You said it. Now I need my morning coffee even more.
Any early leaks on how it will work? We need to get started circumventing right away.
Yep, its been pretty boring since John Steele and the Prendass Circus was in town.
Iâm going to start working on a system using modified inkjet refilling machines to refill used Keurig DRM Pods with fresh ground coffee, powered by a raspberry pi.
obviously this DRM scheme would only be enforceable if the device has a way to call home. Otherwise, your circumvention of the DRM would go unnoticed. Simple solution, block the MAC address of the coffee maker on your WiFi access point / router. Then they would be forced to have the machines not work when there is no internet access. Iâm guessing that would kill the product.
These pods sound like an absurd idea and I have never met a person who actually uses them. Yet Green Mountain (Keurig) has been tremendously successful with them. What demographic is actually buying this stuff?
My guess is some sort of QR code on the top of each cup that provides 2 numbers, a nonce and a privately signed version of that nonce. Keureg would own the private key, and the coffee machines would verify it with a burned-in public key, then store the nonce in an internal flash chip to prevent people from just reusing the same lid over and over again.
This would be the cheapest option I think, all it needs is a webcam in the lid and a bit of flash storage (flash is stupid cheap these days). The only complication I foresee is that the webcam might get steamed up and have trouble brewing more than 1 cup in a row.
There could be a whole community of people who take pictures of their lids so other people can print them out and stick them on aftermarket cups, but honestly that sounds like a lot of effort for a stupid cup of coffee.
My office has a Keurig, and so did the office at my previous job. Itâs kind of ideal for small offices with people who canât be bothered to wash out a coffee pot.
My parents have one. If you only have one person in the house who drinks coffee it is pretty handy for letting them make a single cup and not have any cleanup.
No need to be that sophisticated. Just have a static barcode for each licensed vendor, and then sue the bajeebus out of anyone who sells unlicensed cups for duplicating their copyrighted barcode.
Unlike digital media, thereâs no way to download pirate coffee cups off a website located abroad. Even if the DRM is trivial to break, theyâve still achieved their goal of outlawing the business of unsanctioned competitors, who need real factories and real trucks shipping real boxes on American soil.
Iâve seen them in offices and salons, basically places where staff might offer a client a cup of coffee (tea, cocoa, cider, etc) but no one wants to do the washing up. I had a cup in a salon, and it was⌠adequately caffeinated, and better than gas station coffee, but youâll recognize this as a pretty low bar. Iâd say that the common thread is situations where convenience outweighs price or considerations of waste.
Sometimes I want only a single cup of coffee, and Iâve considered one of these, thinking it would be OK as long as I can use my own grinds. But, in the end, the little pour-over cone + filter Iâve had for twenty years makes the expense seem ridiculous. Of course, if I was buying it for my business, Iâd call it a tax write-off and be done.
I find it unlikely that a barcode would rise to the level of copyrightability. Works can only be copyrighted if they involve original, creative work. See Feist: http://en.wikipedia.org/wiki/Feist_v._Rural
Iâm torn on this. On one hand I like the idea of being able to do what you like with the gear you buy, on the other if you buy into a system thatâs the system you buy into. It creates opportunities for other companies to manufacture an alternative to thatâŚthere are plenty of âopenâ systems for making coffee.
If people decide they donât like the system they buy intoâŚthey have a choice to try something new.
Apple doesnât inherently have to support Android apps on their phones and Android doesnât have to support Windows phone apps or iOS appsâŚthese are choices they make for competitive reasons. Now if there is a monopoly where all you could buy were one type of DRM coffee machine and one type of DRM podâŚthat would be a problem, but here we have a company that built an eco-system and now they want to protect it. If you donât like it thatâs whatâs great about choice in the marketplaceâŚdonât buy into their systemâŚbuy a real espresso machine or a regular coffee machine.
Thereâs always a lot of talk about âopenâ and âchoiceâ here on boingâŚand yet when we donât like something like this we simply say it should be forced to open upâŚwhen the real choice is simply going down to Bed Bath & Beyond, buying a non pod coffee machine and a grinder. Whatâs the big deal?
