[sword-devel] UnlockInfo .conf entry

Troy A. Griffitts scribe at crosswire.org
Sat Dec 29 16:34:10 MST 2018


Hi Michael,

There is a new mechanism committed in the latest trunk of SWORD which
allows a publisher to "personalize" an unlock key per user, if they
would like, but SWORD does nothing to try to enforce 'per device' or
'per user' usage.

I have never heard from a publisher that they do not wish to make their
text available in SWORD format due to fear that a user could use a text
on more than one device.  In fact, we advertise to publishers that once
an unlock key is purchased, it can be used on any of our frontends on
any platform and they often appreciate that fact.

In my opinion, the downsides of hashing per hardware include:

1) we can't enforce this, as we are opensource.  Our encryption can be
enforced as it is true encryption and without the unlock code a module
cannot be read.  This is what we advertise to publishers and this is
what we can deliver.

2) if a user changes devices, they would need to gain a new unlock code

3) a user would need to purchase a separate unlock code for their phone,
tablet, laptop, desktop, etc.

4) in the world of virtualization, it would be fairly simple to generate
an 'appliance' vm/container which could be passed on.

Any one of these reasons has been sufficient to keep us from going down
this road in the past and again, I haven't heard from any publisher
their concern that our unlock mechanism isn't sufficient.  We recently
had a request to allow "personalization" of unlock codes, and thus the
recent commit, but that is merely a psychological deterrent, as a user
with an unlock code which begins with something like their last name,
e.g., SMITHJ027-abcd-1234-efgh-5678, is less likely to share their
unlock key.

Thank you for your suggestion.  I hope the personalization feature goes
a little way to prevent what you call "impulsive giveaways."

Troy


On 12/29/18 4:06 PM, Michael H wrote:
> As long as you're opening the unlock option for debate, can I suggest
> that the unlock codes get hashed for the user in some way.  That is
> the user provides some kind of credential information to the
> publisher, which the publisher uses some of the info to hash the
> unlock code, and the resulting code will only work on a specific users
> devices?  That would go a LONG way to convince hopeful publishers to
> consider sword platform.  This does imply that the unlock is only
> masked 1 level and would still be relatively easily unhashed, but it
> makes the act a deliberate one, and prevents simple eyes on the screen
> theft and impulsive giveaways. 
>
> On Sat, Dec 29, 2018 at 4:42 PM refdoc at gmx.net <mailto:refdoc at gmx.net>
> <refdoc at gmx.net <mailto:refdoc at gmx.net>> wrote:
>
>     Sounds good
>
>     Sent from my mobile. Please forgive shortness, typos and weird
>     autocorrects.
>
>
>     -------- Original Message --------
>     Subject: [sword-devel] UnlockInfo .conf entry
>     From: "Troy A. Griffitts"
>     To: SWORD Developers' Collaboration Forum
>     CC:
>
>
>         Dear Frontend Developers,
>
>         In an effort to gain more publishers-- even those who desire
>         to lock and
>         sell some of their modules, I would like to add a new .conf entry:
>
>         UnlockInfo
>
>         Up until now, we've relied on the About entry containing
>         something that
>         lets the user know how to obtain unlock codes from publishers
>         selling
>         codes to unlock their modules.  This entry would isolate just
>         those
>         instructions to a specific entry and would allow a frontend to do
>         something like:
>
>         If (moduleToInstall.getConfEntry("UnlockInfo")) {
>
>           showDialog("
>
>         The publisher of this modules requires for you to
>         obtain an unlock code.  This code can be entered below,
>         instructions
>         from the publisher are as follows:
>
>         " +
>         moduleToInstall.getConfEntry("UnlockInfo"));
>
>         }
>
>         Like many of our entries, this new UnlockInfo entry will allow
>         HTML
>         links and will likely contain a direct link from the publisher
>         to their
>         store entry to purchase an unlock code.
>
>         An example would be something like:
>
>         UnlockInfo=An unlock code for the Larry Fitzgerald NFL HOF
>         Edition of
>         the New Testament, with memorable career moments encouraging the
>         believer to press on when those around fall short, may be obtained
>         directly from the NFL store here:
>         href="https://nfl.com/shop/lf-nfl-hof-nt-sword-module">Larry
>         Fitzgerald
>         NFL HOF Edition of the New Testament - SWORD Module
>
>         Let me know if you have any comments or ideas,
>
>         Troy
>
>
>
>         _______________________________________________
>         sword-devel mailing list: sword-devel at crosswire.org
>         <mailto:sword-devel at crosswire.org>
>         http://www.crosswire.org/mailman/listinfo/sword-devel
>         Instructions to unsubscribe/change your settings at above page
>
>     _______________________________________________
>     sword-devel mailing list: sword-devel at crosswire.org
>     <mailto:sword-devel at crosswire.org>
>     http://www.crosswire.org/mailman/listinfo/sword-devel
>     Instructions to unsubscribe/change your settings at above page
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.crosswire.org/pipermail/sword-devel/attachments/20181229/0c8194c5/attachment.html>


More information about the sword-devel mailing list