
DRM’s Dead Canary: How We Lost the Web, What We Learned, and What to Do Next - mimi89999
https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
======
blackhole
I think it's amazing how a lot of comments on EFF's resignation from W3C
([https://news.ycombinator.com/item?id=15278883](https://news.ycombinator.com/item?id=15278883))
seemed to focus on how they were being unreasonable about EME, and that
allowing companies to have DRM is necessary. Yet, both then and now, the EFF
keeps making the point that _none of the DRM even works!_ It was never ABOUT
the DRM. The companies don't give a shit about "copyright laws" or people
"stealing movies". As this article very clearly demonstrates, the companies
are using this to crush competition. That's it. There's no other use for this.

The DRM is a legal excuse to sue competitors out of existence. The existing
EME-compliant DRM implementations _don 't even work_. This whole thing is a
farce.

~~~
mattmaroon
I'd say DRM works really well for some definition of "works". It certainly
doesn't make it impossible to pirate anything, but the technology and the laws
make it difficult enough that I rarely bother anymore and just pay for Hulu,
Netflix, etc.

I don't think they're attempting to stifle competition, and if so they sure
are not succeeding at that because there are new streaming services all the
time. It's so they can prevent a commercially viable piracy business.

~~~
weeksie
Yeah, this right here. DRM might be technically impossible to get 100% right
but you don't have to get it 100% right if you have regulation to back it up.

The alternative is that there is no way to protect IP on the web, which means
that there is no incentive to transmit IP over the web which takes a shitload
of value off the table.

These anti-DRM arguments smack of blind ideology.

~~~
simion314
IT is ideology, you should check the gog.com entry in wikipedia, DRM does not
work, the movies and games still get cracked so what DRM gives the users?
DRMed games are slower, cause issues for legitimate customers, add the risk
that in future the game will stop working and it will be illegal to patch or
mod it. For video it adds hardware requirements like I must buy a new CPU from
Intel. There is no benefit for the users, content is still easy to pirate. the
only advantage is that they can now use the law to cause problems for people
that want to use their legitimate copy as they want and for software maybe
they want to also modify it(If I bought this game it should not be illegal for
me to mess about install a mod or fix a crash)

~~~
weeksie
Nobody said they don't get cracked but it's far easier to pay $10/month for a
Netflix subscription than it is to hunt down rips of everything on there.

If there was no DRM you could just save the movie to your HD with little
effort.

Enough people pay for streaming services to make them a viable business model.
That's all the empirical data you need to show that DRM does work for its
indented purpose.

~~~
yorwba
I'm pretty sure people would pay for streaming services even if a DRM-free
copy were easily available. Why? Because streaming a movie is no fun when the
server can't deliver the necessary bandwidth. Maintaining an infrastructure
that can handle streaming at the scale of Netflix costs money no pirate bay
will ever be able to afford. So streaming services could still compete with
the free offering based on quality of service.

~~~
CaptSpify
Distribution is virtually free. It's essentially a solved problem. The hard
and expensive part is being a gatekeeper. If companies gave up the idea that
they need to play gatekeeper with their media, they could distribute it at
virtually no cost.

And this to me, is the critical problem with all of these services. We don't
need gatekeepers anymore, because that's a leftover from physical media. Those
days are gone, and the gatekeepers need to die.

~~~
posterboy
bootleg markets all around shkwed that years before broad-band, I believe.

~~~
CaptSpify
Even bootleg markets took some effort because you are still dealing with
physical media. With virtual goods, there's nothing to deal with other than
uploading.

------
bambax
> _the many crypto-currency members of the W3C warned that using browsers for
> secure, high-stakes applications like moving around peoples ' life-savings
> could only happen if browsers were subjected to the same security
> investigations as every other technology in our life (except DRM
> technologies)_

That's a very big point that's not emphasized enough in the article, IMHO.

If security researchers are (legally) prohibited from investigating EME
technologies in browsers, then EME extensions become a big vector attack, and
standards-compliant browsers that include them, become much less secure than
browsers that don't.

As a user, I care about that a lot more than I care about Netflix'
competitors. Netflix is not only unjustly protecting itself from future
competition, it is _directly threatening my own safety_.

~~~
jstanley
You don't need to worry about it. If nobody is allowed to look for
vulnerabilities in EME, none will be found. So we're all safe :)

Personally I think we should make it illegal to look for vulnerabilities in
_all_ software. And while we're at it, just on the off chance that somebody
does come across a vulnerability (inadvertently, of course), why don't we
simply make it illegal to exploit the vulnerability?

~~~
gmueckl
Wait... all vulnerabilities are bugs and many bugs make software vulnerable in
some way (even if not obvious at first). So where do you propose to draw the
line between normal software QA (testing and bugfixing) and a hunt for
vulnerabilities? My reading is that this would blatantly outlaw all forms of
software testing.

~~~
Ajedi32
GP is being sarcastic. Obviously outlawing finding and exploiting
vulnerabilities in software would be useless (since black hats would ignore
the rule) and actively harmful to the security of the modern software
ecosystem (since white hats wouldn't).

------
hardwaresofton
Is it wrong of me to think of the net neutrality battle in the same way? The
more and more I think about the battles the EFFs fights, the more I respect
them and think stallman's brand of insanity (if it's possible to call it that
politely) is more and more necessary.

Just like the DRM battle was lost, I get the feeling the net neutrality battle
is a losing battle. Even if it's not this year, eventually, the deep pockets
will win -- From what I've seen basic computer literacy (I don't mean using a
smart phone) isn't even being taught consistently -- trying to get the
majority of the general populace (which isn't even enough to win politically,
but I'll ignore that) to understand why repairability and open source matter,
nevermind net neutrality seems like an exercise in futility.

While that happens, the tech companies benefitting the most from open source
software and the openness that the web introduced are doing their best to
split it up amongst themselves.

I've given up on this iteration of the internet, instead of ranting what I
should probably do is go try and contribute to whatever is next, whether
that's mesh networks or ipfs.

