
Firefox’s adoption of closed-source DRM breaks my heart (2014) - jarsin
http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm-video-browser-cory-doctorow
======
AnthonyMouse
There is an unintuitive takeaway from this.

The reason Firefox is allowing this is that browsers and operating systems
produced by nonprofits acting in the public interest don't have enough market
share to resist being dictated to by for-profit corporations. Imagine
FirefoxOS had the market share of Android and Debian had the market share of
Windows. Would we still be having this conversation?

The free software people have been preaching this for decades. It turns out
they're right.

So don't install Chrome, use Firefox. Then next time it will be easier for
Mozilla to do the right thing.

~~~
charlieflowers
I'm surprised to realize this: Firefox must be the best browser there is, in
order to fulfill its mission.

Shouldn't be so surprising in retrospect (like many things), but I never fully
got that before.

Power comes from being chosen by end users. Firefox needs power to be able to
resist this kind of crap. In this case, they didn't quite have enough power
(probably because they let memory bloat get away from them a few years back,
giving Chrome the upper hand which is has done a decent job of holding on to).

~~~
bigbugbag
It's not about being the best browser, opera has long been the best browser as
almost every innovation got copied from opera. It still failed to get a global
market share and only came to lead some local markets.

Besides chrome didn't get its market share on technical merit alone, but
mostly by paying for its installation and targeted PR.

~~~
charlieflowers
What is your criteria for declaring Opera the best browser? I tried it a few
years ago, but found it awkward and slow. I'm sure I did not give it a fair
chance by reading about its features ... I merely tried it briefly and went
back to Firefox.

------
spankalee
Except that Firefox does not include the closed source bits when distributed,
and only downloads then on demand. If you don't watch DRM'ed content, you
don't need closed source DRM, and once
[https://bugzilla.mozilla.org/show_bug.cgi?id=1089876](https://bugzilla.mozilla.org/show_bug.cgi?id=1089876)
is fixed, you can disable EME altogether and ensure your installation's
purity.

------
DCKing
I don't understand how this is any worse than Firefox supporting (and
reluctantly promoting) closed source plugins for years. In fact, this
situation will be far better than Flash, Silverlight and all other plugins
ever.

Why is supporting EME and limiting closed source crapware to a minimum so bad,
while supporting _huge_ closed source, bug ridden application runtimes sort of
okay?

~~~
azakai
I think it's a valid point that EME reduces the amount of closed-source code.
This was among the arguments used by Google and Microsoft when promoting EME.

However, on the other hand:

1\. EME is an actual W3C standard. It feels - and is - wrong for an
organization like the W3C to promote an API that is not about openness, but
rather about the opposite.

2\. While EME proponents - and DRM proponents in general - argue "content
makers will never accept delivery without DRM", that is far from clear. First,
and most importantly, just a few months ago The Interview was sold online,
without DRM whatsoever, and it made lots of money. The sky didn't fall.
Second, the argument that "DRM is necessary" was also said about digital
music, which eventually dropped DRM. Finally, there are also alternatives like
watermarking (with their own downsides, to be sure) which over time could be
explored.

Overall, I think it is sad that Google, Microsoft and Netflix have won and EME
is unavoidable at this point. But, given the power of those entities, only a
miracle could have stopped it.

~~~
DCKing
Just for my context - is the browser plugin DOM interface used for plugins
(the <object> tag) a W3C standard as well?

I fully agree with point 2. Even if all browser vendors assumed this point to
be true however, I think Netflix and other video content providers would have
'happily' run Flash and Silverlight for years and years. There hasn't been a
shortage of browser DRM options for a very long time now. EME _is_ an
improvement over the Flash/Silverlight situation, and a realistic option at
this point for improving the situation _right now_.

It's a shame Firefox is being derided for being pragmatic or not being
perfectly virtuous here. With implementing EME they are _still_ working on
improving the openness of the web.

~~~
azakai
Browser plugins were never standardized. NPAPI was just done at netscape,
later used by some other browsers too, but not all - not by Internet Explorer,
in particular, which has its own plugin API.

At some point Google proposed standardizing PPAPI, a new plugin API (and a
very large and complex one), but it met with no interest.

