Eric Rescorla weighs in on the latest attempt to undermine Apple DRM: turns out the restrictions are added on the client side. Simply blocking the insertion of the controlling bits makes the files free of DRM. Look for an update the client (and perhaps the server) Real Soon Now. But the underlying questions is Is it good for you if people crack DRM?
[E]very time Mr. Johansen or someone else figures out how to crack Apple’s DRM, the main effect is to inconvenience Apple and you the consumer. Yes, yes, it demonstrates the futility of software-only DRM against a determined attacker, but so what? We all knew that already. The chance that Apple will respond by removing DRM seems slim. The chance that when they rev the format it will involve new inconvenient restrictions (whether justified for security reasons or not) is high. What’s in it for me again?
UPDATE: Chris Lightfoot argues in the comments that: “By creating an inconvenience every time the DRM is compromised, the attacker creates a disincentive for people to buy from companies which use DRM.”
Absolutely true, but that serves their interests, not yours. The question here is how you should react when you hear that someone has broken Apple’s (or anyone else’s) DRM. What I mostly hear is “Stick it to The Man!”, but I suspect a more rational response would be “Those darn hackers are at it again.”
A way to attack DRM that isn’t pointless:
[T]here’s basically no way for CD copy protection to actually be effective without inconveniencing far more users than the manufacturers would ever be willing to do. Pointing that out to them [as in the SunComm/shiftkey fiasco] is a public service. Forcing Apple to tighten their DRM is not a public service because it’s something that Apple is perfectly willing to do and so the only real effect is to make everyone more miserable.
And yes, I do recognize that this implies that there is a middle ground in which the manufacturers might be able to shift which region they’re in by credibly committing to using DRM no matter what the cost…. Call this the “You’re just making it harder on yourself” defense.
As noted elsewhere, I’ve always been a bit wobbly on this issue. But I am coming around to the idea of making it clear how bad idea an DRM is to its proponents, by raising their costs (either in developing new methods or making their customers question their motives).