LCP DRM removal information

Question

LCP DRM removal information

noDRM opened this issue 3 years ago · 12 comments

On January 4th, Readium has issued a DMCA takedown request for this repository and its forks, because it contained, by their definition, code to "illegally access ebooks protected by copyright". Even though I don't think that that's true (in order to access books using this plugin you need to have legal access credentials and keys ...), I had to comply with this request in order to be able to keep this repository and to prevent legal issues.

This means:

The LCP DRM removal code is no longer available in this GitHub repository, and I will no longer be providing the "old" version of the lcpdedrm.py file, or any other part of the LCP circumvention code.
Git history has been rewritten as of commit a44b50d (which used to contain the first version of the LCP DRM removal code), so if you have any forks you will need to re-base them on this commit.
The lcpdedrm.py file in this repository (SHA256sum 830624873b836a95b2c7902c71d4f6712f92835c6e2fb2ae44f96ee8de2e77db) has been replaced with one that just prints an error message upon encountering an LCP-protected book.
The release ZIP files for v10.0.0, v10.0.1 and v10.0.2 have been replaced with updated ones that also contain this modified lcpdedrm.py file.

GitHub and Readium are now reviewing this repository again to see if they are happy with the current state - I don't expect there to be any issues, as I've implemented all the changes they suggested, so I hope that this repository will now stay available.

Answer 1 · 2022-01-11T12:38:10.000Z

Thank you for your hard work.

Answer 2 · 2022-01-11T18:57:47.000Z

Thank you! Really appreciate your time, energy and willingness to continue development and maintenance of these tools ❤️

Answer 3 · 2022-01-12T01:56:12.000Z

Same here. Thank you.

Answer 4 · 2022-01-28T12:08:38.000Z

That's a shame :/ Ran into issues because of this now.

Answer 5 · 2022-01-31T20:49:02.000Z

The takedown says:

The LCP encryption profile 1.0, its algorithm and associated keys are not posted online, nor open in any manner.

The LCP 1.0 spec defines the "Basic Encryption Profile 1.0" in section 6.3:
https://readium.org/lcp-specs/releases/lcp/latest#63-basic-encryption-profile-10

The readium profile registry at https://readium.org/lcp-specs/registries/profiles lists two profiles: Basic and Production.

Am I right that code that only implements the basic profile - but not the production profile - would be fine?

Answer 6 · 2022-02-01T11:01:22.000Z

It probably would be fine. Though, given that I only got one chance to remove the offending content and get access to this repository back, I decided to play it safe and remove all the code. If I had left the "basic" variant code online and Readium would have claimed I didn't remove everything I need to remove, Github would have banned my repository completely.

I don't think it would be a good idea for me to go contact Readium and be like "Hey I'm the guy who you issued a DMCA request against, are you okay with me publishing code to crack your basic profile?". Maybe someone else wants to do that.

I mean, in theory the applications that implement this DRM (= Thorium Reader) is licensed under a BSD 3-Clause License. This means that redistributions in source and binary form should be allowed - so considering that the binary form of Thorium contains machine code to parse the "production" LCP DRM, that should also mean that I'm allowed, under that license, to take that code and adopt it for the plugin (if I add the necessary copyright headers), including both the basic and the production profile.

Readium seems to not agree with that, which means that they are using an incorrect license for their project. They are claiming that Thorium would be under BSD-3-license, while they claim in the DMCA request that it'd be closed-source.

If Readium writes a public statement or actively confirms that removing DRM from books protected with their "test" profile basic-profile does not violate their copyright (considering that I implemented the removal code myself, they shouldn't have any ...), I will add back that support. But hey, they also falsely claimed that my implementation of their DRM would violate their "copyright" on the encryption profile, so I doubt they'd do that.

Answer 7 · 2022-02-04T09:39:07.000Z

Unfortunate that things had to be resolved in this fashion, but given the potential of no more noDRM. I would say it is better than the alternative.

given that I only got one chance to remove the offending content and get access to this repository back, I decided to play it safe and remove all the code. If I had left the "basic" variant code online and Readium would have claimed I didn't remove everything I need to remove, Github would have banned my repository completely

Also rather unfortunate that GitHub is not flexible with resolving take-down requests. Perhaps you should contact Github and ask about this?

I am not familiar with Readium what is the difference between the profiles?

Thank you

Answer 8 · 2022-04-08T13:54:34.000Z

So what's the purpose of fight DRM, if an DCMA request is sufficent to counterfight? To me that doesn't make sense: the code here isn't for doing piracy (for example seeing the code I noted that you could remove amazon drm even for kindle unlimited ebooks but that's not done because would be piracy [download 10000 books in a month for 9,99€ and keep them]) but for removing drm in bought books for convenience

Answer 9 · 2022-04-10T20:31:27.000Z

So what's the purpose of fight DRM, if an DCMA request is sufficent to counterfight?

Just being removed from this repository does not mean the code is gone forever.

Answer 10 · 2022-04-12T19:43:18.000Z

Just being removed from this repository does not mean the code is gone forever.

I heard a story about a lost child and breadcrumbs to mark a trail long ago. It should be nice to get hints that enable us to lead back home successfully... ;-)