March 19, 2024

What Does MediaMax Accomplish?

I wrote yesterday about the security risks imposed by the SunnComm MediaMax copy protection technology that ships on some Sony CDs. (This is not to be confused with the XCP technology that Sony recalled.) MediaMax advocates may argue that it’s okay to impose these security risks on users, because MediaMax effectively prevents copying of music. Which raises an obvious question: How effective is MediaMax, really, in stopping copying?

The answer: Not very.

MediaMax reportedly can be defeated by the well-known trick of drawing a circle around the outer edge of the CD with a felt-tip pen, or covering the outer edge with tape.

MediaMax can be defeated by the well-known trick of holding down the Shift key while inserting the CD.

MediaMax can be defeated by the well-known trick of rebooting the computer after inserting the CD.

(These first three attacks don’t work if MediaMax is installed on the user’s computer. But MediaMax has released an uninstaller than anyone can use.)

MediaMax can be defeated by the well-known trick of not using a Windows PC. (Amusingly, Mac users are allowed to install MediaMax if they want to. To do this, the user has to browse the CD and double-click a MediaMax installer icon which might as well be labeled “Click here to make this CD less useful.” Users who are smart enough not to do this can access the music normally.)

MediaMax can be defeated by telling Sony you want to move the music into iTunes or an iPod. They will then send you instructions for defeating MediaMax by making an unprotected copy of the CD.

All this, and I haven’t even started talking about the details of how the MediaMax technology works and any detailed flaws in its operation.

The bottom line: MediaMax makes your computer less secure and your music less available for lawful use, while achieving very little against pirates.

Comments

  1. For someone like me who is a complete novice when it comes to computers i really appreciate the information sites like this provide.

    Out of interest over the ongoing saga with Sony and its copy protection I decided to check here before running a CD in my computer, and I’m glad i did. The disk is from Sony and contains Mediamax so it will not be run on my computer.

    Iv’e read the posts ,from both sides, and the conclusion is easy….there will be no more Sony products purchased.

    I hope Sony monitor these sites because I am just one of millions who are now becoming more and more enlightened as to the lengths these corporations go to expand thier bottom lines.

  2. Just a question out to anyone listening. Apologies if this is the wrong forum to ask this question. I’ve been all over the web and can’t find any information on this.

    Soon after playing a CD with MediaMax 5 on my windows PC, I began experiencing all sorts of problems with my iPod. It had always performed like a champ until that first sync after MM5 was secretly installed. That was when it first began to freeze and distort music files. Now my iPod has totally crashed and burned. It is no longer recognized as a device on either my PC or my roommate’s Mac so I can’t even do a restore. iTunes still seems to be humming along just fine. I’ve dug out all the sneaky roots from MM5 but my iPod seems lost forever. Could there be a relationship here? Is it possible that MediaMax software ruined my iPod?

    Thanks in advance for any help or links to answers.
    N.

  3. How come Princeton is so far behind on exposing “rootkit”, thank goodness
    it is now out in the open and almost every software company uses it in some fashion.

    I guess now that ll the leg work has been completed by others and reported we can look for F & H to come out with their own explaination as to why they didn’t know about this.

    You guys are hangers on and just reap the limelight after others do the hard work.

  4. […] Freedom to Tinker: What Does MediaMax Accomplish? [+/-] show/hide this post […]

  5. The Digital Millenium Copyright Act was passed in the US. It is now illegal to bypass a DRM system. Even more controversial DRM regulations are on the cards including adding copy prevention codes to broadcast HDTV signals.

    Now guys what do you call people who actually instruct others in how to
    bypass DRM. Maybe Princeton University and it’s instructor who have taken it upon themselves to show people how to circumvent DRM, should be brought to task via the legal system.

    If you like it or not bypassing the piracy features is like stealing.

  6. As long as your names appear in some publication, we will continue to hear from you.

    Makes you feel important right? You think you are doing a service to the consumer, can you design a patch that would protect the author and protect the customer. In other word can you design a program that would be acceptable to the labels, artists and buyers.

    Right now you are acting like a Monday Morning quarterback. Seems easy to pick something apart, no time restraints no pressure, you can explore
    every nook and cranny and finally find something to once again bring to the attention of the public.

    If you could provide a fool proof system and give everyone what they
    want in piracy protection that would be great. However, you just sit
    back and look for holes in others efforts. What other discoveries have you made in this field. Have you exerted any effort in finding out what happens when one registers to a software manufacturer as prescribed
    in order to secure future help incase you run into a problem.

    I am sure many doors are open once the software company has information on the buyer.

    Have any other companies been put under the microscope and found to be
    comprmising the intergerty of security. A few names would be fine.

    It seems we only hear from you guys after someone else discovers the problem and you jump on the bandwagen. Ever been first in anything?

  7. Rockincatdaddy says

    Well whats done is done.

    I mean, count me in on any class action suits and all. But I have got this thing on my computer and how do I get rid of it.

    FYI. I was able to make mp3 and backup copies of a Kasabian disc but when I went to do the same for Foo Fighters “In your honor”. The second disc crashed. Now none tof the three discs will play. P.S. My machine is less than a month old.

    Thanks for what you are doing.

    RCD TCB

  8. Well it looks like the First4 fiasco is over and it has brought to the attention
    of the consumer the need for protection from stealing.

    Most negative posts here come from those who believe it is their right to copy as they see fit.

    I think this whole thing was a waste of time and if someone instructs another on how to circumvent security issues, what do we call it?

    This has little or no effect on what the labels will continue to do with
    their products.

    If you think it’s your right to copy and burn then buy unprotected cd’s
    and enjoy them. If you intend to copy and burn you are acting in
    an illegal manner and many havwe already tasted the justice systems
    response.

    To those who have discovered the shift key (everyone knew about it prior to pressing), your fifteen minutes of fame is over. Do they actually pay professors to find ways to beat protection? Then rather than go to the
    manufacturer and explain to them the problems if any that the prof’s find
    they go to a blog and publish an article. Now I am a published blog author
    dealing in piracy and piracy protection. I guess it’s resume building material. lol

    I think your time has passed and no one is falling for free copying
    of protected cd’s. Is that a crime?

