An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Richard Stallman recently visited Mandya, a small town about 60 miles from Bengaluru, India, to give a talk. On the sidelines, Indian news outlet FactorDaily caught up with Stallman for an interview. In the wide-ranging interview, Stallman talked about companies that spy on users, popular Android apps, media streaming and transportation apps, smart devices, DRM, software backdoors, subscription software, and Apple and censorship. An excerpt from the interview: If you are carrying a mobile phone, it is always tracking your movements and it could have been modified to listen to the conversations around you. I call this product Stalin's dream. What would Stalin have wanted to hand out to every inhabitant of the former Soviet Union? Something to track that person's movements and listen to the person's conservations. Fortunately, Stalin could not do it because the technology didn't exist. Unfortunately for us, now it does exist and most people have been pressured or lured into carrying around such a Stalin's dream device, but not me.

I am suspicious of new digital technology. I expect it to have new malicious functionalities. It has happened so many times that I have learned to expect this, so I have always checked before I start using some new digital technology. I asked to find out what is nasty about it and I found out these two things. It was something like 20 years ago, and I decided it was my duty as a citizen to refuse, regardless of whatever convenience it might offer me. To surrender my freedom in this way was failing to defend a free society. This is why I do not have a portable phone. I refuse to carry a portable phone. I never have one and unless things change, I never will. I do use portable phones, lots of different ones. If I needed to call someone right now, I would ask one of you, "Could you please make a call for me?" If I am on a bus and it is late and I need to tell somebody that I am going to arrive late, there is always some other passenger in the bus who will make a call for me or send a text for me. Practically speaking, it is not that hard.

The L3 protection level of Google's Widevine DRM technology has been cracked by a British security researcher who can now decrypt content transferred via DRM-protected multimedia streams. ZDNet's Catalin Cimpanu notes that while this "sounds very cool," it's not likely to fuel a massive piracy wave because "the hack works only against Widevine L3 streams, and not L2 and L1, which are the ones that carry high-quality audio and video content." From the report: Google designed its Widevine DRM technology to work on three data protection levels --L1, L2, and L3-- each usable in various scenarios. According to Google's docs, the differences between the three protection levels is as follows:

L1 - all content processing and cryptography operations are handled inside a CPU that supports a Trusted Execution Environment (TEE).
L2 - only cryptography operations are handled inside a TEE.
L3 - content processing and cryptography operations are (intentionally) handled outside of a TEE, or the device doesn't support a TEE

"Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM," [British security researcher David Buchanan] said on Twitter. "Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg." Albeit Buchanan did not yet release any proof-of-concept code, it wouldn't help anyone if he did. In order to get the DRM-encrypted data blob that you want to decrypt, an attacker would still need "the right/permission" to receive the data blob in the first place. If a Netflix pirate would have this right (being an account holder), then he'd most likely (ab)use it to pirate a higher-quality version of the content, instead of bothering to decrypt low-res video and lo-fi audio. The only advantage is in regards to automating the pirating process, but as some users have pointed out, this isn't very appealing in today's tech scene where almost all devices are capable of playing HD multimedia [1, 2].

With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues. From a report: The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks. The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.

"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."

Linus Torvalds has announced the general availability of v4.20 of the Linux kernel. In a post to the Linux Kernel Mailing List, Torvalds said that there was no point in delaying the release of the latest stable version of the kernel just because so many people are taking a break for the holiday season. From a report: He says that while there are no known issues with the release, the shortlog is a little longer than he would have liked. However "nothing screams 'oh, that's scary'", he insists. The most notable features and changes in the new version includes: New hardware support! New hardware support includes bringing up the graphics for AMD Picasso and Raven 2 APUs, continued work on bringing up Vega 20, Intel has continued putting together its Icelake Gen 11 graphics support, there is support for the Hygon Dhyana CPUs out of China based upon AMD Zen, C-SKY 32-bit CPU support, Qualcomm Snapdragon 835 SoC enablement, Intel 2.5G Ethernet controller support for "Foxville", Creative Sound Blaster ZxR and AE-5 sound card support, and a lot of smaller additions.

