No passwords or login information for users to enter, forget or share, or for you to manage and distribute.
Keys to decrypt ebooks are automatically and transparently securely transferred to authorized devices and locked to them.
When it comes to protecting your ebooks from piracy or theft, ebook DRM (e-book Digital Rights Management) is probably one of the first things you will think of.
Digital rights management is the only effective security to stop ebook copying and unauthorized distribution, but most systems are poorly implemented.
Many publishing platforms (Amazon Kindle Ebooks, Google Play Books, and Kobo) rely on the protection supported by Adobe Digital Editions (ebook reader software that uses Adobe Content Server for protection) but that has significant flaws. The main one being that the ebook protection can be easily removed.
Here we discuss the most popular ebook formats (epub & PDF), ebook DRM protected content, DRM protection methods (Adobe DRM and PDF DRM), and alternatives to DRM, and explain which is best.
Ebook Digital Rights Management (DRM for short) refers to a series of controls that, at their most basic level, are used to prevent the unauthorized copying, editing, and sharing of content. More advanced DRM solutions additionally prevent screen grabbing, allow publishers to revoke use after a certain date, and more.
DRMs vary in their protection mechanisms. Kindle and similar protections work by either wrapping the ebook in DRM code or adding code to the ebook package itself. Amazon designed this modification to stop the user from opening the ebook in anything other than authorized viewers (whether that be on a PC or an e-reader). Most of these viewer applications also try to stop the user from printing, copying, and converting the ebook. The DRM also attempts to stop users from opening the file on unauthorized devices by requiring their device to hold the correct key or be linked to an account with the purchase registered to it.
Standard Adobe PDF protection encrypts an ebook with a unique encryption key which is stored in its encryption dictionary. The user or owner password is then used to recover the encryption key from the dictionary and decrypt the file’s contents, making it viewable again.
As we’ll cover below, however, the poor implementation of most DRM solutions has led to them becoming trivial to remove.
Kindle readers support five different file formats: MOBI, KFX, AZW, EPUB and PDF. The MOBI, AZW and KFX formats use Amazon’s DRM, whereas EPUB and PDF ebooks are DRM protected using Adobe ADEPT / Adobe Content Server. Google Play uses Adobe DRM.
However, all these DRM protection schemes are really easy to remove:
So, you may wonder: what protection are your ebooks actually getting against piracy and theft if the security can be easily removed?
If you trust users not to use ebook DRM removal tools, then you might equally trust them not to share your ebooks with others and therefore have no need to implement DRM security to begin with.
Read How to protect ebooks from sharing and copying to see how easy it is to remove popular ebook DRM formats.
An alternative to using the above platforms for ebook distribution and protection is using software to generate an HTML5 ebook that can be viewed in the browser.
There are many ebook DRM remover tools that work with MOBI, KFX, AZW, EPUB and PDF files. The most popular are:
You might ask why these ebook DRM removal applications are so successful. It’s simple: the above DRM security has been implemented as an afterthought (and usually rather badly), enabling applications to either plugin to (to access the content as it is decrypted or intercept the decryption keys) or pickup unprotected content that the system has directly cached to disk. This is nothing new – Elcomsoft pointed out the issues with Adobe PDF DRM and other ebook protection methods back in 2000. 20 years on and removing the DRM from ebooks is still trivial. See PDF Security issues and weak DRM implementations for further information.
Adobe’s standard security handler uses RC4 stream cipher, encrypting file content with a unique encryption key. The encryption key is encrypted and stored in the file’s encryption dictionary. Either the user password or owner password can recover the encryption key and decrypt the file content. Removing PDF Passwords covers this subject in more detail.
In 2009 Adobe Digital Editions was broken by i♥cabbages allowing users to remove the DRM protection from Adobe ebooks. They commented “There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it”. 5 years later, in 2014, Adobe released Adobe Content Server 5 which, in their own words, is “A more secure Digital Rights Management scheme to protect EPUB and PDFs from unauthorized viewing. The new hardened DRM solution uses multiple encryption layers with Adobe Licensing server having the control to change the mechanism of encrypted key generation.” Yet still ebook DRM removal products claim to remove it, proving that it does not matter how many layers of encryption you have if it is implemented poorly.
Publishers who implemented the latest edition were also in for a shock. Customers reported losing e-books from their libraries after having upgraded to the latest version.
Sadly, access being denied to PDF documents and ebooks after an Adobe update is not new. Companies that have implemented the Acrobat PDF DRM plugin have also had furious customers unable to access DRM protected PDF files since every time Acrobat is updated the plugin no longer works.
PDF is still the most common format for document distribution since it produces reliable results across all platforms. Adobe PDF DRM, however, is flawed and can be removed easily (just like Adobe PDF password protection and permissions or restrictions).
If you are serious about protecting PDF ebooks from piracy and theft and are happy to provide your own means of distribution (rather than using an ebook publishing platform) then using DRM that does not rely on Adobe (or a third party DRM plugin to Acrobat) is clearly the way forward.
Adobe DRM might be the industry standard but any solution that can be instantly removed is not worth implementing to begin with. And that is before you even consider the costs involved:
Some companies say that DRM that completely secures content must be cumbersome or difficult to use and that their solution strikes the perfect balance between ease of use and security.
Let’s be clear, if the security can be easily removed it is not effective and you are wasting your money. An ebook DRM or PDF DRM system can be secure yet easy to use.
Locklizard ebook DRM protects PDF files using strong encryption and DRM controls to ensure your ebooks are protected against simple DRM removal applications. Our DRM protects ebooks in PDF format from piracy, copying and sharing.
We stop printing to PDF, stop screen grabbers and lock ebooks to devices so they cannot be shared. If you don’t want users to install a Viewer, then you can distribute your secure ebooks on a USB stick that includes the Viewer software. Users can then open DRM protected files directly from USB without installing any software. You can publish whole ebook libraries on USB sticks and then later grant access to individual books. You can also add new ebooks as you publish them and you can grant access accordingly.
Locklizard ebook DRM enables you to sell ebooks securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls. Our DRM technology ensures your ebooks remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls. Ebook content is decrypted in memory and no temporary files are used.
Only DRM can be used to restrict how content is used – not encryption, password protection or onetime links. DRM can stop ebook sharing, content copying and editing, disable printing, and control expiry.
Alternatives to ebook DRM include:
You protect a PDF ebook with a password and apply limited restrictions over content use. Passwords have to be manually entered so they can be shared with others (and therefore your ebooks) and PDF restrictions can be easily removed.
For each user who purchases your ebook, you provide a unique, single use link. These stop multiple users from downloading ebooks using the same link but do not stop users sharing ebooks with others once they have downloaded them.
File encryption software enables you to encrypt any type of file. It is great for protecting ebooks on servers or in transit, but once a user has decrypted the file, they can share it with others (or share the decryption key if it is entered manually or known to the user).
If your ebook is not protected with DRM then watermarks can be easily removed. PDF watermarks can be removed in a PDF editor in a single action and a hidden watermark can be removed by either saving them as different file formats or printing to PDF.
So, DRM is best for ebooks, but not all ebook DRM is equal. Some formats provide limited restrictions and have been comprehensively cracked. It’s important to choose your ebook format and ebook DRM solution carefully.