
Web DRM moves to next phase, Defective by Design to continue opposition - jrepin
https://www.defectivebydesign.org/blog/web_drm_standard_next_phase_dbd_continued_opps
======
jasonkester
There must be people who find this style of writing persuasive, but for me it
has the opposite effect.

The tone is so aggressive and slanderous that even though I should nominally
be on the side of the author, I find myself thinking "surely there is another
side to this story" and come away with the feeling that I should step back and
consider that maybe the other side is in fact in the right.

It's like reading angry anti-nuclear activists and (either side of) the
climate change debate. Whoever wrote that angry irrational rant is surely not
somebody I want to be on the same side of any issue with. Maybe I'll check out
the other opinion to see if they have anybody sensible to articulate it.

~~~
afarrell
Agreed, and I've just realized the reason why : 1) The portmanteaus are just
annoying to read, giving me a negative feeling off the bat and I start
searching for flaws to justify it.

2) The portmanteaus are in-jokes for the people who already agree with the
author. This makes me think that the author is so focused on their own social
bubble that they haven't seriously wrestled with a well-written argument by
the other side. If that is the case, then I can't trust the author to not have
massively overlooked some important counter argument, so I have to go look for
it myself.

3) The same as above, but also: life involves judgement calls and intuitive
evaluations of situations. Sometimes, you see interpret another person's words
in a way that is wildly detached from what they said. This makes you trust
others interpretations less unless you can either see the primary sources
yourself, or see them wrestling seriously with the other side's argument.

It would be nice if we judged all arguments just on their facts, but time is
limited and so we have to make judgements like these.

~~~
coldpie
I think one of us is confused. I don't see any portmanteaus in the linked
article:
[https://www.defectivebydesign.org/blog/web_drm_standard_next...](https://www.defectivebydesign.org/blog/web_drm_standard_next_phase_dbd_continued_opps)

------
codebeaker
I thought the general consensus amongst people, including the general HN crowd
was that it was better to allow the w3c to specify a "black box" with well
defined inputs and outputs. Allowing vendors to slot in their own (probably
closed source) implementation than it was to slam the door in their faces
whilst screaming "SCREW YOU, USE SILVERLIGHT OR FLASH".

Defective by design seems to be misinterpreting the "build the web for the
users first" quote here, because the alternative to this proposal is not "no
DRM", the alternative is a worse UX from a plethora of more hostile, wider
reaching proprietary DRM implementations.

There's a time and a place to fight about DRM vs. no-DRM , but it's not here,
this is the fight about _how_ the DRM we will inevitably get works and
interoperates.

~~~
chriswarbo
I wouldn't say there's concensus.

> because the alternative to this proposal is not "no DRM", the alternative is
> a worse UX from a plethora of more hostile, wider reaching proprietary DRM
> implementations.

Good. Everything which makes DRM easier to implement, more
reliable/stable/cross-platform/interoperable/etc., more streamlined and
simpler to use, just skews the cost/benefit in the wrong direction. Everyone
should be Free to make whatever DRM system they like, but such anti-social
behaviour shouldn't be encouraged, and I certainly don't want to see
organisations (FSF, Mozilla, W3C, etc.) making that activity any easier.

Plus, the harder it is to obtain and set up a working DRM system, the easier
it will be for me to avoid it. For example, online tracking is very easy to
accomplish, and is supported by many Free Software browsers, which means I
have to spend time maintaining black/whitelists, selectively enabling JS in
NoScript, deobfuscating and reading through JS source, etc. to avoid it. In
comparison, Silverlight and Flash can be avoided very easily by not installing
them.

Consider an analogy to proprietary software. It still exists, everyone is Free
to make it, and many say it has a better UX. That doesn't stop me from running
pure Free Software systems. If, say, the FSF had caved in years ago, and
accepted some proprietary software, then my choice to avoid proprietary
software would have been much harder since I'd have to disentangle such blobs
myself.

The point of the GPL is to make Free Software easier to write, without
benefitting proprietary software.

> There's a time and a place to fight about DRM vs. no-DRM , but it's not
> here, this is the fight about how the DRM we will inevitably get works and
> interoperates.

If you've given up that's fine, but please don't get in the way of those of us
still fighting.