  9. Thanks guys for your excellent work and reports. You clearly have some pundits making commentaries here… those who support SonyBMG, or SunnComm or First 4 Internet, or “the industry”. Sadly, even with the most recent suits filed, I am fearful that this matter will be swept under the rug by the government who doesn’t want to offend a large company like Sony. Let’s keep this story (and similar ones) alive and continue to get the word out.

    As for those who feel SonyBMG are the victims of unethical software companies you might want to read the following articles.

    Article 1:http://www.primezone.com/newsroom/news.html?d=81661

    Notice the comments in the above article, about “Perfect Placement”. I noticed Perfect Placement mentioned in some blogs or reports, and whether the SunnComm software ‘phones home’:

    – Perfect Placement – MediaMax presents the record labels and music producers with unparalleled targeted marketing opportunities through a feature called Perfect Placement. This unique feature centrally serves up dynamic promotional content controlled by the record label to reserved spaces located throughout the MediaMax interface while a user is enjoying their CD on the computer. Imagine an artist’s album is coming out and the record company has the ability to announce this event to all those playing the artist’s previously released album in their computer. –

    My comment: they clearly have to know what you are listening to and when, in order to “serve up” material to the computer user.

    Article 2:

    http://www.primezone.com/newsroom/news.html?d=85767

    MediaMax was on 30 music labels apparently. Note the comments by Bob Frank of Koch Records, quoted from the article I referenced above:

    – Bob Frank concluded, “It is important to acknowledge leadership with any new initiative that significantly impacts the marketplace. We would like to applaud Michael Smellie and Thomas Hesse from Sony BMG for their efforts to take action at the forefront of the copy protection battle. They had the vision and unwavering diligence to take on every legal and political challenge presented by copy protection products in the U.S. market. The technical team at Sony BMG set the highest standard for this initiative and collaboratively worked to bring the right solution to market. The Sony BMG team was not comfortable with a ‘do nothing’ attitude. They helped develop and field test the MediaMax product so other companies like KOCH Records could positively move forward and productively join them in the effort to respect the copy rights of the artists.” –

    My comment: Sony helped develop and field test the MediaMax software??!!! Innocent pawns? I don’t think so.

    I have one suggestion – if you find a good article with some incriminating comments, you might want to save that article, not just the link to it. News articles have a way of disappearing off of databases after some time, and then become almost unobtainable. Thanks again, for looking out for ” the little guys” like me. 🙂 Z

  10. From here:

    ————–
    The absolute bottom-line is that stopping people from copying music from CDs to their computers, and then sending it to anything else – their MP3 players, burned CDs, or the entire world – is impossible.

    When music is recorded, it is stored as a signal. The transmission and recording of signals has been wide-spread for decades. There is no copy-protection technology that will ever stop people from simply plugging their stereo into their computer, playing the music they want on their stereo and recording it onto their computer. There is nothing the music industry can do to stop consumers from recording songs from the radio onto their PCs either. The 21st century equivalent of recording 80s hits on your boombox and then making tapes for your highschool sweetheart cannot be eliminated with even the most obtrusive software.

    All the recording industry can do is try and make it more inconvenient by coming up with various ridiculous and as it turns out, possibly illegal schemes.
    ————–

    MediaMax and the rest of them ought to just close up shop. Their wares are not needed. Draconian copy-protection schemes are just driving people to use P2P networks, where they can get copies of whatever they want to listen to free from spyware and rootkits.

    The recording industry’s strategy of treating its customers with disrespect is going to have profoundly negative consequences for them. It already is, and it’s only going to get worse.

  11. Many thanks for the excellent coverage Ed.
    Here’s my 2 cents.

    1. If I buy a music CD, that’s what I want and nothing else.

    2. Teaching people how to hold down Shift to prevent autostart is just telling them how to use windows features. This is not “teaching to steal” in any way, shape or form.

    3. I’m deeply surprised that BMG/Sony have even gotten involved with blatant shill companies.

    4. I’m also surprised how many of the posters seem to have differing posting names but have an incredibly similar literacy style. (must be a coincidence, yes that’ll be it).

    5. Just say no to CD protection schemes, they can only cause problems and generally do. As do many other types of protection, Cdilla and FlexLM have both caused myself grief in the past. As have dongle systems.

    Regards,

    Rich.

    PS :- I’m still astounded by the “Please protect my children from the nasty man who teaches them how to use the shift key”. Is this person for real?

  12. oliver bush says

    another shill ^^^

    the best thing about this drm debacle is that people are now aware that copy protection is their enemy, and arrogant companies like sony/bmg, mediamax and suncomm (and their products) will forever be under suspicion by consumers. kinda funny that, record labels suspect every customer to be a thief… now the shoe is on the other foot, and the customers will rightfully suspect the thieving record labels of loading their computers with unsecure crap. say buh-bye to your antiquated business models guys. oh, and you copy-protection idiots, make your hay while the sin is still shining, scam the labels just a likkle more with your poorly coded garbage, bcuz those labels have their profitable days behind them. there’s some real storm clouds ahead for you and your greedy ilk.

  13. Code Monkey says

    The bottom line is that this shake-out was needed in the copy-protection industry. It has helped make Mediamax a better product and moved it to the front of the pack. Sunncomm is ready to merge into Mediamax Technologies with Kevin Clement at the helm. Kevin brings with him a wealth of inside record industy knowledge and contacts in addition to his well recognized and respected expertise in the music technologies field. Mediamax is also ready to roll out a revolutionary DVD DRM product. You people need to open your eyes and realize that DRM is not going away, it’s going to get better. Mediamax has a great future and is well on it’s way to becoming the industry standard under Mr. Clement. Better buy now while the stock is cheap.

  14. Bob,

    “I am still waiting for you & Alex to review MacroVision’s wonderful protection. Is there any reason why you have limited yourselves to MediaMax & XCP?

    Are you MacroVision shareholders? ”

    You SunnComm guys are such dimwits.

    Since Prof. Felten and Alex haven’t reviewed Sony’s own copy protection “Key2AudioXS” yet, that must imply they are Sony shareholders too!

    But since their analysis of MediaMax is just as detrimental to the reputation of Sony as it is of SunnComm, then you logic is obviously flawed.

    What would you guys say if they did review Macrovision’s product and came to the conclusion it is not a security exposure like MediaMax. You would still be shouting bias.

