New Harry Potter Book Leaked on BitTorrent

It's online: digital photographs of every page are available on BitTorrent.

I've been fielding press calls on this, mostly from reporters asking me what the publisher could have done differently. Honestly, I don't think it was possible to keep the book under wraps. There are millions of copies of the book headed to all four corners of the globe. There are simply too many people who must be trusted in order for the security to hold. And all it takes is one untrustworthy person -- one truck driver, one bookstore owner, one warehouse worker -- to leak the book.

But conversely, I don't think the publishers should care. Anyone fan-crazed enough to read digital photographs of the pages a few days before the real copy comes out is also someone who is going to buy a real copy. And anyone who will read the digital photographs instead of the real book would have borrowed a copy from a friend. My guess is that the publishers will lose zero sales, and that the pre-release will simply increase the press frenzy.

I'm kind of amazed the book hadn't leaked sooner.

And, of course, it is inevitable that we'll get ASCII copies of the book post-publication, for all of you who want to read it on your PDA.

EDITED TO ADD (7/18): I was interviewed for "Future Tense" on this story.

EDITED TO ADD (7/20): This article outlines some of the security measures the publisher took with the manuscript.

EDITED TO ADD (7/25): The camera has a unique serial number embedded in each of the digital photos which might be used to track the author. Just another example of how we leave electronic footprints everywhere we go.

EDITED TO ADD (8/15): Here is a much more comprehensive analysis of who the leaker is:

  • The photographer is Caucasian.

  • The photographer is probably not married (no wedding ring on left hand).

  • The photographer is likely male. In the first few photos, the ring finger appears to be longer than the index finger. This is called the 2D:4D ratio and a lower ratio is symptomatic a high level of testosterone, suggesting a male. However, there is no clear shot of the fingers layed out, so this is not conclusive.

  • Although cameras are usually designed for right-handed use, the photographer uses his left hand to pin down the book. This suggests that the photographer is right handed. (I've seen southpaws try to do this sort of thing, and they usually hold the camera in an odd way with their left hand.) However, this too is not conclusive.

  • The photographer's hand looks young -- possibly a teenager or young adult.

Much, much more in the link.

Posted on July 17, 2007 at 4:38 PM • 62 Comments

Comments

pointfreeJuly 17, 2007 5:01 PM

Harry dies when the broom he is flying on is hijacked and flown into a barn ...

elizillaJuly 17, 2007 5:08 PM

I agree that it's not likely to cost them any sales. I also wonder if the leak was perhaps intentional, a free way of getting a little more press and increasing the "buzz"?

Brandioch ConnerJuly 17, 2007 5:31 PM

They aren't worried so much about losing a sale. People buy multiple copies of those books.

They're worried about the suspense being broken for their fans as plot twists and the ending is leaked far and wide and loudly.

As of this moment, the fans who WANT to maintain the surprise and anticipation will have to be extra careful NOT to accidentally hear anyone revealing that info.

SpiderJuly 17, 2007 5:35 PM

Oh, Bruce. You should have mentioned the coming future of the book industry. Things like this can be prevented. All we need is on demand publishing. You go to Barnes and Nobles, Borders, your local bookstore and at correct time the encrypted book is sent over the internet to each bookstore where its decrypted with the stores password and the books begin printing.

I think the music industry missed their opportunity with this kind of model, but producing a quality hardcover is going to require more sophisticated hardware than a cd burner.

simongabrielJuly 17, 2007 5:39 PM

Honestly I laugh at all of the cries from the publishing houses as well as the MAFIAA (sorry, it fits so well) when things are 'leaked'. If the song/book/movie/whatever is crap, then they are upset because people found out it's crap before they could waste their money on it. Shame on the publishers. If it's good, people will still pay to read/watch/listen to it, so no discernable amount of money lost.

What it comes down to is that these distributors know that they are pushing crap, and the only press a leak will give them is 'bad' press.

SteveJuly 17, 2007 5:47 PM

Why does "pirated on the internet" = "BitTorrent" to EVERYONE in the media?

