Ebook DRM

Ebook DRM protection: is DRM best for ebooks?

  Free Trial & Demo

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

  Ebook DRM: protecting ebooks from piracy, copying & sharing

  The most popular ebook formats and ebook DRM protection methods

When it comes to protecting your ebooks from piracy or theft, ebook DRM (e-book Digital Rights Management) is probably one of the first things you will think of.

Digital rights management is the only effective security to stop ebook copying and unauthorized distribution, but most systems are poorly implemented.

Many publishing platforms (Amazon Kindle Ebooks, Google Play Books, and Kobo) rely on the protection supported by Adobe Digital Editions (ebook reader software that uses Adobe Content Server for protection) but that has significant flaws.  The main one being that the ebook protection can be easily removed.

Here we discuss the most popular ebook formats, ebook DRM protected content, is DRM is best for ebooks or are their better alternatives, and which DRM for ebooks is best.

Removing DRM from ebooks

If a security system uses weak protection then it is simple for users to unlock DRM protected ebooks.

  1. DRM ebook readers that display protected content in the browser don’t prevent piracy.  Users can simply strip or remove the DRM restrictions by editing JavaScript in their browser, go to a website (e.g. Docsend2PDF.com), or install a plugin that does this for them.
  2. Amazon Kindle DRM and similar DRM ebook readers can all have their protection instantly removed using free or low cost apps such as Epubor or Calibre.

  What is DRM in ebooks?


Ebook Digital Rights Management (DRM for short) refers to a series of controls that, at their most basic level, are used to prevent the unauthorized copying, editing, and sharing of content.  More advanced DRM solutions additionally lock use to devices, prevent screen grabbing, allow publishers to revoke use after a certain date, and more.

  How does ebook DRM work?


We cover how does DRM work in our overview of Digital Rights Management – this applies equally to ebooks.  However, ebook DRM works differently for installed apps and browser-based solutions:

  1. Kindle and similar protection solutions work by either wrapping the ebook in DRM code or adding code to the ebook package itself.  Amazon designed this modification to stop the user from opening the ebook in anything other than authorized viewers (whether that be on a PC or an e-reader).  Most of these viewer applications also try to stop the user from printing, copying, and converting the ebook.  The DRM also attempts to stop users from opening the file on unauthorized devices by requiring their device to hold the correct key or be linked to an account with the purchase registered to it.
  2. Browser based systems that convert ebooks to HTML5 or images, use passwords to restrict access, and JavaScript to enforce restrictions such as printing, copying and downloading.

As we’ll cover below, however, the poor implementation of most DRM solutions has led to them becoming trivial to remove.

  Amazon Kindle, Google Play, and Adobe DRM (epub & PDF)


Kindle readers support five different file formats: MOBI, KFX, AZW, EPUB and PDF.  The MOBI, AZW and KFX formats use Amazon’s DRM, whereas EPUB and PDF ebooks are protected by DRM using Adobe ADEPT / Adobe Content Server.  Google Play uses Adobe DRM.

However, all these DRM protection schemes are really easy to remove:

  • Type in ‘Kindle DRM’ in Google and the first page of results is full of instructions on how to remove it easily (using a Calibre plugin, converting Kindle to PDF, etc.).
  • Type in ‘Adobe Digital Editions DRM’ in Google and the entire first page (apart from one for the Adobe site) is devoted to instructions on how to easily remove it.

So, you may wonder: what protection are your ebooks actually getting against piracy and theft if the security can be easily removed? 

If you trust users not to use ebook DRM removal tools, then you might equally trust them not to share your ebooks with others and therefore have no need to implement DRM security to begin with.

Read DRM for Kindle ebooks and How to protect ebooks from sharing and copying to see how easy it is to remove popular ebook DRM formats.

  HTML5 ebooks and DRM


An alternative to using the above platforms for ebook distribution and protection is using software to generate an HTML5 ebook that can be viewed in the browser.

However, protecting ebooks in a browser is limited.  There is no software installed on the client computer to decrypt the content or provide significant control over it once it has been decrypted.  Protected content either has to be decrypted on the server and relayed to the client (some bad implementations decrypt straight to disk where it is left available in the cache in plain text) or by using JavaScript in the browser.  JavaScript is also used to enforce restrictions such as preventing copy, edit, print and download.