    SunnComm have failed to argue any of the issues brough up by Alex. They stated things like MediaMax is not spyware but did not address the issues of why they were collecting the information they were collecting (when the EULA specifically stated no computer information was being collected).

    You people should just grow up. If you think they are wrong, prove them wrong. Stop slurring them like Jacobs tries to do behind their backs on company controlled web-sites

  15. Hey Ed,

    I am still waiting for you & Alex to review MacroVision’s wonderful protection. Is there any reason why you have limited yourselves to MediaMax & XCP?

    Are you MacroVision shareholders?

  16. @j “If bands dealt directly with their public, just how much money would they make. The exposure by the labels is what makes them wealthy.”

    You’re a fool and a shill, J.

    Bands don’t make money from CD sales. They make it from live appearances and merchandising. You’d have to be as big as the Rolling Stones to drive a hard bargain with a label. In the infancy of recording, record companies were able to offer bands a useful service. Technology has moved on. The bands don’t need them: they do nothing a band couldn’t do for itself. The labels just fleece them.

    I labor the point about bands to help you understand it, since you appear to have comprehension problems. I don’t buy rock music myself these days: I buy classical CDs. However, the kids will be buying rock and I can tell you now that I think the business model you cherish will die.

    “Seems like you are one of those who feel it is a right to copy and that any piracy protection is wrong.”

    This is really pathetic. Professor Felten has already explained to you that there are legitimate reasons for copying. As for your ridiculously inflated language, you are hypnotizing yourself with it, but you fool no one else. “Piracy” is robbery with violence on the high seas. In many jurisdictions that dropped the death penalty for murder it still remained a capital offence (along with treason) long afterwards. It is a serious crime.

    Whether it be right or wrong, a couple of kids exchanging music files is not “piracy”. You hope a whiff of the real meaning remains around the word even when you use it in such a trivial way, and that itself is a sign of your dishonesty. You think to control the debate by avoiding the intellectual issues and controlling the language.

    “Is that your feeling.”

    My *considered opinion* is that expressed by the BBC, which I already quoted:

    “If they cannot come up with a business model which allows them to make profits without criminalising their customers, trampling over our civil liberties or installing malware on our computers then they do not deserve to stay in business, and new ways for artists to reach the public will have to emerge.”

  17. I am not aware of any reputable software that goes on to install files on your computer if the user rejects the EULA. This is what MediaMax is doing and this in itself is sufficient reason to classify MediaMax as malware. If MediaMax did not install regardless, and if MediaMax had a legit uninstaller that would not open security holes, then we could debate the plusses and cons of the software itself but with these two features it is a no brainer. If MediaMax is ever to become acceptable, it would have to behave like Office, PhotoShop, Roxio, etc. All do not automatically install anything the minute you pop the CD in the tray, and all can be removed at user’s choice without having to go back to manufacturer. I own 700+ CDs which I purchased with my hard earned money. Fortunately I do not own any MediaMax or XCP CDs and will not buy one. SonyBMG has now rejected XCP and I hope they end up rejecting MediaMax soon. These technologies will not stop piracy but will stop legit CD buyers like myself from purchasing CDs.

  18. @joehobart

    “Using this same logic, any software that installs a driver is a security risk. I really hope thats not a position you consider defendable.”

    *I* consider that position defensible. Yes, installing any software is a security risk. Installing a kernel-mode driver is a greater risk. A security *risk* is not a security *hole*.

    Security, like almost everything else, is a balance of risk versus reward. If I install a driver to deal with newly-installed hardware, I get the reward of being able to use the hardware. And I consider the risks there – I don’t, for instance, put consumer-grade Windows printers on certain systems, simply because the drivers are a measurable risk at least to system stability.

    I consider installing *any* software that adds no value to be an unjustified security risk. And in my eyes, whatever minimal value XCP or MediaMax adds fails to justify the risks that they impose. Refusing to allow me informed choice is unacceptable behaviour, and has turned Sony in my mind from a “vendor” to an “attacker.”

  19. John Costello says

    free980211,

    That same behavior happened for me when I put the new Foo Fighters CD into my PC. I denied the EULA but the driver was still installed. I was able to disable it and although the songs copied perfectly to my hard drive, I was unhappy with having this unwanted, mystery software on my computer doing who knows what.

  20. free980211

    May be you should document your results and send them to the EFF. I’m sure they would be relevant to the court case against Sony.

  21. I thought I had stated this clearly, but I will try it again.

    The behaior I observed was not mentioned in the EFF lawsuit or in anything I read here.

    The driver not only installs but REMAINS RUNNING AFTER RE-BOOTING. Just put the disc in a second time.

    All without accepting the EULA. I didn’t even see the EULA the second time around.

    I don’t have the foggiest idea if it is significant, but I thought it might be something that people should know about.

    On a different note, is the uninstaller safe to use now?

  22. Wow, the Sony/SunnComm shills/sock puppets are really laying it on thick!

    The whining about “it’s all Apple’s fault for not licensing FairPlay” really gets old fast. When it comes down to it, DRM doesn’t stop piracy. DRM is all about limiting customer choice. That cuts both ways. If you want to sell music that your customers can play anywhere, sell MP3s.

  23. Joe Hobart — the drivers in question are indeed a security risk for many reasons. Anything that requires you to be logged in with administrative rights causes a security risk. When I use Solaris or Linux, I *never* log in with administrative rights unless I actually need them, and I consider it an embarrasment for Windows that it is so hard to use the computer without always having Admin rights.

    Also, let’s say that this becomes widespread. That means we’ll have the drivers for multiple labels running, each one interfering with the CDROM drive in a different and potentially incompatible way. With code running in kernel mode, you need assurances that the code is written well, else it is a security risk. Any quick examination of XCP shows that security was alarmingly absent and clearly not even a concern. This shows a total lack of regard for security, which leads me to think that any kernel mode driver they install will be written with a similar disregard to security.

    If this becomes widespread, then also we’ll have multiple extra applications installed and you’ll have to know which application is capable of running which CDs. This means you’ll have five or six applications installed so you can play your CDs. This means you will have five or six times the security risk of having one application installed for playing CDs. When the consumer has a choice of applications and chooses only one, the consumer can choose one with a known security history. When the label is choosing the application and the consumer cannot play the CD without it, then the label is choosing the application based not on security, but based on the value the application gives to *them*. History tells us that this almost guarantees lower security.

