DRM Screws People Yet Again: Book DRM Data Breach Exposes Reporters' Emails And Passwords

from the was-that-really-worth-it? dept

I have a few different services that report to me if my email is found in various data breaches, and recently I was notified that multiple email addresses of mine showed up in a leak of the service NetGalley. NetGalley, if you don't know, is a DRM service for books, that is regularly used by authors and publishers to send out "advance reader" copies (known around the publishing industry as "galleys.") The service has always been ridiculously pointless and silly. It's a complete overreaction to the "risk" of digital copies of a book getting loose -- especially from the people who are being sent advance reader copies (generally journalists or industry professionals). I can't recall ever actually creating an account on the service (and can't find any emails indicating that I had -- but apparently I must have). However, in searching through old emails, I do see that various publishers would send me advance copies via NetGalley -- though I don't think I ever read any through the service (the one time I can see that I wanted to read such a book, after getting sent a NetGalley link, I told the author that it was too much trouble and they sent me a PDF instead, telling me not to tell the publisher who insisted on using NetGalley).

It appears that NetGalley announced the data breach back in December on Christmas Eve, meaning it's likely that lots of people missed it. Also, even though I'm told through this monitoring service that my email was included, NetGalley never notified me that my information was included in the breach. NetGalley did say that the breach included both login names and passwords -- suggesting that they didn't even know to hash their passwords, which is just extremely incompetent in this day and age.

So, from my side of things, this means that the company put me and my information at risk for what benefit? To make my life as a potential reviewer of a book more difficult and annoying, and limiting my ability to easily read a book? DRM benefits literally no one. And in this case, has now created an even bigger mess in leaking my emails and whatever passwords I used for their service (thankfully, I don't reuse passwords, or it could have been an even bigger problem). For those who say that the DRM is still necessary to avoid piracy, that's ridiculous as well. If the book is going to get copied and leaked online, it's going to get copied and leaked online. And once one copy is out, all the DRM in the world is meaningless.

Rather than focusing so much on locking stuff up and making it impossible to read, while putting people's personal info at risk, just stop freaking out, recognize that most people are not out to get you by putting your stuff on file sharing sites, and focus on getting people to want to buy your books, rather than putting their data and privacy at risk.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: advance reader copies, data breach, drm, emails, galleys, hacked, passwords
Companies: netgalley


Reader Comments

Subscribe: RSS

View by: Thread


  1. icon
    ECA (profile), 25 Feb 2021 @ 10:43am

    DRM

    And how to make money from nothing.
    There are special people in this world, and last I heard they called them 'A' types.
    This type of person Loves to focus on things, and Just Do them.
    Meeting a few is interesting, and Never try to counter/dissuade them in what they WANT to do.
    I knew such a person that wished to count to 1 million, by writing in Pencil on paper. He even asked me how long it would take. 1 number at a time I saw him again after 6 months, and he got into the 100 thousands.
    He had a problem 1 time and had a Mogul Light socket, and wondered HOW WELL a 300 watt bulb would do while he was doing Puzzles. I suggested that in a while, he might have some Eye problems. About a month later, he came back and mentioned he Didnt like that light. Even on a 10 foot ceiling, it was To bright.
    The thing about such persons, is Finding the one that can MATCH your business/hobby needs. AS they will fulfill it Very easily.
    THERE ARE 'A' type computer people, most are Collectors. But if One had the idea to Copy any book that they wanted, to make it easier to read on Digital. IT WOULD BE DONE, as soon as it hit the shelves. Many of these people WILL do anything just to Do' what they LOVE to do.

    What is the Best security for a Book writer? Pay 1 person, enough money to get your book delivered Anywhere you want it delivered.
    DRM is abit stupid, and can be broken. ANd Companies as mentioned above are ONLY TAKING YOUR MONEY, and the proof is their Own security.

    reply to this | link to this | view in thread ]

  2. identicon
    Anonymous Coward, 25 Feb 2021 @ 12:38pm

    Also, even though I'm told through this monitoring service that my email was included, NetGalley never notified me that my information was included in the breach

    The linked story says email addresses, not emails. Do you have reason to believe any emails were leaked?

    reply to this | link to this | view in thread ]

  3. icon
    That Anonymous Coward (profile), 25 Feb 2021 @ 1:21pm

    Are you looking forward to your choice between an elephant & another 10 yrs of useless credit monitoring?