Besides new hardware support when it comes to graphics processors, in the DRM driver space there is also VCN JPEG acceleration for Raven Ridge, GPUVM performance work resulting in some nice Vulkan gaming boosts, Intel DRM now has full PPGTT support for Haswell/IvyBridge/ValleyView, and HDMI 2.0 support for the NVIDIA/Nouveau driver. On the CPU front there are some early signs of AMD Zen 2 bring-up, nested virtualization now enabled by default for AMD/Intel CPUs, faster context switching for IBM POWER9, and various x86_64 optimizations. Fortunately the STIBP work for cross-hyperthread Spectre V2 mitigation was smoothed out over the release candidates that the performance there is all good now.

Btrfs performance improvements, new F2FS features, faster FUSE performance, and MDRAID improvements for RAID10 round out the file-system/storage work. One of the technical highlights of Linux 4.20 that will be built up moving forward is the PCIe peer-to-peer memory support for device-to-device memory copies over PCIe for use-cases like data going directly from NICs to SSD storage or between multiple GPUs.

Jason Koebler writes: "SleepyHead" is a free, open-source, and definitely not FDA-approved piece of software for sleep apnea patients that is the product of thousands of hours of hacking and development by a lone Australian developer named Mark Watkins, who has helped thousands of sleep apnea patients take back control of their treatment from overburdened and underinvested doctors. The software gives patients access to the sleep data that is already being generated by their CPAP machines but generally remains inaccessible, hidden by DRM and proprietary data formats that can only be read by authorized users (doctors) on proprietary pieces of software that patients often can't buy or download. SleepyHead and community-run forums like CPAPtalk.com and ApneaBoard.com have allowed patients to circumvent medical device manufacturers, who would prefer that the software not exist at all. Medical device manufacturers fought in 2015 to prevent an exemption to the Digital Millennium Copyright Act to legalize hacking by patients who wanted to access their own data, but an exemption was granted, legalizing SleepyHead and software like it.

thegarbz writes: Denuvo, the darling of the DRM industry was once considered by publishers to be the final solution to piracy. Slashdot has documented the slow decline of Denuvo from stories in 2014, and 2016 where publishers were praising Denuvo's success at mitigating piracy for weeks, to its slow decline last year where games were being cracked within "hours" of release. The popular wisdom of publishers in the past considered DRM worth while as it thwarts piracy during the critical sales spike when games are first released. Last week saw Hitman 2, the latest Denuvo protected game get cracked in a short time. The kicker, the game isn't officially released until this Thursday.

Publishers are now eroding the potential sale day advantage of DRM through the latest practice of offering games for early release in an attempt to secure an ever larger number of pre-orders for popular titles. This leads to the obvious question: Does DRM make financial sense to include in titles if they risk being cracked before release date? Conversely, does releasing games early to selected customers make financial sense if it results in the DRM being cracked before release?

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

An anonymous reader quotes a report from Motherboard: The Librarian of Congress and U.S. Copyright Office just proposed new rules that will give consumers and independent repair experts wide latitude to legally hack embedded software on their devices in order to repair or maintain them. This exemption to copyright law will apply to smartphones, tractors, cars, smart home appliances, and many other devices. The move is a landmark win for the "right to repair" movement; essentially, the federal government has ruled that consumers and repair professionals have the right to legally hack the firmware of "lawfully acquired" devices for the "maintenance" and "repair" of that device. Previously, it was legal to hack tractor firmware for the purposes of repair; it is now legal to hack many consumer electronics.

Specifically, it allows breaking digital rights management (DRM) and embedded software locks for "the maintenance of a device or system in order to make it work in accordance with its original specifications" or for "the repair of a device or system to a state of working in accordance with its original specifications." New copyright rules are released once every three years by the U.S. Copyright Office and are officially put into place by the Librarian of Congress. These are considered "exemptions" to section 1201 of U.S. copyright law, and makes DRM circumvention legal in certain specific cases. The new repair exemption is broad, applies to a wide variety of devices (an exemption in 2015 applied only to tractors and farm equipment, for example), and makes clear that the federal government believes you should be legally allowed to fix the things you own.

In a speech discussing ethics and the Internet, the inventor of the World Wide Web, Sir Tim Berners-Lee, has tasked the technology industry and its coder army with paying continuous attention to the world their software is consuming as they go about connecting humanity through technology. From a report: Coding must mean consciously grappling with ethical choices in addition to architecting systems that respect core human rights like privacy, he suggested. "Ethics, like technology, is design," he told delegates at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) which is taking place in Brussels this week. "As we're designing the system, we're designing society. Ethical rules that we choose to put in that design [impact the society]... Nothing is self evident. Everything has to be put out there as something that we think we will be a good idea as a component of our society." If your tech philosophy is the equivalent of 'move fast and break things' it's a failure of both imagination and innovation to not also keep rethinking policies and terms of service -- "to a certain extent from scratch" -- to account for fresh social impacts, he argued in the speech.

He pointed to how Wikipedia had to rapidly adapt its policies after putting online the power for anyone to edit its encyclopedia, noting: "They introduced a whole lot of bureaucracy around it but that actually makes it work, and it ended up be coming very functional." He described today's digital platforms as "sociotechnical systems" -- meaning "it's not just about the technology when you click on the link it is about the motivation someone has to make such a great thing because then they are read and the excitement they get just knowing that other people are reading the things that they have written."

An anonymous reader quotes a report from Ars Technica: Google's Pixel 3 smartphone is shipping out to the masses, and people hoping to take advantage of the new Qi wireless charging capabilities have run into a big surprise. For some unexplained reason, Google is locking out third-party Qi chargers from reaching the highest charging speeds on the Pixel 3. Third-party chargers are capped to a pokey 5W charging speed. If you want 10 watts of wireless charging, Google hopes you will invest in its outrageously priced Pixel Stand, which is $79.

Android Police reports that a reader purchased an Anker wireless charger for their Pixel 3, and, after noticing the slow charging speed, this person contacted the company. Anker confirmed that something screwy was going on with Google's charging support, saying "Pixel sets a limitation for third-party charging accessories and we are afraid that even our fast wireless charger can only provide 5W for these 2x devices." Normally we would chalk this up to some kind of bug, but apparently Google told Android Police that this was on purpose. The site doesn't have a direct quote, but it writes that, after reaching out to Google PR, it was "told that the Pixel 3 would charge at 10W on the Pixel Stand [and that] due to a 'secure handshake' being established that third-party chargers would indeed be limited to 5W." In an update, Google said the reason has to do with the "proprietary wireless charging technology" it has via its Pixel Stand and other select wireless chargers. The Pixel 3 only supports 5W Qi charging; "Google's 10W proprietary wireless charging technology" is what will allow the phone to charge at faster speeds.

"Google says it is 'certifying' chargers for the Pixel 3 via the 'Made for Google' program and pointed us to one such device, a Belkin charger called the 'Boost Up Wireless Charging Pad 10W for Pixel 3 and Pixel 3 XL,'" reports Ars Technica. "Belkin's description is very enlightening, saying 'Made with the Google Pixel 3 and Pixel 3 XL in mind, this wireless charging pad uses Google's 10W proprietary wireless charging technology. It's certified for Pixel, so you know that the BOOST UP Wireless Charging pad has been made specifically for your Pixel 3 and meets Google's high product standards.'"

An anonymous reader quotes Gizmodo: When it was discovered earlier this month that the 1809 build of Windows 10 was deleting user files just because, Microsoft halted the update until the problem was fixed. Shame, then, that another not-as-bad-but-still-bad file overwriting bug has now reared its head. in 1809, overwriting files by extracting from an archive using File Explorer doesn't result in an overwrite prompt dialogue and also doesn't replace any files at all; it just fails silently. There are also some reports that it did overwrite items, but did so silently without asking.
Ars Technica speculates that there's a larger program with Microsoft's testing process: [M]any of the preview builds had a bug wherein deleting a directory that was synced to OneDrive crashed the machine. Not only was this bug integrated into the Windows code, it was allowed to ship to end users. This tells us some fundamental things about how Windows is being developed. Either tests do not exist at all for this code (and I've been told that yes, it's permitted to integrate code without tests, though I would hope this isn't the norm), or test failures are being regarded as acceptable, non-blocking issues, and developers are being allowed to integrate code that they know doesn't work properly...