    Does other software have security problems also? Yes, indeed. I imagine if you watch the writings of those here, that those people will not give other software a pass either. “Everyone else is doing it” it a *terrible* excuse for poor security practices. You *cannot* justify negligence just because others are negligent also. That would be like saying “it’s OK if I lie because other people lie also.” Ethics does not work that way.

    And to those who say that the folks here are telling other people how to steal — in the United States it is explicitly legal to tell people how to pick locks. Sharing such information actually increases the security of the commons, and hiding such information does not truly increase security. Thieves will have that information regardless of its legality. If non-thieves have access, then they can apply pressure to the lock manufacturers to make sure that the lock manufacturers are not negligent. For precisely this reason, I support computer security research — research which is exactly legal to do outside of the technological world, and whose legality in the tech world is questionable only due to the DMCA.

  24. Felix Deutsch says

    “you must log in to a privileged account ”
    so 99% of video games on the market are also security holes on my machine. You want to take position on this point as a keystone, you are fighting most win32 software out there. (I conceed this a fight worth the effort, but mediamax is no more guilty than anyone else)

    Most of the time, when playing a music CD in the PC, you’re doing something else on it at the same time, say web browsing. So you’re running IE with admin priviledges. Bad move.

    This is quite different from playing games with admin rights.

    Give it a rest.

  25. I did read the original post. The problem here is you have confused PRIVACY with real security.

    ” a system service called sbcphid, is loaded into memory and ready to run at all times”
    Using this same logic, any software that installs a driver is a security risk. I really hope thats not a position you consider defendable.

    “you must log in to a privileged account ”
    so 99% of video games on the market are also security holes on my machine. You want to take position on this point as a keystone, you are fighting most win32 software out there. (I conceed this a fight worth the effort, but mediamax is no more guilty than anyone else)

    “Having this extra code on the system, and having to run it, increases security risk.”
    Again, anything i install that drops a tray icon, driver or service is all of a sudden a security hole? If you beleive that, you are playing amateur ball.

    “[MediaMax] phones home and sends back information without notice or consent”
    This is the only thing close. This is not a security issue, but a privacy problem. I have not reviewed the EULAs to have a position on the notice/consent, but its clearly a problem of notification and possible privacy, not of security.

    The explicit lack of any real security issues being raised is crying wolf. Show me something that would pass the bar of ‘lowering security’ that isnt the same problem 9/10ths of the windows software out there doesnt do.

  26. Felix Deutsch says

    What about this software makes your computer less secure?

    Because of the requirement to be logged on as Adminstrator to listen to MediaMax-protected CDs while doing other things.

    And that’s just the most obvious thing. Read the previous (linked) entry.

  27. John Costello says

    Steve K,

    I think you should take Ed’s advice when he said maybe you should speak to a copyright lawyer. Copies of normal CDs are allowed by law, as long as you don’t give them away or sell them. If it was not, then do you really think iPods would be legal?? Maybe you should look up the case that was brought against Diamond when they first introduced the Rio MP3 player in the late 90s. Obviously, Diamond won the case. Mediamax does not grant you extra rights; it hinders rights that already exist. It might be beneficial for you to gain some knowledge (ie. read) on this subject before you make outrageous claims.

  28. “The bottom line: MediaMax makes your computer less secure”

    I’ve been reading for a while. This statement is nonsense. Make a claim and show some facts or retract. Have some integrity to go beyond flinging rumors. Its otherwise a good article, but you went too far, Ed.

    I’m all for your right to complain about DRM, but your readers should be cautioned when you make inaccurate claims in the name of rhetoric.

    What about this software makes your computer less secure?

  29. Thank you Mr. Felton and Mr. Halderman, your dialogue about mediamax and it’s benefits have brought to light some facts that now have reflected themselves in the shareprice of Sunncomm. Since you have begun to
    try an pull them down, people now see the need to protect the artists and
    most agree the ability to LEGALLY make 3 copies is more than rational.

    Remember copying is illegal unless thru mediamax.

    Thanks for you help.

  30. Again, MediaMax gives you the right to make copies per the copyright owner; I can’t state it any more simply.

    Boy is that hard to understand.

    Copyright owner wants protection and gives a legal way to copy.

    The legal way is tru mediamax.

  31. If bands dealt directly with their public, just how much money would they make. The exposure by the labels is what makes them wealthy.

    Seems like you are one of those who feel it is a right to copy
    and that any piracy protection is wrong.

    Is that your feeling.

  32. Last attempt to post this…

    Felten: And if all copying is illegal, why are you bragging that MediaMax facilitates copying?

    That is not the case at all, you are basically legally allowed to use the CD to “rip” /encode the wma files to your PC on a MediaMax enabled CD based on the rights the copyright owner sets up on the disc. If you look at the back of just about any music CD you purchase you will see something like this:

    –Warning: Unauthorized reproduction of this recording is prohibited by law and subject to criminal prosecution–

    With a mediamax CD you are legally allowed to replicate the CD (3 times on the MediaMax cd I have). People justify copying the CDs by calling them “back up copies”,look what happened to 321studios with their backup DVD software x-copy.

    That is a very grey area; if you look at music as intellectual property you cannot reproduce it without consent from the copyright owner. So to be exactly correct you should contact the record label prior to ripping any tracks, do the record labels enforce this, no way… They do not have the resources or time to do so.

    Felten: and MediaMax actively interferes with the tools I normally use to do that. In order to get a song from the CD into my iPod, I have to defeat MediaMax.

    That is totally unfair statement, as soon as Apple license their “Fair-Play” DRM Mediamax will be able to encode to ipod-compatible DRM tracks (just like the ones people download from Itunes). This is not Sunncomm’s fault IMO, it is simply political issues with Apple and their Fair-Play DRM licensing.

    Felten: I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a specific right that users get because of MediaMax, and explain why that right comes from the MediaMax product?

    I mean that people can make CD copies legally, compressed audio tracks on their PC’s legally and any other “right” the record label (IP owner) puts on the MediaMax disc. These rights don’t exist on a standard audio CD and the IP owern is or should be protected under copyright law.

