Closed Bug 1235245 Opened 8 years ago Closed 8 years ago

PDF protection doesn't work anymore with last version of Firefox

Categories

(Firefox :: PDF Viewer, defect)

Product:
Firefox
Component:
PDF Viewer
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 792816

People

(Reporter: mmathieucolas, Unassigned)

Details

(Whiteboard: [pdfjs-c-other])

Attachments

(1 file)

PDF Creator sample file (w/protection)
8.38 KB, application/pdf
Details 
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151221130713

Steps to reproduce:

I created PDF files (with PDF creator) with double protection against printing and copying


Actual results:

The protection was not taken into account with the last version of Firefox. The files I uploaded could be printed and copied. This was tested both with Windows XP and Windows 10.


Expected results:

The protection did work with previous versions of Firefox, as it does with other browsers (IE, Chrome, Safari)
Component: Untriaged → General
Product: Core → Firefox
Component: General → PDF Viewer
Can you provides a sample file, and it was works in which versions?


bug 792816.
Flags: needinfo?(mmathieucolas)
Reporter says that a protected PDF generated by the program PDF creator can be opened in FF 44. If FF can open an protected PDF without a password, that sounds more like an implementation error on the part of PDF Creator.
(In reply to YF (Yang) from comment #1)
> Can you provides a sample file, and it was works in which versions?
> 
> 
> bug 792816.

We'll also need info about the PDF Creator software you're using, is this a 3rd party product or part of Windows? Do you have a link to the site?
Checked PDF Creator's files -- this bug is a duplicate of bug 792816 (and not related to 951051).
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
See Also: 951051
Whiteboard: [pdfjs-c-rendering] → [pdfjs-c-other]
Flags: needinfo?(mmathieucolas)

    
    

    
  
verified duplicate

The "please don't copy me" & "please don't print me" flags on PDF files are trivially ignored by most PDF software. Long since gone is the day Adobe owned this wholly and could somewhat enforce them, so nobody bothers to pretend anymore. If you want to lock something, use encryption and a password. If you want to prevent copying and printing, tough, that's logically impossible once you give access to it. If you want to prohibit copying and printing, do so via licensing agreements (and accept that technological enforcement measures are not realistic).

It is important to note that Firefox has never implemented support for those flags, and has opened all such files since the built-in PDF viewer was added many years ago.
Status: RESOLVED → VERIFIED

    
    

    
  
Thank you for your answers.

My PDF files are created with PDF Creator 2.2. Parameters : no password but protection against printing and copying.

As a result, if I open this file with Acrobat Reader or such browsers as Internet Explorer, Google Chrome and Safari, this double protection is respected: the file cannot be neither printed nor copied.

On the contrary, Firefox allows it being printed and copied, bypassing the restrictions I had set. (In my first message, I said previous versions of Firefox were more respectful of the protection, but I was mistaken: in fact, it's just because I used FF with Acrobat Reader, instead of the default configuration.)

I understand Firefox ‘never implemented support for those flags’. Yet it’s a problem when you upload files onto the web so that people can read them freely, but you don't want them being printed or copied. PDF protections are efficient for most people, even if I’m conscious they are not 100% secure. I understand you ignore them. But the result is rather strange : with such a policy, users don't need sophisticated softwares to break the protection: they just have to use the default configuration of Firefox! Why not take those flags into account, just as other browsers do ?

Thank you very much for your attention.

    
    

    
  
First a terminology correction: it's not security, it's DRM. Security protects the user; DRM protects the author (or at least purports to).

Mozilla has no reason to implement an old voluntary DRM scheme from Adobe. Type "copy protected PDF" into Google and the first option is a site to strip both these flags and passwords. I have a few PDF viewers on my computer, all written by different organizations, and I don't think any of them bothered to look at these flags. I don't represent Mozilla directly, but it's quite clear to me that there isn't a desire to use its limited resources to implement and test a feature that works against, not for, the users of its software. I'd expect quite a few loud complaints from users if they did.

(In reply to mmathieucolas from comment #7)
> it’s a
> problem when you upload files onto the web so that people can read them
> freely, but you don't want them being printed or copied. PDF protections are
> efficient for most people, even if I’m conscious they are not 100% secure.

Sorry, it's 0% secure. It is, and always has been, just an illusion.

More to the point, it is fundamentally logically impossible to even slightly attempt what you request. If someone is granted access to information on a device you do not control, you are incapable of controlling what they do with it. All DRM relies on asserting control over someone else's computer to prevent them from using it in a way you do not wish. Of all the ways this has been attempted, nicely asking the program reading the file is the least effective. Of all the media to attempt this with, text is the most trivial to circumvent (though, arguably, using a cable to plug your speaker port into your mic port to record DRMed audio can be easier).

If you're attempting to control this on systems you _do_ have permission to control, just require all of them to only use the Adobe reader (plugin or external viewer) and prohibit all others. (your system, your data, your rules; somebody else's system, nope)

I'm taking the time to explain this for you as you've been polite, as opposed to some others on this issue who have... not. Bottom line: some old tickets in this system get lost accidentally, some get shelved due to low resources, but a few are just ignored because arguing isn't a productive use of time.

    
    

    
  
Thank you for your answer and your detailed information. I've just lost my 'illusions'...
Yours sincerely

          You need to log in
          before you can comment on or make changes to this bug.