Comment by semiquaver
3 months ago
This is great work, but I’m not clear on why this qualifies as DRM at all. It sounds like the OP reverse engineered a protocol for rendering pages from a book to the web client. Sure, rotating the glyph ids every API call is annoying but it hardly qualifies as encryption or even obfuscation, just an extra mapping step the decoder needs to handle.
Sure seems like whoever at Amazon wrote this didn’t realize that it backdoors their DRM.
I was on the team that wrote this code.
We knew it was reverse-engineerable, we just didn't care.
Upper management seemed happy enough that it was pretty obfuscated, and we were happy that they didn't force us to do more about it.
> we just didn't care. Upper management seemed happy enough
This is very relatable. Management want X, engineers recognise X is dumb and deliver something that sorta looks like X, management see something that looks like X and are happy.
You are exactly correct.
Yes, but it's still amazing coming from Amazon. Everyone hates Amazon now but it's hard to argue they're not incredibly successful; how did they get where they are if they're staffed with Dilbert's boss types?
I wonder if the start of the causal chain (or at least the intended audience) might be book publishers rather than people in Amazon
Replies like this are why I love HN (assuming it’s true)
It is, I promise :)
Email in bio if you have other questions about it you care to ask.
3 replies →
It kind of makes sense. It's good enough to stop a non-coder. Anything in the browser can be either broken by a serious coder or has unpleasant tradeoffs.
Amazon would need to drop this feature to seriously lock down their books
Still a DMCA violation to break, though.
This is why the DMCA needs to die. It's absolutely ridiculous.
But you still did it. With awful consequences discussed in this thread. Couldn't you have done less about it ?
Do you tell yourself "well if I hadn't, the next person would've" ?
Did they force you to do it, then ? Was it worth it ?
You ask great questions.
I definitely have regrets about my time working at Amazon. Specifically, I wish that I had pushed back more about doing certain things.
Honestly, DRM wasn't even the worst. All the unnecessary user tracking was way worse, in my opinion.
Its impossible to know for sure, because I didn't push back as much as I should have, but I really think that "well if I hadn't, the next person would've" was absolutely true in this case (knowing what I know about all the other engineers that were in the department at the same time as me). I'm not saying the other engineers were bad people, a lot of them were lovely but they definitely had different convictions than I have.
At some point you are going to have to show something on the screen for a person to read. No mechanism is going to be impenetrable.
> Sure seems like whoever at Amazon wrote this didn’t realize that it backdoors their DRM.
Or maybe they did, and now they will have to fix it.
What are you talking about? Rotating glyphs is like... the ORIGINAL encryption.
https://cryptii.com/pipes/caesar-cipher