~~~
jasonkostempski
> the more I respect them and think stallman's brand of insanity

It baffles me that anyone thinks he's insane at this point. For every point
he's ever made, you can now easily find 10 real world examples of his fears
coming true over the past few decades.

~~~
hardwaresofton
I just want to clarify, I agree that stallman is right a large amount of the
time, but it's just the delivery and the extremes that he will go to that I
can't get behind 100%.

But perhaps this is just more reasoning why the battle is a losing one --
people like me are just going to think things are gray while the people who
are right are trying to convince us of the fact that it's black and white.
It's just too hard for people individually to see past their own blindspots.

~~~
jasonkostempski
I think he simply forgoes more modern conveniences than most of us, but I
think there are still a lot of people, especially older people, that do it
without even thinking or talking about it. I think he just seems extreme
because he happens to be in the computer industry while rejecting a lot of
what it has enabled.

------
exikyut
I'm reminded of the US RSA export fiasco of the 90s. I unfortunately can't
find the cool email signature I learned about the whole thing from, but its
home on the internet now seems to be
[http://www.cypherspace.org/rsa/](http://www.cypherspace.org/rsa/).

Perhaps someone should come up with a small <5-line snippet that explains some
portion of how to defeat Widevine, and then everyone in Israel should, I don't
know, configure every mail server they know of to autoinject the fragment into
all outgoing mail, or something. And/or configure everyone's browsers to
autoinject it into every modified multiline text input field (maybe).

Obviously it wouldn't be able to last. But it would be VERY good publicity.
And the thing is, Widevine would constantly be being updated so the
instructions would constantly break and need to be changed, so exact-string
filtering wouldn't work ;)

So. I'll start, despite not living in Israel: both Chromium and Firefox will
use PulseAudio if it's available, and fake soundcard drivers exist for
Windows/macOS as well, so sound isn't really problem if you're prepared for an
"export" process that takes as long as eg Spot _AHEM_ tracks take to play.

~~~
jchw
But as they say, it's not about piracy. Piracy is incredibly simple no matter
what. I can also just take a camcorder to my screen to capture Netflix no
matter what garbage crypto they put in the display connection. But I don't
even need to do that, because I have a cheap-ass HDMI splitter from China that
already strips HDCP effectively and effortlessly.

It's always about control of something, whether it be the consumer,
distribution channels, etc.

~~~
exikyut
TIL about cheap HDMI splitters stripping HDCP. I had no idea this was a thing,
that's very interesting. I'm also very surprised that Google even
autocompletes "hdmi splitter remove hdcp" (!) and then shows me eBay product
listings with "Hdcp Stripper" in the product title. Wow.

I also found [https://security.stackexchange.com/questions/124762/how-
does...](https://security.stackexchange.com/questions/124762/how-does-hdmi-
splitter-bypass-hdcp) asking how they work, which corroborates that they
really do have the key inside. _Shakes head_ Nice...

~~~
jandrese
They are necessary for some people with older receivers or TVs that don't
negotiate HDCP properly and give them black screens/no sync situations.

~~~
mrguyorama
It's almost like there are numerous completely legitimate reasons to break
DRM!

~~~
TremendousJudge
just buy a new tv. what, do you hate consumerism? do you hate america?

------
superasn
What the fuck is wrong with these lame excuses: "But now that apps exist and
nearly everyone uses them, big companies can boycott the web, forcing their
users into apps instead. That just accelerates the rise of apps, and weakens
the web even more. Apps are used to implement DRM, so DRM-using companies are
moving to apps. To keep entertainment companies from killing the web outright,
the Web must have DRM too."

That is equally lame as what Ajit pai said recently wrt to NN: "wouldn’t you
want your surgeon to be able to buy access to an express lane in which a
network was allowed to grant privilege to certain data over others? That is,
AT&T should be allowed to provide a service in which data bytes flowing
between an operating room and a surgeon take precedence over bytes of 100
dudes Googling to find out whether Jennifer Lawrence is married."

~~~
mgkimsal
> wouldn’t you want your surgeon to be able to buy access to an express lane
> in which a network was allowed to grant privilege to certain data over
> others? That is, AT&T should be allowed to provide a service in which data
> bytes flowing between an operating room and a surgeon take precedence over
> bytes of 100 dudes Googling to find out whether Jennifer Lawrence is married

A bit OT, but can't that already happen? I thought companies could set up
private networks between various locations, and set up prioritized traffic on
those already, with corresponding SLA if desired.

~~~
yakcyll
If so, then it's that much more disingenuous, considering that specialists are
more likely to be aware of issues like those and of options they have to solve
them. The Average Joe will never feel compelled to cross-check a claim like
this.

~~~
mgkimsal
It's been a long time, but I worked in a company with a call center in NC, and
some support folks back in CA. We had some 'private pipe' between the two
locations. I've no doubt it used 'public internet' connections along the way,
but my recollection was it was somewhat separated, and we had some SLA in
place. It wasn't pitched as "faster than the other internet", but I believe we
had minimum ping times and minimum speed stuff in place, and when things were
down we got some prioritized service (and probably some discount on the bill).
It's been years, and I wasn't in the networking side of things, so I don't
know all the details, but... I can't imagine hospitals that had a need for a
certain level of network speed and availability couldn't contract for that
already, and no doubt they'd pay more than home users any way (businesses
generally already do).

