Jump to content

Digital rights management

From Consumer Rights Wiki
(Redirected from Digital Rights Management)

Digital rights management (DRM), alternatively known as digital restrictions management[1], broadly refers to any kind of access control technology that is used to deliberately restrict the usage of media content or devices after the sale. It is typically used by a seller to protect their digital rights through prevention of unauthorized distribution or replication of their product. Implementations of DRM can range from very simple (such as a basic disc check) to extremely complex executable binary obfuscation (such as Denuvo)

DRM creates a damaged good; it prevents you from doing what would be possible without it. – Defective by Design[2]

Why it is a problem

[edit | edit source]

Any design of a device that allows it to act against the intention of its owner constitutes a case of eroded ownership over the device.

A DRM technology is, by design, an artificial restriction of capabilities of a device, either in general or only for certain protected types of content. From a perspective of the rights holder (whose rights DRM protects), such restrictions need to be effective when the device or a copy of a creative work is in user's physical possession. And physical access inherently allows for many techniques of analysis and reverse engineering that may be used to devise a way to circumvent the restrictions. Therefore to be effective, a DRM technology needs to withstand the circumvention techniques available to consumers. This presents a significant engineering challenge, seemingly with no perfect solution, because solutions to date have failed or compromised various additional functions in different ways.

For example, Netflix requires HDCP DRM for playback of its video content in advertised quality. And on multi-monitor systems HDCP only works if all connected monitors support it, not just the one that displays the video.[3][4][5] This means that older but fully functional monitors cannot be used as secondary screens without causing HDCP to fail on that PC and thus causing Netflix to serve a version of the content much lower in quality than it advertises.

Requirements such as this are not always clearly disclosed. When they are, they are often buried in the Terms of Service or, in Netflix's case, require navigating through multiple FAQ pages. Furthermore, some content may surreptitiously install DRM without the knowledge or consent of the user, such as in the Sony Rootkit scandal.[6] Such software may contain exploits that can compromise the security of the user's PC.[7]

DRM in video games has frequently been implemented in an intrusive manner, hurting load times and performance.[8] This behavior has been more a result of negligent usage of the DRM rather than deliberate malicious intent. The detrimental effect of DRM on games appears to be known to their developers and publishers, seeing that DRM is removed from some games some time after the release,[9] often with no announcement.[10]

DRM failures can also come as a surprise. For example, with a YouTube Premium subscription, you can "Download videos to watch offline", but such videos are only available for 48 hours without an internet connection.[11] This creates confusion and problems, as users may want to download videos in anticipation of a period without internet access.

Ineffectiveness of audio and video DRM

[edit | edit source]

It is nearly impossible to prevent copying of non-interactive content such as audio and video once it is distributed to the consumer.

Macrovision DRM can be defeated using a widely available time base corrector,[12] which strips out the signal that triggers the AGC on VCRs or Macrovision compliant devices.

Many HDMI splitters[13] and capture cards[14] are capable of decrypting HDCP and copying the video stream. As long as at least one bypass exists at the HDCP level, all streaming content can be trivially ripped.

Audio DRM is trivial to bypass, as the audio must be decrypted into a plain analog signal in order to drive physical speakers or headphones.

DRM degradation

[edit | edit source]

The development of some forms of DRM, such as Games For Windows Live, are reliant on special processes within some operating systems that end up becoming unsupported or deprecated as time goes on. Legacy SecuROM-protected titles (released roughly between 1998 and 2005) are notoriously known for not running on operating systems newer than Windows XP[15][16]. Customers must spend an extensive amount of time circumventing the DRM (or using more illicit methods) just to play content they legitimately purchased.[17]

This DRM degradation has the worst effects on physical licenses of products, as unlike a digital installation, if a physical copy of a game's DRM stops being supported by modern hardware, developers cannot simply distribute a patch to directly modify the code on a disc, and online patches cannot last forever.

