
On Encrypted Video and the Open Web - _pius
http://www.w3.org/blog/2013/10/on-encrypted-video-and-the-open-web/
======
shmerl
He contradicts himself in the text:

#1: _> So we put the user first, but different users have different
preferences. Putting the user first doesn’t help us to satisfy users’ possibly
incompatible wants: some Web users like to watch big-budget movies at home,
some Web users like to experiment with code._

#2: _> No one likes DRM as a user, wherever it crops up._

DRM never means putting users first - it's always anti user, for which #2
precisely attests. So, #1 had to read: "we put DRM lobby first". That sounds
about right about what they did. And, DRM obviously goes way beyond just
preventing tinkering with the code in its anti user nature.

So this principle is clearly violated: _In case of conflict, consider users
over authors over implementers over specifiers over theoretical purity_. Users
don't want DRM. Users want media. Publishers want DRM. Putting users over
publishers means showing publishers the door, until they come back with DRM
free content. Publishers will bend since DRM is idiocy and always was, W3C
shouldn't bend.

~~~
paulftw
You are right about him contradicting himself, but I think first half (rather
first 2/3) of his post are just philosophical beating around the bush. He
nearly lost me half-way through.

But what he's actually trying to say is that if W3C won't standardize some
form of DRM, publishers lobby will fill the gap.

And whatever comes out of that lobby will be thousand times worse for the
users and implementers. I don't necessarily agree with that, but this is the
message of that blog post.

A lot of users want their internets work fast and without glitches on their PC
from 2003, under WinXP and IE8. In order to satisfy interests of those users
we must stop introducing new CSS features and JS extensions. That's just how
sad the world we live in is.

I tend to think that publishers aren't as powerful as they used to be. Browser
market is dominated but rather open Chrome and Mozilla still going strong.
Duopoly of iOS and Android is quite dangerous though - if these two reach any
agreement, W3C opinion won't matter.

------
JoshTriplett
[This is a copy of a comment I posted to a previous discussion on this topic.]

The problem is that the standard itself isn’t enough to actually support any
of the content it claims to support.

It’s the equivalent of standardizing the object or embed tags: it’s a standard
way of getting at non-standard functionality, and sites then depend on
specific implementations of that non-standard functionality, the same way they
depend on the Flash plugin today in ways that knowing how to implement the
object tag doesn’t help with.

Standardizing a single fully-specified mechanism for DRM might actually be
useful (debatably), but that would break the current model in which DRM is
completely unsound and relies on security-through-obscurity. “Standardizing” a
means of getting at the myriad non-standard DRM implementations and their non-
standard APIs is worse than worthless: it’s actively harmful, and it prolongs
the death of those technologies.

Right now, content providers have to choose whether to support the open web or
DRM. They should continue to have to make that choice, with supporters of the
open web reaching a larger audience, until eventually all the holdouts either
switch or lose. This is a major step backward for that goal, and the W3C has
no business claiming EME has anything to do with the open web.

~~~
pyalot2
It's not just that it prolongs that clinging to anti-feature systems by the
content industry.

EME kills the webs future by a simple insidious mechanism. the CDM (content
decryption module) needs to provide the raw bytes to the browser so that the
browser can composit the webpage with the video (layering things behind/ontop
and transforming it with CSS).

But if the CDM delivers the plain content to the browser to display, then the
browser (or any program, like wget) could simply use the CDM to dump the plain
content to disk.

Since EME cannot work in this fashion, the CDM cannot be made available to
Open Source/community browsers (like Firefox, Chromium, Webkit builds, Khtml
etc.)

In turn this means that if large web-properties (like Facebook, Youtube,
Netflix, Amazon etc.) adopt DRM for one reason or another, Open
Source/Community browsers will be known to users as "those browsers that don't
work".

You will end up with another proprietary browser monopoly web, like in the
good old days of IE6. Why is it you think that Microsoft (of all companies) is
pushing EME along at a frentic pace as if their life depended on it?