------
userbinator
_though this hasn 't happened yet, there's no reason that a company couldn't
put DRM in its toasters to control whose bread you can use_

...there was this recent attempt at adding DRM to a (not-quite) _juicer_ ,
which --- fortunately --- didn't become successful:
[https://news.ycombinator.com/item?id=14148216](https://news.ycombinator.com/item?id=14148216)

~~~
StavrosK
Isn't there extensive DRM already on coffee machines?

~~~
mrguyorama
Hilariously, this might be the most effective way of explaining how DRM
"works" and is damaging to the average user. Keurig's DRM was so poorly
implemented that I defeated it with a piece of dirty scotch tape.

That fiasco was the perfect moment to inform the public about why you should
be able to make any coffee you want in the brand new coffee maker you just
purchased, how the actual system itself doesn't stop you anyway, and how DRM
is just a tool for powerful companies to continue to consolidate their power

~~~
virgilp
> I defeated it with a piece of dirty scotch tape.

You're a criminal. You wouldn't steal a car, would you? Why steal Keurig's
profits, then?

~~~
mrguyorama
"You wouldn't download a car"

 _I absolutely would!_ Especially if it was a better car than the only one I
was "allowed" to drive and costs half as much

------
shmerl
W3C has no excuse. And behavior of Netflix, Google, MS and Co. is disgusting.
They should be blamed for this stupidity.

 _> EFF is suing the US government to overturn Section 1201 of the DMCA._

Yep. It's likely simply unconstitutional. And undemocratic way this law was
passed[1] stinks, but repealing it is pretty hard.

1\. [https://www.eff.org/deeplinks/2013/03/ustr-secret-
copyright-...](https://www.eff.org/deeplinks/2013/03/ustr-secret-copyright-
agreements-worldwide)

~~~
eadmund
What I'm interested in is when we as a community start to punish these
companies. When will conferences refuse to allow Netflix, Apple, Google and
Microsoft employees to present?

In the 1980s the civilised world turned its back on the apartheid regime of
South Africa, and in time South Africa ended apartheid. This didn't come at an
insignificant cost (South Africa was at the time a well-developed economy
which other nations would have liked to have traded with), but it was morally
worthwhile.

Clausewitz noted that war is diplomacy carried on by other means. It seems to
me that this article is EFF's declaration of independence, and the next
logical step is to declare war on the W3C and its members. They are breaking
the web; they are destroying the security of the web's users; we need to stop
enabling this behaviour.

------
amq
The world where you fully owned a thing after buying it is over. Whether we
like it or not, all businesses are working on deploying this new model.

~~~
KozmoNau7
I wrestled for a long _long_ time whether I should get a Spotify subscription.
I've been a subscriber for around 6 months now, and I like it.

However, I have kept all of my ripped/bought/downloaded music as well, and I
have a very clear exit plan for how to keep "my" Spotify library in case the
company goes belly-up or decides to cripple its offerings somehow. It will
take me a couple of weeks to recreate the library locally, but I'm OK with
that.

For now, I'll enjoy the recommendations and easy access to music that is new
and exciting to me.

~~~
structural
Of all the services that I've used or thought about using, Spotify is
absolutely one that has done many, many things right in being consumer
friendly in ways that I feel are fairly important:

\- Third party clients are a thing, to the point where I really feel like I'm
being sold a streaming service and not a tiny window through which I can
occasionally listen to music. My normal media player is a python script that
talks to an API. This is amazingly useful.

\- When using Spotify-provided apps, there's the ability to save things for
later offline listening. I haven't yet hit a limit on how many things I've
been able to save.

\- There's no limit on the number of devices I can use with the service,
although I can only stream concurrently on one -- multiple offline devices
have worked great though

\- There isn't a time limit that certain content is available (this is much
easier to feasibly achieve with audio compared to high-definition video, and a
major difference between Spotify and services like Netflix).

This is sufficient usability, freedom, and value for money for me to subscribe
with the knowledge that what I'm paying for is access to a library that
Spotify has created and maintained. I used to rip/buy music on a regular basis
and no longer really feel the need to do so. I think it's probably useful to
consider what the differences are between services and specifically what makes
them anti-consumer.

~~~
KozmoNau7
> \- When using Spotify-provided apps, there's the ability to save things for
> later offline listening. I haven't yet hit a limit on how many things I've
> been able to save.

The limit is 3,333 tracks, last I checked. Should be plenty for most people, I
think.

> \- There's no limit on the number of devices I can use with the service,
> although I can only stream concurrently on one -- multiple offline devices
> have worked great though

I also like that if you start Spotify on another device while music is already
playing, you'll get the option to either control playback on the currently
playing device, or switch playback to the new device, seamlessly.

I also consider it a subscription to a library, and I'm fully onboard with the
fact that if I cancel my subscription, I lose access. I know people think of
streaming services as something new, but it's basically the same as any
subscription service that people already used before.

------
friedButter
I guess the one loud and clear message here is that companies prefer for
exploits to be sold on the black market\given to the public anonymously than
for the companies to be alerted to exploits

~~~
fsloth
I think the trade-off described in the article was that companies value market
share control more than the security of their products, since high security
would go hand in hand with more open markets.

------
ben_jones
Everytime I see a "woe is us" post I think about how developer greed led to
most of it. We were the ones who wrote ad tracking code, we were the ones who
took VC money, we build the walled gardens, all because it pays well. We will
continue to do so rather then make any effort against it.