    Felten: What specific benefits does MediaMax provide? (And please don’t name a benefit that already existed before MediaMax came along, like the ability to copy music from CDs into certain portable music players.

    Again, MediaMax gives you the right to make copies per the copyright owner; I can’t state it any more simply.

  33. What I assume are Mediamax trolls are getting really tiresome. My guess, they don’t fear the public but are frightened that Sony will read the blog and twig just what a pup they’ve been sold.

    They are reduced to levelling crude abuse at Professor Felten (accusing him of “teach[ing] ways to steal”) for doing what an academic with any professional conscience at all should should do: investigate thoroughly and present his results for peer review. They simply do not understand or care what the purpose of higher education is, which is probably a good clue that they lack it. All they know about is con-artisty, computer vandalism, and contempt for people’s rights and property.

    Frankly, I think this whole sorry saga in all its aspects has begun to backfire on the less-reputable record labels, like Sony BMG, and their rather slimy subcontractors, and I thank God for that.

    I’ve never installed P2P software, like Kazaa, on any of my machines. I do have BitTorrent but only use it for legally distributed content and have never used it acquire “pirated” MP3s. I mostly listen to music on my iPod these days, but still buy CDs, so that I can have a good hardcopy in non-lossy format with sleeve notes to keep.

    I wasn’t disposed to regard the recording industry with a particularly jaundiced eye. But over the past few weeks I’ve seen enough malpractice, dishonesty, downright lies, arrogance, and contempt for customers and their property to last me a lifetime. As Stewart Baker said: “It’s very important to remember that it’s your intellectual property — it’s not your computer”.

    I really think these people need to be stopped. Slapped down.

    For me the BBC says it all today:

    “If they cannot come up with a business model which allows them to make profits without criminalising their customers, trampling over our civil liberties or installing malware on our computers then they do not deserve to stay in business, and new ways for artists to reach the public will have to emerge.”

    http://news.bbc.co.uk/1/hi/technology/4469886.stm

    This is in the context of the labels’ having “the gall to believe that their business is as important as the protection of our lives from acts of indiscriminate terror”.

    I think I’ve seen it all now.

    That is, of course, the final proof that the pseudo-apology from Sony-BMG was nothing but a tactical withdrawal and there is no trust, no decency, no right (even if it’s stood as long as Magna Carta) these people won’t trample on in an effort to protect their business model.

    I think it is time more bands started to deal directly with their public. People like Sony-BMG are just too toxic for any decent person to have to deal with.

  34. I’ll try it again:

    Mr. Felten,

    >”And if all copying is illegal, why are you bragging that MediaMax facilitates copying?”and MediaMax actively interferes with the tools I normally use to do that. In order to get a song
    from the CD into my iPod, I have to defeat MediaMax.”I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a
    specific right that users get because of MediaMax, and explain why that right comes
    from the MediaMax product?””What specific benefits does MediaMax provide? (And please don’t name a benefit that already existed before
    MediaMax came along, like the ability to copy music from CDs into certain portable music players.”

  35. “Bottom line using mediaMax gives a person a right to legally burn compies.”

    MediaMax doesn’t give such rights. The labels own the content and it is they who confer rights. Your rights to make copies comes from the license agreement with the labels and any rights that are universally applicable (fair use rights).

    MediaMax is just an inconvenience that sits between you and what you want to do.

  36. Bottom line using mediaMax gives a person a right to legally burn compies.

    Any use of markers, tape or any other means of circumventing copy protection is illegal.

    So if you are a thief you can asdd tape, marker or whatever, you are still stealing.

    Nopw some feel burning cd’s is alright because they bought the cd. I think they bought the right to play and listen not to reproduce.

    Is their any logic in the Princeton gang instructing people how to circumvent and steal from the artists.

    The INTENT of the labels is to protect from piracy. Mediamax is an
    effort to accomplish that by the least intgrusicve way yet.

    Is adding marker and tape or even anti protection software LEGAL.

    Can you princeton boys tell me what you have done is legal and
    is it legal to teach ways to steal.

  37. Steve K

    “Interesting, I cannot post my response on this site.”

    The site is idiot proof.

  38. Interesting, I cannot post my response on this site.

  39. I’ll try this post again, the first one came up with errors after I submitted it and my post was not listed correctly.

    Mr. Felten,

    >>”And if all copying is illegal, why are you bragging that MediaMax facilitates copying?>”Copying a song from my CD into my iPod is legal.”>”and MediaMax actively interferes with the tools I normally use to do that. In order to get a song from the CD into my iPod, I have to defeat MediaMax.>”I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a specific right that users get because of MediaMax, and explain why that right comes from the MediaMax product?”>”What specific benefits does MediaMax provide? (And please don’t name a benefit that already existed before MediaMax came along, like the ability to copy music from CDs into certain portable music players.”

  40. Mr. Felten,

    >>”And if all copying is illegal, why are you bragging that MediaMax facilitates copying?>”Copying a song from my CD into my iPod is legal.”>”and MediaMax actively interferes with the tools I normally use to do that. In order to get a song from the CD into my iPod, I have to defeat MediaMax.>”I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a specific right that users get because of MediaMax, and explain why that right comes from the MediaMax product?”>”What specific benefits does MediaMax provide? (And please don’t name a benefit that already existed before MediaMax came along, like the ability to copy music from CDs into certain portable music players.”

  41. Having been involved with Sony-BMG during the time they decided to go with SunnComm’s Mediamax, I can provide some background to that decision.

    MediaMax could easily be defeated by using the shift-key or disabling autorun. BMG (it was they who opted for Mediamax, not Sony) didn’t care about that. It didn’t matter that the CD could be ripped easily, the whole purpose was to get MediaMax on as many PCs as possible. They actually liked MediaMax because it left the driver on the PC even though the user rejected the EULA. The 2nd thing they liked about MediaMax was that SunnComm was willing to license it to them for next to nothing. Macrovision wanted 4 cents per CD, but SunnComm would accept less than 1 cent. SunnComm wanted publicity. They could make more money printing and selling their shares if investors thought that the company had secured a deal with BMG than they could make from any revenue generated from such a deal. (Proof of this is that MediaMax revenue for the last 2 years is less than $250K, but SunnComm/MediaMax Technology have about 600M shares out there issued at an average of 5 cents, meaning they have received about $30M in proceeds from share sales).