------
jacobquick
"Some arguments for inclusion take this form: if content protection of some
kind has to be used for videos, it is better for it to be discussed in the
open at W3C, better for everyone to use an interoperable open standard as much
as possible, and better for it to be framed in a browser which can be open
source, and available on a general purpose computer rather than a special
purpose box. Those are key arguments for the decision that this topic is in
scope."

This is ridiculous. The W3C should continue to refuse supporting DRM of any
kind in order to keep the adoption of these technologies as difficult as
possible. Yes a company like Netflix can just make a plugin for an existing
browser to chat with an app they install on your desktop/tablet/whatever. Let
them do that and convince their users that they should install their software
and why - leave the rest of us out of it.

~~~
shmerl
Exactly. DRM should die out as a trend. It's never needed for any valid
business reasons. W3C instead of refusing, helps prolonging this sickness.

~~~
dragonwriter
I actually think that EME in HTML -- by narrowing the scope of the DRM part --
encourages what further use of DRM there is to be done in way which minimizes
the cost of transitioning too a fully-open format (since it facilitates a
model where the _only_ non-standard piece is the DRM handling, as opposed to
DRM being the lever to get high-value content into proprietary platforms.)

~~~
shmerl
It really doesn't matter how standard DRM is. Who cares really if we want to
get rid of it? The harder it is (making DRM for publishers and distributors),
the better it is for users, since it will give more incentives to stop using
it sooner. Making DRM harder to spread should be the goal, not making it
easier in any way.

------
sktrdie
Tim is right in a way. Most users don't care of DRM, they don't even know what
it is. They just want to be able to watch hollywood movies on the Web.

So on one hand W3C can ignore the user's need of wanting to watch movies, by
not supporting DRM. Users would then continue downloading plugins. And
developers would have no way of interoperating with these black boxes.

On the other hand W3C could do something about it. Users would then have no
need to download plugins. And developers would have a much more interoperable
system.

Sure we all agree that video should be like HTML, where you can view its
source and copy it around and play around with it. But the reality is that
movies are exponentially more valuable in today's market than any other
digital medium, so it's obvious that their creators are less willing to give
them out without any protection.

Yes you might be willing to open-source your jQuery plugin that you've built
for your e-commerce startup. But are you willing to open-source your entire
project?

~~~
pyalot2
Tim is as wrong in every way as he can possibly be wrong.

Open source browsers where what introduced heterogenity to an IE6 monopoly on
the web and it made the modern web as we know it possible in the first place.
A heterogenous browser landscape is a vital component for a healthy web.

Open Source browsers will not be able to use EME, because the CDM (the
proprietary blob part) of it, cannot give random programs (like browsers,
which need the raw bytes for layouting/compositing of the content) access.
Because then the program could just dump the content in plain to disk.

Hence, Open Source browsers would need to be excluded from accessing the CDM.
As a result, Open Source browsers will begin their march towards oblivion as
the proliferation of DRM on the web will render them incapable of serving up
the content and they will become known as "those browsers that don't work".

~~~
dublinben
Open source browsers will access the CDM just like proprietary browsers do, in
a one-way fashion. The decrypted video stream will be sent straight to the
display driver, likely on an HDCP protected pathway where available.

~~~
pyalot2
That doesn't work. You don't seem to understand how a webpage is composited.

The browser aquires all the bytes it needs to composit the page, and then it
layers/animates them by whatever is a suitable compositor (software, hardware
accelerated, whatever).

This involves elements on top or behind other elements with various levels of
alpha and/or other effects.

The browser cannot do its job if it can't get access to the content.

~~~
dublinben
I certainly understand how a webpage is composited.

Do you think that browsers can currently "get access to the content" being
displayed by plugins like Flash and Silverlight?

~~~
shmerl
If browsers don't, your window managers surely do. So you can capture the
screen with ease. In order to avoid that, Windows created a whole chain of DRM
which prevents user from accessing it. This will never be possible on free
software systems.

------
pslam
The root issue is that this requires some weasel-minded logic:

"In case of conflict, consider users over authors over implementers over
specifiers over theoretical purity."