I saw the files posted to Usenet, personally.

And I know Bruce is just reiterating the linked-to article but comeon - he's a computer scientist. A file isn't "on" BitTorrent any more than a file hosted by a web site is "on http".


erikJuly 17, 2007 5:58 PM

Can you imagine how Apple would have reacted if images of the iPhone and screen shots of all its apps came out a week before they announced? Anyone who owes a reasonable percentage of business to a loyal fan base wants complete control of their message. All it takes is a few respected leaders in the fan base to criticize the product just before launch to spoil the event. BTW, I'm not in marketing -- I just channel them occasionally.

Steve ParkerJuly 17, 2007 6:00 PM

Surely the ASCII versions would be easier to create right now, from the ready-scanned images... just OCR the images, no need to re-scan.

KarlJuly 17, 2007 6:11 PM

It looks like a library copy. You can see a clear, plastic dust jacket taped on with that reinforced tape libraries like to use. I'm guessing some libraries got the books in advance, to prepare them for being checked out on the day of its release. There's a comment on that story that also says something similar.

If the publishers could have done anything to prevent this, it would have been to hold back the books from libraries until Midnight BST, when it first goes on sale. There's no point in protecting it beyond that -- the last book was up within a few hours of first being sold, still several hours ahead of the west coast release.

It's also interesting to note that the supposed spoilers from a month ago (where one of the publishers was supposedly hacked into) don't match up with any of the spoilers I've seen.

MikeJuly 17, 2007 6:27 PM

So here's how the book ends:

Harry and his friends are in a diner eating onion rings.

Then the next 30 pages are blank.

monopoleJuly 17, 2007 6:30 PM

I always buy a copy (or 3) to see that JK gets the bling (she deserves it) but I also download the book and actually read it on my Palm simply because it it's infinitely more convenient to carry (the same with the Cryptnomicon).

By the way, Harry's been dead since Book 1 and that's his reanimated corpse under the control of Hagrid, who has been playing Dumbledore and Voldemort against each other all this time.

MikeJuly 17, 2007 6:54 PM

I heard the EXIF data has the camera's serial number. Can anyone confirm this?

KanlyJuly 17, 2007 7:06 PM

It's Nerds meet Rambo II when Harry and his friends from Hogwarts launch a surprise raid on Gitmo.

Who could have seen that coming?

jdlJuly 17, 2007 7:15 PM

"That wand's more trouble than it's worth" said Harry. "And quite honestly," he turned away from the painted portraits, think now only of the four-poster bed lying waiting for him in Gryfondor Tower, and wondering whether Kreacher might bring him a sandwich there, "I've had enough trouble for a lifetime".

oh well...

I'll have what she's havingJuly 17, 2007 7:37 PM

"So here's how the book ends:

Harry and his friends are in a diner eating onion rings."

Then Sally walks in...

wellJuly 17, 2007 8:02 PM

i'm just thrilled that so many people are so excited to READ A BOOK

granted it isn't exactly The Economist, but J.K. Rowling has made the world a better place.

exif infoJuly 17, 2007 9:40 PM

Yep, the images have the serial number in them. They were taken with a Canon EOS Digital Rebel, with serial number 0560151117.

DaveXJuly 17, 2007 10:26 PM

Let's not forget how many people probably pre-ordered this book weeks ago-- they're not losing any of those sales if it leaks, are they?

On another topic, though... if I was Rowling, I'd have paid to make a super-realistic fake, and had it leaked; just for kicks.

KanlyJuly 17, 2007 11:37 PM

> How hard is it to remove an offtopic spam comment?

At that, an incoherent badly-written offtopic spam comment?

> Yep, the images have the serial number in them. They were taken with a Canon EOS Digital Rebel, with serial number 0560151117.

Canon: The Camera that Rats on you.

