Quick Links

Digital Rights Management (DRM) is a broad range of technologies and methods used to make sure that whoever is using a digital product has the right and permission to do it. DRM has a negative reputation, which is largely undeserved.

Why Does DRM Exist?

Unlike a car or a television, digital code can be easily copied and shared. This results in copyright infringement and software piracy. When users can get a working copy of a digital product without paying for it, there's the potential that the creators of that product lose potential sales.

DRM is meant to make unauthorized copying of digital content harder, dissuade piracy, and protect the financial interests of the creator. At least, this is the rationale, but there's much debate about how effective DRM actually is at its intended purpose.

There Are Many Types of DRM

It's important to understand that anything that can manage digital rights is DRM. That ranges from low-tech solutions to sophisticated DRM that relies on complex encryption and other advanced techniques.

Some things are DRM as a side-effect of something else. Proprietary video game media may exist for other reasons than preventing copying, but since (at least initially) no one has the hardware to read or write to these media, it effectively acts as DRM.

Some DRM is effectively invisible to users, such as the Steam client that customers use to download, manage and play their games. A software client is a form of DRM, but it's also a useful application that makes it convenient to play your games and keep track of them.

Media-Based DRM

DRM can be baked directly into media in a way that is hard or impossible to copy. One famous example of this is the so-called "wobble groove") used by the first Sony PlayStation console.

Although the PlayStation used normal Compact Disc (CD) media, they deliberately pressed a "wobble groove" onto the disc in the factory that standard CD burners couldn't replicate. So even if you made a bit-for-bit copy of a PlayStation CD, the console could tell it was a copy because the wobble groove was missing.

DRM expert Modern Vintage Gamer does a great job of explanation of how PS1 security worked in video form.

https://www.anrdoezrs.net/links/3607085/type/dlg/sid/UUhtgUeUpU207163/https://www.youtube.com/watch?v=7HOBQ7HifLE

Product Key DRM

Product keys are perhaps the best-known type of DRM, although they're no longer as popular as they once were. When you buy an operating system like Windows or a professional software package, you may get a card (or email) containing a product key. A string of characters that are validated against a list of approved keys or the key is put through a mathematical formula that must give a valid result.

Product keys have been defeated by simply publishing lists of keys or by using a key generator (keygen) that uses the same algorithm to generate keys that the software developer does.

Executable DRM

The most important part of a software package is its executable. This is the file you run to start the program. Without it, you can't use the software. Executable DRM modifies the software's executable file so that it will only run after being validated. For example, the executable might be encrypted and a valid license is a key needed to decrypt it.

DRM methods that focus on the executable file are common with video games and in the world of video game piracy "cracking" the game executable is usually the focus of hackers who want to remove copy protection from a game.

Online Activation

One of the major weaknesses of DRM like product keys or protected executable files is that once the protection is defeated, there's not much more that can be done. Online activation, on the other hand, means that the software has to call back home in order to verify that it's a legal copy.

While this can still be defeated, it can be more complicated to spoof a verification server or separate the code that drives the online activation.

Check-in Online DRM

Check-in DRM is a variant of online activation, with the only real difference being the number of activations. Software that uses check-in DRM can only work online for set intervals of time before requiring activation again. Since most devices are now online most of the time, people may not even know that check-in DRM is present until they're traveling or don't connect for long periods.

Physical DRM Devices and Accessories

Sometimes a DRM solution comes as a separate hardware device or other physical solution. In the heyday of DOS PC gaming, you might get a copyright challenge in the game where you had to look up specific words in the manual or use a code wheel to find a password. Since PC gaming has largely moved past physical media, this type of DRM is obsolete.

Some high-end professional software needs a special hardware key, usually a USB dongle, that has to be present for the software to run. Since the software developer controls the number of hardware keys, it means there can't be more copies than keys. Replicating a hardware key is significantly more difficult and expensive than defeating software DRM, but of course, software crackers concentrate on spoofing the hardware key in software or removing the need for it from the software.

When DRM Goes Wrong

DRM should be invisible to the user and never get in the way of using the software. Most of the time, that's exactly how it works, but in some cases, DRM causes serious problems. One of the most infamous examples was the Sony BMG rootkit scandal where Sony music CDs installed what was essentially malware-like software to prevent their CDs from being copied.

More recently, the video game Resident Evil 8 exhibited performance issues on PC that were not evident on consoles. After removing the DRM, software crackers claimed those problems went away.

There's an argument to be made that DRM that makes life for paying customers harder isn't worth having since software pirates get a smoother, better-performing product in some cases. In other words, DRM shouldn't punish legitimate users!

DRM-Free Software

While there's nothing wrong with DRM in principle, it's perfectly understandable if some users don't want it on their computers. The good news is that you can avoid DRM by making a few smart choices with your software.

You can choose an open-source operating system such as Ubuntu or Fedora Linux. The same goes for productivity software. LibreOffice, Inkscape, GIMP, and many other open-source software packages offer a DRM-free option to get your work done.

You can even get DRM-free video games. Good Old Games guarantees that all of their games have no DRM at all, so you can make backup copies as you wish. Believe it or not, Steam allows developers to opt-out of its built-in DRM, so you can also buy DRM-free games on Steam.