    BMG was not worried that MediaMax could be so easily bypassed, because they were not interested in the short term issues. They originally wanted Microsoft to include Mediamax in Windows Media Player (so there would be no means of bypassing it), but Microsoft weren’t interested. They then decided to simply do everything possible to ensure MediaMax was propagated on to as many PCs as possible. They issued PRs claiming that Medimax protected CDs increased revenues to entice the other labels to follow suit. They issued PRs that claimed there were no reported problems with MediaMax, ignoring all the complaints that users were sending in about compatibility issues or iPod issues etc.

    The plan was to have MediaMax reside on as many PCs as possible and when they achieved critical mass to start tightening the screws as to what would be allowed. Initially MediaMax would appear consumer friendly, by allowing 3 CDs to be made from each original. But the plan was to curtail that over time. It was a lot harder to remove MediaMax once it was on the PC (as the last 2 weeks have proven) than to prevent it being installed in the first place. They knew that the user had to just once inadvertently forget to disable autorun or press the shift key and then MediMax would be installed. Later, when most PCs were infected, they would be far more restrictive in what MediaMax would allow to be copied.

  42. @free980211: “For anyone else here, I would really appreciate feedback on the behavior I commented on earlier.”

    I had already understood that was what happened.

    See for example: “These files remain installed even if you decline the agreement. One of them, a kernel-level driver with the cryptic name “sbcphid”, is both installed and launched.”

    http://www.freedom-to-tinker.com/?p=925

    I’m sure you could find other accounts from people with a few well-chosen keywords in Google, say:

    mediamax decline eula

    It seems pretty clear that the spyware is installed, even if not fully active, even if you decline the EULA – and, indeed, before you get to that point.

    On jadeclaw’s point: it does begin to look as if that these bottom-feeders have ripped off Sony as well as foisting malware on consumers. However, Sony has a clear responsibility for software it distributes, and I don’t see that as an excuse. Besides, Sony may have thought the software more effective than it, or any other similar software, is, or perhaps *could* be. But they knew what they were doing to their customers. Remember what Thomas Hesse said about XCP: “Most people, I think, don’t even know what a rootkit is, so why should they care about it?” At bottom, people like Hesse don’t care what they do to your machine as long as they believe it helps their revenue stream. The amusing thing is that it probably doesn’t.

  43. Jadeclaw:
    No matter how I think things through, ultimately it is the consumer who ends up as the victim. Any damages will ultimately come back to the consumer in the form of higher prices.

    I understand the record label’s point of view that they are suffering damages, and they want to apply draconian measures in attempt to stop these damages from occurring, but if not executed in a careful and realistic fashion, they possibly open themselves up to grave liabilities.

    Sunncomm and First 4 Intenet peddle faulty “solutions” to the record companies, and possibly open themselves up to grave liabilities.

    In the financial aftermath of lawsuits, possible legal judgements, lost sales due to public mistrust, etc., the prices for cd’s will go up, or else will not come down as much as they should to compete with online distribution models. It all goes back to the wallet of the consumer.

    I don’t think it is terribly hard to see that it is not a good idea to bite the hand that feeds you.

    Instead of flying off the handle about a relatively small percentage of lost sales, work with the paying public to find a more appealing and sustainable distribution model. Surely that can’t be too difficult, since great strides have been made in that direction in a fairly short period of time.

    The problems begin when lawyers start making technology decisions, and sneaky, underhanded things start happening. Sooner or later, they will come to light, and the backlash will not be pleasant for anyone involved, consumers included.

    OK, time to get off my soapbox…

    For anyone else here, I would really appreciate feedback on the behavior I commented on earlier. Just because I observed it on my own machines does not mean that the problem is widespread or even repeatable with any other discs in distribution. I just thought someone else might be able to confirm my results and show me that I am slightly less crazy than I sometimes think I am…

  44. “And lying to customers is fraud, right?”

    Lying to customers is called marketing. Lying to customers increased by orders of magnitude ever since the invention of the viewgraph machine and then increased again when Microsoft introduced the Powerpoint presentation.

    If Sony got duped by these people it’s their own fault IMHO. As mentioned before, any CD that has to be backward compatible (Red Book) with all regular CD players cannot be copy protected. I bet Suncomm’s and First4Internet’s powerpoint presentations to Sony were very convincing. And they probably packed them with lots of flash and fancy dancing animations.

  45. Jesse Weinstein says

    Dale –

    What difference do any of the points raise immediately above make? Ed may have misstated how he found out about MM5. Ok. The question still is – does the marker trick work? The basic answer has to be: it worked for us, try it yourself. The rest of this textual analysis is irrelevant, at best.

  46. Dale (aka Peter Jacobs)

    Garner was talking about MediaMax too. His comments included all CD based DRMs.

    “The use of a piece of tape will defeat any future DRM system on audio CDs designed to be played on a stand-alone CD player, the analyst said.”

    http://www.vnunet.com/vnunet/news/2146367/garnter-piece-tape-defeats-cd

  47. Ed,
    Anyone who has followed this story knows that Alex has written several articles on MediaMax technology. This is software that is very different from the reference material you present which was done on MediaCloq. IF Alex has tested the marker technique on a confirmed MM5 CD, I am very surprised he has not reported his findings in any of his more recent work.

    “I’m not sure why you think Alex never mentioned these attacks to me.”

    IF the marker trick works and IF Alex has ever tried it on a MM5 CD and IF he did talk to you about the results, then why did you say…

    “I have to admit that I haven’t tried the felt-tip pen trick on MM5 myself, but Gartner says it works. (That’s why I wrote that it “reportedly” works.)”

    Why rely on Gartner if the information were already discussed with you by one of your students? Especially when Gartner was not even talking about MediaMax.

  48. Here’s an issue that I have found, and I am dying for Suncomm to give me an explanation. I noticed that their driver was running on my laptop, despite the fact that I never agreed to the EULA. I thought that perhaps I had un-intentionally agreed, but alas, that is not the case.

