Re: Blue Spike and Digital Watermarking with Giovanni
Working for Xerox I can assure you that all of our colour machines together with all our competitors colour machines leave a "trace". Pointer to how this trace is applied, recorded, accounted for, and handled when components are swapped out? --dan
Re: Blue Spike and Digital Watermarking with Giovanni
Eugene Leitl [EMAIL PROTECTED] writes: Well, the deformations must be smooth, so this just describes an attack against a certain type of watermarks. Yes. They found that there was one watermarking product on the market that was not defeated by their standard mechanism, and developed a new mechanism that defeated that one too. Of course, the state of the art in watermarking may have moved on since that paper was written, but if anyone knows of a watermarking product for images that has not already been defeated I'd be interested to know. -- __ \/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ / /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
Re: Blue Spike and Digital Watermarking with Giovanni
Hi Eugene, There are many parts of your recent comments which I disagree with, as much as I understand them. Some of what you write isn't really clear to me, and I don't feel like debating each point in detail. However, here are a two points of clarification, regarding "Napster" and my definition of "linear media". Prosecuting consumers who are engaged in low-order piracy, for their own benefit or perhaps to raise enough money for a six-pack of beer by flogging a few copies of music to friends is not the same as prosecuting a company, organisation or person who systematically makes a product or service which is arguably intended primarily to facilitate unlicensed replication of copyright material. I don't support the knee-jerk reaction to the big record companies - the furious copying of commercially available music as an alternative to paying for it. From what little I know about this, if Napster are primarily facilitating this, and especially if they are profiting from it, then I hope the RIAA win the case. In my paper at http://www.firstpr.com.au/musicmar/ I define five types of copying: 1 - Purchaser copying 2 - Listener sharing 3 - Listener theft 4 - Listener piracy 5 - Commercial piracy 1 is necessary for the purchaser to derive full value from their recorded music. 2 does not reduce sales, since the recipient was not planning on purchasing the music. Very often it is the best form of marketing - giving a free sample with a personal recommendation from a friend from which the recipient can become enthused and so later purchase from the artist. 3 is the listener avoiding their own purchases by copying. 4 is one listener doing this on a small scale for others, perhaps for a small profit. Someone who directly or indirectly facilitated 3 or 4 as a primary purpose of their actions (rather than it being just one thing a CD-R burner can do) is arguably guilty of 5. But this and quite a bit of this whole discussion is beyond the scope of a crypto list. By "linear media" I meant to include text, video, sound and potentially some other things. For instance, while this may not exist yet, it would be linear media by my definition: recorded, rather than interactive, cyberdildonics (electronic control of vibrators and the like). The criteria for "linear media" is that the listener/user/consumer experiences the "product" as a linear set of sensations, which can be recorded. (Anything which can be recorded can be recorded digitally, but this is not an essential part of my understanding of what "linear media" means.) In contrast, a video game is not "linear media". Although it involves sound and vision, it also must involve feedback from the player. Therefore the video game is not recordable, and can only be provided by some mechanism, such as a computer running a program. That opens up many more opportunities for copy (or rather *run*) protection. 1 - Program won't run unless it can talk to dongle. 2 - Program won't run unless it can talk to server via the Net. In both cases, it would be possible, although not necessarily cost-effective, to reverse-engineer the code and patch it so the real dongle or Net connection was not required. To overcome this difficulty, some essential functional element of the program could be implemented by the dongle or remote server. For the dongle, this could be quite costly to implement - but potentially very hard to work around. For instance, a central algorithm of the game is executed by a CPU running in a tamper-proof card or module (lets assume this is possible, which it probably is to a high degree with sufficient expense and careful design). Communications to and from this buried CPU are encrypted and the card erases the necessary keys for communicating with it if the device is tampered with, or if it does not get regular signed messages that the user has paid their subscription. (There would be many other ways of achieving the same thing, such as the algorithm's code being in RAM and being erased if the module is tampered