~~~
callalex
The same can be said about war machines. This is a problem as old as human
history.

------
leereeves
> We proposed a kind of DRM non-aggression pact, through which W3C members
> would promise that they'd only sue people under laws like DMCA 1201 if there
> was some other law that had been broken. So if someone violates your
> copyright, or incites someone to violate your copyright, or interferes with
> your contracts with your users, or misappropriates your trade secrets, or
> counterfeits your trademarks, or does anything else that violates your legal
> rights, you can throw the book at them.

With that system, what would stop someone from selling software that can be
used to infringe copyright. As long as they don't do so themselves or "incite"
anyone else to do so (perhaps promoting a legitimate use like pre-buffering),
could they be sued?

~~~
corydoctorow
We addressed that: both jurisprudence (Grokster) and global copyright laws
establish a doctrine of "secondary liability" for incitement to copyright
infringement. This right would be enforceable against technology firms if they
produced such a technology. The fact that DRM advocates still wouldn't promise
not to sue when no law was broken confirms that they weren't interested in
DRM's power to curtail illegal activity.

(Secondarily, the companies that advocated for DRM never questioned how
someone operating under the non-aggression pact would be able to break the
DRM; they tacitly acknowledged that this would be trivial -- so whether or not
you're worried about secondary infringers like the ones you describe, they
would exist, because things that are technologically trivial are impossible to
stop, even if they're illegal -- all that EME would do is give these companies
the power to stop people who WEREN'T using such tools for infringement and
thus wanted to operate in the open; it would have no effect on people who WERE
infringing and operating anonymously and in the shadows)

~~~
leereeves
I'm thinking (just as an example) of pre-buffering software that temporarily
stores the files unencrypted. Perhaps simply because they hadn't thought about
the implications for copyright infringement. Would that still be incitement?

------
austincheney
From the title I was expecting much more than just DRM. 20 years ago the web
was a wildly diverse place, compared to today's web, even though there were so
many fewer websites and people online. This is a substantially greater loss,
but whatever. When you need to play politics everything becomes sensational
and your primary argument is the center of the universe.

------
k3a
I am also totally against locked black boxes. This hiding and obscuring
practice is just preventing learning, repars and inspections.

It is a similar problem like Intel ME and closed bios.

We use usecure proprietary code, closed unreparable one-purpose 'kiosk'
devices yet we can still record video output or make a screen (camera?)
recording. What are they thinking? This is all just to give them advantage
over users, to more control and restrict them. Terrible.

------
cr0sh
I wonder if EME or some other similar mechanism in the future will be used to
create websites that can only be viewed by certain browsers and/or operating
systems?

Perhaps even prevent you from copying any part of them or download anything
from them?

Maybe Web Assembly will also play a role (perhaps as a DRM'd browser "wrapper"
to view content through) - it would be like using a DRM'd browser "window" via
Flash or something.

Where any browser can view the content, but it is impossible to get any of the
content out (because no one saves bits of conversation from blogs or anything
like that - and all websites will always exist).

Hmm - indeed, imagine if you couldn't copy twitter feeds or facebook posts
(and they were DRM'd in such a manner that trying to do so would be a
violation)...? All of sudden, people could erase posts and claim they never
said it, because there isn't any copies of it around (today, they have to get
lucky and hope nobody made a copy first).

------
interfixus
Am I the only individual in the known universe not doing business with Netflix
or similar sleazebag outfits? Because principle and because absent pressing
need for product.

~~~
RonanTheGrey
I increasingly feel left out of life because I don't contort my entire life
around watching "the latest thing". It's becoming an increasingly sober
realization that the world around me is becoming increasingly monocultural
because _everyone is watching the same things_ and that it is a culture of
which I am not a part.

I don't lament this, really. It's my choice. I'm just wondering if it's an
observation that can only be made when you're not scrambling to watch the
latest season of Game of Thrones (which I have never seen).

~~~
interfixus
Neither have I, don't worry. Nor _House of Madmen_ (whatever) or the latest
installment on vampires. In fact, no TV at all.

My life is fine.

~~~
RonanTheGrey
I truly don't miss it. In fact the past year, since I have turned off the
tube, has been the most productive of my entire life.

------
dannyobrien
I hope this is sufficiently on-topic: EFF is having a two-for-one matching
donation drive this week. We depend on individual support for the work we do —
whether it’s at standards bodies, in the courts, or building tech like Let’s
Encrypt and Privacy Badger. There aren’t many people who understand what we
do: if you’re one of them, please consider donating this week to double your
effect:
[https://supporters.eff.org/donate/power-2017-s](https://supporters.eff.org/donate/power-2017-s)

------
alexandercrohde
This kind of thing makes me want to vote with my dollar by canceling Netflix
and torrent instead.

~~~
chillydawg
Tried to watch a show on netflix the other day, some technical issue so I just
torrented it and played it back on my PS4. Instant seeking, much better
quality video, zero buffering. Piracy is STILL a better UX.

~~~
jerf
I still can't believe that every stupid streaming app still chokes and reloads
if I want to backup ten seconds to catch something I missed, even in cases
where I have more free RAM than the size of the entire video file. Come on,
you have to buffer forward anyhow, just buffer backwards a minute or two or
something. If we're in some hyperconstrained environment where that isn't
possible, fine, but in 2017 even a lot of "embedded" environments have more
than enough RAM to pull this off in comfort.

Oh, and if I do back up 10 seconds, can you explain to me why you apparently
just dumped your entire buffer and have to reload it from scratch before
you're willing to play anything? Did the movie change because I backed up ten
seconds? No. Sheesh.

