• Hornster (unregistered)

    TRWTF then, is that the digital camera point didn't mean her answer to 'how hard' should have been impossible.

  • Pussycat (unregistered)

    The developers went a month without pay hoping to get funded for an app that prevents screenshots of itself? Hope that was some really good ramen, pizza and coffee and they were doing this for the experience (i.e. they were fresh out of uni and missed out on multi-national company internships where they would have been paid about the same)

  • Dave (unregistered)

    TRWTF is that apparently the business plan fell apart if anyone was able to copy some info off a screen. Sounds like the investors weren't stupid, they were pointing out the flaw in the business plan.

  • Artyom (unregistered)

    TRWTF is how badly [pre]sales did their job. They tried to offer a software solution (and failed) where a complex solution should have fit.

    If all you have is a hammer, everything looks like a nail. If all you have is a software development team, everything that isn't solvable by the means of only software seems ridiculous.

  • mb (unregistered)

    "Just take a photo" was the first thing that came to my mind when reading "prevent screenshots". The requirement of totally preventing screenshots should have been a warning sign by itself, since it means that someone did not think this through.

  • Robert Morson (google)

    The main error I see occurs in the third paragraph, when Dominique says, "It's possible." The correct response was, "Pretty much impossible." Or, "Are you insane?"

  • Artyom (unregistered) in reply to mb

    Well, actually, DRM still works somehow, though its designers haven't thought this through either.

  • Nope (unregistered)

    I knew the "stupid" investor accusation was coming. They asked you for no exfiltration of sensitive data, you tried to sell them a system that could be bypassed by a teen with his cellphone. You failed.

    Do you think if a datacenter or the military asked you to protect their secret data they are just kidding? They'd be much more stringent than that on their security requirements, like counter measures against exfiltration of data through blinking LEDs on the computer hardware, or via soundwaves or radio signal transmissions.

  • mb (unregistered) in reply to Artyom

    I have successfully made analog copies of drm-protected video. This means a loss of quality or at least of reusability, but still I somehow have the stuff they want me to not have. Like one can make illegal recordings in a cinema or concert. DRM just prevents others from using the full value of the protected material, and thus protects the owner from other people making the profit instead of him. But the sentence "You can make out a lot of detail on here" shows what one should have suspected: That the investor wanted a way to actually protect the visible material.

  • even digital copies probably are possible (unregistered)

    The picture is, off course, the easyest, but: how about remote-ing in to the computer? RDP / VNC/ .... or running it in a VM?

    ....

    still, Probably the root of this one is just the DRM-story, but too much censoring took place..

  • Quite (unregistered)

    I would like to offer that this be submitted to Classics -- along with the man who bought the coal and the ITAPPMON robot. Wonderful buildup, good dramatic tension, then the laugh-out-loud bathetic punchline.

  • mb (unregistered) in reply to Nope

    They want to protect data while presenting it to a user - TRWTF. The wish for blocking screenshots implies the data is to be shown on the users' own machines, otherwise they couldn't care less if screenshots are saved to some harddisk the user can't read anyway. The military in your example will either want to prevent people to access data that is not to be shown at all, or they will show it only on machines they have physically under control in a place where they can search you for cameras before they let you in.

  • LXE (unregistered)

    One way around the digital camera would be to display only a part of the image in a single frame. Another would be to display certain logical colors of the image by changing the physical color every frame. A human eye can capture the boundary line in this case (though would get tired soon). Another way, make every other line high-contrast against the dominant color (e.g. for black text on white, every other line black). If a hardware way is possible, use a microwave/IR emitter.

  • mb (unregistered) in reply to LXE

    Hardware solution is impossible. The wish for blocking screenshots implies the data is to be shown on the users' own machines, otherwise they couldn't care less if screenshots are saved to some harddisk the user can't read anyway. And with a halfway decent camera (even a good camera app on the phone), one can capture the "tricky colors" image as well.

  • Matthias (unregistered)

    Actually, this is a pretty huge problem, which is why our beloved manufacturers are taking care of it. Ever tried to make a photocopy of a Euro bill on a modern photocopier? It will not work, because the bill has a pattern of dots (EURion constellation) that is recognized by the copier which then stops the process. The very same can easily be done with photo and video cameras. Hollywood has already years ago suggested a watermarking for movies that can be recognized by modern video cameras which then refuse to record the movie from a screen or TV (Cinavia for audio, etc.).

    Technical barriers are endless, as are the wits of those pesky users who will always find a way.

    http://www.telegraph.co.uk/technology/advice/8597875/Why-cant-I-scan-a-banknote.html http://www.myce.com/article/cinavia-the-copy-protection-that-doesnt-want-to-be-silenced-68001/

  • Nate Hoffelder (unregistered) in reply to mb

    Me, too.

  • LXE (unregistered) in reply to mb

    Then disable all text display (e.g. black on black, or white on white) and only use accessibility features, such as touch exploration and talkback.

  • mb (unregistered) in reply to LXE

    I understood this was about presenting (among other stuff) images to the user, as it says "encrypt all copyrighted images that are stored to disk".