with etc.) Locating a functional part of the program on a remote server really does make the player dependent on friendly relations with whoever runs that server. Unless someone else can write a local CPU program to replicate the functionality of the remote algorithm, then this approach is bulletproof. (Or run a replica of the algorithm on *their* server and charge people to access it!) As far as I know, watermarking (AKA digital fingerprinting) does not refer to serial numbers or doing anything to computer programs. It concerns using steganographic techniques (or similar) to encode secret data so it is hidden (from human senses and from simple reverse-engineering efforts) in the noise component of "linear media" such as analogue or digital recordings of sound or still or moving images. - Robin === Robin Whittle[EMAIL PROTECTED]
Re: Blue Spike and Digital Watermarking with Giovanni
As far as I know, all fielded watermarking schemes can be defeated with simple, invisible distortions of the image - see http://www.cl.cam.ac.uk/~fapp2/steganography/ for work done by Fabien Petitcolas and Ross Anderson. You don't even have to have more than one copy of the picture or know very much about the scheme in use. -- __ \/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ / /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
Re: Blue Spike and Digital Watermarking with Giovanni
On Sat, 15 Jan 2000, Eugene Leitl wrote: Joe Sixpack also doesn't believe that color laser copiers leave an unique signature on each copy, allowing you to trace the copy to an individual device. Nevertheless these are there, and can be evaluated if need arises. (Just try distributing a few xeroxed $100 bills, and time how long it takes until the feds knock on your door). Do you have a reference for that? [There have been SO many articles on this recently, including a long thread on RISKS: the summary being that it is absolutely true. --Perry] -Bram
Re: Blue Spike and Digital Watermarking with Giovanni
Well, the deformations must be smooth, so this just describes an attack against a certain type of watermarks. As I said, it is difficult to resiliently watermark a single image. Paul Crowley writes: As far as I know, all fielded watermarking schemes can be defeated with simple, invisible distortions of the image - see http://www.cl.cam.ac.uk/~fapp2/steganography/ for work done by Fabien Petitcolas and Ross Anderson. You don't even have to have more than one copy of the picture or know very much about the scheme in use.
RE: Blue Spike and Digital Watermarking with Giovanni
Correct Working for Xerox I can assure you that all of our colour machines together with all our competitors colour machines leave a "trace". I have seen this in action with respect to our Australian Federal Police tracking down money printed on one of our machines. Regards AM -Original Message- From: bram [mailto:[EMAIL PROTECTED]] Sent: Monday, January 17, 2000 8:20 AM To: Eugene Leitl Cc: [EMAIL PROTECTED] Subject: Re: Blue Spike and Digital Watermarking with Giovanni On Sat, 15 Jan 2000, Eugene Leitl wrote: Joe Sixpack also doesn't believe that color laser copiers leave an unique signature on each copy, allowing you to trace the copy to an individual device. Nevertheless these are there, and can be evaluated if need arises. (Just try distributing a few xeroxed $100 bills, and time how long it takes until the feds knock on your door). Do you have a reference for that? [There have been SO many articles on this recently, including a long thread on RISKS: the summary being that it is absolutely true. --Perry] -Bram
Re: Blue Spike and Digital Watermarking with Giovanni
[EMAIL PROTECTED] (Sat 01/15/00 at 06:06 PM -0800): arguments can be made for why you don't need to get that many texts even given no knowledge of the watermark system. I'll post more if pushed --PM] Please do, this sounds interesting. ditto. [Joe Sixpack has nothing to to lose and almost no odds of being caught giving away two or three copies... --PM] The point of watermarking is that you can personalize each piece, linking it to the customer's identity. Percolation of warez through buddy networks would eventually reveal original purchaser. if these meager functions are all that watermarking accomplishes, it's a technology whose time isn't coming. serial numbers already personalize each piece, with the result that serial numbers them- selves have become a commodity in warez 'markets'--just like the identical, mass-produced objects they serve to serialize. have software industry orgs ever shown any interest in pursuing original purchasers? why bother? it'd be a rare jury that'd punish a schlemiel for having software 'stolen by his (kid|neighbor|house- cleaner|cousin).' but for distributing warez, or making a profit using them, well, that's another story--and that's who they *will* go after. Of course this is unlikely to be implemented, but in theory it's doable. the whole idea of serializing mass market commodities in order to control their disposition beyond the point of sale is idiotic. in very controlled, very limited settings it can make sense, but not in an economy of scale. cheers, t
