Flash encryption broken, Adobe censors SourceForge

May 24, 2009

As seen on Slashdot:

Adobe uses a proprietary encrypted communications system between their Flash player and their Media Server product. This is intended to ensure that only people who pay for Flash Media Server can stream Flash movies, and only official clients can access them.

In other words, it’s a copy protection (DRM) scam. It’s completely antithetical to the goals of running a free software desktop or serving content to users using free software. However, despite Adobe’s claims, it doesn’t actually provide any security except through the obscurity of the protocol and some short secret keys.

lkcl claims to have created an open source, clean-room implementation of this protocol, called RTMPE, and published it on Sourceforge. Despite promising in January to open RTMP, Adobe wants to protect their revenue stream, so they sent a DMCA takedown notice to Sourceforge, who complied by censoring the project.

If you value your freedom to publish and receive Flash videos using free software, help us fight Adobe and embarrass SourceForge by nominating rtmpdump for “Best Project for Multimedia” in the SourceForge Community Choice awards.

If you just want to download it, here are some handy links now that it’s been censored by SourceForge: LKCL sehe.nl megashare.com mininova.org sumotorrent.com fulldls.com btjunkie.org mybittorrent.com demonoid.com mininova/TOR.


7 Responses to “Flash encryption broken, Adobe censors SourceForge”

  1. pochp said

    So you’re saying that both Adobe and Sourceforge can’t be trusted?

  2. quetwo said

    One thing to note about all of this — Adobe open-sourced RTMP, not RTMPE, which is a different stack all together. RTMPE is the DRM, protected version of their streaming protocol. Adobe open-sourced the RTMP protocol in order to allow others to build applications that can use the Flash player to stream. At the same time they created RTMPE in order to satisify their content partners who all wanted to be able to protect their content (and most were looking at using properiety WMV/WMA codecs that locked people into Microsoft’s platforms).

  3. chrisw said

    pochp, I didn’t say anyone couldn’t be trusted.

    I think Adobe is being silly and selfish by taking their toys and going home, and by bullying Sourceforge. Surely they know that the cat is well and truly out of the bag on this one.

    I think Sourceforge is being spineless by giving in to Adobe’s pressure, and deserves some push back.

    quetwo, thanks for the clarification. The rtmpdump site appears to me to conflate the two, or at least make RTMPE appear to be “RTMP with encryption”.

    Proprietary codecs are a pain, but free codecs exist, and encrypting the communication channel does add to the proprietary burden. Free media servers can still serve content in free formats to proprietary players, if both sides implement RTMPE.

  4. Luke said

    disclaimer: I’m a SourceForge employee.

    If you take a quick glance at the two companies side-by-side (http://www20.wolframalpha.com/input/?i=adbe+lnux) it’s easy to see that SourceForge has nowhere near the resources necessary to fight a legal battle with Adobe.

    And, being an American corporation, SourceForge really has no choice but to follow the law of the land. A DMCA take-down notice is a far cry better than a lawsuit, as SourceForge has experienced in the past – http://yro.slashdot.org/article.pl?sid=08/11/16/015220.

    SourceForge has to fight for the OSS cause in our own practical way – no legal dodges like Pirate Bay can perform, and no drawn-out expensive lawsuits like IBM can support. it means we have to keep trying to give as much value to legal OSS projects as we can as often as we can; but we also have to struggle with the crummy state of IP law as it is today. 😦

  5. chrisw said

    Hi Luke, thanks for posting here and putting SourceForge’s view across.

    I’m afraid that you haven’t convinced me that SF did the right thing. In my view, an organisation committed to free software over financial profit should fight back against Adobe using whatever resources are at its disposal. Perhaps SF is not such an organisation.

    I know that it takes balls to fight an opponent which is a hundred times bigger. Small companies often have those balls. They can move quickly and be resourceful and outwit the behemoth by making it stumble over its own feet.

    I am not a lawyer, but I think that SF would have a very good chance of winning this fight in court. rtmpdump is reverse engineering for interoperability with RTMPE, which I believe is protected under the DMCA. Also, if Adobe actually sued SF, the community would donate to defend it, probably enough to cover the entire legal costs, to show solidarity. I reckon even some big boys like Google, no fan of current IP laws, would join in too.

    SF doesn’t have to “struggle with” the crummy state of IP law. It can struggle against it instead. That’s the only way it’s going to get less crummy.

    We would support SF to death if they took on this fight, because it’s worth fighting for. Anything else is a cop-out. And SF can expect it to be as embarrassing as we can possibly make it.

  6. Luke said

    I totally agree with the attitude. But there’s still a couple other caveats I think …

    (Also, understand I’m just a web engineer at SourceForge so I’m not heavily involved in the business development.)

    Unfortunately, it’s not as easy for SourceForge to put free software over financial profit because, small though we are, we are still a public company! That means our financial view tends to focus at the quarterly term instead of the long term. I mean, we could open more financial opportunity if we spent the time and resources necessary to change IP law; but try selling that to fickle Wall Street investors, y’know? It’s also a major reason why SourceForge can’t move as quickly as other small companies or startups.

    The other caveat I’ve noticed in my 3 years working for this OSS company is that I was somewhat naive about the financial benevolence of the community at large. Don’t get me wrong – there are lots of generous individuals, and everyone who ever donates to any OSS project is performing a much-needed component to the development of OSS. But, one of the big strengths of OSS is its ad-hoc organizational nature – it lets us sporadically organize around the code and projects we each love, but is very hard to organize toward a single collective goal like this. That’s why it takes someone like an IBM to effectively laser-focus efforts in legal cases like they did with SCO.

    Lastly, I would hate to use the term ’embarrassing’ in this case because that implies SourceForge is somehow in the *wrong* in its actions – seemingly as ‘wrong’ as Adobe is?

    I think it’s more accurate to say this is unfortunate.

  7. pochp said

    Ok Chris, I see your point.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: