Profile

Cover photo
Thomas Roessler
Works at Google
Attended University of Bonn
Lives in San Francisco, CA 94110, US
1,617 followers|25,183 views
AboutPostsPhotosYouTube

Stream

Thomas Roessler

Shared publicly  - 
 
This is an ... interesting case study.
1
1
Thomas Roessler's profile photo
Add a comment...

Thomas Roessler

Shared publicly  - 
 
Luca Filigheddu originally shared:
 
True!
3 comments on original post
6
2
Karel Wouters's profile photoThomas Kriegelstein's profile photo
Add a comment...

Thomas Roessler

Shared publicly  - 
 
"Space for your own questions:" - "What is your professional judgment of these security questions?" - "ineffective"

(To be faxed to a "secure fax line". I was debating whether "theatrical" or "ineffective" was the better answer.)
1
Add a comment...

Thomas Roessler

Shared publicly  - 
 
And now, off to Quebec. Then Boston.
1
Add a comment...
Have him in circles
1,617 people
Nebir Mahmud's profile photo
Lauren Weinstein's profile photo
DI Peter Steiner's profile photo
babam shuks's profile photo
karamoko moussa's profile photo
Mithila Stewart's profile photo
iSONI Computer's profile photo
Timo Geis's profile photo
nguyen hieu's profile photo

Thomas Roessler

Shared publicly  - 
 
ACLU v. Clapper: "This blunt tool only works because it collects everything."   #NSA
1
Add a comment...

Thomas Roessler

Shared publicly  - 
 
 
Discussions about DRM often land on the fundamental problem with DRM: that it doesn't work, or worse, that it is in fact mathematically impossible to make it work. The argument goes as follows:

1. The purpose of DRM is to prevent people from copying content while allowing people to view that content,

2. You can't hide something from someone while showing it to them,

3. And in any case widespread copyright violations (e.g. movies on file sharing sites) often come from sources that aren't encrypted in the first place, e.g. leaks from studios.

It turns out that this argument is fundamentally flawed. Usually the arguments from pro-DRM people are that #2 and #3 are false. But no, those are true. The problem is #1 is false.

The purpose of DRM is not to prevent copyright violations.

The purpose of DRM is to give content providers leverage against creators of playback devices.

Content providers have leverage against content distributors, because distributors can't legally distribute copyrighted content without the permission of the content's creators. But if that was the only leverage content producers had, what would happen is that users would obtain their content from those content distributors, and then use third-party content playback systems to read it, letting them do so in whatever manner they wanted.

Here are some examples:

A. Paramount make a movie. A DVD store buys the rights to distribute this movie from Paramount, and sells DVDs. You buy the DVD, and want to play it. Paramount want you to sit through some ads, so they tell the DVD store to put some ads on the DVD labeled as "unskippable".

Without DRM, you take the DVD and stick it into a DVD player that ignores "unskippable" labels, and jump straight to the movie.

With DRM, there is no licensed player that can do this, because to create the player you need to get permission from Paramount -- or rather, a licensing agent created and supported by content companies, DVD-CCA -- otherwise, you are violating some set of patents, anti-circumvention laws, or both.

B. Columbia make a movie. Netflix buys the rights to distribute this movie from Columbia, and sells access to the bits of the movie to users online. You get a Netflix subscription. Columbia want you to pay more if you want to watch it simultaneously on your TV and your phone, so they require that Netflix prevent you from doing this.

Now. You are watching the movie upstairs with your family, and you hear your cat meowing at the door downstairs.

Without DRM, you don't have to use Netflix's software, so maybe just pass the feed to some multiplexing software, which means that you can just pick up your phone, tell it to stream the same movie, continue watching it while you walk downstairs to open the door for the cat, come back upstairs, and turn your phone off, and nobody else has been inconvenienced and you haven't missed anything.

With DRM, you have to use Netflix's software, so you have to play by their rules. There is no licensed software that will let you multiplex the stream. You could watch it on your phone, but then your family misses out. They could keep watching, but then you miss out. Nobody is allowed to write software that does anything Columbia don't want you to do. Columbia want the option to charge you more when you go to let your cat in, even if they don't actually make it possible yet.

C. Fox make a movie. Apple buys the rights to sell it on iTunes. You buy it from iTunes. You want to watch it on your phone. Fox want you to buy the movie again if you use anything not made by Apple.

Without DRM, you just transfer it to your phone and watch it, since the player on any phone, whether made by Apple or anyone else, can read the video file.

With DRM, only Apple can provide a licensed player for the file. If you're using any phone other than an iPhone, you cannot watch it, because nobody else has been allowed to write software that decrypts the media files sold by Apple.

