So, in my previous few posts on this topic - I have somewhat neglected covering the practical alternatives. Things that can be made to work, and can be difficult if not impossible to break. I’ve made some mentions before on things that can be done, but I’m going to elaborate on them here.

The Good, the Bad, and the Ugly.

To begin with, we’re going to need to make a divide between ‘good’ and ‘bad’ consumers - good consumers are going to be defined as your standard consumers - the people who like to purchase legitimate content from the legitimate sellers - and like to know that they have bought legitimate content.

The second group are the group who dont really mind if they purchase pirated content (or get it for free), this group is somewhat of a lost cause. They dont tend to buy content today, and they probably wont change that habit in the future.

What you want to target is not minimising the size of the second group (all that will do is waste time and is unlikely to get you any kind of extra revenue), but preventing as many of the first group from slipping into the second group (intentionally or unintentionally)

Signing content

Just like a signed copy of a book is worth more than the plain hardcover, it’s possible to sign a purchase with a “To <buyer>, I <content creator here> can affirm this is a legitimate copy that was sold to you.”, there’s a few ways of doing this, number one:

Verifying purchases via a server

Have a registration server - anyone can see the signature of your item and confirm it against the server to see if the person who has it legitimately bought it. This does have the downside that you need to maintain your server ad-infinium if you want people to be able to verify your content.

Verifying purchases via cryptography

This is a niftier solution, and should work for all time as long as people have a copy of something called your “public key”. This means that when you sell the item to someone, you add a digital signature to the purchase with “XYZ bought this from me.” and then sign that message with something called your “private key”. As long as your public key is public - anyone can use it to verify it was you who really signed it.

Pros of Signing Content

• People can verify that a purchase they made came from the original creator legitimately.
• Other people can verify it too - lowering the social value of possessing fakes.
• Helps build up a brand

Cons of Signing Content

• Relies on people recognising content to be able to say it was a fake of designer X.
• You need to probably rely on a mix of both cryptographic signatures and verification services which will likely involve a cost - for a identity-verified cryptographic keypair (such as the ones Verisign provide), and the cost of hosting the service.

Fingerprinting (”Watermarking”)

It’s possible to take a digital asset, and produce a fingerprint of it - fingerprints, like their physical counterpart are very good signatures of someone, but they arent someone themselves. In digital terms this means producing a smaller version of the asset that is unique to it, and registering it so that if any “clone” shows up, it can be said to be derived from the original asset.

Services exist already for print media which register these fingerprints so that if they are ever used elsewhere, someone can verify who originally made the asset.

Pros of fingerprints

• You can verify a fingerprint with a third party to see the original creator of the item.
• Help when filing copyright infringement notices because you have the registration to act as a “I did this first”.

Cons of fingerprints

• Fingerprints cannot tell if something is or is not legitimate alone.
• Fingerprints can be “smudged” by tampering with the asset, the more “smudge-resistant” you make it, the higher chance false positives can occur.

Make it as easy to buy legitimate content, reward those who do.

This one is more of a business opportunity for some individual or group - but make it possible to buy your content on an amazon/iTunes equivilent which is quick and easy to purchase from, and guaruntees legitimate content.

If your content is a pain to purchase, the chances of someone getting frustrated and either nor purchasing, or getting via less-than-legitimate means increases. Reward the consumers who do purchase legitimate content with updates and other services that people getting the false one wont - as a side bonus this will instill some brand loyalty and likely get them buying more content from you in future.

None of these ideas are mutually exclusive - they work best together.

Fingerprinting is complemented nicely when you have signatures attached - in doing so, you can combine them to say “This is not a legitimate item, the original was created by XYZ who’s signature is missing”. By doing so, you can place social pressure on people to purchase the real thing.

While there will always be a group (mentioned above) who dont care - the majority (the good consumer group) will, and will likely try purchase legitimate whenever possible. If merchants present their digital signatures and a third-party verification as part of the purchase process, then it becomes signficiantly more difficult to buy a fake unintentionally.

One last thing

This list is not a total list - it’s what I thought of in five minutes. There’s plenty of other ideas which can be made to work, a lot of it requires third party verification from reputable services, but thankfully neither of these is a new thing. Digimarc provide watermark/fingerprinting services with registration already today for print/web media, and Verisign provide the cryptographic keys nessecary for signing content. (The algorithms for which are very well documented already having been invented at least thirty years ago)