MistralJuly 18, 2007 3:12 AM

> Yep, the images have the serial
> number in them.
It's not a very secure deterrent measure.
I mean, there is no strong encryption and steganographoy of that identification data, no strong credential check to be able to read or write (and forge) those data.
A fairly skilled opponent can alter the data to accuse any other one (or to give no identification at all) making the whole system lose credibility in any court, so it would loose its effect also against non skilled opponents which may rise the reasonable doubt of being framed by someone else.

gregJuly 18, 2007 5:13 AM

@Spider

The problem is that is so insanely ridiculously stupidly cheap to press CD's and print books. They know dam well they make more money this way. In fact its really hard to make a case for a less centralized model because its so cheap providing you print/press enough copies. CD's the magic number is about 1000, books depend on the format and printing method. Distribution is also very cheap these days.

At 1000 CD each cost about 0.50 EU and most of that is the masters which are good for usually 10,000. Books cost a little more depending on the folding steps and durability of the plates. But at 1000+ books all the cost you see in a bookstore in various middle folks share + the authors cut. In fact the authors cut is usually larger than the cost of the book. Paperbacks would be on the order of 1EU.

Basically it costs too much to distribute the way you suggest. Also there is the anti commons problem too

BenJuly 18, 2007 6:08 AM

One of the local radio stations mentioned Monday that they had already received advanced copies of the book to give away ahead of the "official" release this weekend. Given that, I would say that the publisher has already passed their internal "release" date. The fact that digital photos of the pages are only now making it to the Internet suggests that they did an excellent job controlling their data. This is not a failure in security, but a success (as I think you were alluding to, Bruce).

NostromoJuly 18, 2007 6:43 AM

@monopole
"I always buy a copy (or 3) to see that JK gets the bling (she deserves it)"
The books are inaginative and entertaining. Opinions will always differ as to what the author "deserves" for writing them, but I think it would be very difficult to argue that she deserves 1,000 times the lifetime earnings of a average full-time worker in a G7 country. She has received much more than that.

dhasenanJuly 18, 2007 7:21 AM

@matthew skala:

EXIF data is readable by numerous applications, and some preserve that data when modifying images. The Wiki article mentions that EXIF editors exist, but doesn't list any. A quick Google search reveals a number of editors.

So, it's pretty damn easy, but unless you script it, you're not going to apply that to several hundred images.

C GomezJuly 18, 2007 7:47 AM

@Nostromo:
"I think it would be very difficult to argue that she deserves 1,000 times the lifetime earnings of a average full-time worker in a G7 country."

I haven't read a single line of these books or watched a single scene of the movies. Considering that thousands upon thousands of novels are released each year to little fanfare and end up in the bargain bin, I figure Ms. Rowling deserves every penny. I'm not sure any of us can create a worldwide literary phenomenon. Blame whatever you want on slick marketing, but I don't think you sell a franchise of books without them at least being readable or enjoyable. Otherwise people would stop buying them.

I don't see why she isn't any more entitled than pro athletes or movie stars. At least she gets people to read something. That's not exactly worthy of a medal, but it's certainly a better contribution than any sports figure.

EamJuly 18, 2007 8:58 AM

@C Gomez: "I don't see why she isn't any more entitled than pro athletes or movie stars."

I have the feeling that Nostromo would agree with you there. I also have the feeling you're missing his/her point.

Nicholas WeaverJuly 18, 2007 10:02 AM

Spoiler alert:

At the end of the book, Dumbledore gets killed by Snape...

Oh, wait...

DAMNIT, I downloaded the wrong book!

GeorgeJuly 18, 2007 10:28 AM

Unlike the CEOs of American corporations, who by Divine Entitlement merit millions in bonuses regardless of performance, Ms. Rowling has earned her fortune the honest way by creating something highly valued. Criticizing her writing is fair game, but criticizing her accumulation of wealth is not. She clearly deserves every penny.

DavidJuly 18, 2007 10:52 AM

One thing Ms. Rowling has done is taught her readers that reading can be fun, that reading needn't be just onerous assignments. She has taught a very valuable lesson to I don't know how many million children. That alone looks to me to be worth a whole lot of money.

Dan LinderJuly 18, 2007 11:13 AM

@dhasenan (and others regarding the EXIF data)

I wonder if the Google Image Search has an option to search for images with a specific EXIF field value?

