Home » Copyright/Intellectual Property » A Bounty Hunting Service for E-Book Piracy

A Bounty Hunting Service for E-Book Piracy

30 January 2017

From Copyright and Technology:

We’ve been talking a lot here about blockchain applications for transaction processing in the music industry; in fact we had a panel on it at last week’s conference in NYC.  Yet the latest application of blockchain technology to the media industry, from Custos Media Technologies, has nothing to do with music or royalty transaction processing.  It has to do with e-books, and the application is copyright monitoring.  What does this have to do with blockchain?  It enables users to collect bounties for finding potentially infringing files, and the bounties are paid in Bitcoin.

Custos’s technology, which spun out of the MIH Media Lab at Stellenbosch University in South Africa, embeds unique watermarks in EPUB-formatted e-books.  It runs a watermark detection service that bounty hunters (yes, the company uses that term) can use to find watermarked files and report them, in return for a private key to a Bitcoin wallet.  When a file is reported, Custos returns the identity of the original purchaser to the e-book distributor, which can take legal action or whatever other steps it sees fit.

Custos’s COO Fred Lutz says that the solution is targeted “through online forums such as Reddit and Twitter” to “college-age users who are short on cash and long on time, and who are typically already involved in piracy communities.”

. . . .

Techniques used to embed invisible watermarks in e-books include things like embedding hidden data in illustrations, algorithmically altering content other than the actual substance of the book (such as text on a copyright page, index, or page header/footer), inserting non-printing characters, and using identifiers as input to kerning algorithms (for computing the spacing of characters in a line of text).  A worst-case solution to any of these techniques is to strip out everything except the actual text and basic markup (paragraph, chapter, bold, italic, etc.).

Custos addresses this by embedding multiple redundant watermarks in each e-book file using different types of techniques.  This way, though it’s possible for a hacker to strip out a watermark, the hacker can’t be confident that all of the watermarks have been removed.

Link to the rest at Copyright and Technology

Copyright/Intellectual Property

36 Comments to “A Bounty Hunting Service for E-Book Piracy”

  1. Uh…
    If they are telling the bounty hunters how to find the watermarks (as it seems they must), I’m confident this info will leak out to the pirates too.
    Two people can keep a secret only if one of them is dead.
    The pirates can then strip out the watermarks and be on their way.

  2. You need DRM (digital restriction management) in your ebooks so we can make money off you — just look how well it works for music and movies!

    Which means you’ll only hurt the people buying your ebooks, the pirates will have no trouble at all.

    • DRM DOES NOT WORK! It only inhibits YOUR honest readers from being able to read YOUR work on different devices. I used DRM since 2014-late 2015 and was pirated over 20K, so believe me when I say it doesn’t work. I quit using it starting in March 2016 because I felt I was losing sales due to people wanting to read a book on different devices other than Kindle.

    • The point of this article is that this technique is an alternative to DRM. It’s nothing like DRM.

      Instead, it’s something that tags connects every copy to the purchaser. When the purchaser uploads their copy to a pirate site, the id goes with it. Then the bounty hunters forward the pirated copy to the owners, and get paid.

      The owners can id the “sharer” and make an example out of them.

      • “The owners can id the “sharer” and make an example out of them.”

        Ah yes, the old ‘make an example out of’ them there nasty pirates. You mean like the music companies have been trying for decades?

        And as I was pointing out elsewhere, if a pirate really really wants it, the watermark can easily be removed/corrupted.

        As with DRM the real question is ‘is it worth it?’

        As this scheme is only offered on ebooks sold from their site and in epub format, most likely because no other ebook seller is going to be interested in keeping track of it and they dang sure won’t be interested in giving some third party their customer information without a court order signed by a judge.

        (Custos can give you their customer data as it’s theirs to give — though why any ‘pirate’ would shop there instead of Amazon where they can get a non-watermarked copy I have no idea.)

        Even Chris who wrote about it admits it’s little more than a security blanket — one which will cost money that there’s no need to spend.

        So yes, if you really want/need a security blanket that’s tacked to the floor in such a way that it only gives you coverage if you only sell your ebooks on the Custos site using (and paying for their watermarking/hunting services for a small fee) then this might just be what you’re looking for.

        For those selling anywhere else as well, not so much.