DRM in video content

[edit | edit source]

Attempting to prevent the copying of video content is one of the most common and long-standing uses of DRM. The idea of using copy obstruction on video content predates the term "DRM", one early example being the "Automatic Gain Control" requirement in VCRs used to enforce the "Macrovision" copy-protection scheme.[18][19] Formally known as "Analog Copy Protection", the scheme worked by encoding specific control signals into the output signal that corrupted the video. [20] These signals were generally ignored by TVs, so when the VHS tape was played back, the video appeared correct, but VCRs handled these bogus signals, causing the recorded tape to contain the corrupted video. [20]

From 1996, DVDs began to feature the "Content Scramble System" (CSS), an encryption based DRM. CSS was successfully circumvented as early as 1999, less than five years after its introduction, partly due to the limited length of the 40-bit encryption key, which was used to comply with US government export regulations of the time.[21][22] Following this, DVDs as well as HD-DVDs and Blu-Rays would implement other types of DRM, one of them being the "Advanced Access Content System".[23] When the first AACS processing key was similarly extracted, the AACS Licensing Administrator began issuing cease-and-desist letters to websites where the key was posted.[24] Another form of Blu-Ray DRM, Cinavia, uses a form of audio watermarking that makes certain releases unplayable in devices that are not equipped to recognize it, a notable example being Sony's Playstation 3.[25]

In the attempt of preventing video ripping via a capture card, modern displays, optical disc players, and computers use the High-Definition Content Protection system to encrypt display signals.[26] For example, Netflix will refuse to stream content at the full resolution advertised for the plan if the user is not streaming through an HDCP compliant video card and display.

For terrestrial over-the-air broadcast, in 2023 ATSC 3.0 pilot stations across the United States started to encrypt their signals,[27] leaving those that bought ATSC 3.0 tuners that could not decrypt broadcasts unable to watch the newly encrypted channels. Those tuners that were later certified by the A3SA authority to decrypt signals also had potential restrictions placed as part of the DRM scheme, such as blocking recordings and remote tuner access.[28]

DRM in audio content

[edit | edit source]

Another place DRMs were used in was audio content, which was rarely implemented due to audio's analog nature (compared to video and software), making it questionable whether it could effectively block data replication. The most notable application of audio DRM was MediaMax, which essentially functioned as malware to prevent users from simply playing these audio discs on Windows and macOS. There was also the less-notable Extended Copy Protection (XCP) DRM, however it did leave Sony in hot water[29], dubbing this form of DRM also as the Sony Rootkit.

DRM in software

[edit | edit source]

Most discussions about DRM often associate its use with some form of software restriction, from the simple product key, to the infamous Denuvo DRM. Historically, DRM started off with simpler physical techniques, such as decoder wheels and LensLok. The effectiveness of these systems varied, and many cracking groups simply found ways around them, especially since second-hand copies of software that used these primitive forms of DRM could easily become lost, damaged, or worse, fail to function with certain hardware.[30] This has essentially sparked a game of cat and mouse that continues to fester, especially for the gaming community, to this day.

Always-online DRM

[edit | edit source]

Some DRM requires a constant internet connection. While this may make sense in something that inherently requires an internet connection such as a streaming service or multiplayer-only video game, this has also been employed in games with single-player content, rendering customers unable to use their purchase if they do not have an active internet connection.[31] Conversely, if operations for these services are shut down, users, even those with legitimate copies of software and internet access, cannot run their games without resorting to hacking them first.[32][33] Ubisoft has historically been known for server shutdowns and transfers cutting off access to games for many players.[34] Encrypted ATSC 3.0 channels cannot be tuned to without a persistent internet connection.[35]


DRM present elsewhere

[edit | edit source]

Network-Attached Storage Units

[edit | edit source]

See also: Synology requiring proprietary-branded drives to be used with its NAS

In 2025, certain models of pre-built network attached storage units produced by Synology contained DRM in order to prevent the usage of non-Synology branded hard drives.[36] This decision recieved a lot of backlash and was reverted in October 2025.

Printer Ink

[edit | edit source]

See also: HP Dynamic Security

Companies such as HP only allow printers to only use ink sold by the same brand. There are a number of DRM systems employed by different companies to this end, an example of which is HP Dynamic Security, which has caught controversy during recent years. Similarly, Dymo engages in this practice with their paper products using RFID tags.