Re: Blue Spike and Digital Watermarking with Giovanni
Digital watermarks again! Joe Sixpack won't believe his file contains a digital watermark with his name in it unless there is a freely distributed Windows/Mac program which reads the watermark and so spits out his name and other personal details. That being the case, it is only a matter of time before the code and the watermark algorithm is reverse-engineered. Then a program can be written to remove the watermark. What use is the watermark anyway? It is only applicable to files generated for a specific, legally identifiable customer. Therefore it does not apply to pre-pressed CD/DVD etc. discs or to broadcasts via the Net, TV, radio etc. Who is going to prosecute Joe Sixpack or Jo Lipstick? Not a big company which is interested in its public image. Not a small company, because of the the costs. Maybe a big company which doesn't care about its reputation - to set and example. But that would only encourage all the other Joes and Jos to copy some more! What's the use when Joe or Joe's watermarked, or proprietary-encoded audio file must be reproduced via a PC soundcard, and there are programs to write the raw 16 bit data to disk as .WAV or perhaps as .MP3? I guess the same principle applies to video. (Linear media such as text, audio and video cannot be copy-protected. Material constituting computer software - something interactive which must run on a CPU and do things with a user - can be protected reasonably well via hardware keys or better still, live links to a server via the Net. The security of such transactions would be a worry for network administrators . . . and anyway, watermarking is only for linear media.) If the watermark is inaudible, then why should we believe it will survive compression schemes which cut to the bone of human perception? If it is audible, then why would anyone want to buy the watermarked material? Considering the bizarre beliefs in so-called "high-end" hi-fi (which resemble religiously inspired fear and fervor - such as so-called clock jitter in SP/DIF electrical/optical cables, oxygen-free copper power cords . . . ) then why would this segment of the market accept deliberately altered goods, especially when they can't hear it but *know* it's there? Both the Internet and CD-Rs put mass digital copying in the hands of consumers. Content creators need to make the most of this, not fool themselves they can prevent it. They need to build positive, trusting relationships with people who might be prepared to purchase their material. There is no alternative. Building these kinds of relationships would be very difficult with the old pre-pressed disc (or cylinder in the century before last) paradigm which constitutes the established record industry. Those are mass-market, time-delayed capital- transport- and labour-intensive approaches - but worst of all they are one-way. Fortunately, the Net is the ideal basis for building these lasting, happy relationships. To continue this line of discussion, with diagrams, see something I wrote in 1995, which is still largely relevant: Music Marketing in the Age of Electronic Delivery: http://www.firstpr.com.au/musicmar/ In all the technical forms and business scenarios I have heard of, digital watermarks/fingerprints are technically weak and relatively useless in a business sense. Even if they were strong and useful in the way they were intended, I believe the intention in many instances is wrong. These schemes only survive because: 1 - There is some impressive-sounding, super-secret, crypto-secure technical basis for them, 2 - because there is a one group of people who are willing to sell them, and 3 - because there is another group of people (artists and owners of their work) who like what they are told about watermarks etc. but lack the technical understanding and/or vision to realise they are next to useless, or worse. - Robin === Robin Whittle[EMAIL PROTECTED] http://www.firstpr.com.au Heidelberg Heights, Melbourne, Australia First Principles Research and expression: Consulting and technical writing. Music. Internet music marketing. Telecommunications. Consumer advocacy in telecommunications, especially privacy. M-F relationships. Kinetic sculpture. Real World Electronics and software for music including: Interfaces Devil Fish mods for the TB-303, Akai sampler memory and Csound synthesis software. ===
Re: Blue Spike and Digital Watermarking with Giovanni
What use is the watermark anyway? It is only applicable to files generated for a specific, legally identifiable customer. Therefore it does not apply to pre-pressed CD/DVD etc. discs or to broadcasts via the Net, TV, radio etc. Well, serial numbers are somewhat useful in tracking pirate copies of stuff, since they make it easier to identify each "strain" of pirated stuff. But I agree that it's a whole lot less than why the digital watermark advocates would have us believe they can do. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47