Readium: Difference between revisions
Created preliminary article on the readium foundation |
m →Background: linked JavaScript to wikipedia |
||
| (13 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
|Industry=Software | |Industry=Software | ||
|Type=Non-profit | |Type=Non-profit | ||
|Logo=Readium-logo.png | |||
|CompanyAlias=Readium Foundation | |||
|Website=https://readium.org/ | |Website=https://readium.org/ | ||
}} | }} | ||
{{ | Readium Foundation is a non profit that produces "reading system toolkits" that can be deployed across multiple platforms and digital publishing formats. According to its certificate of incorporation, it was incorporated in Delaware, USA in 2013. It has multiple members including: The European Digital Reading Lab (EDRLab), Bibliovault (University of Chicago Press), Columbia University Library, eKitabu, New York Public Library, New York University Library and DRM Inside Co., Ltd.<ref>{{Cite web |title=Membership Overview |website=readium.org |url=https://readium.org/membership/overview/ |url-status=live |archive-url=https://web.archive.org/web/20260623133413/https://readium.org/membership/overview/ |archive-date=23 Jun 2026}}</ref><ref>{{Cite web |title=READIUM FOUNDATION CERTIFICATE OF INCORPORATION |url=https://readium.org/documents/READIUM-FOUNDATION-CERTIFICATE-OF-INCORPORATION.pdf |url-status=live |website=readium.org |archive-url=https://web.archive.org/web/20240801153456/https://readium.org/documents/READIUM-FOUNDATION-CERTIFICATE-OF-INCORPORATION.pdf |archive-date=1 Aug 2024 |access-date=23 Jun 2026}}</ref><ref>{{Cite web |title=Readium Project Goals |url=https://readium.org/about/project_goals.html/ |url-status=live |website=readium.org |archive-url=https://web.archive.org/web/20260311013954/https://readium.org/about/project_goals.html/ |archive-date=11 Mar 2026 |access-date=23 Jun 2026}}</ref> | ||
==Background== | |||
<blockquote>"The Readium project was started by the IDPF in 2012 because the EPUB 3.0 specification had been released late in 2011, but no implementation yet existed (or, at least, had been publicly released). So IDPF provided some funding and encouragement and two firms, Evident Point and Bluefire, took the lead in developing a JavaScript implementation of a significant part of the EPUB 3 spec."</blockquote> The [[wikipedia:JavaScript|JavaScript]] implementation lacked features and was written as a [[Google Chrome]] extension. It also didn't provide native implementations for devices and "it couldn’t support DRM securely." After additional development, they released the open source Readium SDK Core.<blockquote>"The SDK was designed from the beginning to support DRM ( Digital Rights Management ), a mandatory feature for digital library lending, and also required by many publisher for anti-piracy matters. It was moreover designed to be DRM-agnostic, able to support multiple DRM implementations. However, while that capability existed in the SDK, there was also an increasing perception over time that the existing DRM implementations (Adobe, Kobo, Sony) were too heavyweight and proprietary and there existed a need for a new open-source DRM specification and implementation. The result was the Readium LCP (Licensed Content Protection) specification and implementation, which is rolling out in 2017."</blockquote><ref>{{Cite web |title=A Bit of History |website=readium.org |url=https://readium.org/about/history.html/ |url-status=live |archive-url=https://web.archive.org/web/20260623141903/https://readium.org/about/history.html/ |archive-date=23 Jun 2026}}</ref> | |||
==Consumer-impact summary== | ==Consumer-impact summary== | ||
{{ | While it is commendable that Readium and its partners (like EDRLab) promote open source code and wished to design a DRM system that aimed to avoid vendor lock-in (which could have caused a lack of innovation, diversity, features and would have handed one vendor total control), aimed to be more interoperable, simpler, secure and ensuring that: <blockquote>"The solution is designed to be minimally intrusive for end-users, who don’t need to create a third-party account. User can share their ebooks with their family or close friends"</blockquote><ref>{{Cite web |title=Readium LCP |website=edrlab.org |url=https://www.edrlab.org/readium-lcp/ |url-status=live |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/readium-lcp/ |archive-date=17 Jun 2026 |access-date=23 Jun 2026}}</ref> it can be argued that [[Digital rights management |DRM]] in itself is negatively affecting consumers. | ||
Moreover, the Readium SDK was reportedly developed so that it would support multiple DRM technologies, allowing other DRM vendors to easily integrate their systems with Readium. This in effect lowers the barrier to entry, because companies with existing DRM implementations can more easily migrate to Readium and keep using their DRM. The variety also allows for companies that would otherwise be hesitant to pick and choose and implement DRM in a way that might be cheaper or more for them.<ref>{{Cite web |title=Overview of the DRM ecoystem |url=https://www.edrlab.org/readium-lcp/overview/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260623144934/https://www.edrlab.org/readium-lcp/overview/ |archive-date=23 Jun 2026}}</ref> | |||