~~~
robwilliams
Genuine question: how should streaming companies protect against their content
being stolen/ripped/etc without DRM? What's the alternative? I'm sure it's in
the contract of every streaming service that they have to protect the licensed
content to the best of their ability. Saying "fuck the greedy media companies"
doesn't help the streaming services that need to license content to survive.
Considering almost half of all bandwidth (in the US at least) is used for
streaming, I'd say it's pretty important to have a well-defined solution to
enable streaming companies to do what they need to do.

~~~
chriswarbo
> content being stolen

It's duplication, not transfer, so "sharing" is a more appropriate word than
"stealing".

> I'm sure it's in the contract of every streaming service that they have to
> protect the licensed content to the best of their ability.

I've also read many EULAs which contain onerous terms; contracts don't need to
be agreed to, and negotiations are a two way street. We need more of
[http://news.bbc.co.uk/1/hi/entertainment/2843069.stm](http://news.bbc.co.uk/1/hi/entertainment/2843069.stm)
and less of [https://www.theguardian.com/technology/2011/nov/14/bbc-hd-
dr...](https://www.theguardian.com/technology/2011/nov/14/bbc-hd-drm)

> need to license content to survive

> Considering almost half of all bandwidth (in the US at least) is used for
> streaming, I'd say it's pretty important to have a well-defined solution to
> enable streaming companies to do what they need to do.

Streaming companies don't "need" to do anything. If they truly "need" DRM to
exist, then they should shoulder that burden themselves rather than coercing
others into doing the work for them; especially organisations and structures
governing the Web, which was created specifically to disseminate human
knowledge.

If that's too much of a burden for media companies to handle, then they should
bow to market forces and close down. Humanity has survived perfectly well for
millenia without them. Perhaps that will help divert some of the entertainment
industry's billions towards causes of some actual importance.

------
fkooman
Actually. I realized that any party that would want to put their content
behind this kind of obstruction does not really have anything interesting to
show anyway. So better of without that particular content anyway! Same with
sites that block you when using Privacy Badger. Good riddance.

The danger will be in it becoming normal for everyone to use EME, or that the
most used audio/video devices and tools will by default enable this and make
it hard/impossible to disable it. So if you shoot a video of police violence
with your phone and decide to publish it that it can be blocked by e.g.
government. Of course, pushing for integrating this with your video camera
will be done to protect the children.

------
RBO2
W3C did this move because its biggest sponsors are the DRM makers (Google,
Microsoft).

To make it acceptable they made it optional. But in practice all major
browsers implemented it.

The right answer is now to standardized the W3C CDM black box by standardizing
DRMs as ETSI has started ([https://lists.w3.org/Archives/Public/public-html-
media/2014F...](https://lists.w3.org/Archives/Public/public-html-
media/2014Feb/0025.html)). W3C should contribute to this effort.

Useful link on EME: [https://www.w3.org/2016/03/EME-
factsheet.html](https://www.w3.org/2016/03/EME-factsheet.html)

~~~
hsivonen
The ETSI thing doesn't solve problems. It creates a layer of abstraction that
in theory makes the key acquisition protocol defined by whatever runs on the
ETSI layer, but now you have the problem of remotely attesting the tamper-
resistance of the ETSI layer itself. It would make more sense to standardize
the protocol than to define an execution environment for arbitrary protocol
engines.

~~~
RBO2
Agreed. That's one of the reason why this initiative stalls. However the back
idea is to standardize a DRM protocol that would be accepted by the copyright
owners and that's a step in the right direction.

------
bahjoite
The tracking of users enabled by EME is surely enough reason to reject the
standard:-

[https://w3c.github.io/encrypted-media/#user-
tracking](https://w3c.github.io/encrypted-media/#user-tracking)

------
timwaagh
I'd like it if this happened. if the web has some standard way to ensure DRM
that means it will be possible to sell media (and hopefully possibly software)
on the web without requiring people to be online at all times. It would be
even better if the entire thing was managed by the w3c, not just the
endpoints. that way everyone could make use of it. I do not think everything
should be free although it's good if there is an option to give things away.
but in general, developers and content creators have to eat.