        Oh, one more thing and I’ll give up on this post. In order to drum up business, Custos has to advertise their little ‘service’, so any clever ‘ebook pirate to be’ can google ‘pirate hunters’ and either avoid them or buy under another name/third party — heck, you might run across a fun loving pirate that tries to see how many different watermarks they can fit into one ebook.

        Good luck and keep writing!

  3. I wrote about the idea on TeleRead.

    It’s an interesting notion, but it will be (at least sooner or later) just as easy to remove as regular DRM. If it can be detected by the watermark-checking software, it can be detected by third-party watermark removal software, too.

    But on the other hand, it won’t be any less effective at preventing piracy than current DRM. And if it gets paranoid publishers to switch over to a format that will allow people to make more use of their files without having to be technically adept enough to strip the DRM themselves, that’s all to the good, right?

    • The only way to ‘beat’ the pirates is to make it not worth their bother.

      That means easy to use and priced so there’s no money to be made undercutting you.

      Easy to use means no hoops to have to jump through to be able to use it. Hoops like those no getting around/skipping the ads/warnings at the start of the DVDs/BlueRays or the little tricks so CDs won’t play in my Windows 7 system (but DVDs play just fine.) In my case I have work arounds, while many others are stuck with it — or they go get a pirate copy that they can actually ‘use’.

      Baen has the right idea for ebooks, not too much and in any format you might happen to use.

      • Well, if this bounty-hunting watermarking system “works,” it could be just like that. At least from the easy-to-use standpoint. The idea being that if they use this form of watermarking, they can leave other DRM off so people can read the books in whatever program they want to.

        If the watermarking would stand in as a security blanket so the publishers would give up restrictive DRM, I’ll be happy whether it would “really” work to prevent piracy or not.

        • “It enables users to collect bounties for finding [potentially] infringing files …” So false positives are expected.

          “… and the bounties are paid in Bitcoin.” And they’ll get paid either way, could get expensive if they ‘find’ too many ‘potentially’ infringing files.

          “When a file is reported, Custos returns the identity of the original purchaser to the e-book distributor, which can take legal action or whatever other steps it sees fit.”

          And then you get to pay to go after them, just like the music companies were going after all those 98-year-old-and-don’t-even own-a-computer downloaders — though this time you’ll be going after the person that actually paid for the copy.

          Wait a minute, how’s that going to work? If your ebook sells 10,000 copies then they have to try all 10,000 ‘keys’ against each and every file to tell which ‘buyer’ copy it might be. Multiply that by all the ebooks under this protection and it shouldn’t be hard at all to get ‘hits’ that aren’t even your ebook — but they have some of your ebook’s ‘keys’ — which you will pay the hunters for them having found these ‘potentially’ infringing files.

          Dang, wish I was a little more of a ‘black hat’ and had thought of this gig.

          • Custos knows which title has allegedly been pirated, so they know which locations in the file for that title can be modified to form the key. Once someone sends them an allegedly infringing copy of a title, they can check the relevant locations in the file and read off the key for that copy.

            The number of digits in the key should be large enough for the probability of duplicates to be essentially zero. (If the size of the key is fixed, then eventually you’ll run out of numbers, at which point you either have to add more digits or start reusing keys, but storage and processing power are cheap enough nowadays that you can easily have keys that are big enough to allow you to sell millions of books a day for thousands of years.)

            • Yeah, I didn’t address it until a few minutes ago (down below), but just ‘how’ are you going to sell millions of ebooks each with a different ‘code’?

              Amazon isn’t going to let you give them a million copies of your ebook and then keep track of who bought which copy (and if they did, they won’t be telling you the names of those that bought a copy without a court order.) The same for any other ebook seller, the tracking would be a nightmare for little or no ROI.

              I guess you could do this if people normally buy from your website, but once again the most you’ll have is a CC number (possibly a temp one) and the info they ‘claimed’ on it.

              Amazon could do this if they saw some use in suing their customers, but once again the ROI isn’t there even for them.

              ROI (return on investment), which in this case the only people making money on this idea are the ones able to convince writers/publishers to pay them for it.

              • the only people making money on this idea are the ones able to convince writers/publishers to pay them for it.


              • Perhaps the same way iTunes watermarks the identity of everyone who buys iTunes music into the digital tracks they download from the iTunes store? If it can be done with music tracks, surely it can be done with ebooks just as easily.