  • Craig (unregistered)

    I wonder if digital cameras block the EURion constellation if it is on the screen, if so it could have put that on the screen at all times.

  • mb (unregistered) in reply to Matthias

    Analog cam it is, then. I will get my copy of their "promotional material"! I will!! I still don't get why they consider it harmful when more people see their ads. Probably this is TRWTF after all.

  • Brian Boorman (google)

    Old news.

    https://blogs.msdn.microsoft.com/oldnewthing/20130603-00/?p=4193/

  • Derp (unregistered)

    Gern article, therefore Mary Sue trans-fantasy, therefore didn't read.

  • Tim (unregistered)

    The fault is entirely with Bento for promising to deliver something they knew was (or could easily have determined to be) impossible. From the sound of it, they were actively touting something impossible to their investors. Anyone who works for a company like that deserves all they get.

  • Ron Fox (google) in reply to Nope

    Well, having no clearance but having had to work in a facility with a security classification over my head (WPC), I can tell you that the U.S. in any event handles that through strict controls over what you can and and can't bring into and out of such facilities coupled with escorting people like me around -- continuously.

    In the installation I worked at the first time I would not have been allowed to bring in a cellphone or any other device capable of either taking images or transmitting from within the facility. The second time things were a bit more relaxed in that if necessary (for trouble shooting) I was allowed to take and transmit to a vendor a picture - under strict supervision.

    The computers I dealt with were air walled because I had not only touched them but configured them.

  • operagost (unregistered)

    Don't try to fix through software what must be mitigated through policy.

  • Bill (unregistered)

    It's pretty obvious the investors weren't interested and looking for a way out. If they didn't find this 'problem', they would have found another. If an investor doesn't allow another round due to an unforeseen scenario, they aren't very interested.

  • Brian (unregistered)

    Wow, WTFs all around. Salespeople trying to sell something impossible, developers not pushing hard enough to explain why it's impossible (and, apparently, not coming up with the cellphone problem which most readers here probably thought of within a minute), and investors making a snap decision based on one rushed demo without giving any consideration to the idea that maybe software can't do everything.

    Ok, I take that last one back. Maybe the investors were smart enough to recognize a WTF business and chose to pull out before the company inevitably imploded.

  • LXE (unregistered) in reply to mb

    For images, an aggressive "magnifying glass" would be an equivalent of talkback.

  • Alchemist (unregistered)

    Needs more professional artist drawing duplicate of the screen on paper laying on wooden table.

  • Alchemist (unregistered)

    Actually, there might be a way.... Have the software only run on a machine with built-in webcam, verify that built-in webcam is functional, then write detection software that detects a camera or smart phone being held in front of the screen and blank the screen.

    (I can't believe I'm even suggesting this. PLEASE don't tell my boss. We have a database that was expensive to build and he's paranoid about anybody stealing the database. Every couple of years he comes back to the idea of how do we prevent someone with a camera from snapping pics of our output screens. I keep telling him that while not completely impossible it is completely incompatible with usability, and present options like weird refresh rates, fonts that fade visibility so no word is 100% visible at a time, etc. Usually placates him for another couple of years.)

  • Kashim (unregistered)

    TLDR: You also can't stop someone with an eidetic memory from just memorizing the screen. TRWTF is that the software engineer gave an answer before fully understanding the question. If the system had to be completely "foolproof" to that level, she had to say it was not possible. Stopping users from getting the data can only be done if you can meet two conditions: you have to have hardware control of the PC that the information is being displayed on, and you have to be able to search users for recording devices before they gain access to the location where the PC is located. Nothing else is "foolproof". If you have access to the hardware, you can always put a device in-line with the VGA (or other) cable to the monitor that records all of the data to be played back later. Even if you defeat the picture (though the methods above are atrocious), you can't defeat the video. If you can gain a video for playback, you can see exactly what was on the screen. Learn what companies don't want to admit: if you give data to a customer to display on their own system, then no matter what you do, you can't prevent the smartest users from making at least low-fidelity copies of that data. Anything you have to display to their monitor, their speakers, or any other user interface device can be captured as long as you can get an in-line listening device on the cable, or a camera or recording device into the room. You can make data capture exceedingly difficult, but in the end you simply cannot make it impossible as long as it is just voltage on a line. All of the things above amount to about the feasibility of "Here is the EMP field that you have to pass through before you can access the computer." to which I would respond "Here is the hand-crank video camera from the 30s that defeats your system."

  • Zenith (unregistered)

    Reminds me of a program that I once worked on. God, I hate how often I read this site and say that.

    We had two lead duhvelopers who clearly received their education from the University of Cooookie Crisp. They had a real Mickey Mouse project that was a year behind with nothing to show for it. A large chunk of it was basic data input pages and they chose to use the old FormView control. Lots of problems with that. I remember at one point being told to use AJAX even though it threw an exception that said AJAX wasn't supported.

