Whenever I get thinking about copy protection, I find myself getting flustered. Its a topic that I have trouble with, one that interests me, but my problem is that I can never really settle on a hard opinion.
Lets forget for a minute everything about money, about opening peoples computers up to harm, sticking it to the man, and any other reasons. The basic idea is fundamentally very simple. We don't trust them, and they don't trust us.
And no wonder.
Round and round and round we go
Anyone can make it very easy get a copy of software out there.
This isn't like the old days where creating copies of videos required a room full of interconnected VCRs. Today, creating a copy costs nothing. Putting that copy out on mass distribution costs nothing. Anything that benefits the person putting anything out there is an absolute profit, be it a monetary reward or simply other content.
And what do we do in response? We squander millions of dollars a year trying to figure out new ways to keep them from doing what they do. And they have them broken in a pittance of a fraction of the time it took to develop it.
Now, we also have legitimate customers. Many companies seem to have forgotten them, in a bid to get everyone else to actually be one, and pretty much all we do is hurt them. They wind up the victims of our war of wits with the pirate. Sometimes, depending on the implementation, they can cope with it better than others, but nobody needs to return to the days of copies of Colin McRae rally being returned to stores because the copy protection method meant the CD-ROM drive didn't work.
So what can we do?
No hard plan, I'm afraid, but there are a few ideas. We could try treating the customer like a customer, for example, rather than a criminal. Would you do business with a shop if they looked at you with contempt when you walked in the door?
How about we start to distribute the way they want us to? Get it cheaper, get what you want, get it now. Apple recently celebrated their one billionth sale on iTunes, and I have to wonder what kind of sales Direct2Drive get.
How about we start to sell to the user rather than to the device? How do we do this? Who knows. I don't. But at least we can relax in the theory that it can be used with downloaded sales to allow the user to port their purchases where they like, and if not make it difficult to share them, how about making it undesirable? If we have to lock people in, why not do it with information that they have to give to make the purchase, which they wouldn't want to make public. Base the encryption key off their credit card number, for instance. This can be stored on both client and server (or sent from the client to the server via an SSL connection during purchase). Have the user register this number on each device that they want to play the files on, and decryption works from there.
Of course, all these are algorithmic methods that could be very easily broken in one way or another, and they certainly don't suit the wide variety of media types that people want to be able to use.
Et cetera ad nauseum
I haven't said anything here that people don't already know. All I'm really doing is trying to articulate how I feel about the situation at the moment. Flustered and frustrated seem to about cover it.
I'm pretty sure I should probably stop reading ApochPiQ's journal until he sends me a PM promising he won't be upsetting me any more [grin]