~~~
Crespyl
Can't risk holding unencrypted frames in memory for a whole ten seconds mate,
the paying customer might want to look at them!

------
AlexandrB
I think it's only a matter of time before EME is extended to protect textual
and code content (i.e. JavaScript) as well. Probably in the name of protecting
intellectual property like web "apps". That would be the death knell of ad-
blocking and other user-friendly web technologies which is probably why it
will be widespread in the future.

~~~
underbluewaters
This is what really worries me. Is this possible with EME?

~~~
zb3
You can serve website as video (and on scroll just seek the video), but that
would be very expensive since advertisements would need to be included in the
video which means videos generated on-the-fly (incompatible with today's
CDN's) or no personalized ads

------
cies
> What to Do Next

Demand the end of lobbying in order to restore democracy instead of living
under the defacto rule of bog-corps (and their owners).

~~~
hardwaresofton
Maybe I'm too synical but that just seems impossible. Also, I don't know of an
anywhere-near-ideally functioning democracy in the world (maybe I just haven't
read anywhere).

Recently I've started to think that democracy is never the steady state of any
government, it's just a stepping stone to democratic republics and then to
oligarchy.

I mean just think about it. who's in the best position to influence the will
of a large amount of people? people with the most resources. That's (probably)
never going to change -- technological advances are the only things that seem
to truly shake things up (as well as revolutions I guess), and even that has
been successfully controlled/regulated.

The only thing I can see as the future for the internet is mesh networks and a
separation of the federated internet and a decentralized one.

~~~
cies
> I don't know of an anywhere-near-ideally functioning democracy in the world

Democracies need to be running at a small scale. Check out the swiss:

[https://www.youtube.com/watch?v=dSLs5G4SPP4&t=64s](https://www.youtube.com/watch?v=dSLs5G4SPP4&t=64s)

Of read up on "democratic confederalism" (now used in the north of Syria):

[https://www.youtube.com/watch?v=gqfoJvD0Ifg](https://www.youtube.com/watch?v=gqfoJvD0Ifg)

> I mean just think about it. who's in the best position to influence the will
> of a large amount of people?

With lobbying you do not even have to go by the people, you simply pay-to-play
in politics. That's just legalized corruption, thus anti-democratic.

> Recently I've started to think that democracy is never the steady state of
> any government, it's just a stepping stone to democratic republics and then
> to oligarchy.

That's an obvious progression if the democracy is highly centralized and
lobbyable (or otherwise corrupt).

> technological advances are the only things that seem to truly shake things
> up

Currently tech it largely "bought", and thus used in the advantage of the
capital-heavy. Nature and labor are totally subservient to capital in the
current system. A well functioning democracy can turn that around, but they
seems to be increasingly less functioning.

~~~
hardwaresofton
so basically democracy doesn't scale? I agree with what you pointed out, but
maybe I should have noted that I meant for any large-ish nation.

Maybe it would be better if I rephrased: I don't think it's possible for a
large nation to have a well-functioning democracy for a long period of time.
Unless the democracy is damn near (or actually) perfect, someone will
eventually get the upper hand, start a pay-to-play system or find a way to
slide the scales and you'll get on that same old progression.

[EDIT] - wanted to note that I really appreciate the links, watching them now,
thanks!

~~~
cies
> so basically democracy doesn't scale?

Doesn't scale "up", but scales "out" well :)

> Maybe it would be better if I rephrased: I don't think it's possible for a
> large nation to have a well-functioning democracy for a long period of time.
> Unless the democracy is damn near (or actually) perfect, someone will
> eventually get the upper hand, start a pay-to-play system or find a way to
> slide the scales and you'll get on that same old progression.

Yes. I agree. Democracy should be on low(est) geographical regions. And
"perfect" is the enemy of "good enough". Some large nations have (had) quite
"ok" democracies (the swiss, some of the scandies, and now maybe some baltics
as well -- arguably they are not very big nations though).

> [EDIT] - wanted to note that I really appreciate the links, watching them
> now, thanks!

Welcome. Spread the ideas, this stuff is important. You might be interested in
"market socialism" as well :)

------
Bromskloss
I can't even remember when I last encountered DRM. Are you at all affected if
you just stay out of the game?

~~~
zrm
If you use a browser that supports it then security flaws in the black box(es)
can affect you unless you actually remove it or otherwise disable it.

There are EME-free editions of Firefox available however.

[https://ftp.mozilla.org/pub/firefox/releases/57.0/](https://ftp.mozilla.org/pub/firefox/releases/57.0/)

~~~
ekimekim
From what I can tell this chrome setting should also disable everything:
chrome://md-settings/content/protectedContent.

I believe there's also a way to disable it in firefox at runtime, so no need
to install a completely seperate version.

------
janito
Does anyone know if there are DRM-free alternatives to Netflix, Hulu, etc.? It
doesn't have to be free (as in beer). Either a platform with content from
smaller studios that aren't enforcing DRM on their content, or a studio that
produces DRM-free content?

------
jenscow
I think their argument of not being allowed to copy Netflix content (to watch
later) is flawed.

They're the equivalent of the video rental shops from the 80s/90s - we weren't
_allowed_ to rent a movie and copy it to watch after the return.