Dan

Petréa MitchellJuly 18, 2007 11:28 AM

I have trouble visualizing Scholastic (for it appears to be the US edition, from the title page in the linked post) going to all the trouble of writing a fake book, printing it, binding it, and then releasing photos of it... but it seems odd that Scholastic previously announced it would be 784 pages long, and the photographed book is reported to only have 759. Yeah, yeah, it's only a 3% difference, but you'd think they wouldn't announce the page count until they were absolutely sure.

guvn'rJuly 18, 2007 11:44 AM

@dhasenan "...but unless you script it, you're not going to apply that to several hundred images."

so forget post-creation edits, how hard would it be to hack the camera firmware to change the contents written in the EXIF data?

yeah, I know, harder than writing the script to edit hundreds of images, but cleaner and more elegant...

nzrussJuly 18, 2007 11:49 AM

I don't need to download the book to read it for free.

There is a place in the town where I live that will loan me the book for free (but for a couple of weeks.)

Whatever you do, don't tell the publishing companies 'cos I don't know if this "library" place is all that legal...

X the UnknownJuly 18, 2007 1:02 PM

"so forget post-creation edits, how hard would it be to hack the camera firmware to change the contents written in the EXIF data?"

How hard would it be to purchase a cheap digital camera anonymously (i.e. using cash), and dispose of it when done? Works with cell-phones, apparently...

My question (I haven't seen the images): are those which contain pictures of fingers good-enough to extract fingerprints?

derfJuly 18, 2007 1:32 PM

Unfortunately, the inherent value of a digital copy of any work is now very close to zero. Since anyone with a PC can make a copy and easily digitally distribute it to others without any loss in quality, there remains little barrier to spreading around anything that can be digitized.

The question is - will movie, music, photo, software, and print companies work on a new formula for making money from this phenomenon or will they continue to sue their most avid customers using laws they created through bribed officials? Will they create a truly usable medium or create more headaches and frustration for their users through proprietary DRM schemes and questionable lawmakers?

JohnJuly 18, 2007 2:18 PM

While digital copies are all well and good, there is a certain human nicety and warmth in actually holding a book, turning pages manually one-by-one, and seeing one's progress through the book page-by-page.

Of course, having the printed version clock in at well over 600dpi resolution with high background contrast in full-wireless mode doesn't hurt in the least.

Mace MonetaJuly 18, 2007 4:25 PM

The question is, since EXIF data is so trivially easy to modify (yes even in batch mode) does the EXIF information in the images represent the actual camera? Will a prosecutor consider this sufficient evidence?

There's speculation that the images were taken in a library. So an employee that hates the head librarian (and noted the information on the camera she uses) loads some famously illegal images with that data...

People use meaningless information like this without understanding the technical aspects as PROOF of a crime. MPAA/RIAA and IP addresses or mp3 ID3 tags anyone? You might as well use a Ouija board.

from RussiaJuly 18, 2007 7:14 PM

Russian fans already have translated some chapters into Russian and have retelled all book

mikeJuly 18, 2007 7:32 PM

I loved it when Harry wakes up next to Suzanne Pleshette and tells her she'd look great in a Weasley sweater.

Mace MonetaJuly 18, 2007 9:12 PM

"-> There's speculation that the images were taken in a library

There's a previous comment above that says:

"It looks like a library copy. You can see a clear, plastic dust jacket taped on with that reinforced tape libraries like to use. I'm guessing some libraries got the books in advance, to prepare them for being checked out on the day of its release. There's a comment on that story that also says something similar."

mhJuly 19, 2007 3:08 AM

I do think this will further increase media coverage and hence will boost awareness and sales.

MECJuly 19, 2007 7:50 AM

There's more than one security issue here. A friend succumbed to temptation, and got a computer virus along with the images.

Chris SJuly 19, 2007 9:51 AM

@X:"purchase a cheap digital camera anonymously (i.e. using cash)"

As long as we are trusting the EXIF data ... a Canon EOS Digital Rebel is NOT a cheap digital camera.