Weaknesses of browser-based ebook DRM solutions
  1. You cannot prevent users from sharing login details and thus ebooks with others.
  2. JavaScript can be easily edited in the browser’s developer mode to remove all restrictions, expiry, tracking and watermarks.  Alternatively, users can install a plugin to remove the DRM, or enter the URL of the protected book in an online DRM removal solution.
  3. If you allow printing then you cannot prevent users from printing to PDF format and removing all the protection.
  4. You cannot prevent screenshots.  If prtscr or similar keys are disabled, users can just use a screen grabbing app instead.
  5. Users have to be online.  Solutions that let users download ebooks either use password protection or JavaScript which is a security risk.
  6. You have to uploaded your ebooks to a cloud server as unprotected files and you do not know who can really access them.

As we have shown in How secure are Google Docs and Flip books, it is simple for users to bypass the protection.

   DID YOU KNOW?

Ebooks and DRM security issues

  1. Amazon, Apple and Adobe DRM systems have all been broken.
  2. Browser based viewers provide weak security – users can share login info and JavaScript restrictions are simple to bypass.
  3. Securing ebooks with passwords is useless because users can share them or remove them with password recovery tools.
  4. Adobe PDF permissions (stop copy, print etc.) can be easily removed.

“We have been looking for years to find a software company that would allow us to securely sell our eBooks.  Locklizard offers so many options, we are able to fill the needs of all of our customers.  We have used other software providers that had promised the security of our eBooks but they never lived up to that promise the way that Locklizard has.

The support we received has been outstanding.  They are very responsive to our requests and go the extra mile.

I would recommend Locklizard if you are looking for secure ebooks.”

   Software to remove ebook DRM


There are many ebook DRM remover tools that work with MOBI, KFX, AZW, EPUB and PDF files.  The most popular are:

  • Calibre and DeDRM plugin – remove the DRM from Adobe Digital Editions and Kindle DRM.
  • Epubor– provides software to remove the DRM from Adobe Adept (Google Play ebooks), Amazon Kindle, Kobo, Nook, Sony & more.
  • EPubsoft ToolBox – remove the DRM from all common ebook formats.
  • Tuneskit – removes Apple DRM (iTunes DRM removal).


You might ask why these ebook DRM removal applications are so successful.  It’s simple: the above DRM security has been implemented as an afterthought (and usually rather badly), enabling applications to either plugin to (to access the content as it is decrypted or intercept the decryption keys) or pickup unprotected content that the system has directly cached to disk.  This is nothing new – Elcomsoft pointed out the issues with Adobe PDF DRM and other ebook protection methods back in 2000.  20 years on and removing the DRM from ebooks is still trivial.  See PDF Security issues for weak DRM implementations and Adobe PDF encryption for how simple it is to unlock or break the security.

Adobe’s standard security handler uses RC4 stream cipher, encrypting file content with a unique encryption key.  The encryption key is encrypted and stored in the file’s encryption dictionary.  Either the user password or owner password can recover the encryption key and decrypt the file content.  Removing PDF Passwords covers this subject in more detail.

In 2009 Adobe Digital Editions was broken by i♥cabbages allowing users to remove the DRM protection from Adobe ebooks.  They commented “There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it”.  5 years later, in 2014, Adobe released Adobe Content Server 5 which, in their own words, is “A more secure Digital Rights Management scheme to protect EPUB and PDFs from unauthorized viewing.  The new hardened DRM solution uses multiple encryption layers with Adobe Licensing server having the control to change the mechanism of encrypted key generation.”  And later generations promised better protection.  Today however, ebook DRM removal software can still remove Adobe Digital Editions, proving that it does not matter how many layers of encryption you have if it is implemented poorly.

Publishers who implemented later editions were also in for a shock.  Customers reported losing e-books from their libraries after having upgraded to the latest version.  Sadly, access being denied to PDF documents and ebooks after an Adobe update is not new.  Companies that have implemented the Acrobat PDF DRM plugin have also had furious customers unable to access DRM protected PDF files since every time Acrobat is updated the plugin no longer works.

  PDF ebook DRM & Adobe PDF DRM

PDF is still the most common format for document distribution since it produces reliable results across all platforms.  Adobe PDF DRM, however, is flawed and can be removed easily (just like Adobe PDF password protection and permissions or restrictions).