                It would require the store to implement the code to personalize the ebooks, but then, you already get that kind of personalization with ebook DRM now, in which each title is code-locked to the unique DRM key of the person purchasing it. You don’t need for the publisher to provide “millions of ebooks each with a different ‘code'” for that, and you wouldn’t for watermarking either.

                • One of the biggest reasons to avoid [digital restriction management] is because as Steven J Pemberton pointed out:

                  “As a wise person once said, DRM impedes legitimate users and incompetent pirates.”

                  Plus it has one other ‘bad’ effect they never mention — when the store/website closes everything you paid for is gone. (No wonder kids of all ages see no reason to pay for something they don’t get to keep.)

                  But let’s say I’m not an ‘incompetent’ pirate and want to share/sell iTunes songs. The low/no tech way is to simply plug my headphone output into the input of my computer (or I have an old RCA 5 CD changer box that would convert the CDs or any audio input into MP3s) and away I go, though I might add a filter to kill anything above 15KHz or so (most people can’t hear that high anyway so it’s a great place to hide that watermark you were talking about) and speed/slow the song just enough that it doesn’t match the original. Save my non-DRM with a no longer readable watermarked song and away we go.

                  Sounds like a lot of work, but it isn’t really, and after you set it up you can crank them out just as fast as the songs play. There are electronic methods even faster, but they have more of a chance of leaving the watermark (though you could always place a watermark of your own over theirs, once again making it harder to read theirs.)

                  Depending on the format and how hard the pirate wants to work for it ebooks wouldn’t be any harder once they’ve done the first couple to figure out the easiest plan of attack.

                  Heck, let’s make it ‘hard’ — you can only read it on the device. But it has to be readable or no one would buy it in the first place. So our annoyed pirate snaps a picture of the first page on their phone (some of those have OCR built right in these days!), flips the page and snaps the next. Dumps the OCR text to their computer and puts the pages back together, maybe picks out a nicer font than was locked in and saves/converts it to the format they needed to read it on other devices. If they’re worried about some kind of ‘watermark’, they can do this on a couple different ebooks and compare them for word changes, but spacing and hidden text watermarks were already removed.

                  Yes, I ‘talk’ too much, but I hate seeing bad ideas take root. Have I done these things? In my younger days and only for my own use. Do I still ‘convert’ text? Every time some id10t thinks their website’s eye-bleeding text/background colors are ‘cute’. I capture the text and drop it into my word processor and set the colors and fonts to something that won’t give me a headache.

                  While Amazon has an option to DRM the ebooks you’re selling through them I will never use it — I know it can only get in the way of my readers and as I said above, it will barely slow down a pirate if they really want it.

                • Allen, you seem to have lost sight of the fact that the method of watermarking under discussion would not prevent users from making use of watermarked items in any legal way that they could use completely DRM-free works. It’s the same thing Apple does to its DRM-free iTunes music.

                  How would legitimate users be “impeded” by their ebook indicating within it who the person was that had purchased it? How would such a work be “gone” if the store where they bought it went out of business?

                  Yeah, sure, the watermark could be removed. Possibly easily removed. But then, DRM can also be easily removed (at least by those who know their way around a computer). Given the choice between the two fig leafs, I’d rather have the one that lets users read their media across multiple devices, multiple client programs, not have to worry about losing it if the store goes under, etc. without having to go to the trouble of cracking it first. Not everyone’s enough of a tech whiz to figure out how to crack DRM for themselves.

                • @ Chris

                  Sorry, I thought the question was ‘is this scheme of any actual value to us indie/self publishers?’, and the answer was ‘no’.

                  You were talking about DRM. You might want to scroll up a bit and click on ‘nook’ on the right hand panel for how much fun DRM can be (I like the: http://www.thepassivevoice.com/2016/03/bn-nukes-the-nook-with-a-15-march-deadline-for-customers-to-save-content/ myself.)

                  As to watermarks, Amazon (and others) have enough work tracking and never forgetting that you’ve bought 500 ebooks without also having to also keep track of who got which watermarked copy. (Yes, ‘can’ be done, but is there any ROI for the extra work?)

                  And then we have this scheme, where you will pay to have your ebooks watermarked and then pay ‘if’ they find any copies in the wild. And then you have to decide if the ‘pirate’ is worth spending money going after.

                  And at present their scheme is only on their site, so they don’t(can’t) watermark ebooks sold on Amazon. (Not that I’d expect Amazon to just hand customer data over to third parties without court orders in the first place.)

