silly, or in this case, irresponsible.
Bryan June 20, 2016 um 6:47 pm
"The music industry has never (other than small scale experiments) used what we call session-based or transaction watermarks, just static watermarks that identify the retailer (e.g. iTunes), not the end customer."
Bill Rosenblatt June 20, 2016 um 7:11 pm
(to comment below about UMG’s music watermark): yes, really.
That post is 100% consistent with what I said. It just says, "There’s a watermark." It doesn’t say what data is embedded in the watermark. Like I said, it’s an identifier for the retailer. That’s another thing that Nate got wrong about music watermarks. In order to insert a watermark with user information, the retailer has to do it at transaction time. UMG’s watermarks are inserted by UMG, not by Apple or Amazon. UMG wanted to see if it could learn anything about whether unauthorized copies of its files tended to come from iTunes, Amazon, some other retailer, or none of the above; that’s why it inserts static retailer IDs as watermarks.
Bryan June 20, 2016 um 7:40 pm
I’m sorry, but you are consistently factually wrong. Please do not spread incorrect information.
UMG’s watermarks are not inserted by UMG, but by MarkRef, a third party vendor which develops–you guessed it–session-based audio watermarking tech.
Some references for you:
Bill Rosenblatt June 20, 2016 um 9:41 pm
OK, they are inserted *on behalf of* UMG, not by UMG itself. This is a trivial distinction. Otherwise, nope. It’s not a session based watermark. It would have to be inserted by the retailer. It’s not. Your "sources" are a brochure stating the capabilities of the Korean company whose watermarking technology UMG is using. MarkAny is capable of doing session based watermarks. This is not one of them. The patent you cite is also irrelevant. UMG may have wanted to get retailers to insert session-based watermarks, but they wouldn’t, so UMG settled for a static watermark that it inserted (OK, had inserted on its behalf) into files being sent *to retailers*.
Look, I actually know the people involved, and I know what they did and what they did not do. You don’t, obviously.
1 June 20, 2016 um 10:02 pm
"The music industry has never (other than small scale experiments) used what we call session-based or transaction watermarks, just static watermarks that identify the retailer (e.g. iTunes), not the end customer. "
If that’s true, then I would agree calling those watermarks DRM is taking it a bit far.
That doesn’t mean that the types of DRM being used in ebooks aren’t DRM.
1 June 20, 2016 um 5:22 pm
What happens if your Kindle gets stolen, DropBox hacked, etc.?
If a file you bought gets stolen and ends up being posted online for pirates, does law enforcement end up knocking on your door?
Bill Rosenblatt June 20, 2016 um 5:26 pm
Sort of. Not law enforcement but a nastygram sent by the monitoring agency, if any, that the publisher has engaged to search whatever site it is for those watermarks. (Booxtream only does the watermarking; they don’t do the monitoring. Publishers that use Booxtream have to use another service to do that.) And the same thing would happen if the best friend to whom you emailed a copy of the file does the same thing.
1 June 20, 2016 um 5:35 pm
So how can digital watermarks actually be useful in curbing piracy?
Wouldn’t anyone trying to enforce it actually have to prove that the file wasn’t stolen from you?
Bill Rosenblatt June 20, 2016 um 6:01 pm
Not necessarily. Those are evidentiary questions that tend to be handled (literally) on a case by case basis. The one thing that’s for sure is that you’d need to hire a lawyer and file a lawsuit in order to find out the answer.
1 June 20, 2016 um 10:08 pm
It does make me worried that some innocent people will end up having to pay a fine or something because they don’t have time to fight it, and/or can’t afford a good lawyer.
Fjtorres June 20, 2016 um 7:22 pm
Nate is far from the only one that considers Watermarking a form of DRM. It is in fact the mainstream definition of the technology.
A simple internet search for "DRM watermarking" will confirm it, coughing up a zillion technical reports and academoc papers. Like this one:
If anything, it is the deniers that are making it up.
Bill Rosenblatt June 20, 2016 um 9:45 pm
Looks like that’s exactly what you did: a "simple internet search." If you were to actually read the paper you cite, you’d see that it treats watermarking and DRM as separate things. To wit: "Finally, the use of watermarking systems in the framework of a DRM is deeply analyzed."
It’s possible to combine watermarking and DRM, as in the first SDMI system back around 1999, which included a DRM system that forced the reading of a watermark. But they are separate technologies.