Microsoft's new development process has, proportionately, a greater amount of time spent writing new features, and a reduced amount of time stabilizing and fixing those features. That would be fine if the quality of the features were higher to start with, with the testing infrastructure to support it and higher standards before new code was integrated. But the experience with Windows 10 thus far is that Microsoft hasn't developed the processes and systems needed to sustain this new approach.

OpenSourceAllTheWay writes: There are many fantastic open-source tools out there for everything from scanning documents to making interactive music to creating 3D assets for games. Many of these tools have an Achilles heel though -- while the code quality is great and the tool is fully functional, the user interface (UI) and user experience (UX) are typically significantly inferior to what you get in competing commercial tools. In an nutshell, with open source, the code is great, the tool is free, there is no DRM/activation/telemetry bullshit involved in using the tool, but you very often get a weak UI/UX with the tool that -- unfortunately -- ultimately makes the tool far less of a joy to use daily than should be the case. A prime example would be the FOSS 3D tool Blender, which is great technically, but ultimately flops on its face because of a poorly designed UI that is a decade behind commercial 3D software. So here is the question: should open-source developer teams for larger FOSS projects include a professional UI/UX designer who does the UI for the project? There are many FOSS tools that would greatly benefit from a UI re-designed by a professional UI/UX designer.

Sony announced Monday that it's using blockchain technology for digital rights management (DRM), "starting with written educational materials under the Sony Global Education arm of the business," reports Engadget. "This new blockchain system is built on Sony's pre-existing DRM tools, which keep track of the distribution of copyrighted materials, but will have advantages that come with blockchain's inherent security." From the report: Because of the nature of blockchain, which tracks digital transactions in records that are particularly difficult to forge or otherwise tamper with, its application as a DRM tool makes sense and may also help creators keep tabs on their content. Currently, it's up to creators themselves (or the companies they create for) to monitor their contents' rights management. Sony's system could take over the heavy lifting of DRM. The way blockchain works allows Sony to track its content from creation through sharing. This means that users of the blockchain DRM tool will be able to see -- and verify -- who created a piece of work and when. Sony Global Education is the current focus of the DRM tool, but going forward, the company hints that the rest of its media -- including entertainment like music, movies, and virtual reality content -- may be protected the same way.

Yesterday, at a routine vote on regulations for self-driving cars, members of the European Peoples' Party voted down a clause that would protect a vehicle's telemetry so that it couldn't become someone's property. The clause affirmed that "data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on data-bases inapplicable." Boing Boing reports: This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims -- data that will not be public domain (as copyright law dictates), but will instead be someone's exclusive purview, to release or withhold as they see fit. Who will own this data? It's unlikely that it will be the owners of the vehicles.

It's already the case that most auto manufacturers use license agreements and DRM to lock up your car so that you can't fix it yourself or take it to an independent service center. The aggregated data from millions of self-driving cars across the EU aren't just useful to public safety analysts, consumer rights advocates, security researchers and reviewers (who would benefit from this data living in the public domain) -- it is also a potential gold-mine for car manufacturers who could sell it to insurers, market researchers and other deep-pocketed corporate interests who can profit by hiding that data from the public who generate it and who must share their cities and streets with high-speed killer robots.

A social media post from Anders G da Silva, who accused Apple of deleting movies he had purchased from iTunes, went viral earlier this month. There is more to that story, of course. In a statement to CNET, Apple explained that da Silva had purchased movies while living in Australia, with his iTunes region set to "Australia." Then he moved to Canada, and found that the movies were no longer available for download -- due, no doubt, to licensing restrictions, including restrictions on Apple itself. While his local copies of the movies were not deleted, they were deleted from his cloud library. Apple said the company had shared a workaround with da Silva to make it easier for him to download his movies again. Public Knowledge posted a story Tuesday to weigh in on the subject, especially since today is International Day Against DRM. From the post: To that rare breed of person who carefully reads terms of service and keeps multiple, meticulous backups of important files, da Silva should have expected that his ability to access movies he thought he'd purchased might be cut off because he'd moved from one Commonwealth country to another. Just keep playing your original file! But DRM makes this an unreasonable demand. First, files with DRM are subject to break at any time. DRM systems are frequently updated, and often rely on phoning home to some server to verify that they can still be played. Some technological or business change may have turned the most carefully backed-up and preserved digital file into just a blob of unreadable encrypted bits.