Air Filters

[edit | edit source]

See also: Molekule threatens to remotely shut down devices used with third party air filters

Some companies, namely Molekule and Xiaomi, use NFC-based DRM systems to ensure that replacement air filters which are inserted in air purifying devices are made by the brand. Molekule additionally threatened to permanently shut down any devices which used third-party filters, essentially bricking them.

Water Filters

[edit | edit source]

See also: GE Refrigerator water filter DRM

Certain models of refrigerators manufactured by General Electric contain DRM in order to prevent customers from purchasing generic water filters and to instead force their own water filters which are more expensive. [37]

Further reading

[edit | edit source]

Types of DRM

[edit | edit source]

Gaming

[edit | edit source]

Other

[edit | edit source]

References

[edit | edit source]
  1. Stallman, Richard. "Opposing Digital Rights Mismanagement". Archived from the original on 9 Oct 2025.
  2. "What is DRM?". Defective by Design. Archived from the original on 2026-02-03. Retrieved 2026-02-06.
  3. "Netflix requires all monitors to be HDCP 2.2. How can I get around this?". Old Reddit. 2024-02-24. Archived from the original on 2025-01-26. Retrieved 20 Apr 2025.
  4. "How do I get Netflix working at 4k on my second monitor?". Old Reddit. 2021-03-22. Archived from the original on 2025-04-03. Retrieved 20 Apr 2025.
  5. "How to use Netflix on your Windows computer or tablet". Netflix Help Center. Archived from the original on 2026-01-04. Retrieved 20 Apr 2025.
  6. "Sony, Rootkits and Digital Rights Management Gone Too Far". Mark Russinovich's Blog. 31 Oct 2005. Archived from the original on 17 Mar 2015. Retrieved 20 Apr 2025.
  7. Krebs, Brian (10 Nov 2005). "Virus Writers Exploit Sony Anti-Piracy Software". Washington Post. Archived from the original on 16 Nov 2006. Retrieved 20 Apr 2025.
  8. Kessler, Ana (25 May 2023). "Testing Reveals Games with Denuvo Launch Up to Four Times Slower". 80.lv. Archived from the original on 2025-09-11. Retrieved 20 Apr 2025.
  9. Wesh, Oli (2009-07-09). "DRM removed, UGC in Witcher patch". Eurogamer. Archived from the original on 2024-12-11.
  10. Grayson, Nathan (2016-12-08). "Doom Becomes Latest Game To Drop Anti-Piracy Tech Denuvo". Kotaku. Archived from the original on 2025-08-21.
  11. "Watch videos offline on mobile in select countries & regions". YouTube Help. Archived from the original on 2026-01-15. Retrieved 20 Apr 2025.
  12. "Bought this box back in the early 90s to eliminate Macrovision copy guard on tapes - cost $49.95 back then. Decided to see if it still works by recording my Red Label Star Wars set to DVD. Still working it's magic!". Old Reddit. 2022-02-09. Archived from the original on 2025-04-02. Retrieved 20 Apr 2025.
  13. "Bypassing HDCP in 2024". Old Reddit. 2024-01-23. Archived from the original on 2025-01-21. Retrieved 20 Apr 2025.
  14. "I bought a $40 capture card off Amazon and it seems to have hdcp bypass because my PS3 works directly with it". Old Reddit. 2024-01-23. Archived from the original on 2025-08-03. Retrieved 20 Apr 2025.
  15. D’Amico, Luca (5 May 2022). "Arabian Nights" (PDF). lucadamico.dev. Archived (PDF) from the original on 2026-01-12. Retrieved 2026-02-06.
  16. @haggar (15 Oct 2006). "Unpacking SecuROM 4.xx". www.reversing.be. Archived from the original on 26 Feb 2022. Retrieved 20 Apr 2025.
  17. Baggs, Nathan (16 Jan 2025). "Hacking This Terrible DRM". YouTube. Archived from the original on 2025-01-20. Retrieved 20 Apr 2025.