Sure, I'd love to be able to watch Netflix on a RPi or while I'm away - so if
there was a way to do this, while stopping me from watching it when my
subscription ends, that would be great.

~~~
menacingly
I believe they mean that doing so is not a copyright infringement, even if it
is a tricky situation for businesses who want to provide streaming services.
The DRM is granting powerful stipulations beyond those specified by the law.

I don't actually know the law, but I assume the EFF does.

Also, I wish humans were able to resist the urge to downvote things they don't
agree with. This comment contributes to the conversation and was not made in
bad faith.

------
krylon
Here is a fun fact regarding DRM: Ever since I discovered how easy it is to
buy music from Amazon, both legally and conveniently, I have not downloaded a
single piece of music illegally.

I do not mind paying for music. Making music is hard work. There are many
gifted musicians I would rather pay for their efforts if that means I get to
enjoy more of their music.

I do mind jumping through all kinds of insane hoops that effectively punish me
for playing fair while the kid next door gets his music illegally from the
Pirate Bay and has no trouble putting it on any device he or she chooses.

I really wish film studios understood this simple fact: If buying movies was
as easy and painless as buying music from, say, Amazon, I would be happy to do
so. Making movies, too, is hard work, and compared to making music, it is
fairly expensive, too. I have no problem with _paying_ for a movie.

But having to watch a trailer that tells me I cannot make copies of a movie or
watch it on a DVD player from another continent, being unable to watch a movie
with its original audio track without subtitles, while the kid next door gets
his (illegal) copy online, a copy that does not force him to watch a trailer
that basically insults him for being stupid enough to pay for a legitimate
copy, where he can choose to watch or not to watch the movie with subtitles,
in any language he or she likes -- _THAT_ annoys me to no end.

It's not even that movie studios (ab)use the law to cling to a moribound
business model - it's that they lack the creativity (ironic, given that their
whole business is about creativity) to imagine it could work any other way,
and that they effectively distrust their customers.

Maybe I am just a naive dreamer, but I think if the movie studios trusted
their customers enough to let them actually use the movies / series / ... they
actually ____ing _paid for_ in the ways they see fit, the problem DRM is - at
least officially - supposed to solve, would at least shrink so much it would
become negligible in practice.

Okay, just in case I lost you there, let me repeat my key point: Buying music
legally, from Amazon or one of many other companies, is so convenient it
actually trumps downloading music illegally. Paying money turns out to be the
least problem in the whole process. If buying movies legally was as hassle-
free, I would happily go on a shopping spree of epic proportions. You don't
even need to look at the ethical dimension of the whole issue. Just do the
____ing math.

(Yeah, okay, sorry for ranting. If you are still reading this, you are
probably the last person that needs convincing anyway.)

~~~
alexland
Gabe Newell said it years ago. Piracy is almost always a service problem, not
a pricing problem.

~~~
CaptSpify
I'd go even further and say it is an economic problem.

We no longer need gatekeepers for digital media, that is clear. What we need
is a way to support the artists creating that media. But we've set up our
economic system to put money into the hands of companies under the guise of
giving it to the artists. Sure, artists typically get a small fraction of
that, but they should be getting the whole thing.

Our economic models are seriously awful.

~~~
krylon
That is a very good point!

I remember reading an article by Courtney Love, where she explained how her
band got a record contract worth $ 1,000,000 and ended up owing money to the
record company which happily billed the band for things like renting a record
studio or making a music video. In other words, things that one would consider
a record company's job.

There are models for supporting artists directly, like bandcamp. There is
something like Kickstarter for musicians where people can participate in
financing an album. I vaguely remember Younger Brother using it for their
third album.

So there is a glimmer of hope, at least for music. I don't think crowdsourcing
would work very well for movies, at least not for 100-million-dollar
blockbusters (then again, one could argue, that a bigger budget does not
necessarily make for a better movie; maybe it even makes it harder, because
now you have to appeal to a wider audience).

------
hmm_really
meh where to start with this ...

So it was this kind of hyperbole that largely did EFF a disservice in my
opinion. The W3C is composed of very experienced people who can see through
straw man arguments and unsubstantiated facts.

The main argument from w3c was that they deal with technical specifications,
not US laws.

It now seems that the EFF are starting to get this, and looking to tackle the
actual issues.

The EFF acted poorly through out this thing scenario.

------
RestlessMind
Maybe, EFF can lobby one of the (truly) sovereign nations like Russia or China
to declare a sanctuary for DRM researchers, similar to what Israel has. That
would garner them good publicity, allow them to give the finger to US / EU
shenanigans and expose this sham of DRM. I wonder how long could DRM hold if
there is a steady stream of legit research breaking it all the time.

------
TYPE_FASTER
The cable industry lost when they mandated OCAP for CableCard...they had a
direct controlled connection to the consumer, and they provided really poor
set top boxes and media selection.

Now you can buy a Kodi Fire stick from Craigslist or Kodi AppleTV from eBay
pre-configured with free access to all kinds of content.

------
johnhenry
I think this post might have reached more people if the author's name had been
included in title.

------
davidgrenier
Could someone educate me as to how the media corps plan to handle the ever
more vicious security disclosures that will result as an outcome of this?

I mean, it's not like anyone's fooling themselves that it won't be possible to
disclose anonymously... or is it?

------
icc97
> _The W3C version of the story goes something like this. The rise of apps has
> weakened the web. In the pre-app days, the web was the only game in town, so
> companies had to play by web rules: open standards, open web. But now that
> apps exist and nearly everyone uses them, big companies can boycott the web,
> forcing their users into apps instead. That just accelerates the rise of
> apps, and weakens the web even more. Apps are used to implement DRM, so DRM-
> using companies are moving to apps. To keep entertainment companies from
> killing the web outright, the Web must have DRM too._

What it sounds like 'we' could do, is work to create websites using Service
Workers [0] so that the importance of native apps becomes irrelevant [1].