Second, even if they are still playable, files with DRM are not very portable, and they might not fit in with modern workflows. To stay with the Apple and iTunes example, the old-fashioned way to watch a movie purchased from the iTunes Store would be to download it in the iTunes desktop app, and then watch it there, sync it to a portable device, or keep iTunes running as a "server" in your home where it can be streamed to devices such as the Apple TV. But this is just not how things are done anymore. To watch an iTunes movie on an Apple TV, you stream or download it from Apple's servers. To watch an iTunes movie on an iPhone, same thing. (And because this is the closed-off ecosystem of DRM'd iTunes movies, if you want to watch your movie on a Roku or an Android phone, you're just out of luck.)

[...] My takeaway is that, if a seller of DRM'd digital media uses words like "purchase" and "buy," they have at a minimum an obligation to continue to provide additional downloads of that media, in perpetuity. Fine print aside, without that, people simply aren't getting what they think they're getting for their money, and words like "rent" and "borrow" are more appropriate. Of course, there is good reason to think that even then people are not likely to fully understand that "buying" something in the digital world is not the same as buying something in the physical world, and more ambitious measures may be required to ensure that people can still own personal property in the digital marketplace. See the excellent work of Aaron Perzanowski and Jason Schultz on this point. But the bare minimum of "owning" a movie would seem to be the continued ability to actually watch it.

Jason Koebler writes: The California Farm Bureau, a group that lobbies on behalf of farmers, reached a "right to repair" agreement with the Equipment Dealers Association (which represents John Deere and other manufacturers) last week. But the specifics of the agreement were written by the manufacturers, and falls far short of providing the types of change that would be needed to make repairing tractors easier. In fact, the agreement makes the same concessions that the Equipment Dealers Association announced in February it would voluntarily give to all farmers. The agreement will not allow farmers to buy repair parts, break firmware DRM, or otherwise alter software for the purposes of repair.

An anonymous reader quotes the Tampa Bay Times: In April last year, the Florida Department of Corrections struck a deal with JPay. The private company, spearheading a push to sell profit-driven multimedia tablets to incarcerated people across the country, would be allowed to bring the technology to every facility in the nation's third-largest prison system. But there was a catch. Inmates had already been purchasing electronic entertainment for the last seven years -- an MP3 player program run by a different company: Access Corrections. For around $100, Access sold various models of MP3 players that inmates could then use to download songs for $1.70 each, and keep them in their dorms.... More than 30,299 players were sold, and 6.7 million songs were downloaded over the life of the Access contract, according to the Department of Corrections. That's about $11.3 million worth of music.

Because of the tablets, inmates will have to return the players, and they can't transfer the music they already purchased onto their new devices... The Department of Corrections, meanwhile, has collected $1.4 million in commissions on each song downloaded and other related sales since July 2011... JPay already operates banking accounts and facilitates phone calls at the state-run prisons, charging inmates and their loved ones steep fees for the services. With the introduction of tablets, JPay will add a wide swath of new spending incentives for its incarcerated customers, offering purchases of music, emailing and other virtual fare.
As a compromise, prison officials offered to download the already-purchased music to a CD, and then mail that CD to someone outside the prison. For a $25 fee.

An anonymous reader shares a report: GOG, the digital distribution platform for DRM-free video games and video, has launched a new initiative designed to promote content without embedded DRM. The platform aims to promote GOG and other companies with a similar ethos, including those offering DRM-free music, books, and video. "DRM-free approach in games has been at the heart of GOG.COM from day one. We strongly believe that if you buy a game, it should be yours, and you can play it the way it's convenient for you, and not how others want you to use it," GOG said in a statement. While Digital Rights Management is seen by many companies as necessary to prevent piracy, GOG believes that its restrictions are anti-consumer and run counter to freedoms that should exist alongside content ownership.