In addition to this, Readium has filed DMCA takedown requests to force tools which circumvented Readium LCP to remove code from their repositories. As a result, it is currently not possible for users to archive their own ebooks without Readium LCP DRM in an easy way (or perhaps any way). And as it turns out, there are several examples of users complaining or asking for help with this exact issue. | |||
==Readium LCP== | |||
===Preliminary=== | |||
Readium LCP is Readium's DRM system. Readium Foundation is responsible for maintenance of the Readium LCP specification, while: <blockquote>"management of the Readium LCP ecosystem is handled by EDRLab, acting as Certification Authority."</blockquote><ref>{{Cite web |title=Readium Projects |website=readium.org |url=https://readium.org/development/projects |url-status=live |archive-url=https://web.archive.org/web/20260527112832/https://readium.org/development/projects |archive-date=27 May 2026 |access-date=23 Jun 2026}}</ref> | |||
The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section). | |||
It is also an international standard, referenced as: ISO/IEC 23078-2:2024. | |||
===Basics=== | |||
One of the most important concepts in Readium LCP is the '''LCP license file'''. It is generated by a '''Readium LCP License Server''' and contains: <blockquote>" | |||
*A set of rights; standard rights are: | |||
** A start and end access date and time, especially useful for library lending; | |||
**The number of pages the user is allowed to print; | |||
**The number of characters the user is allowed to copy/paste; | |||
*The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”; | |||
*The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear; | |||
*The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider; | |||
Optional: | |||
*Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information. | |||
*Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl). | |||
"</blockquote> | |||
(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.) | |||
A license file can either be distributed as a standalone file or embedded into an [[wikipedia:EPUB|EPUB]] file.<blockquote>"A protected EPUB file is simply the association of protected content with a license."</blockquote> Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement: <blockquote>"the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about."</blockquote> In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system. | |||
===Encryption and decryption=== | |||
Its encryption is based on [[wikipedia:Advanced Encryption Standard |AES]]. Keys that unlock files are referred to as '''passphrases'''. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password. <blockquote>"The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content. | |||
The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers."</blockquote> | |||
<ref>{{Cite web |title=LCP principles |website=edrlab.org |url=https://www.edrlab.org/readium-lcp/principles/ |url-status=live |archive-url=https://web.archive.org/web/20260623162817/https://www.edrlab.org/readium-lcp/principles/ |archive-date=23 Jun 2026}}</ref> | |||
==Incidents== | ==Incidents== | ||
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]. | This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]. | ||
=== | ===DMCA Takedown (2022-01-04)=== | ||
Readium filed a [[Digital Millennium Copyright Act |DMCA]] takedown notice with [[wikipedia:GitHub|GitHub]] in 2022. The notice stated that: <blockquote>"The user noDRM has published on GitHub software which specifically allows the decryption of ebooks protected by the LCP Profile 1.0 and allows saving them as non-protected ebooks. This infringement violates our legal business and affects authors and publishers’ IP. This codebase is presented as a plug-in of the well-known Calibre software, an open-source ebook manager."</blockquote> | |||
As well as that the explicit circumvention of Readium LCP was in a file called '''"lpcdedrm.py'''." And that: <blockquote>"The user noDRM is actively promoting the activity of cracking both library loans and one-off purchases"</blockquote>followed to a link to a GitHub Issue to substantiate the claim.<ref>{{Cite web |title=2022-01-04-readium |author=[private] |date=2022-01-04 |url=https://github.com/github/dmca/blob/master/2022/01/2022-01-04-readium.md |url-status=live |archive-url=https://web.archive.org/web/20260604153156/https://github.com/github/dmca/blob/master/2022/01/2022-01-04-readium.md |archive-date=4 Jun 2026 |access-date=23 Jun 2026}}</ref> | |||
=== | As a result, the relevant files as well as relevant [[wikipedia:Git|Git]] history was removed from the repository. | ||
... | |||
==Products== | ==Products== | ||
*Readium LCP | |||
*Readium Mobile | |||
*Readium Desktop | |||
*Readium Web | |||
*Readium Web Publication Manifest | |||
==External Links== | |||