MatthewJuly 19, 2007 11:01 AM

It's interesting to note that not only has a copy of HP7 been released, but that more than one has been, and the two different copies disagree with each other in a number of particulars, most notably the chapter titles.

LisaJuly 19, 2007 11:25 AM

More than one copy is being posted, but, of the copies that purport to be pictures of the pages, there is only 1 full copy. The other "copies" which are being posted are generally (a) just a fake epilogue with nothing else, (b) the Table of Contents and a fake Epilogue or (c) a few pages here and there.

They look pretty clearly photoshopped. The text is way to clear.

The rest of the "leaks" that are pdf documents are generally novel length fan fiction that's been circulating on the internet for awhile.

The real leak is pretty easy to spot, its the one that's pictures of the book against the background of that god-awful greyish speckled industrial looking carpet.

cacimarJuly 19, 2007 12:43 PM

This doesn't strike me as a legitimate concern (stopping it from leaking). This isn't a trade secret that is given to only a handful of people, but something meant.... hoped eve, to be dispersed to as many people as possible.

The only concern is to control the frenzy and maximize profits beyond what book cycles usually go through. I get review copies before the author is even done for some books.

Steve MorrisonJuly 19, 2007 11:22 PM

Petréa Mitchell:

A librarian says at http://tinyurl.com/2cf2p2 that the card catalog at her library lists the page count as 759 (link goes to the "Sword of Gryffindor" website and is spoiler-free).

Petréa MitchellJuly 20, 2007 1:17 PM

Darn. I've read some non-spoilery comments from hardcore Potter fans, and they're disappointed by it by about a 2-to-1 margin. But thanks for clearing that up.

mistralJuly 23, 2007 2:50 AM

from http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/article2104250.ece
""The Exif data is like the picture's DNA; you can't switch it off. Every image has it. Some software can be used to strip or edit the information, but you can't edit every field," "
Well, if the guys investigating on this case really think this (and really intended to say this), the leaker may sleep well!
What heck does it means?
They think an hex editor and a script cares about letting you altering some fileds and some other not???
It's a file, and it's in the whole power of the user to edit it in any bit; an aware user may turn any of those fields in garbage and the whole point is that the image will still work and be readable and errors or fakes in those fileds will simply be ignored!
So what kind of proof it can be?
The file may get edited, the camera may be stolen or buyed anonimously just for that purpouse... at the end, it turns to be more a nag to legitimate users than a real treath for aware attackers.

ThomasJuly 24, 2007 7:56 AM

@mistral
That whole article is hilarious. It looks like a desperate attempt to scare people into not doing this sort of thing, they could be traced by digital DNA!!!

I especially like this bit: "Because the model is three years old, the device would likely have been serviced at least once ...". Doesn't say much for the reliability of this make/model of camera :-)

EXIF data is trivial to edit. Looks like the joker who leaked HP7 didn't know about it and therefore didn't wipe it (or they did know about it and faked it). (Note to self, use "exiv2 --delete *.jpg" (http://linux.die.net/man/1/exiv2) or similar when I leak HP8.....)

Now... the CCD fingerprinting discussed here a few months ago, that might be a bit more of a problem to circumvent. At least CCD fingerprints (probably) aren't on record like serial numbers are.

Dr. Neal KrawetzAugust 15, 2007 9:24 AM

I did a little image analysis on the images and came up with more information than just the camera's serial number:

http://www.hackerfactor.com/blog/index.php?/archives/70-Harry-Potter-Leaked-and-Analyzed.html

If they really want to catch the photographer, then I believe the photographer can be tracked down easily enough. If nobody catches him, then it is probably because nobody is interested enough in catching him and not due to anonymity on the Internet.

orhanJuly 8, 2008 6:42 AM

These people who read the book early are the same people who opened their Christmas presents early and re-wrapped them.

comivasNovember 18, 2008 9:31 PM

The only concern is to control the frenzy and maximize profits beyond what book cycles usually go through. I get review copies before the author is even done for some books.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.