The author (and those who voted in favor at W3C) considers DRM a benefit to
users, because it enables them to watch "premium" content. But this is a
logical fallacy: users want premium content, premium content requires DRM,
therefore users want DRM. No, it does not imply that at all.

However, if in your mind you are thinking "they would be worse off without the
content so it's all for their own good" then perhaps that makes some weird
logical sense to you.

You should be careful if you find yourself in a position of authority or
implementation, creating anti-user systems "for their own good", all the while
inventing excuses in your head why it's actually a good thing. It's quite a
dark path to be going down.

------
conductor
> if content protection of some kind has to be used for videos, it is better
> for it to be discussed in the open at W3C, better for everyone to use an
> interoperable open standard as much as possible, and better for it to be
> framed in a browser which can be open source, and available on a general
> purpose computer rather than a special purpose box.

I don't think DRM and free software may coexist, and I don't mean
ideologically: just the DRM would be breakable.

~~~
dragonwriter
> I don't think DRM and free software may coexist

They clearly can _coexist_ and interact, but you can't use Free software to
implement DRM without defeating the purpose of DRM.

The point of the standard isn't to support Free DRM, its to provide a standard
_interface_ for browsers, which may be Free software, to interact with systems
providing DRM, so that a desire to use DRM for particular content does not
lead to a need to implement anything _besides_ the DRM portion outside of
standards-compliant browsers.

~~~
pyalot2
The DRM in HTML-DRM is called the CDM (content decryption module) and it would
be supplied as a proprietary blob/OS API.

In order for the browser to work (with images, audio, video, fonts and so
forth) it needs access to the raw frames (for layout and compositing into the
page of the content).

The CDM cannot give any random program access to decrypt any given stream, as
that would allow anybody to save the content to disk in plain, which is
exactly what DRM is intended to prevent.

As a result, non proprietary software cannot make use of a "standardized" DRM
infrastructure, since modifyable software cannot be trusted to use the API in
a fashion that the authors of the DRM want them to use it.

This means that Open Source browsers (such as Firefox, Chromium, Webkit, Khtml
etc.) are relegated to second-class citizens who cannot serve the web that the
W3C envisions. At first this is an unfair handycap, but then this becomes a
threat to the Open Web, as the proliferation of DRM across large web
properties will make those properties unusuable to Open Source browsers.

Eventually you end up again with a browser monopoly (like IE6) that stiffled
all progress on the web for more than 6 years.

~~~
jiggy2011
The CDM can render frames itself if required. [https://dvcs.w3.org/hg/html-
media/raw-file/tip/encrypted-med...](https://dvcs.w3.org/hg/html-media/raw-
file/tip/encrypted-media/stack_overview.png)

~~~
hdevalence
mhm, so in that diagram what happens when both "Platform" and "Browser" are
user-modifiable?

~~~
jiggy2011
I'm not sure your point?

~~~
conductor
If the user controls the OS (e.g. by a kernel module) or the Browser (e.g. via
a plug-in) then he can capture the audio/video streams.

~~~
jiggy2011
The user always controls the OS, this is already the case of most platforms.
This isn't really the point of DRM.

~~~
pyalot2
That is exactly the point of DRM. See for instance the difficulties that linux
has supporting DVD playback (and now blu-ray playback).

Open Source OSes will be excluded from EME.