*[https://www.youtube.com/watch?v=rEa3K_l1bCM Readium LCP Introduction Video] ([https://preservetube.com/watch?v=rEa3K_l1bCM archived]) | |||
*[https://readium.org/lcp-specs/releases/lcp/latest.html Readium LCP v1.0 Specification] ([https://web.archive.org/web/20260623151601/https://readium.org/lcp-specs/releases/lcp/latest.html archived]) | |||
*[https://github.com/github/dmca/blob/master/2022/01/2022-01-04-readium.md Readium's DMCA Request] ([https://web.archive.org/web/20260604153156/https://github.com/github/dmca/blob/master/2022/01/2022-01-04-readium.md archived]) | |||
*[https://idpf.org/epub-content-protection Conceptual Basis for Readium LCP] | |||
*[https://readium.org/architecture/ Readium Architecture] | |||
==See also== | ==See also== | ||
*[[Digital rights management]] | |||
*[[Digital Millennium Copyright Act]] | |||
*[[Adobe Digital Editions' ebook DRM]] | |||
==References== | ==References== | ||
Latest revision as of 17:05, 23 June 2026
| Basic information | |
|---|---|
| Founded | 2013-01-29 |
| Legal Structure | Non-profit |
| Industry | Software |
| Also known as | Readium Foundation |
| Official website | https://readium.org/ |
Readium Foundation is a non profit that produces "reading system toolkits" that can be deployed across multiple platforms and digital publishing formats. According to its certificate of incorporation, it was incorporated in Delaware, USA in 2013. It has multiple members including: The European Digital Reading Lab (EDRLab), Bibliovault (University of Chicago Press), Columbia University Library, eKitabu, New York Public Library, New York University Library and DRM Inside Co., Ltd.[1][2][3]
Background
[edit | edit source]"The Readium project was started by the IDPF in 2012 because the EPUB 3.0 specification had been released late in 2011, but no implementation yet existed (or, at least, had been publicly released). So IDPF provided some funding and encouragement and two firms, Evident Point and Bluefire, took the lead in developing a JavaScript implementation of a significant part of the EPUB 3 spec."
The JavaScript implementation lacked features and was written as a Google Chrome extension. It also didn't provide native implementations for devices and "it couldn’t support DRM securely." After additional development, they released the open source Readium SDK Core.
"The SDK was designed from the beginning to support DRM ( Digital Rights Management ), a mandatory feature for digital library lending, and also required by many publisher for anti-piracy matters. It was moreover designed to be DRM-agnostic, able to support multiple DRM implementations. However, while that capability existed in the SDK, there was also an increasing perception over time that the existing DRM implementations (Adobe, Kobo, Sony) were too heavyweight and proprietary and there existed a need for a new open-source DRM specification and implementation. The result was the Readium LCP (Licensed Content Protection) specification and implementation, which is rolling out in 2017."
Consumer-impact summary
[edit | edit source]While it is commendable that Readium and its partners (like EDRLab) promote open source code and wished to design a DRM system that aimed to avoid vendor lock-in (which could have caused a lack of innovation, diversity, features and would have handed one vendor total control), aimed to be more interoperable, simpler, secure and ensuring that:
"The solution is designed to be minimally intrusive for end-users, who don’t need to create a third-party account. User can share their ebooks with their family or close friends"
[5] it can be argued that DRM in itself is negatively affecting consumers.
Moreover, the Readium SDK was reportedly developed so that it would support multiple DRM technologies, allowing other DRM vendors to easily integrate their systems with Readium. This in effect lowers the barrier to entry, because companies with existing DRM implementations can more easily migrate to Readium and keep using their DRM. The variety also allows for companies that would otherwise be hesitant to pick and choose and implement DRM in a way that might be cheaper or more for them.[6]
In addition to this, Readium has filed DMCA takedown requests to force tools which circumvented Readium LCP to remove code from their repositories. As a result, it is currently not possible for users to archive their own ebooks without Readium LCP DRM in an easy way (or perhaps any way). And as it turns out, there are several examples of users complaining or asking for help with this exact issue.
Readium LCP
[edit | edit source]Preliminary
[edit | edit source]Readium LCP is Readium's DRM system. Readium Foundation is responsible for maintenance of the Readium LCP specification, while:
"management of the Readium LCP ecosystem is handled by EDRLab, acting as Certification Authority."
The design of Readium Licensed Content Protection (LCP) was influenced by a 2012 paper called "EPUB Lightweight Content Protection: Use Cases & Requirements" by Bill Rosenblatt (link in the External Links section). It is also an international standard, referenced as: ISO/IEC 23078-2:2024.