    Here’s what you do:

    On an un-corrupted WinXP box, insert your MediaMax protected disc. Don’t try to defeat anything, just let autoplay do it’s thing. Decline the EULA and let the disc eject. Reboot, verify that the driver has been installed, but is not running. All like we have heard before, right?

    Then insert your cd again. I have the Suncomm license server URL blocked on my router, so that helped me detect the next stuff.

    The MediaMax splash screen pops up, and then was replaced by an error message to the effect of unable to contact the server.

    The driver starts again, and sets itself to run automatically! I never agreed to this, people.

    I ejected the cd and re-booted, and sure enough, their driver is running, startup type is automatic. I never got the EULA the second time, and I never at any point agreed to it.

    The cd I have been using for this is David Gray – Life in Slow Motion.

    I believe that Suncomm people are reading this blog, so I would love to know how they justify stripping away my right to control my own computer and permanently install software that I have not agreed to after I explicitly told them not to. That is what has really gotten me fired up.

    Also note, the only people that are really punished by this are paying consumers. My wife bought this cd for me as a gift, we are now (half)joking that it is the gift that keeps on giving. I don’t use any P2P software (other than BitTorrent for downloading Linux ISO’s), so I can’t confirm this, but I bet you can find MP3’s of this music on Kazaa or any other network. Are these people punished by the MediaMax plague? I highly doubt it.

    I saw some comments here about consulting lawyers, perhaps it’s pot and kettle syndrome?

    Mr. Felten and/or Mr. Halderman, perhaps you guys could confirm my results?

    p.s. – on my cd, the shift key defeat worked on my un-infected computer.

  49. Dale,

    Let’s review the facts.

    The marking-pen/tape attack and the Shift key attack work on MediaMax 5. Apparently you are no longer disputing this.

    You claim that Alex has never written about the marking-pen/tape attack. That’s wrong. See pp. 13 and 14 of this paper.

    I’m not sure why you think Alex never mentioned these attacks to me.

  50. Sorry. The word, companies, in the last sentence in my last post should have been “company’s.”

  51. Having worked for a corporation that is hyper-sensitive about its image, I am pretty sure that “Steve K.” and “Dale” are both working for Sony–probably in some marketing department somewhere. Their job is to try and improve the companies image in internet blogs and bulletin boards.

  52. “MediaMax gives the CD owner more rights to copying music than ever before!”

    That is a stupid argument if ever there was one. If the EULA says you can make 3 copies it is the EULA that gives you the right to make those copies (ignoring fair use rights for a moment). It is not Mediamax that gives the rights.

    They could just as easily have put on the cover of an unprotected CD that you have the right to make 3 copies. Where does MediaMax fit in? If you make a 4th copy of an unprotected CD you are acting illegally. If you make a 4th on a Mediamax CD (by using any of the many bypass methods) you are also acting illegally. There is no difference

    It is not MediaMax that conveys the rights over and above those you already have. It is the labels licensing agreement with you. MediaMax is just an annoyance that sits between you and what you want to do.

  53. Ed,

    “I’ve tried the Shift key trick myself and I know it works. A nine-month-old trade press article quoting a SunnComm press release isn’t enough to convince me that that it doesn’t. ”

    I’m glad you are sceptical about their press releases. Most are downright lies and many of the rest are misleading.

    They even made up a deal with a non-existent company.

    http://cdmediaworld.com/hardware/cdrom/news/0012/sunncomm_cd_protect.shtml

    Will-Shown does not exist.

  54. “Maybe Felten should consult with a lawyer on copyright laws before sticking his foot in his mouth.”

    Funny, I would’ve thought Sony’d do the same before purchasing & redistributing software containing GPLed/LGPLed code…

    Unless, you know, it’s not _really_ about protecting ‘rights’ and is instead all about defending ‘property’…which seems to be the war they’d really rather fight…

  55. Hi Alex,
    It is interesting that you have known about the alleged marker information, yet you haven’t published the info in your previous articles. Additionally, it is interesting that Mr. Felton referenced the Gartner article when:
    1. They were not talking about MediaMax and
    2. You already had the answer, but apparently hadn’t spoken to him about it in all the discussions the two of you have had regarding this software.

  56. Hi Dale,

    The CDs I listed above are very clearly using MM5 and not MM3. The software on them is an updated version of the software on the Peter Cetera album, which is easy to distinguish from the CD3 software used on Stand Up and elsewhere. Professor Felten’s point stands–deployed discs using MM5 are vulnerable to the magic marker and shift key problems.

    If SunnComm really does have a newer technology that corrects these issues, I’d be happy to study it and publish a confirmation if it works. But every SunnComm-protected album I’ve ever seen to date suffers from the weaknesses described in the post.

  57. Cetera’s CD was released in ’04, prior to when SunnComm announced they had fixed the shift key issue, which was in ’05. Additionally, each CD is looked at on an individual basis with regards to use of MM3 or MM5. For instance, Dave Matthews’ Stand Up was released in the spring of ’05 with MM3. So, I feel more research is needed. Perhaps it would be prudent to contact the company and inquire as to which CDs employ the technology you are defeating. It very well may be that you are not working with fully updated MM5 or that you are indeed working with MM3.

  58. From what I gather, Gartner was looking at the XCP software.

    “According to Gartner analysts Martin Reynolds and Mike McGuire, Sony’s XCP technology is stymied by sticking a fingernail-size piece of opaque tape on the outer edge of the CD. “

  59. “but Gartner says it works”

    Which CD was he testing as well?

  60. Which disk?

  61. Dale,

    Have you tried them on MM5? I’m writing about MM5 here.

  62. Yes, they worked with MM3, not with MM5.

  63. Dale,

    If you think these tricks don’t work, I suggest that you get a disc and try them.

    I have to admit that I haven’t tried the felt-tip pen trick on MM5 myself, but Gartner says it works. (That’s why I wrote that it “reportedly” works.)

    I’ve tried the Shift key trick myself and I know it works. A nine-month-old trade press article quoting a SunnComm press release isn’t enough to convince me that that it doesn’t.

  64. I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a specific right that users get because of MediaMax, and explain why that right comes from the MediaMax product?

    The label gives permission to make three copies. When we talk of piracy it does not mean burning thousands of copies. Each cd owner could
    make 10 copies and send to friends, they in turn could make 10 copies
    and you can do the math.