[0]:
[https://jakearchibald.github.io/isserviceworkerready/](https://jakearchibald.github.io/isserviceworkerready/)

[1]: [https://xkcd.com/1367/](https://xkcd.com/1367/)

~~~
tannhaeuser
The passage you cited (eg. W3C's motivation) is what I'm having trouble
understanding. Why does the Web have to be everything to everybody? If
"content providers" want apps and DRM, so be it IMHO; let them build up a
content network and buy in from users. Why does the Web need to compete here?
Why lend credibility and accessibility to closed-world networks? Why not let
the Web be the place for text content and information it was designed for,
rather than foobar web standards?

~~~
icc97
For the W3C to have importance then the web needs to be the main delivery
mechanism. If Netflix can just say "either do what we want or we'll just use
another solution", then they can force through their demands.

I think using apps seems a backwards step to the days of having to write cross
platform software. So it's better if there is just the one delivery mechanism
that Apple and Google don't have total control over.

------
nkurz
I came in agreeing with all the conclusions of this piece, and after reading
it still agree with them, but I find myself less trusting of the EFF than I
was before reading it. Is there a short descriptive term for "alienating your
allies by obfuscating the details in an attempt to make a stronger case than
the evidence actually supports"?

Let me focus on a specific example that bothered me: "It is obviously not a
copyright infringement to go into a store in (say) New Delhi and buy a DVD and
bring it home to (say) Topeka. The rightsholder made their movie, sold it to
the retailer, and you paid the retailer the asking price. This is the opposite
of copyright infringement."

A fine example, but why the rhetorical insistence on "obviously"? The author
is an expert in this area, and almost certainly knows more about the details
of US copyright law than I do. But this means he also knows that the legal
situation is not nearly as clear cut as the word "obviously" would suggest.

First, he knows that the US Supreme Court had a recent 6-3 decision regarding
this: [https://www.wired.com/2013/03/scotus-first-sale-
decision/](https://www.wired.com/2013/03/scotus-first-sale-decision/). Yes, it
was decided in the direction he and I both favor, but I refuse to accept that
the subject of a recent split decision in the Supreme Court can fairly be
defined as "obvious".

Secondly, the author also knows that the legality of the importation of
copyrighted material depends on who is doing the importing, the number of
copies imported, and the purpose of the importing:
[https://www.copyright.gov/title17/92chap6.html](https://www.copyright.gov/title17/92chap6.html).
So while the current law does allow an individual to legally bring back a
single copy of a work for personal use, it does not currently allow them to
bring back an extra copy to give as a gift. Why not? Because this very similar
action is still considered to infringe on the copyright holder's exclusive
right of distribution.

It would be fine to say that it "should be obvious" to import copyrighted
items, or that "one would hope it would be obvious", but it's lying to claim
that it is simply "obvious". This strikes me as a clear indication that the
author is willing to mislead his readers when he feels it furthers his goals.
This makes me distrust his characterization of all the behind the scenes
decisions that I can't verify.

What's the thought process behind this? Am I misinterpreting?

~~~
quadrangle
OBVIOUSLY, if you aren't copying something AT ALL, then you can't be
infringing on copyright!

I mean, okay, there's bizarro legal arguments, but their use of "obviously" is
as simple as saying "it doesn't need to be stated that lending a physical book
to a friend does not involve copying the book".

The fact that first-sale stuff and the DMCA itself and all sorts of weird
legal issues (e.g. about plagiarism) are tied into copyright law doesn't mean
that this stuff is sensible. The "obvious" part is that the core concept of
copyright has, in a logical intellectual (not necessarily legal) fashion
NOTHING to do with playing the same disc on two different continents. It's a
fine enough use of "obviously", and they don't mean it from a legal
standpoint. If you were an editor of the article, you could probably have
convinced them to change the sentence to say "…obviously not a copying issue…"
instead of "copyright infringement" or some other nuanced edit. This is
nothing more than being super picky about the exact wording in one sentence.

> I refuse to accept that the subject of a recent split decision in the
> Supreme Court can fairly be defined as "obvious"

While that may be a fine enough guideline, there certainly _can_ be judges,
even on the SCOTUS, who argue against what is "obvious". But again, the
sentence you object to wasn't a legal brief, it was just an attempt to express
the OBVIOUS lunacy in the DVD example having _anything_ to do with copying /
copyright.

Reductio ad absurdem: if a law is passed saying that it shall be considered
"homicide" if a fiction author describes a murder in a book, it would still be
perfectly sensible to say, "that is _obviously_ not homicide".

Point is: the law can be "obviously" wrong. The only weird part of their
sentence is that "copyright infringement" is a legal wording, and they were
using it to refer to the _concept_ rather than the legal interpretation.

~~~
nkurz
_It 's a fine enough use of "obviously", and they don't mean it from a legal
standpoint. If you were an editor of the article, you could probably have
convinced them to change the sentence to say "…obviously not a copying issue…"
instead of "copyright infringement" or some other nuanced edit. This is
nothing more than being super picky about the exact wording in one sentence._

You make good points, and I appreciate your response, but I think the issue
goes deeper than the wording. If your reading is true, then I'm bothered by
the complacency of the author in allowing the reader to conflate the legal and
the logical. If this were an editing oversight, it's forgivable; but as a
rhetorical strategy I find it deplorable.