If you are serious about protecting PDF ebooks from piracy and theft, and are happy to provide your own means of distribution (rather than using an ebook publishing platform), then using DRM that does not rely on Adobe (or a third party DRM plugin to Acrobat) or the browser, is clearly the way forward.

  Adobe DRM for Digital Editions – Adobe PDF DRM & ePub DRM

Adobe DRM might be the industry standard but any solution that can be instantly removed is not worth implementing to begin with.  And that is before you even consider the costs involved:

  • Initial software license fee: $10,000
  • Annual maintenance: $1,500
  • Development and deployment: $5,000-$10,000
  • Cost per e-book download: $0.22

Some companies say that DRM that completely secures content must be cumbersome or difficult to use and that their solution strikes the perfect balance between ease of use and security.

Let’s be clear, if the security can be easily removed it is not effective and you are wasting your money.  An ebook DRM or PDF DRM system can be secure yet easy to use.

  Locklizard DRM for ebooks


Locklizard ebook DRM protects PDF files using AES 256 bit encryption and DRM controls to ensure your ebooks are protected against simple DRM removal applications.  Our DRM protects ebooks in PDF format from piracy, copying and sharing.

We prevent printing to PDF, block screen grabbers from taking screenshots, and lock ebooks to devices so they cannot be shared.  If you don’t want users to install a Viewer, then you can distribute your secure ebooks on a USB stick that includes the Viewer software.  Users can then open DRM protected files directly from USB without installing any software.  You can publish whole ebook libraries on USB sticks and then later grant access to individual books.  You can also add new ebooks as you publish them and you can grant access accordingly.

Locklizard ebook DRM enables you to sell ebooks securely without insecure passwords, JavaScript, or plug-ins, and enforce access, location, expiry, and usage controls.  Our DRM technology ensures your ebooks remain safe regardless of their location with US Gov Strength encryption, licensing, and DRM controls.  Ebook content is decrypted in memory and no temporary files are used.

  Why Locklizard DRM is best for ebooks

Locklizard provides many advantages over Adobe DRM & Amazon & third party ebook DRM systems

  • No Passwords or Logins

    No passwords or login information for users to enter, forget or share, or for you to manage and distribute.

    Keys to decrypt ebooks are transparently and securely transferred to authorized devices and locked to them.

  • Device & location locking

    • Automatically locks ebooks to devices to stop users from sharing your ebooks with others
    • Optionally lock ebook use to locations.  For example, ban use in specific countries
    • Control the number of devices your DRM protected ebook is installed on
  • DRM Controls

    Control ebook use with effective DRM controls:

    • Prevent screenshots
    • Stop copying and pasting
    • Stop editing and modifying
    • Stop printing (or limit the number of prints)
    • Expire ebooks after a number of days’ use, views, prints, or on a fixed date
    • Revoke ebooks instantly (regardless of where they are) if a chargeback is made
    • Track opens and prints
  • Dynamic Watermarks

    Add permanent and dynamic watermarks to identify users.  Watermarks are inserted automatically at view and/or print time with user-identifiable information to discourage the distribution of photos and photocopies.

    You only have to protect your ebook once for all users rather than having to do so individually to display unique user information (name, email, etc.).

    Unlike Adobe watermarks, which can be easily removed by selecting them in a PDF Editor, Locklizard watermarks are permanent.

  • Secure Distribution

    • Protect ebooks on your local computer – no uploading of unprotected files to a server where they could be easily compromized.
    • Distribute protected ebooks just like any other file – upload them to a cloud server, your website, send by email or distribute on USB, etc.
  • PDF ebook format

    Protection of PDF files rather than proprietary ebook formats for a consistent display across multiple devices.

  • Simple to use

    Our ebook DRM software is simple to use – protect ebooks by right-clicking on them in Windows Explorer.

    Manage user and ebook access via our cloud-hosted administration system (hosted by us or by you on your own premises).

    Automate ebook DRM protection and integrate with your e-commerce system for automated user account creation and ebook access.

  • Cost Savings

    • No charges per ebook sold – just a one-off fee for unlimited ebooks and users
    • No development and deployment costs
    • Choice of licenses to suit you

  Is DRM best for ebooks?

DRM alternatives to stop ebook sharing and copying

Many companies claim to protect ebooks from sharing and advertise them as alternatives to ebook DRM or as DRM solutions.  Are they effective or is DRM best for ebooks?