    But what really stuck out was their complete obliviousness to how HTTP works. Anything that you POST to an HTTP form ends up on the server. The FormView, meanwhile, blindly processes every element declared within it. Well, these dolts were insisting that audit information be included with the FormView. So I opened up a page, typed enough JavaScript into the URL box to set the audit fields, pushed the Save button, and overwrote all of the auditing data with garbage.

    Barely a week later, I was collecting unemployment.

    I guess it wasn't the first time I'd shown those two imbeciles up. I remember another time I was assigned to test a new Do Not Call registry page. In less than an hour, I had a list of 25 or so bugs, including the ability to launch a DOS attack by holding down the Enter key.

    The point is that you just can't tell some managers what they don't want to hear. Judging from how the conversation with "Stephen" went, even if somebody did think of somebody using a camera, it wouldn't have mattered. As much as they were able to thwart, they may have been able to beat a camera too eventually. TRWTF here is working for over a month without pay.

  • KiTA (unregistered) in reply to even digital copies probably are possible

    I've done the VM thing when I needed to convert a ebook to JPG. If I had to do it again I'd make it easier on myself and just output the VGA to a capture device.

  • welp (unregistered)

    I wonder how much of this story is Gernfluff. The primary WTF is fun, but I have a suspicion-by-default that some of the other WTF-y details (dumb devs/managers, working without pay, etc.) didn't actually happen.

  • Carl Witthoft (google) in reply to welp

    Hope it's GernCruft. Othewise, anyone working for a month (already) without pay is the REAL TOTALLY WTF. If the startup's owner has fucked up his cash flow that badly, it's only going to get worse.
    First time you get stiffed on a paycheck, do something like putting a lien on the boss's house.

  • TheCPUWizard (unregistered)

    Don't forget micro video recorders [HDMI, DVI, VGA]....These have been used more than once. They are much worse than still pcitures as they can do a very good job of capturing information that is present for only a very short time...

  • SecondDigitOfPi (unregistered)

    Until Stephen rang Dominique, the "browser for promotional materials of yet-to-be-released merchandise" didn't try to prevent images being saved, encrypt files cached or disable the standard context menu... so what did it actually do?

  • Donald Leslie (google)

    In the early days of the Industrial Revolution we sent people with eidetic memories to copy English machinery so we could copy their technology.

  • Simon (unregistered) in reply to Robert Morson

    Absolutely this. What on earth was she thinking, that the first words out of her mouth were "it's possible". Even if it was possible (which it obviously isn't), you should not be opening your reply with such an unqualified statement. Appropriate responses would be "probably not", "very unlikely"... or as you say, "are you insane?"

  • S73v3r (unregistered)

    I fully believe that any company who has the intention of having people work for free should be shut down on the spot. There is no excuse for that bullshit.

  • Sham (unregistered)

    TRWTF is the number of commenters mentioning "eidetic memory" as though it's a real thing.

  • Anonymous (unregistered)

    Of course TRWTF is an OS that allows an unprivileged application to use registry hacks and dirty assembly tricks to break other applications.

  • z f k (unregistered) in reply to Alchemist

    camera detecting camera? You just hide the stealing camera under a hood or into something. Or just use one of that "spy camera" gadgets (pen, button, wristwatch, etc).

  • Steve_The_Cynic (nodebb) in reply to Anonymous

    We won't mention the trick of posting a WM_TIMER message with a bogus function pointer, I guess. No registry hackery involved.

    ::PostMessage(window, WM_TIMER, 742, 1); is liable to make the target window's application call a function at address 1. And fall over.

  • Alex Papadumbass (unregistered)

    TRWTF is the submitter, anyone who has read even a single newspaper article on copy protection a decade ago knows that the "analog hole" is the impossible to protect against. It should have been the first item in her list, not something that needed some random nephew to point out.

  • Someone (unregistered)

    "She and the other developers at Bento had gone a month without pay as they finished the beta version of their only application" First no. If there is no money coming in the pipeline already, it'd take months for the next paycheck.

    "It’s possible" Second no. Sounds like all developers have been hired after their first PHP application.

    Nice ending, but the whole buildup just breaks my suspension of disbelief.

  • turtle of doom (unregistered)

    Does the software also protect against dumping the TCP traffic to a file, and then reconstructing the various contents (gif, jpg, html, js...) from it?

  • Dantassii Tacatii (unregistered)

    Take camera from kid, smash it with hammer, throw in trash can. Problem solved.

  • Derpface (unregistered)

    Seriously? You don't even know how the target computer works, what it's actual makeup is, and if someone is looking into the memory of the running application. You cannot even at the software level guarantee that someone can't grab stuff. Much less hardware. The dev that said it's possible needs a lot more distrust of systems that are not under their own control, especially with regards to the security of stuff that is running there. And extremely much so if it's a web browser.

  • Chris (unregistered)

    You cannot possibly block anything that can be seen from being captured photographically. If your eyes can see it, then so can a machine. It was a stupid, impossible request. Even without an external camera, the application could have been run inside a virtual machine and 'print screen' used on the host. If it's there on the screen, it's grabbable somehow.

Leave a comment on “Copy Protected”

Log In or post as a guest

Replying to comment #:

« Return to Article