    I also think someone should inform the University that you have laid out ways to circumvent any security of protected cd’s. In other words you telling everyone this is how to steal. Nice going Princeton.

    I will make sure my children will never attend a plkace that teachs how to cheat and steal, and I feel you are trying to do that with you fifteen minutes of fame.

  65. “MediaMax reportedly can be defeated by the well-known trick of drawing a circle around the outer edge of the CD with a felt-tip pen, or covering the outer edge with tape.”

    This may have been the case for MM3, however, MM5 does not employ a second session, which is what these methods work to defeat.

    So, it looks as though 2 of the 3 ‘well known’ tricks, actually aren’t that tricky.

  66. SunnComm fixes ‘Shift Key’ embarrassment
    Take that, nerd boy
    By Ashlee Vance in Chicago
    Published Wednesday 2nd February 2005 17:56 GMT
    Get breaking Internet news straight to your desktop – click here to find out how
    SunnComm has at last fixed its most infamous flaw – the Shift Key break to its DRM (digital rights management) technology.

    The company has started shipping an update to its MediaMax software that blocks users from employing the Shift Key attack discovered in 2003 by a student at Princeton University. The student realized that SunnComm’s DRM technology could be disabled by holding the Shift Key down when inserting a new CD. This allowed users to do what they liked with the songs, undermining the entire point of SunnComm’s software.

    “The new technology, when embedded onto the optical medium, makes it even more difficult for the consumer to improperly use the CD without first installing the MediaMax software,” SunnComm said in a statement. “Throughout the latest series of tests, this newest version of the copy management technology has proven to significantly improve protection for MediaMax-enhanced discs while remaining 100% playable in all consumer CD and DVD players.”

    SunnComm acknowledges that some people may still find a way to workaround its DRM, but it’s convinced the MediaMax update makes the Shift Key issue a moot point.

  67. Tommy Knowlton says

    CD owners of non-mediamax protected albums aren’t legally allowed to make copies without consent from the copyright owner

    Just one more lie the content industries have been pushing so long, they and much of the public have come to believe it.

    It’s not a violation of copyright for me to duplicate an unprotected music CD for my own personal use. Not in the USA. Not yet.

  68. Steve K,

    It’s not true that all copying is illegal. You might want to talk to a copyright lawyer yourself.

    And if all copying is illegal, why are you bragging that MediaMax facilitates copying?

    Copying a song from my CD into my iPod is legal. MediaMax can’t copy a song from the CD onto my iPod, and MediaMax actively interferes with the tools I normally use to do that. In order to get a song from the CD into my iPod, I have to defeat MediaMax.

    I’m not sure what you mean when you say MediaMax gives people more “rights”. Can you please name a specific right that users get because of MediaMax, and explain why that right comes from the MediaMax product?

    What specific benefits does MediaMax provide? (And please don’t name a benefit that already existed before MediaMax came along, like the ability to copy music from CDs into certain portable music players.)

  69. Dear Steve K, a paid record company shill;

    Why would any sane person run an untrusted application off a media that is supposed to contain only audio?

    An application, that has no practical use or need. The Audio CD works quite fine without the application, assuming the user doesn’t have autorun activated (or presses that shift button).

    An application, with a single main function – to disable part of the functionality of the computer.

    Audio CDs cannot be protected from ‘piracy’. It’s impossible as long as the audio portion of the disc has to play on Compact Disc players. Red Book standard doesn’t allow an effective way to ‘lock down’ the content. Suckering normal people into installing extra software that cripple their computers unneccessarily just because there is no other way to even attempt to prevent the copying should be illegal. Texas Attorney General seems to think that it IS illegal.

  70. Sorry, I left this off the last post when I pasted it:

    First off…

    With a MediaMax CD you don’t need to do any of the methods around the software to make illegal copies like he seems to condone.

    People who own a CD with MediaMax can copy to CDR’s, legally

    People who own a CD with MediaMax can Copy the tracks to their PC, legally (wma files and Fair play files as soon as Apple licenses their DRM). People only have to use the mediamax CD to encode the DRM protected tracks to their PC, they never have to open it again unless they want to use some of the bonus features. Any Windows media compatible player will play the tracks and that would be the vast majority of windows machines, other media players simply need you to install a plug-in to listen to wma DRM compliant tracks.

    Secondly…

    It is really disturbing that Felten listed all the ways to illegally break the copyright laws on the disc and then have the audacity to tell everyone it takes away their lawful use of the digital media, this simply isn’t true IMO. MediaMax gives the CD owner more rights to copying music than ever before! CD owners of non-mediamax protected albums aren’t legally allowed to make copies without consent from the copyright owner, but now they have a method thanks to MediaMax. Maybe Felten should consult with a lawyer on copyright laws before sticking his foot in his mouth.

  71. Another Felten Misstatement:

    >>”MediaMax makes your computer less secure and your music less available for lawful use

  72. Tommy Knowlton says

    Ed, your last sentence says it all. The key intuition here is that for all their hue and cry, the content industries aren’t accomplishing much at all to deter piracy, but have accomplished much in the way of curtailing formerly-protected fair uses. They don’t want it to be legal to lend a CD to a friend. They don’t want it to be legal for you to buy the song once and play it everywhere. For them, the best possible outcome would be pay per play and consumers would never get the content in a durable, tangible form.

    I recall when DeCSS was the big thing in the news (and the courts) and one commentator put the whole DMCA question into perspective like this: the big pirates don’t DeCSS the videos to make copies; they make a glass master with all the encryption intact, and press thousands of DVD’s using equipment that’s prohibitively expensive for consumers. DMCA’s anti-circumvention clause is irrelevant, because they press them without circumventing the technological measures. What the anti-circumvention clause does accomplish, is preventing you backing up your DVD in case it gets scratched.

  73. TheHackerNextDoor says

    What does it accomplish?

    a) fewer sales
    b) peve’d fileswappers
    c) more Internet traffic
    d) lawsuits for being guilty of the very laws they wrote and paid for
    e) The very *opposite* of what they intended

  74. MediaMax DRM copy protection – does it work?

    MediaMax is the other DRM copy-protection scheme that Sony uses.
    But how effective it is?
    It seems that the answer is not very !
    Technorati Tags: MediaMax, DRM, copy-protection, Sony…