 _While that may be a fine enough guideline, there certainly can be judges,
even on the SCOTUS, who argue against what is "obvious"._

Sure, but given the manner in which Supreme Court cases are chosen, it's
exceedingly unlikely that a case would make it to the level of the Supreme
Court unless there is something non-obvious (or at least disputed) about the
matter.

 _Reductio ad absurdem: if a law is passed saying that it shall be considered
"homicide" if a fiction author describes a murder in a book, it would still be
perfectly sensible to say, "that is obviously not homicide"._

And if a law is passed that says a drawing depicting a tentacled monster
having sex with a cartoon child is legally classified as "child pornography"
is it also reasonable to say that a cartoon is "obviously not a child"
([http://ansuz.sooke.bc.ca/entry/335](http://ansuz.sooke.bc.ca/entry/335))?
Possibly, but it would be disingenuous for an expert on that topic to do so in
an article discussing that exact legal debate in a manner that is likely to
mislead the reader.

 _The only weird part of their sentence is that "copyright infringement" is a
legal wording, and they were using it to refer to the concept rather than the
legal interpretation._

I think it's a conscious strategy rather than a weird detail. The fashionable
term for this sort of approach is "motte-and-bailey"
([https://philpapers.org/archive/SHATVO-2.pdf](https://philpapers.org/archive/SHATVO-2.pdf)),
and involves intentionally conflating two concepts, one which is easily
defensible and one which is not. The base question for me is whether or not
the author is consciously using a rhetorical strategy that involves misleading
the reader, not with whether some degree of simplification is always
necessary. It makes me doubt the strength of an otherwise reasonable argument
when an author intentionally adopts such a strategy, and I think Doctorow is a
good enough author that I start with the assumption that the rhetorical effect
is intentional.

~~~
quadrangle
Given that you don't seem to see this sort of rhetorical pattern throughout,
you just find fault with one specific sentence and the use of "obviously" and
"copyright infringement" it's only fair and reasonable to assume it's nothing
more than an editing oversight.

You're really reading way too much into this. You would need to show that
Doctorow has a pattern of doing this to even have a reasonable _suspicion_.
He's a great writer, but he's human.

Consider this: he didn't want to say "playing an Indian DVD in Tulsa is
obviously not copying", he wanted to say, "playing an Indian DVD in Tulsa is
obviously not an infringement on the _concept_ of copyright as it is generally
defined both colloquially and legally." He means that in the same way that
_telling_ people how to bypass DRM is NOT itself copyright infringement, even
though it's a violation of a copyright-based law.

I mean, there's not an easy shorter way to say, "it's ludicrous to think that
DVD playing in a different continent is possibly copyright infringement,
regardless of the complex legal arguments that get such an argument all the
way to the point of a portion of the SCOTUS getting this wrong."

Do we even have a way to talk about the _concept_ of copyright infringement
separate from the overly materialistic discussion of "copying" or the _risk_
of being interpreted as making a legal argument internal to attorney-style
legal chatter??

I think the implied part of the sentence you're tearing apart is: "it's
obviously not copyright infringement (in terms of what that actually means as
both a general and legal concept and yet our screwed up legal system has
allowed people to make a legal argument to that effect!)"

This is similar to my reductio ad absurdem still. The law can say that a
cartoon is a child, but the law would be obviously wrong. But the law was
getting at what is "child pornography" and that doesn't mean the cartoon is a
child, it means it is a cartoon _of a child_ and thus debatably child porn.
There's no legal idea in that case that the cartoon is a minor-age
citizen/resident etc. In "child porn" child is more of an _adjective_ than a
noun.

~~~
nkurz
_Given that you don 't seem to see this sort of rhetorical pattern throughout,
you just find fault with one specific sentence_

No, when I said I would "focus on a specific example", I didn't mean to imply
this was the only example. I was hoping to focus on just one at a time for
clarity. It's a relatively short list, but there are others, mostly in the
same section "DRM has nothing to do with copyright".

The next down the list for bothering me would be "It's not a copyright
infringement to record a Netflix movie to watch later." While another fine
example of something that arguably should not be copyright infringement,
legally this is uncharted territory. There's a great summary of the issue
here: [https://www.tomsguide.com/us/legal-playlater-record-
netflix,...](https://www.tomsguide.com/us/legal-playlater-record-
netflix,news-20797.html).

 _I think the implied part of the sentence you 're tearing apart is: "it's
obviously not copyright infringement (in terms of what that actually means as
both a general and legal concept and yet our screwed up legal system has
allowed people to make a legal argument to that effect!)"_

Yes, I think that's a fair summary. It's certainly easier to make the argument
"DRM has nothing to copyright" if you are able to start with the premise that
"Copyright infringement has nothing to do with copyright". But I'd rather see
that premise made explicit, since concealing it leaves me worried about what
other legally dubious but rhetorically useful premises are hidden elsewhere.

(Thanks for your patience in discussing this. I'll drop out now.)

~~~
quadrangle
Thanks for the gracious exchange.

------
fixermark
How does DMCA 1201 undermine the formation of a market for video transmission
and the Internet of Things based around open and auditable standards?

------
primer42
This is a little off topic, but this un-closed parenthesis pair is killing me

> Since the earliest days of computing, there's been a simmering debate about
> whether computers exist to control their users, or vice versa (as the
> visionary computer scientist and education specialist Seymour Papert put it,
> "children should be programming the computer rather than being programmed by
> it" \-- that applies equally well to adults.

~~~
corydoctorow
Thanks. Fixing now.

~~~
corydoctorow
Fixed.