Basics
[edit | edit source]One of the most important concepts in Readium LCP is the LCP license file. It is generated by a Readium LCP License Server and contains:
"
- A set of rights; standard rights are:
- A start and end access date and time, especially useful for library lending;
- The number of pages the user is allowed to print;
- The number of characters the user is allowed to copy/paste;
- The passphrase hint; this information is important; more details below, in section “Interaction with the Reading System”;
- The content key, encrypted; the reading system will use the user passphrase in order to get this data in clear;
- The provider certificate and a digital signature; this information will be used by the reading system for checking that the license has not been modified by anyone other than the provider;
Optional:
- Some limited personal data; LCP can act as a “social DRM”; such information is encrypted for privacy protection, and the License Server does not store this information.
- Optionally, the URL of the protected content associated with this license, used if the license is delivered as a stand-alone file (.lcpl).
"
(The following summarizes what is referred to as the “Interaction with the Reading System” section in the quote above, as well as a few other sections.)
A license file can either be distributed as a standalone file or embedded into an EPUB file.
"A protected EPUB file is simply the association of protected content with a license."
Users can buy ebooks from the reading system and receive license a license file. The reading system then automatically downloads the appropriate EPUB file and embeds the license into it. With this arrangement:
"the EPUB file with its included license can be opened by the reading system, archived, exported to another reading system etc. and the user has only one file to care about."
In an alternative arrangement, the distributor can embed license files into EPUB files, before sending them to the reading system.
Encryption and decryption
[edit | edit source]Its encryption is based on AES. Keys that unlock files are referred to as passphrases. It can either be generated or chosen by the user. Users have one passphrase for each bookstore or library. LCP licenses also include password hints in case a user forgets their password.
"The software transforms the passphrase into a user key (h = hash(pp) then uk = userkey(h), with “userkey” a simple string transfom). The user key can decrypt the content key provided in the user license. The content key can decrypt the content. The Readium LCP library software is mostly open-source, only uk = userkey(h) isn’t (in the open-source version it is void). Only trusted licence providers and trusted app developers know what this string transform is. Therefore one cannot take the open-source software and simply add a “save as clear epub” feature applied on ebooks provided by certified servers."
Incidents
[edit | edit source]This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the Readium category.
DMCA Takedown (2022-01-04)
[edit | edit source]Readium filed a DMCA takedown notice with GitHub in 2022. The notice stated that:
"The user noDRM has published on GitHub software which specifically allows the decryption of ebooks protected by the LCP Profile 1.0 and allows saving them as non-protected ebooks. This infringement violates our legal business and affects authors and publishers’ IP. This codebase is presented as a plug-in of the well-known Calibre software, an open-source ebook manager."
As well as that the explicit circumvention of Readium LCP was in a file called "lpcdedrm.py." And that:
"The user noDRM is actively promoting the activity of cracking both library loans and one-off purchases"
followed to a link to a GitHub Issue to substantiate the claim.[9]
As a result, the relevant files as well as relevant Git history was removed from the repository.
Products
[edit | edit source]- Readium LCP
- Readium Mobile
- Readium Desktop
- Readium Web
- Readium Web Publication Manifest
External Links
[edit | edit source]- Readium LCP Introduction Video (archived)
- Readium LCP v1.0 Specification (archived)
- Readium's DMCA Request (archived)
- Conceptual Basis for Readium LCP
- Readium Architecture
See also
[edit | edit source]References
[edit | edit source]- ↑ "Membership Overview". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "READIUM FOUNDATION CERTIFICATE OF INCORPORATION" (PDF). readium.org. Archived (PDF) from the original on 1 Aug 2024. Retrieved 23 Jun 2026.
- ↑ "Readium Project Goals". readium.org. Archived from the original on 11 Mar 2026. Retrieved 23 Jun 2026.
- ↑ "A Bit of History". readium.org. Archived from the original on 23 Jun 2026.
- ↑ "Readium LCP". edrlab.org. Archived from the original on 17 Jun 2026. Retrieved 23 Jun 2026.
- ↑ "Overview of the DRM ecoystem". edrlab.org. Archived from the original on 23 Jun 2026.
- ↑ "Readium Projects". readium.org. Archived from the original on 27 May 2026. Retrieved 23 Jun 2026.
- ↑ "LCP principles". edrlab.org. Archived from the original on 23 Jun 2026.
- ↑ [private] (2022-01-04). "2022-01-04-readium". Archived from the original on 4 Jun 2026. Retrieved 23 Jun 2026.