← Back to context

Comment by AnthonyMouse

1 month ago

> Any device that doesn't have DRM will never support a paid digital marketplace or paid content streaming.

None of the attestation stuff actually works for that.

For streamed content the pirates only need one person to crack one device and then everything is on The Pirate Bay. Notice that it's all still available in such places despite the DRM and the people still paying for it are still paying for it despite its availability there.

And apps are the same. If you put some attestation in your app, the pirates would just disable it in the copy they distribute, because attestation does nothing to prevent copying.

What it's nominally supposed to be for is so that a server can verify that the device is approved before providing some service. But that only works if a) the thing the server is providing is individualized rather than generally available, and b) the attacker can't get an approved device. The first is what makes it useless for copy protection. The second is what makes it useless for e.g. a bank app, because the attacker will just steal the user's credentials on a compromised device that never even attempts attestation because it's only connecting to the attacker's servers, and then put the stolen credentials into an approved device in order to transfer the money.

The only party to benefit from any of this is the incumbent platform if they can fool useful idiots into using it in order to lock customers into their platform.

15 comments

AnthonyMouse

Reply
kuhsaft  1 month ago

> For streamed content the pirates only need one person to crack one device

Thus the push for locked devices.

> What it's nominally supposed to be for is so that a server can verify that the device is approved before providing some service.

Which is why Neflix wont work with a device failing Play Protect.

> The first is what makes it useless for copy protection

Not if you require a locked device to download the artifact in the first place to prevent copying.

  • AnthonyMouse  1 month ago

    I feel like you're not understanding the problem:

    > Which is why Neflix wont work with a device failing Play Protect.

    And yet the pirates still have all of their content, because DRM doesn't work. One pirate cracks one locked device and can download their entire catalog with it. That one pirate needs to know something about computer security and side channel attacks etc., but none of the people downloading it do.

    It can't prevent the first copy from being made because the devices are only secure against amateurs but not professionals, and it can't prevent any of the subsequent copies because the pirates aren't using any DRM to distribute them.

    • kuhsaft  1 month ago

      > And yet the pirates still have all of their content, because DRM doesn't work. One pirate cracks one locked device and can download their entire catalog with it.

      I know and I'm saying what we are seeing is a push to plug all those holes. iOS, Android, macOS SIP, Windows Secure Boot. All root-of-trust systems, so that only operating systems that prevent copying can download it in the first place.

      Those pirates aren't using locked devices to copy content. They are using devices lacking copy protection.

      12 replies →