                  My last long comment block was merely to demonstrate that this scheme is just money down the drain against any pirate worth their salt.

                  All these ‘bounty hunters’ are hunting for is suckers that will give them ‘money for nothing and the chicks for free’.

          • What keeps some less than ethical bounty hunter from stealing a copy and spreading it, only to collect the bounty?

  4. Assuming pirates even care about being caught by this sort of system, it’s easily defeated – buy two copies of the book through two different accounts, and run them through a program that displays all the differences between the two copies. Then run them through another program that produces a merged version of the two copies, randomly taking differences from one copy or the other.

    There are ways to encode information that resist this sort of damage (basically storing multiple copies of it), but if the vendor does that, the pirate just has to buy more copies. (Eventually, I suppose, the cost of legitimate copies exceeds the pirate’s likely profit from piracy, which might well be the aim of the exercise…)

    • “Techniques used to embed invisible watermarks in e-books include things like embedding hidden data in illustrations, algorithmically altering content other than the actual substance of the book (such as text on a copyright page, index, or page header/footer), inserting non-printing characters, and using identifiers as input to kerning algorithms (for computing the spacing of characters in a line of text)”

      Hidden in pictures is easy, change the format/size by any amount and you’ve scrambled their ‘hidden’ watermark — or you’ve now made it plan as day. Change it back after doing any ‘cleaning’/tint/contrast adjustment and there’s nothing to find. A screenshot to OCR reader means no hidden characters in the text and they won’t care about spacing. (And why would a pirate bother with the copyright page?)

      And just ‘how’ were you going to sell these ‘encoded’ ebooks? Amazon (or any other company) isn’t going to want to have to store a ‘special’ copy of every ebook you sell and keep track of who bought which one (neither are they going to give you the names of those that bought your ebook.)

      The best weapon is the one that causes the pirate to look at it and say: “Why bother?”

      • All true, of course. The article says books that the company sells through Amazon aren’t watermarked, only the ones sold through their own site, which makes the whole scheme useless. Pirates want what’s popular, so they probably won’t even be aware that the company’s own site exists.

        I agree that Amazon aren’t going to want to make any special arrangements for any vendor who isn’t making a large amount of revenue for them. But if they did agree to go along with this, they wouldn’t need to store a complete copy of every book that was purchased under the scheme – only the changes that make the buyer’s copy different from the unwatermarked master that the publisher sent them.

        • As you say ‘if’ Amazon went along with it, they’d not only have to save that they sold customer 1158 ‘book A’ but also ‘copy 13’ and customer 1167 bought ‘book A, copy 42′ so when they bought a new kindle Amazon could ensure they got the right ones. All that and then you’d still need a court order to find out who customer X that pirated copy ’17’ is.

          While we’re here, can I interest you in my editing/cover service? I’ll throw your story out in the wild for my beta readers to make suggested fixes for it while I’ll throw up a couple characters and props up in DAZ and hit the ‘render’ button. All for only a grand! 😉

          (Yes, the last part is a joke! You really really don’t want my help editing …)

          • Only a grand? You’re selling yourself short, sir 🙂

            Amazon already records which ebooks a customer has bought from them, so they can transfer them to a new Kindle. Recording which copy of the book a customer bought wouldn’t take much extra space.

            If Amazon could be persuaded to go along with this scheme, I assume that part of the agreement would be that Amazon tells Custos who bought a particular copy of a book whenever Custos find that copy being pirated. Otherwise the lawyers’ time and court fees for extracting that information from Amazon would quickly make the scheme unprofitable.

            • Anytime I see a new scheme, I try to look at it from all angles. And too often what sounds like a great idea has a trap or two for those not looking closely enough.

              For the writer/publisher one warning is you will be ‘paying’ them to ‘find’ ‘suspected’ infringement, so they make more money the more they find.

              “We found (and you will now pay for) 10,000 infringements on your Book A, all from copy 13, which turned out to be a fifteen year old kid using their mom’s account.” Turns out her ‘pirate’ boyfriend plugged her kindle into his PC and copied all the stories out of it — only to then go to a dodgy site which hacked his PC and grabbed what they could off his hard drive.

              You could sue mom, though this is the first she’d heard anything about it.