  18. "17 U.S. Code § 1201 - Circumvention of copyright protection systems". Cornell Law School. 1999-11-29. Archived from the original on 2026-02-01. Retrieved 2026-02-06.
  19. "Macrovision Demystified". Stanford Engineering Computer Science. 2018. Archived from the original on 2025-12-12. Retrieved 2026-02-06.
  20. 20.0 20.1 Maloney, Dan (2018-05-27). "Rolling Old School With Copy Protection From The 1980s". Archived from the original on 2026-03-19. Retrieved 2026-03-19.
  21. Stevenson, Frank Andrew (27 Oct 1999). "[Livid-dev] Successfull attack on CSS algorithm". Carnegie Mellon University School of Computer Science. Archived from the original on 2026-01-14. Retrieved 2026-02-06.
  22. Stevenson, Frank A. (8 November 1999). "Cryptanalysis of Contents Scrambling System". DVD-Copy. Archived from the original on 2000-03-02. Retrieved 2026-02-06.
  23. "Advanced Access Content System (AACS)" (PDF). Archived from the original (PDF) on 2 Mar 2007. Retrieved 20 Apr 2025.
  24. "AACS licensor complains of posted key". Lumen. 17 Apr 2007. Archived from the original on 2025-12-07. Retrieved 20 Apr 2025.
  25. Ganesh, T. S. (21 Mar 2012). "Cinavia DRM: How I Learned to Stop Worrying and Love Blu-ray's Self-Destruction". AnandTech. Archived from the original on 8 Jul 2025. Retrieved 20 Apr 2025.
  26. "About DCP". Digital CP. Archived from the original on 2026-01-04. Retrieved 20 Apr 2025.
  27. Seidman, Lon (15 May 2023). "Broadcasters Roll Out Restrictive DRM Encryption on ATSC 3.0 Broadcasts". Lon.tv. Archived from the original on 2026-01-04. Retrieved 20 Apr 2025.
  28. Newman, Jared (28 Jul 2023). "NextGen TV's DRM puts future of the over-the-air DVR in doubt". TechHive. Archived from the original on 2025-12-13. Retrieved 20 Apr 2025.
  29. "Sony BMG copy protection rootkit scandal". Wikipedia. 1 February 2026. Archived from the original on 2026-02-04. Retrieved 20 Apr 2025.
  30. Whitehead, Ben (15 Apr 2010). "Banging the DRM". EuroGamer. Archived from the original on 2025-11-18. Retrieved 20 Apr 2025.
  31. Kain, Erik (17 May 2012). "'Diablo III' Fans Should Stay Angry About Always-Online DRM". Forbes. Archived from the original on 2025-10-24. Retrieved 20 Apr 2025.
  32. Vitor, João (12 Jul 2024). "Rewriting completely the GameSpy support from 2000 to 2004 using Reverse Engineering on EA and Bungie Games". Keowu Blog's. Archived from the original on 2025-12-16. Retrieved 20 Apr 2025.
  33. Burns, Chris (4 Apr 2014). "GameSpy Shuts Down May 31: Will Your Game Be Affected?". SlashGear. Archived from the original on 2025-10-24. Retrieved 20 Apr 2025.
  34. Sharkey, Mike (2012-02-08). "Ubisoft DRM Locks Out Paying Customers". IGN Entertainment. Archived from the original on 2015-09-06. Retrieved 20 Apr 2025.
  35. Seidman, Lon (3 Sep 2023). "The ADTH Nextgen TV Box Shows Us Just How Bad ATSC 3.0 Encryption Will Be." Lon.tv. Archived from the original on 2025-12-14. Retrieved 20 Apr 2025.
  36. Morales, Jowi (2025-04-16). "Synology requires self-branded drives for some consumer NAS systems, drops full functionality and support for third-party HDDs". Tom's Hardware. Archived from the original on 2026-01-07. Retrieved 2026-02-06.
  37. Bode, Karl (2020-01-23). "These Fridges Won't Dispense Filtered Water Unless You Pay Extra for 'Official' Filters With RFID Chips". VICE. Archived from the original on 2025-10-21. Retrieved 2026-02-06.
Retrieved from "https://consumerrights.wiki/index.php?title=Digital_rights_management&oldid=52013"