~~~
pornel
It would be nice, but EME doesn't do that.

EME doesn't define the critical CDM component required for it to actually
work. It's like a spec for `<object type="application/x-shockwave-flash">` tag
saying it defines Flash.

So in practice you still have to license CDM integration from Google (for
Chrome's CDM only) and Microsoft (for IE's CDM only) and Apple (for Safari's
CDM only) and Adobe (for Firefox's CDM only).

~~~
gsnedders
It doesn't even define how the browser communicates with the CDM, which makes
it strictly less good than NPAPI and the Pepper API, because at least they
have a definition that allows you to get Flash working with your browser
(well, assuming they provide a binary for your platform—or you pay to license
it to port it yourself).

------
ultim8k
Web developers can always ignore this. I personally wont implement it at all
cost. It's a reason for me to quit my job and show the finger to the DRM
supporters.

------
retox
Imagine if the Rosetta Stone was DRM crippled, or if Michelangelo had used DRM
to 'protect' his work that was tied to a long since lost keyserver.

~~~
Kristine1975
Today's digital media will never survive as long as the Rosetta Stone did, so
that's no problem ;-)

------
borellini
You must remember that also before EME, Netflix & co. were using DRM.

EME makes it possible to view the DRM'd content (that is there with or without
EME) without installing horrible and unaccessible generic binary add ons
(Silverlight, Flash) and thus gives more freedom to users. Now a Netflix heavy
user can choose to consume the content on Linux, too.

~~~
slrz
You still need to install horrible binary plugins available only for a small
set of platforms.

------
mark_l_watson
I am not sure how this is going to effect me. While I use FSF Icecat (their
Firefox version) and should be OK with that, I do use Chrome for Netflix,
Google, FB, and Twitter.

Will DRM black box plugin threaten the security of my laptop? Will many
mainstream sites stop working with IceCat?

------
ungzd
Will Youtube use it for cat videos? Coursera for lectures? Bandcamp for indie
projects? Probably not. Consumers of Hollywood junk on various netflixes
deserve malware. They eat shit already, now they'll eat it with tasty DRM
sauce.

------
pmontra
We already have YouTube, Netflix and many other similar services, commercial
or ad based. They work pretty well and serve the needs of many people.

Would anybody mind remembering me what we're going to gain on top of them
thanks to DRM in the browser?

~~~
ultim8k
They are probably going to lock things down so that you won't be able to use
the services without DRM. It's just for them. It was always for them. Nobody
cares for the user. Even the fucking w3c just cares about companies' money.
Nothing more.

------
simbalion
Why can't Tim Berners-Lee be fired?

We build the web, not corporations. We control the web, not corporations.
Let's just take the power away from them and put their egos in check.

~~~
icebraining
"We" certainly don't control the web; for the most part, the organizations
that develop the most influential browsers do, with some input from the W3C,
which is itself controlled by its 420 members.

The population at large mostly has a say by deciding which browser they use,
and as long as people use DRM-friendly browsers, DRM is what they'll get.

~~~
RBO2
> the organizations that develop the most influential browsers do

The problem here is that 3/4 browser makers are also DRMs makers (Apple,
Microsoft, Google) and are also the biggest W3C donators.

~~~
gsnedders
> are also the biggest W3C donators

I'd be surprised if that were true. (Do they donate anything? I'd be surprised
if they did, I suspect they merely pay their membership dues.) The membership
fees come at five levels, mostly dependent upon annual revenue; Apple,
Microsoft, Google all pay the same as Adobe, Boeing, Dell, Facebook, HP, LG,
Netflix, Siemens, Sony, Disney…

~~~
RBO2
You're right, I meant "contributors". It is not only a question of money:
these companies can dedicate people to lead the standardization tasks and push
their own interests. That's mostly visible at MPEG with patents (yet another
hot subject).

Standards are very important. But the way we make them is still highly
improvable.

