The Engadget Interview: Viodentia, creator of FairUse4WM

Updated Mon, Sep 25, 2006, 1:03 PM·4 min read

Instead of our usual run of interviews with industry luminaries and the like, today we're aiming the camera a different direction. We had a few things to ask the person whom we've identified as Viodentia, the creator of FairUse4WM -- the thorn in Microsoft's (and Yahoo's, and Napster's, and Real's, etc.) digital media business for a month now. Seems at once likely and not that the big DRM scheme developed by the largest software company was broken and broken again by a single person, but here we are -- and here's what Viodentia had to say about the digital music business, where Microsoft went wrong with PlaysForSure, and what s/he thinks about this latest memo and patch.

Thanks for granting this interview. So FairUse4WM caused quite a stir. How long did it take you to crack Microsoft's PlaysForSure DRM? Was anyone else involved?

Finding a way to extract key information took about a couple of weeks of spare time. Going from a prototype to a more general tool took a couple of months. I am the only developer, although my friends served as early beta testers and sounding boards, and with the initial release I've gotten to know some very helpful people.

So apart from any ideological or political distaste you may have for DRM, do you have any personal reasons for wanting to crack Windows Media DRM? Like, are you a Rhapsody or Napster subscriber?

No, due to geographic location, I'm unable to subscribe to those services. Only my selfish rationale is the challenge in pitting my skills against the industry leader.

Without revealing the secret sauce, what were the fundamental flaws with PlaysForSure that allowed you to break it? Did Microsoft know about these flaws?

Once code is released, there's really nothing secret anymore -- Microsoft didn't follow standard security practices, and left sensitive data unencrypted on the stack while calling routines out of kernel32.dll. Even when they fix this by changing malloc() to alloca(), it'll still be a big task to audit other sensitive routines for DLL calls. On a theoretical level, they have to send the decryption keys outside of their control, and their only defense is through obfuscation.

Microsoft apparently has teams working around the clock to fix the vulnerability -- and on the legal front they've started getting their lawyers involved, sending C&Ds to places hosting the software. What do you think of their responses to FairUse4WM?

I think they're fulfilling their contractual obligations, and I'm looking forward to their improved obfuscation technology. I certainly disapprove of Microsoft claiming copyright to my program, but realistically I can't do much about that. Nor can I advocate that folks mirror my program against their local laws.

Presently Microsoft has yet to been able to fix this vulnerability -- is it possible for them to repair PlaysForSure without totally starting over?

As soon as I release something, Microsoft can certainly patch around it. I can do the same. I don't believe that either of us has a nuclear option.

What do you think of Microsoft's latest memo, which claims to patch version 1.2?

I'll reserve full commentary until I've had a chance to examine the new IBX in more detail. I'll release a new version sometime this week.

How do you think FairUse4WM affects the industry? Do you worry that cracking PlaysForSure is going to lead to the end of subscription-based services?

I think FairUse4WM is a good thing for the industry -- it demonstrates that the entire world doesn't turn upside down when there's no effective protection on content. I doubt subscription based services are impacted -- programs exploiting the analog hole were already widely spamvertised. The value of a subscription is the continuing access to new titles, which isn't dependent on the protection. I wonder if any subscription company will publicly admit that FairUse4WM was good for them.

Microsoft supposedly has a new DRM scheme they've cooked up for their forthcoming Zune media player. What do you think about their jettisoning PFS for their own device, and this new DRM system of theirs?

I don't have any insight into the politics at Microsoft. If I come across a Zune, I might have more comments on their DRM system at that point. :)

I know a lot of people at Microsoft and its PlaysForSure partners read us -- what do you have to say to them?

I think the biggest mistake with the PlaysForSure / WM design is that it's targeted too broadly. By incorporating forced product obsolesence and platform restrictions, it misses the mark in managing content rights. My suggestion to future designers is simple: don't bother with weak client-side decryption. Instead, provide a public specification for licenses using digital signatures, manage the PKI through a not-for-profit organization, and apply social and legal pressure to programs that don't comform. Accept that folks can trivially patch around the system, but if the restrictions aren't onerous most people won't go through the hassle. If WM files were already interoperable and the license terms were clearly communicated, there wouldn't be anything left for a program like FairUse4WM to accomplish.

Thanks!

Engadget
The FTC accuses Amazon of using Signal’s auto-deleting messages to erase evidence
As part of its antitrust suit against Amazon, the FTC accused the company of using Signal’s disappearing messages feature to conceal communications.
1h ago
Engadget
Drake deletes AI-generated Tupac track after Shakur’s estate threatened to sue
Drake apparently learned it isn’t wise to mess with Tupac Shakur — even nearly three decades after his death. Tthe Canadian hip-hop artist deleted the post with his track “Taylor Made Freestyle,” which used an AI-generated recreation of Shakur’s voice.
3h ago
Engadget
Aaron Sorkin is working on a Jan. 6-focused follow-up to The Social Network
Aaron Sorkin has announced that he’s currently writing a followup script to The Social Network. The original was his take on the initial years of Facebook.
3h ago
Engadget
Samsung's Galaxy S24 Ultra falls to a new low, plus the rest of the week's best tech deals
This week's best tech deals include a new low on the Samsung Galaxy S24 Ultra, Apple's MacBook Air M3 for $989 and Anker's Soundcore Space A40 earbuds for $49, among others.
4h ago
Engadget
Nikon’s Z8 is a phenomenal mirrorless camera for the price
Nikon's Z8 is one of the highest resolution full-frame cameras with 45 megapixels, but is also one of the fastest and has incredible video capabilities too.
4h ago
Engadget
Some of our favorite Bose headphones and earbuds are back to all-time low prices
Amazon has some of the highest-rated Bose headphones on sale for record-low prices. That includes the Bose QuietComfort Ultra headphones, which have best-in-class active noise cancellation (ANC).
4h ago
Engadget
Apple's 13-inch MacBook Air with the M3 chip has never been cheaper
The latest Apple MacBook Air with the M3 chip is down to a new low price at Amazon.
5h ago
Engadget
NHTSA concludes Tesla Autopilot investigation after linking the system to 14 deaths
The National Highway Traffic Safety Administration has concluded a lengthy investigation into Tesla’s Autopilot system. It found 13 fatal crashes due to misuse and software that doesn’t prioritize driver attentiveness.
6h ago
Engadget
Wacom's first OLED pen display is also the thinnest and lightest it has ever made
Wacom's latest pen display model is called Movink, and it's the company's first with a OLED screen. It's also Wacom's thinnest and lightest option ever, while still offering 13 inches of work space.
7h ago
Engadget
It doesn’t matter how many Vision Pro headsets Apple sells
This week, there was a lot of back and forth about Apple Vision Pro production numbers. Here's why they don't matter.
8h ago
Engadget
The Google Pixel Buds Pro are back on sale for $135
Google's Pixel Buds Pro are on sale for $135 at Wellbots, which is the lowest price we've seen this year.
9h ago
Engadget
Dell XPS 13 and XPS 14 review (2024): Gorgeous laptops with usability quirks
Dell’s XPS 13 and 14 are stylish, portable and powerful. You’ll have to get used to some of its design quirks, though, and it’s far pricier than older models.
9h ago
Engadget
OpenAI's Sam Altman and other tech leaders join the federal AI safety board
Sam Altman, OpenAI's CEO, Microsoft chief Satya Nadella, Alphabet CEO Sundar Pichai are joining the government's Artificial Intelligence Safety and Security Board, according to The Wall Street Journal.
10h ago
Engadget
The best gaming gear for graduates
New graduates have earned the time to unwind after a busy year. These pieces of gaming gear would make great gifts for the new college graduate in your life.
a year ago
Engadget
The Morning After: Apple announces an iPad event for May 7
The biggest news stories this morning: Adobe’s new upscaling tech uses AI to sharpen video, BlizzCon 2024 is canceled, The world’s biggest 3D printer can make a house in under 80 hours.
11h ago
Engadget
Engadget Podcast: Why TikTok will never be the same again
Biden passed the TikTok divestment bill -- now what?
11h ago
Engadget
The best wireless earbuds for 2024
It's safe to say the wireless earbuds space is pretty saturated. We've tested and reviewed dozens of models; these are our top picks.
4 months ago
Engadget
Apple is launching new iPads May 7: Here's what to expect from the 'Let Loose' event
Apple has scheduled an event for May 7 that'll more than likely focus on new iPads. Here's what we expect the company to show off.
1d ago
Engadget
Spotify tests Apple's resolve with new pricing update in the EU
Spotify submitted a new update for Apple's approval that would display pricing right in the app.
1d ago
Engadget
Tupac’s estate threatens to sue Drake for his AI-infused Kendrick Lamar diss
Tupac Shakur’s estate isn’t pleased with Drake cloning the late hip-hop legend’s voice in a Kendrick Lamar diss track. Attorney Howard King, representing Mr. Shakur’s estate, sent a cease-and-desist letter calling Drake’s use of Shakur’s voice “a flagrant violation of Tupac’s publicity and the estate’s legal rights.”
1d ago

The Engadget Interview: Viodentia, creator of FairUse4WM

Latest Stories

The FTC accuses Amazon of using Signal’s auto-deleting messages to erase evidence

Drake deletes AI-generated Tupac track after Shakur’s estate threatened to sue

Aaron Sorkin is working on a Jan. 6-focused follow-up to The Social Network

Samsung's Galaxy S24 Ultra falls to a new low, plus the rest of the week's best tech deals

Nikon’s Z8 is a phenomenal mirrorless camera for the price

Some of our favorite Bose headphones and earbuds are back to all-time low prices

Apple's 13-inch MacBook Air with the M3 chip has never been cheaper

NHTSA concludes Tesla Autopilot investigation after linking the system to 14 deaths

Wacom's first OLED pen display is also the thinnest and lightest it has ever made

It doesn’t matter how many Vision Pro headsets Apple sells

The Google Pixel Buds Pro are back on sale for $135

Dell XPS 13 and XPS 14 review (2024): Gorgeous laptops with usability quirks

OpenAI's Sam Altman and other tech leaders join the federal AI safety board

The best gaming gear for graduates

The Morning After: Apple announces an iPad event for May 7

Engadget Podcast: Why TikTok will never be the same again

The best wireless earbuds for 2024

Apple is launching new iPads May 7: Here's what to expect from the 'Let Loose' event

Spotify tests Apple's resolve with new pricing update in the EU

Tupac’s estate threatens to sue Drake for his AI-infused Kendrick Lamar diss

About

Sections

Contribute

Buying Guides