There are various companies that say they can help you sell PDFs/ebooks online securely and prevent sharing. But how much help are they really? Here is an analysis of some common security methods and their value.
PDF password protection is one of the most common and cheapest methods of securing PDFs. PDF documents are encrypted with a password to prevent unauthorized access, and PDF restrictions can be applied to control some document use (e.g. preventing printing).
However, it is completely useless as a form of document protection:
- Users can share the document password with others and post it online along with the document
- You have to give the user the password for them to view the document so they can remove it instantly
- Passwords can be removed by password recovery applications
- Adobe permissions (these control how a document can be used – i.e. allow or deny printing) can be easily removed in seconds by free online password removal tools
And of course, there is the problem of creating, distributing and managing passwords to begin with.
Secure download systems rely on generating a unique download link for each user when they purchase your documents online. They often combine this with a password protected file, and the user is given the download link and password after purchase.
However, once the user has downloaded the file and has the password to open it, they can then share these with others.
Although secure downloads and passwords may stop users from arbitrarily downloading documents they have not paid for, they do nothing to prevent someone who has paid for a document then giving it to others for nothing.
Dynamic Watermarks with user information
Some systems watermark PDF files with user information – this is added to the PDF document when it is purchased.
However, what you are not told is that these watermarks can be easily removed in a PDF editor. All the user has to do is to open the PDF file, select the watermark, and press the delete key to remove all instances.
Social watermarking, also known as social DRM, is a type of dynamic watermarking for ebooks that inserts hidden watermarks that identify the user. Unfortunately, despite the name, it can hardly be called DRM. It does not stop users from editing, which means that the code can easily be inspected and the hidden watermarks removed.
There are many ebook DRM systems available from the big brands (Amazon, Google, Kobo, etc.). However, all of them provide only weak security: ebook conversion tools such as Epubor can remove the protection for free in seconds. There’s little point in applying these popular DRMs since they provide no protection against piracy.
You should instead look for a good PDF DRM or ebook DRM system that uses multiple technologies to prevent the copying, sharing, printing, and piracy of your documents. These include:
- Document encryption to prevent unauthorized access and lock use to machines
- Public key technology rather than passwords
- SSL for secure key transfer to authorized devices
- Licensing controls to identify users and devices
- Dynamic watermarks that are permanent and cannot be removed
- The ability to transfer licenses between devices – see ebook DRM & license transfer
- Proprietary security techniques to control operating system behaviour – i.e. to stop screen grabbing applications from operating effectively
- Full security and control over offline documents
- Dedicated secure viewer applications to control document access and use
See our DRM technology to better understand how these components make up an effective document security system.
Some document DRM systems rely on plug-ins to Adobe Acrobat but these bring with them their own problems, including compatibility issues, security issues (plugins can be circumvented by other plugins), and failure to continue working after Acrobat updates.