[plug] Protecting Online Files

Timothy White weirdit at gmail.com
Wed Apr 5 19:12:07 WST 2006 

On 4/5/06, Chris Watt <something.rotten at gmail.com> wrote:
> Hi Guys,
>
> I have a client who wants to offer his lessons online as PDF (or
> whatever).  He has about 300 of them.
>
> He is very worried about intelectual property and therefore wants to
> make it impossible for people to download and redistribute it.
>
> What kind of things have people used successfully for such a venture:?
>  There will obviously be a members area, on a PAYG or credit system,
> but he wants them to not be able to get hold of the files.

The only thing you can really do, is prevent someone not authorised,
from getting it from the server, stopping it from being distributed,
is very hard to do, unless you control the viewing software, as well
as the server. In which case, you can do something like itunes does
for DRM. A quick idea would be some funky program generates a key,
sends that to the server, the server then uses that as the required
key to view the document, so that it can only be viewed on that
computer (obviously with the software you have control over).

Similar to music, if you can hear it, you can copy it....

I'd just make them as encrypted PDF's, with all that protection stuff
(which is useless to a degree), and obviously restrict downloads to
members. Obviously, if you need to use a passwd to access the
document, and someone gets their hands on the document and the passwd,
then you can't stop them distributing it. You may delay distribution,
and IMHO, if you pay for access to a document, as a user, you don't
want to be putting passwords and stuff in, and unless the document is
of great use to other people, most people won't bother distributing
it.

Tim
p.s. If you have control of the viewer/application, then anything is
possible, for example my dad's work, will only run on computers within
the company, and every time it runs, or updates, it informs a server
of it's version, the user, and the actions happening and other crud
like that.... Of course, you can reverse engineer things if you know
how it works, but in this instance, you'd need to create 2 servers,
and probably a vanilla client, set up in a specific way, or somehow
edit the binary application to prevent the checking subroutine being
run.
--
Linux Counter user #273956

More information about the plug mailing list