In all three cases, nobody has been stopped from violating a copyright. All three movies are probably available on file sharing sites. The only people who are stopped from doing anything are the player providers -- they are forced to provide a user experience that, rather than being optimised for the users, puts potential future revenues first (forcing people to play ads, keeping the door open to charging more for more features later, building artificial obsolescence into content so that if you change ecosystem, you have to purchase the content again).

Arguing that DRM doesn't work is, it turns out, missing the point. DRM is working really well in the video and book space. Sure, the DRM systems have all been broken, but that doesn't matter to the DRM proponents. Licensed DVD players still enforce the restrictions. Mass market providers can't create unlicensed DVD players, so they remain a black or gray market curiosity. DRM failed in the music space not because DRM is doomed, but because the content providers sold their digital content without DRM, and thus enabled all kinds of players they didn't expect (such as "MP3" players). Had CDs been encrypted, iPods would not have been able to read their content, because the content providers would have been able to use their DRM contracts as leverage to prevent it.

DRM's purpose is to give content providers control over software and hardware providers, and it is satisfying that purpose well.

As a corollary to this, look at the companies who are pushing for DRM. Of the ones who would have to implement the DRM, they are all companies over which the content providers already, without DRM, have leverage: the companies that both license content from the content providers and create software or hardware players. Because they license content, the content providers already have leverage against them: they can essentially require them to be pro-DRM if they want the content. The people against the DRM are the users, and the player creators who don't license content. In other words, the people over whom the content producers have no leverage. 
66 comments on original post
1
Add a comment...

Thomas Roessler

Shared publicly  - 
 
 
Abstract of a new deanonymization paper that we plan to make public within the next week or two. It will appear at IEEE S&P.

On the Feasibility of Internet-scale Author Identification
Arvind Narayanan, Hristo Paskov, Neil Gong, John Bethencourt, Emil Stefanov, Richard Shin, Dawn Song

We study techniques for identifying an anonymous author via linguistic stylometry, i.e., comparing the writing style against a corpus of texts of known authorship. We experimentally demonstrate the effectiveness of our techniques with as many as 100,000 candidate authors. Given the increasing availability of writing samples online, our result has serious implications for anonymity and free speech — an anonymous blogger or whistleblower may be unmasked unless they take steps to obfuscate their writing style.

While there is a huge body of literature on authorship recognition based on writing style, almost none of it has studied corpora of more than a few hundred authors. The problem becomes qualitatively different at a large scale, as we show, and techniques from prior work fail to scale, both in terms of accuracy and performance. We study a variety of classifiers, both "lazy" and "eager", and show how to handle the huge number of classes (authors). We also develop novel techniques for confidence estimation of classifier outputs. Finally, our work is the first to demonstrate stylometric authorship recognition on texts written in different contexts.

In over 20% of cases, our classifiers can correctly identify an anonymous author given a corpus of texts from 100,000 authors; in about 35% of cases the correct author is one of the top 20 guesses. If we allow the classifier the option of not making a guess, via confidence estimation we are able to increase the precision of the top guess from 20% to over 80% with only a halving of recall.
3 comments on original post
1
Steven Bellovin's profile photo
 
For several years, I've thought about applying this technique to anonymous referee reviews of papers.
Add a comment...

Thomas Roessler

Shared publicly  - 
 
Ivan Herman originally shared:
 
One of the exciting events of the past few months was the joint announcement of schema.org from three major search engine providers (Google, Yahoo, and Microsoft). It was a major step in the recogniti...
View original post
1
Add a comment...

Thomas Roessler

Shared publicly  - 
 
Done with Anathem. If you haven't read it, you're missing out.

http://roessler.posterous.com/review-neal-stephenson-anathem
I know I'm late to the party: I finally got hold of Neal Stephenson's Anathem. Still, the book is worth a quick review, and a whole-hearted "go read it." The first quarter or so is a fun, but somewhat...
1
Dan Connolly's profile photo
 
Thanks for the suggestion; I just reserved it at my local library.
Add a comment...
People
Have him in circles
1,617 people
Nebir Mahmud's profile photo
Lauren Weinstein's profile photo
DI Peter Steiner's profile photo
babam shuks's profile photo
karamoko moussa's profile photo
Mithila Stewart's profile photo
iSONI Computer's profile photo
Timo Geis's profile photo
nguyen hieu's profile photo
Work
Employment
  • Google
    2013 - present
  • World Wide Web Consortium
    2004 - 2013
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
San Francisco, CA 94110, US
Previously
Santa Clara, CA 95054, United States - Luxembourg
Links
Contributor to
Story
Tagline
Web stuff.
Introduction
Web stuff.
Education
  • University of Bonn
    Mathematics
Basic Information
Gender
Male