------
neur0mancer
It's strange that they say that they want to help to build "open" DRM-based
systems...

~~~
pyalot2
There's no such thing. That's just W3C (MPAA shills) crazy talk.

A heterogenous and open web is fundamentally incompatible with requiring that
web to be run only by proprietary browsers using proprietary DRM plugins.

------
betterunix
How about this: make DRM standard, and specify as part of the standard
everything that I as a hypothetical browser implementer would need to
implement that DRM -- to really implement it, not just offload it to the OS.
_That_ would at least be an attempt to stick to the spirit of openness.
Instead, what we have is a standard that promotes proprietary platform-
dependent features and which will serve only to shut out users who dare to use
the wrong OS.

Oh, wait, _Hollywood_ does not really want openness and would never have gone
for that. Why is W3C putting their interests above ours ("ours" as in "the
users'")?

------
devx
It's bad enough that ISP's, wireless carriers and even the governments
themselves are trying to turn the Internet into another TV medium, where only
the _broadcast_ matters, and with preferably a lot of "unlikable" content
getting censored off the Internet (just like on TV), and with 10-tier pricing
levels, so those corporations can squeeze as much money as possible out of
everyone.

And now W3C wants to _help_ this trend? No thanks. As a _user_ of the
Internet, which they say they put "first", I say I don't want the Internet to
turn into TV and everything else that implies.

------
pyalot2
Open source browsers where the only guiding light that led the web out of the
darkness of an IE6 monopoly. And the WhatWGs HTML5 standard and the
willingness of Open source browsers was the only thing that saved the W3C of
complete obsolesence.

Yet the W3C releases a standard that condemns Open source browsers to second
class citizens.

An Open Source browser such as Firefox, Chromium, Webkit etc. cannot support
HTML-DRM, because the CDM (content decryption module) cannot be produced open
source, and the proprietary blob that would implement it, cannot give any
random program access to decrypt the encrypted content and dump it to disk.

This ensures that only proprietary browsers will be able to support HTML-DRM.
In that future that the W3C envisions, Open Source browsers will never be able
to gain any traction, and a heterogenous browser landscape will not exist.
Alternative browsers will just become known as "those browsers that don't
work" when they fail to serve up movies, images, audio, fonts, and various
other resources because they have been frozen out from doing so.

~~~
nemothekid
This seems a little overblown. Firefox is the only fully open source browser
to gain any significant traction, so HTML-DRM as the final blow to the
"guiding light that led the web out of darkness" seems a little far-fetchd.
(Nitpick: Webkit is not a browser, its a rendering engine)

At the end of the day I'm having trouble understanding what this really means
for the Web. Hollywood was never going to stop using DRM. With all the various
syndication deals with DRM-clauses in Hollywood contracts, I doubt _anyone_
was going to step up and fight for DRM removal when TWC is blacking out CBS
over transmission fees. At the same time, I don't think HTML-DRM will cause
Netflix to drop support for Firefox. What most likely will happen is there
will be a shim.

This whole thing seems like a giant charade for the w3c to strengthen its
relevancy.

~~~
betterunix
"At the end of the day I'm having trouble understanding what this really means
for the Web"

You already have a preview: Netflix using Silverlight, which shut out everyone
who is not using a Microsoft-endorsed platform. You can bet that whatever
Microsoft DRM is available on Windows will be used and will have the same
effect: Microsoft will not make a version for any other OS, and Hollywood will
not license its entertainment to anyone who is not using Microsoft's or
Apple's DRM. Those of us who want to use free/libre software will just be SOL
if we want to watch mainstream entertainment (legally).

"At the same time, I don't think HTML-DRM will cause Netflix to drop support
for Firefox"

No, but it will not cause Netflix to add support for GNU/Linux or any of the
other OSes they refuse to support. Who is going to develop a DRM system for an
OS that allows its users to easily dump the core of any process? Even if
someone did develop such a thing, why would Hollywood ever license their
entertainment for it, knowing how easily a beginner-level user could
circumvent it?

Your reference to the TWC/CBS issue is apt. That is the future of the web of
this kind of thing continues: with each step in the direction of appeasing
Hollywood, we take a step towards converting the Web (and the greater
Internet) into a fancy cable TV system. In other words, we are seeing a
systematic effort to destroy the most open communication system of the
computer age.

~~~
nemothekid
"In other words, we are seeing a systematic effort to destroy the most open
communication system of the computer age."

I think you are severely overblowing this issue. If the web can survive
through Sony implementing Rootkits as a form of DRM, I think the web can
survive this.

"Those of us who want to use free/libre software will just be SOL if we want
to watch mainstream entertainment (legally)."