Here we cover the most common ways you can protect ebooks and their weaknesses:

  1. PDF password protection

    You protect a PDF ebook with a password and apply limited restrictions over content use.  Passwords have to be manually entered so they can be shared with others (and therefore your ebooks) or just simply removed, and PDF restrictions can be instantly removed.

  2. One-time download links

    For each user who purchases your ebook, you provide a unique, single use link that may or may not expire.  These stop multiple users from downloading ebooks using the same link but do not stop users sharing ebooks with others once they have downloaded them.

  3. File encryption

    File encryption software enables you to encrypt any type of file.  It is great for protecting ebooks on servers or in transit, but once a user has decrypted the file, they can share it with others.

  4. Secure browser based viewers

    Any solution that enables users to view ebooks in the browser provides weak security despite how secure it says it is.  Not only can users share login details, they can also bypass restrictions that prevent copy, print, edit and download.  We cover this in How secure are Google Docs.  All browser viewers use the same system (JavaScript) for enforcing restrictions and have the same security weaknesses regardless of their ‘DRM protection’.

  5. Protected flip books

    Various online solutions allow you to upload PDFs to their website for conversion into a HTML5 flipbook or PDF flip book, which introduces page flip transitions and security controls to prevent download, copying, printing, etc.  Unfortunately, like all browser-based controls these are easy to bypass.  Changing a single line of code usually lets users download unprotected copies of the flipbook in PDF format.

  6. Social DRM or watermarks

    If your ebook is not protected with DRM then watermarks can be easily removed.  PDF watermarks can be removed in a PDF editor in a single action and a hidden watermark can be removed by either saving them as different file formats or printing to PDF.

Only DRM can be used to restrict how content is used – not encryption, password protection or onetime links.  DRM can stop ebook sharing, content copying and editing, disable printing, enforce watermarks and tracking, and control expiry.

So, DRM is best for ebooks, but not all ebook DRM is equal.  Some solutions provide limited restrictions or weak security, and have been comprehensively cracked.  It’s important to choose your ebook format and software solution carefully.

  FAQs

Which DRM should I use to protect my ebooks?

It depends on your requirements and the platform you want to publish on:

  1. If you’re set on publishing on Amazon, Kindle DRM may be enough to stop customers who are clueless about technology.
  2. If you want users to view ebooks in the browser without installing a viewer, then any browser based ebook DRM system will provide the same level of security.
  3. If you want real, effective protection against ebook piracy, a PDF DRM solution like Locklizard Safeguard is the only real choice.  Ebooks are locked to devices so they cannot be shared, and restrictions are enforced in a secure viewer application so they cannot be bypassed.
Is removing the DRM from ebooks illegal?

According to Harvard Business Review, it is illegal in the US to break the DRM of an in-copyright ebook even if it is for personal use.  The main exception is if the purchaser is legally blind and cannot reasonably find an accessible version of the ebook.

It is not, however, illegal to tell somebody how to remove DRM from an ebook or point them to tools that allow them to do so.  And, because ineffective DRM software leaves the chance of getting caught very low, many will follow those instructions – we cover this in ebook piracy.

Do I need DRM on my ebook?

Not necessarily.  If you are looking to release content for free or do not care too much about profits, it probably isn’t worth implementing DRM.  If you want to make a living out of your ebooks (e.g. publish and sell ebooks online) or stop people from claiming your work as their own, however, a good DRM solution is well worth the investment.

Are Amazon ebooks DRM free?

No.  The vast majority of Amazon ebooks are not DRM free – they use the company’s Kindle DRM.  This includes free works and those that are no longer in copyright.  However, the DRM that it does use is easily removed or unlocked by free software – and therefore offers very little protection.

Does my ebook have DRM?

To see if your ebook is protected by DRM, try converting or saving it as another file format.  If you can, then DRM is not enabled.

For a Kindle book, look at the product details on the book’s Amazon store page.  The author may mention whether DRM is enabled or not.  If there is the text ‘simultaneous device usage: unlimited’, the book is not protected by DRM.

What is the best way to add DRM to an ebook?

The best way to protect an ebook is to avoid DRM for common formats like EPUB, MOBI, and AZW and use a PDF DRM solution instead.  However, you must take care to choose the right solution because Adobe DRM for ebooks is entirely ineffective, and browser-based readers provide weak security.

Customer Testimonials