That would be a little too easy to defeat with a simple refillable cup IMHO. The amount of computing resources necessary to do a simple crypto check is not big these days. It would probably add something like $1 to the cost of the device.
How is this not a violation of the U.S. anti-trust regulations? Wasnât it established in Control Data vs. IBM that a manufacturer had to supply interface information to a 3rd party supplier? My knowledge of this is a bit hazy so Iâd appreciate anyone who knows more to chime in.
Iâve most often seen them in offices and waiting rooms. At least where I work, it works well. Ease of cleanup is a big advantage in an office space where no one is âofficiallyâ responsible for cleaning up. We have communal coffee makers in other parts of the building but diffusion of responsibility / freeloaders cause problems in the who-makes-coffee / who-cleans-coffee arrangements.
The k-cups also let us offer our meeting guests a much wider range of coffee and tea flavors than we would otherwise be able to stock and prepare without a lot of waste due to spoilage / dumped coffee pots.
As far as non-commercial users buying them, Iâm not sure the argument is as compelling, unless it is a pure convenience thing or for people who only drink coffee on the weekends (the longer storage life of the pods might be worth the cost).
To my knowledge the one in our office comes with a support contract so I canât imagine how ungodly expensive it is for my employer.
My wife and I received a Keurig Vue setup for Christmas. It makes the best cup of coffee that Iâve ever made with a machine in my house. Itâs simple and it always produces the same cup of coffee. Plus we have one of the Solo refillable cups so we use whatever coffee we like. She drinks a few cups a week, while I might have one a week, so it works well for us.
No word that Iâve seen, and I must admit to being curious:
The obvious approach, from a cost standpoint, would be to use something similar to the existing design; but slap together a few standardized data fields(brew parameters, serial number, maybe some other stuff Iâm forgetting), cryptographically sign that bundle of data and then print it as a QR, or other 2d bar code, on the pod.
That approach would allow âautomagicâ configuration of temperature, time, volume, according to the type of beverage being infused(which people probably would think is neat); and would be impossible for a 3rd party to forge without access to a private key blessed by Keurigâs trusted root key. It would also be relatively cheap: production-line printers for spitting out serial numbers, expiration dates, etc. arenât free; but thatâs totally stock manufacturing and warehouse logistics hardware and ink is cheap, and a reader (probably a low-resolution linear CCD/CMOS strip that the pod gets rotated in front of? Maybe an epoxy-potted cheap and nasty cell camera?) wouldnât add too much to the cost of the brew unit.
However, and this would be the kicker, while it would be computationally infeasible to create a new data bundle, because of the signature, the system would have zero defense against âreplayâ attacks based on just buying the âblessedâ consumable with the brew profile closest to your product, then copying the code, verbatim, onto your pod. The signature will still check out, because you havenât altered anything, and (worst case), you might have to buy another sample every few weeks to months if the data blob includes a manufacture date and/or an expiration date that causes old pods to âtime outâ (Apropos of article image: âItâs an older code, sir; but it checks out, I was about to brew it.â). Still stopping by the store on the way to work once a week, or even once a day, for the smallest available pack of ârealâ pods to secure this roundâs âauthenticâ code would not be much of a deterrent to cloners.
There would be two possible mitigations to replay attacks, both adding some cost: More plausibly, the brewerâs control system could log the serial number of each consumable on use, and reject duplicate serials. This wouldnât do anything about duplicates on a broader scale; but it would mean that cloners would have to have enough legitimate samples(and package them to avoid confusion) to keep their customers from running into enough âdudâ unbrewable duplicate pods that they just give up. The onboard storage would be vulnerable to a hardware attacker willing to mod the brewer; but enough cheap, slow, flash memory to store approximately a zillion serial numbers would cost, what, a dollar?
Less plausibly, a network connection offers near-perfect resistance to cloners: If each serial is born unique, and each podâs use is reported to HQ, HQ knows all outstanding serials at all times (also handy for market research and creepy individualized marketing, no? Synergy!), and the brewer merely need ask for permission before brewing an unknown serial. There would be a modest risk of ârace conditionâ(if a cloner figured out a non-destructive method of reading the data tag, through the packaging say, they might be able to get ârealâ data tags from genuine consumables still in the supply chain, in which case their clone pod might be the first to be brewed, leaving the eventual purchaser of the ârealâ pod with a burned serial. Has happened to some gamesâ CD-key verification schemes from time to time).