------
Udo
If this sandbox enables Firefox to safely host DRM malware, it could very well
be used like a generic "Docker for the client", right? People could write
high-performance code blobs in native chunks for things like online games, and
Firefox would just load them without endangering the user's system or data.

Maybe someone with in-depth knowledge of the sandbox could weigh in about its
actual security, I'd be interested in hearing about it.

Because if it's not secure enough to allow arbitrary code from random websites
to execute safely, _it 's sure as hell not secure enough to run that DRM
crap_. What happens instead is Firefox becomes a vector for Trojan horses and
root kits installable on my computer on behalf of any interest group
imaginable.

I switched from Chrome to Firefox specifically for things like these.

~~~
maxerickson
I think native code sand boxing got to browsers before docker:

[https://developer.chrome.com/native-
client](https://developer.chrome.com/native-client)

~~~
Udo
That's Chrome, does Firefox have anything like this? And if it does, why do we
need an extra sandbox format for the DRM stuff again?

~~~
maxerickson
There was a big kertuffle a few years back where Mozilla made it clear they
weren't going to support anything like native client (and they then put a
bunch of resources into asm.js).

I don't know if that has changed or not, I don't pay close attention. I only
mentioned it because of the "Docker for the client" line, that it already
exists is a pretty emphatic yes.

~~~
Udo
_> I only mentioned it because of the "Docker for the client" line,_

You're right. I corrected the original comment to make it clearer I'm talking
about Firefox. The point was to call out the sandbox argument a bit, since I'm
not so sure it's actually safe to run malware in it.

------
jasonthevillain
Well, I'm a 1. web developer, 2. independent filmmaker, and 3. work in media
full-time, and this doesn't really bother me.

I want to be able to rent any movie for streaming. For better or worse, that
means some kind of DRM is inevitable. I'd rather Mozilla and the standards
advocates have a seat at the table, where they can be a moderating influence,
than pretend the table doesn't exist.

~~~
roblabla
Is DRM really inevitable for streaming video ? I can listen to my music as
much as I want, unrestricted, without DRM, through deezer. And that's a
premium service. They seem to be doing just fine.

Besides, spotify uses flash for their webplayer, probably for DRM as well. Yet
there exists an open source spotify client, despotify, that probably would
make it very easy to download the music as MP3.

In the end, DRM just means making your client's life a pain.

~~~
spankalee
Deezer uses DRM. they mention it right in their developer API terms of use:
[http://developers.deezer.com/termsofuse](http://developers.deezer.com/termsofuse)

------
cpeterso
This is an interesting reframing of Cory Doctorow's position in his EFF post
about YouTube last week. I assume the conversations with Mozilla's Mitchell
Baker and Andreas Gal were arranged in response to the EFF piece. Is he
playing "bad cop" on the EFF's site and "good cop" on the The Guardian?

------
eridal
it's time for a firefox fork

------
wmf
(2014)

Although this is relevant again since they also decided to put DRM in Firefox
OS for the Matchstick (curiously, the plan is Adobe DRM for desktop Firefox
and Microsoft DRM for Matchstick; corrections/clarifications are welcome).

~~~
azakai
Matchstick isn't a Mozilla project, is it? It happens to be built on Firefox
OS code, but anyone can use that code, and Matchstick is made by a third
party. Mozilla can't prevent someone from building a Firefox OS product and
adding Microsoft DRM to it.

So I think the "they" in your statement there might be confusing, as it seems
to imply Mozilla is doing something here.

(btw, I hadn't heard about this latest development with matchstick regarding
Microsoft DRM, link?)

~~~
cpeterso
Matchstick is not a Mozilla project. The Matchstick company has been
(deliberately?) fast and loose with its marketing around Mozilla's and content
providers' brand names.

[http://www.matchstick.tv/about/](http://www.matchstick.tv/about/)

~~~
Caspy7
I've been rather irritated with the amount of sites reporting Matchstick as a
Mozilla project, and again just recently. They did work with Mozilla early on
to get casting running in Firefox Android to their prototype and it does have
the "certified by Mozilla" label.

Hopefully their efforts on MSE and EME will help expedite development in
Firefox so that Youtube doesn't suck as much.