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, 25 Feb 2021 @ 2:54pm

    (thankfully, I don't reuse passwords, or it could have been an even bigger problem)

    This is a warning to use disposable email addresses as well.

    reply to this | link to this | view in thread ]

  5. icon
    Zos (profile), 25 Feb 2021 @ 3:23pm

    well, thanks for the breach notice

    I haven't logged into that account in like ten years, hope past me used a unique password.

    reply to this | link to this | view in thread ]

  6. icon
    Just Another Anonymous Coward (profile), 25 Feb 2021 @ 6:13pm

    Another feather in the hat of piracy. Give it up to sailing the high seas.

    reply to this | link to this | view in thread ]

  7. icon
    PaulT (profile), 25 Feb 2021 @ 11:36pm

    "DRM benefits literally no one."

    Indeed, it's actually a detriment to all parties. For the consumer, it presents a set of problems that will never be seen by any actual pirates, and the risk that they will one day lose access to what they paid for. For the publisher, it presents additional reason to would-be customers not to buy their product, either on principle or because their preferred device doesn't support that specific DRM flavour.

    reply to this | link to this | view in thread ]

  8. icon
    Samuel Abram (profile), 26 Feb 2021 @ 6:41am

    This is why I've gone cold turkey on eBook DRM.

    I have a story to tell…

    I found out one of my old high school teachers who I admired was now living in Canada, and wrote an interesting book. However, I asked if there would be a DRM-free version of the book, and someone who was either his agent or publisher said that no, the book will have DRM on it and there would not be a DRM-free version of it.

    That was the end of it. You could be an old friend of mine who wrote something cool and I still wouldn't read it if it had DRM on it.

    While he kept inviting me to his e-launch-party and I kept declining because I clearly didn't want to read his e-tome because the fact it had DRM on it meant that I couldn't put a similar copy on my Barnes & Noble Nook in addition to my iPhone (among many, many other reasons).

    Meanwhile, my friend and partner-in-music Raheem "Mega Ran" Jarbo released a quasi-self-published book (rather, he got a publisher that did all the duties publishers do but none of the gatekeeping) and it included a DRM-free PDF of the book, if not an EPUB or MOBI/AZW of the book. Since it was technically DRM-free, I've been reading it, and I've been enjoying it!

    It just shows you that the key to my heart is to release something without Digital Rights Management; it shows that the author actually respects their customers!

    reply to this | link to this | view in thread ]

  9. icon
    Samuel Abram (profile), 26 Feb 2021 @ 6:43am

    Raheem Jarbo's book

    BTW, Raheem Jarbo's book is called Dream Master.

    reply to this | link to this | view in thread ]

  10. identicon
    For UK serfs, hugs are off until June 21, 26 Feb 2021 @ 6:27pm

    This is a LEAK. NOTHING TO DO WITH DRM.

    As ever, you appear unaware of all prior to your birth: that publishers have required reviewers to keep manuscripts / galleys secret for over a hundred years that I've seen noted -- though can't dig up links you won't read to prove it.

    That LEAK is a LEAK.

    NOT about your mania of DRM, it's about a LEAK.

    Nothing like this happened before "teh internets".

    It's your fault for getting on the email list, and that you forgot doing so proves it doubly foolish.

    Besides that, what harm has been done you? Gave you safe premise for yet another dull piece. -- And you got an entirely appropriate response from "ECA" -- DRIVEL!

    reply to this | link to this | view in thread ]

  11. identicon
    Four-entry Sexbot, 26 Feb 2021 @ 6:28pm

    Re: DRM -- Dare anyone to summarize ECA's comment!

    *IF you dare -- I'm not responsible for your brain damage! -- read ECA through and try to summarize in your own words. Nowhere is there a thought connected to topic.

    ECA has done the exact same random capitalizing and incomprehensible pomposity schtick for 13 years now! It's dropped the runs of periods, but that's the ONLY change in 13 years!

    No one has ever been able to get a cogent response from it. Won't even show a flicker of annoyance at this dig.

    "ECA" is UNAWARE of self. INHUMAN, I tells ya. My bet is an early AI they keep going just for curiosity.


    AND there's a ZOMBIE with huge gap:
    Zos or aperson or MikeP: 621 (53 overall but < 5 last 2 years), 45 month gap from RIP Sep 13th, 2016, 15 mo gap early; 28 Aug 2009 https://www.techdirt.com/user/zos

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 26 Feb 2021 @ 10:38pm

    Re:

    Email lists are how copyright fans like your boyfriend Jhon Smith make their scam payoffs, blue.

    reply to this | link to this | view in thread ]

  13. icon
    PaulT (profile), 27 Feb 2021 @ 12:28pm

    Re: Re: DRM -- Dare anyone to summarize ECA's comment!

    "It's dropped the runs of periods, but that's the ONLY change in 13 years!"

    So, you've been obsessing over this site for 13 years, to the degree that you notice minor changes in the posting style of a user that most people here skip over because he's so annoying?

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.