              Let’s look at it from the Amazon side. Not only do they now have to hold on to those different ‘keys’ and keep track of who got which one, but word will get out that they are doing it — the first time one of their customers are sued if not sooner. Even if they only catch ‘actual’ pirates, there’s the risk of any false positives hanging over their heads, scaring customers away from buying from them — never mind the heyday the NYTs and others will have reporting it.

              Then we have the customer, who learns of this new ‘fingerprinting’ of their copy of anything (as there’s no way for them to know who’s doing it and who isn’t.)

              Yes, most won’t care — at first. Then they start hearing the stories of those getting sued just for buying an ebook from Amazon (or whoever) (actually the qig5 five would love this as you don’t have this worry with a ‘paper book’!) and the idea of buying any ebooks cools off because now there’s a risk involved.

              ROI for both writer/publisher and distributor look poor — though Custos could print their own money depending on how the terms at set up. (and the qig5 would probably want to do this and ‘sue’ a couple random people just to scare readers back to paper.)


              Forgot one other ‘scam’, getting customer info by claiming an ‘infringement’ which is still another reason for Amazon to want nothing to do with it.

              • The few piracy monitoring services I’ve seen charge so much per month per file that they’re “protecting”. Something like this, where (in theory) they can identify the individual who uploaded the file, could make a case for charging for each infringer who they identify.

                If a service like this came knocking on my door, I’d tell them their payment will be a percentage of the money they manage to extract from pirates. I imagine that would get rid of them quite quickly 🙂

                • It’s worth noting that this is one of the potential attractions of this kind of watermarking scheme. By rewarding users who turn in piracy, it could possibly distribute some of the cost of hunting pirates across a bevy of volunteers—which, in turn, could cut costs to the publishers.

  5. One of the ways ‘pirates’ use pirated ebooks is by offering them for free. Readers are sucked in to visit a dodgy website and while they’re there, they are subjected to sales material for other things entirely, or, worse case scenario, have their machines infected with malware of one sort or another.
    These pirates don’t care whether the books are read or not, bought or not, the books are merely bait. I doubt that they’ll care about a watermark either.
    As Allen F said:
    ‘Which means you’ll only hurt the people buying your ebooks, the pirates will have no trouble at all.’

    • While it is true that some websites download dodgy data onto your device, these are very few. The claim was first made by the traditional copyright industries in order to stop people from pirating, and they also uploaded files filled with malware To trick the unwary, but most pirates know to avoid these sites.
      The real issue for authors Who Believe piracy to be a problem are websites that consider themselves free e-book libraries, because they will actually allow customers to download free books.

      • I’m not aware of the free ebook ‘library’ sites, but I have had one of my books appear on 3 separate sites that were dodgy. Maybe I was simply unlucky, but the books on these sites, including mine, did seem to be bait. -shrug-

        • Oh, they exist and have been mentioned by name in the tech press on ocassion.
          The one I heard of (at Teleread, no less) ran out of Canada. The cute twist: the downloads were epub and each title page had a link to its Kindle page. Presumably he made his money off affiliate fees.

          Over at mobileread it is a regular occurrence, people asking if this or that website is legit.

          They’re out there.
          But the real professional pirates operate on the dark web on encrypted, by-invitation only sites. What they traffic in ends up in counterfeits, not free downloads.
          That is where the real money lies, not in feeding hoarders who never read (and never would’ve bought) the books they “pirate”.

          Not sure there is much money in pretending to hunt pirates, either.

          • Oh, that one still around It’s even got a name change recently, and like you said it’s run out of Canada .
            This is why authors shouldn’t really worry about piracy and any system designed to tag And track e-books will inevitably fail because many of the books are on Russian and Chinese sites.

  6. I wonder how long before their beautiful scheme(s) are hacked and workarounds created. Not long, I’d wager. And EPUB only? I’m sure all Amazon authors are ecstatic about that.

    And, uh, they’re paying in bitcoins? I will NEVER accept payment of any sort in bitcoins. It’s nothing more than electronic funny money IMHO.

  7. I see watermarking services as something vendors might offer suppliers as an optional extra. Third parties just add complexity and cost.

    Whether or not watermarks have any value, they might have a perceived value that adds peace of mind for fretful suppliers. Also, would you like to buy the undercoating option?

  8. paid in bitcoin

    might as well pay in confederate dollars

    I think authors who want to be pirated should go ahead.

    Those who dont, ought have a choice.\

Sorry, the comment form is closed at this time.