That would be reasonably solvable merely by being a bit lax (especially if each machine has a unique ID, which it would, you could even choose between a blanket âeh, just let 3 activations per serial pass, keep the customers happy, then send Pinkerton Death Squads toâŚenhance operational security⌠for whichever franchisee sold the batch that got cloned the most this quarterâ policy or a more specific, per-machine âtrustednessâ metric: âGoodâ customers, with profitable buying habits, or new customers who you want to encourage, would get a pass even on a certain amount of near-certain-fake-buying. âBadâ customers, with lots of clones in their history, well, no mercy for the misguidedâŚ) Itâd be just like a credit score!
The more serious obstacle, of course, would be getting people to accept that the coffee machine doesnât work without internet access (or, if you do an Amazon style âwhispernetâ integrated cell link, the additional cost and trying to explain to a confused customer what possible reason there could be that the cell reception in their house, for the carrier you chose, quite possibly not even the one they can check by looking at their phoneâs signal-strength meter, would affect the operation of the coffee machine.) And, of course, the nightmare scenario: If the office brewer loses connectivity before IT has had its morning coffee, IT wonât be able to restore connectivity due to lack of coffee; but the coffee supply will be offline because IT canât restore the connectivity. Cry to the gods of a thousand dead pantheons for the mercy that will never come, cry!
The second alternative, much more robust against cloners; but no idea how it would do anything except crater the margins on the pods, would be IC-based. Your basic boring smartcard IC (also seen in SIM cards and some âdongleâ authentication systems that are basically a smartcard and USB reader in a single sealed case) has an internal private key(recoverable only by direct attack on the die, or atypically bad software flaw) and is thus functionally unforgeable at any economically relevant cost. A die-level attack to recover the key is doable, in most cases; but if it costs $50k to mount the attack, youâd probably be better off kissing Keurigâs pinkie ring.
However, the obvious problem here is unit cost: rough numbers (based on the cost of ISO 7816 contact smart cards, the bare IC should be cheaper, of course, but harder to get a quote for on short notice, has to be at least 20 cents a unit, maybe rather more. Full cards, with IC and surrounding plastic, are 50-60 cents each even at 5,000+ unit order quantities and no printing.) Spending that much probably erases much of the margin Keurig was hoping to turn into sweet, sweet, executive compensation, and they still have to deal with the potential of one or more of their âblessedâ cards being physically cracked and then cloned by the thousands (possibly new batches of coffee pods would also distribute revocation information for earlier pods known to have been cloned, as with AACS ârecoverabilityâ or PS Vita games that include, and force, a ROM update? No architectural reason why you couldnâtâŚ)
Honestly, Keurig is taking on an atypically nasty DRM problem here: unlike games/music/video, where the âcloneâ goods are illegal just for existing, in virtually all jurisdictions, so itâs mostly about making noises for the rightsholders and (particularly with software, which has room to build in lots of annoying traps) maybe delaying the war3z kiddies long enough to preserve opening weekend; the hypothetical clone pods will be perfectly licit goods (and so, like generic toner, sold by companies that can invest in interoperability research and development if need be, and arenât under any immediately clear legal threat just for existing. And then the value per pod, even on the highest-margin first-party ones, isnât high enough to buy any really classy active cryptographic features without destroying the margins entirely, and passive consumables are trivially cloned unless the brewer is internet-connected and a revocation/validation server architecture is maintained.
I hardly pity them the âproblemâ theyâve created for themselves; but Iâd be shocked to see success(or drinkable coffee).
My favorite part about these mini coffee brewers is that the âmade for tvâ crowd latched onto them⌠they started selling plastic refillable k-cups that you would scoop standard coffee grounds into.
The pitch was that it would save you money on your coffee because you wouldnât have to spend money on the expensive one-offs.
Instead of just buying a traditional coffee brewer.