Linux users are _already_ shit out of luck. I don't need to speculate about
that this means for Linux and the web, because any decision, W3C or not, would
have left Linux users shit out of luck.

Finally, I'm only concerned if this means anything at all for the web.
Frankly, Netflix was never going to support a platform they couldn't add DRM
to because Hollywood wouldn't license content to them if they did.

At this point DRM is a legal formality to Hollywood, despite whether it works
or not. The reason I brought up the TWC/CBS issue was to highlight how bad
these contract negotiations can go. For example, a studio like Sony will
syndicate Breaking Bad to AMC. In the boilerplate clause, part of the
syndication deal will say "online distribution for this content needs to have
DRM for 10 years", meaning until 2018, if you watch Breaking Bad online, there
will need to be _some_ form of DRM. For a network like AMC to argue this
point, there would need to be huge monetary value for them because Sony will
then use the no-DRM clause to demand more money from AMC. My point is whether
or not DRM is actually effective, has nothing to do with the user and
everything to do with sweetening contract deals for more dosh at this point.
And nothing - except a mass migration to 100% open systems - will change that
point. Despite what we all believe Hollywood isn't stupid, and I doubt most of
these studio execs believe DRM is actually effective, after all TPB still
exists.

Now, given that Hollywood has been massively lucky in that 1.) TV/Film piracy
is not nearly as popular as music piracy and 2.) Piracy hasn't forced
Hollywood to give up on DRM, and that Hollywood was never going to support
100% open systems anyways - what does the w3c decision actually mean for the
web? Netflix is unlikely to drop support for firefox, and any other open
system didn't have the means to play Hollywood content anyways (legally). Just
like how the WHATWG stepped around the W3C for not playing by their rules
(even though the WHATWG's rules were better), the Hollywood will just step
around the W3C rules if this didn't pass. However this did pass, and now has
the overall direction of the web actually changed?

~~~
pyalot2
> I think you are severely overblowing this issue. If the web can survive
> through Sony implementing Rootkits as a form of DRM, I think the web can
> survive this.

Those are in no way comparable and that's a flawed analagoy. The future of the
web is threatened by the attempt to convert it into a DVD/Blu-Ray player. The
Web is not a stupid playback machine. And EME is so bad because it
technically/legally excludes the community from improving it in the future.

------
oscargrouch
A more suitable title for this issue would be:

On Closed Video and the Open Web..

Really W3C: this should not even being in discussion. period.

Those two things are are clearly antagonistic by their own nature...

More than ever, as the NSA revelations can testify, we need transparency!

To the Open web remain open, the Video must be open.. the minute "The Open
Web" start to adopt "The Closed Video", it will turn into "The Closed Web"

Its that hard to understand?

------
roarroar
Maybe now people will understand that the "open web" is just another power
grab by another group in the "dirt war" of computing. The scam is to give the
peasants lots of shiny-looking stuff while foisting a crap programming model,
Byzantine standards and now DRM. And because the peasants don't have a clue
what computers are capable of they gush at every little pseudoinnovation while
the W3C plays catch up with the past. The rest of computing suffers from this
problem but the web is the absolute worst of the lot. Elegance and rigor is
last on their list of priorities, after convenience to the implementor. And
yet, elegance is of the utmost importance to users in the long-run. So the
reality is that they place implementors _before_ users, because their aim is
to win the dirt war and be written into history in a favorable light.

Another way to sniff out dirt warmongers is to look for reactive behavior. And
the W3C is the most reactive organization, constantly pushing one thing only
to do a U-turn later (e.g. asm.js) when those choices threaten their own self
interests. The whole idea of the browser as any more than one application on
the web - for viewing static documents - is nothing more than a quick power
grab by people eager to get as many installs as possible. "Look, we can shoe
horn an application into this thing and increase market share". And so the
idea of a networked, general purpose computing platform (on which document
browsers are but one application) has its air sucked out by the browser with
some programming stuff bolted onto the side. The more elegant arrangement is a
HIGHER idea, one that is general and powerful, but currently benefits nobody
in the dirt war.

