
DRM and the Challenge of Serving Users - dzine
https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
======
gergles
This is incredibly shameful. It's now only a matter of time before images,
CSS, JavaScript, hell, even the text, are delivered through OS-specific,
locked down CDMs. It will start with pissant sites nobody cares about (like
the ones who are currently fighting AdBlock), but eventually a large site will
demand it - most users will be using a device that handles this, and we will
literally never have the Open Web ever again. (If you can't imagine how this
would be done, go look at a restaurant website without Flash. Replace Flash
with a gigantic EME-required media element. It's closer than you'd think.)

I get that slippery slope arguments are often problematic, but DRM has always
been something where we've slid down as much as is allowable as soon as it is
allowable. The broadcast flag, Macrovision on DVDs, SCMS, Cinavia, etc. are
just a few examples of this.

Highly recommended reading is also this post, which discusses how Mozilla will
implement EME: [https://hacks.mozilla.org/2014/05/reconciling-mozillas-
missi...](https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-
and-w3c-eme/)

I also don't feel the 'open source sandbox' will be permissible by most
developers of CDMs. My opinion is that mozilla will waste countless cycles
implementing EME that won't be acceptable to the content mafia. Adobe is not
the only player in this space.

~~~
ozten
Mozilla is working very hard to limit the DRM to Video.

This matches what has happened in practice over the years. Ads and
entertainment have been packaged up in Flash with DRM. EME paves that cowpath.

~~~
throwaway2048
Just like they worked very hard to prevent EME?

~~~
ozten
The point is to put the slippery slope argument into context. Mozilla had made
the sandbox very explicit and divorced form the rest of the content in the
DOM.

------
shmerl
_> . We face a choice between a feature our users want and the degree to which
that feature can be built to embody user control and privacy._

It can't be said for all users. I don't want it. No DRM junk in the browser
please. I understand that she probably means some estimated majority, which is
unfortunate (i.e. majority accepting unethical practice like DRM).

 _> Firefox users would need to use another browser every time they want to
watch a controlled video_

Irrelevant for many users of DRM-free OSes (like Linux) who won't have any DRM
backend for EME anyway. I.e. it really sounds like "users would need another
OS".

 _> Each person will be able to decide whether to activate the DRM
implementation or to leave it off and not watch DRM-controlled content._

I hope there will be a switch for disabling the whole EME altogether. Even
better, I'd prefer builds of Firefox free of any DRM sickness. It's very
unfortunate that this garbage is finding its way into the open source browser
which always stood for the users' rights more than many others.

~~~
rayiner
> majority accepting _unethical_ practice like DRM

Are you kidding? DRM is great. I love being able to just pay money to Netflix
in return for content. DRM enables that nice, clear-cut transaction. What's
the alternative? Judging by the rest of the web, it involves tracking your
internet activity and throwing advertising in your face.

~~~
shmerl
DRM is never great. Show me one user who actually appreciates DRM itself. What
you meant above is that users like the service. They could like it even more
if it hadn't DRM garbage attached to it. I.e. DRM has nothing to do with what
users like - it always degrades the quality of the service and the digital
goods it delivers.

~~~
rayiner
That's like saying nobody likes the turnstile on the subway. Of course not,
but it enables the service to exist in the form it does. I'd much rather go
through the turnstile, as awkward as it can be if you've got a suitcase, etc,
than be forced to watch advertisements during my subway ride...

~~~
shmerl
No, DRM does not enable the service because it's not an essential part of it.
The service could work without DRM all the same while being ethical and more
user friendly at the same time. DRM is like a sickness attached to an
otherwise healthy product. It only becomes better when you remove it.

~~~
rayiner
That's like saying the subway turnstile isn't an essential part of the subway.
It's only true if you define "essential" in a narrow technical way that
ignores the realities of having to monetize the use of products and services.

~~~
shmerl
_> realities of having to monetize the use of products and services._

Essential means technically and financially essential. I.e. without it the
service can't work or can't bring profit. DRM is neither of that. Those who
require DRM [publishers] have no technical or financial reasons to justify it.
No valid ones at least (all reasons they usually voice are false, and their
true reasons they usually don't voice).

~~~
rayiner
That makes no sense. What "true reasons" do publishers have for DRM that
aren't fundamentally financial?

~~~
shmerl
I can think of several:

1\. Monopolistic lock-in. DRM is more than often used to control the market.
It happened with Apple in the past, and was one of the key reasons that music
publishers realized that being DRM-free is actually better for them.

This reason also includes DRM derivatives like DMCA-1201 and the like. It's
all about control (over the markets, over users and etc.).

2\. Covering one's incompetence. DRM is used to justify failing sales (i.e.
when execs are questioned about why the product performs poorly, they say
"Pirates! But worry not - we put more DRM in place").

3\. Ignorance and / or stupidity (many execs have no clue and might believe
that DRM actually provides some benefit). This type can be called DRM
Lysenkoism.

None of these reasons are valid, all of them are crooked and anti-user, but
they are often present in various combinations.

~~~
rayiner
> 1\. Monopolistic lock-in. DRM is more than often used to control the market.

How does this benefit the publisher? They already have a exclusive rights to
whatever particular movie you're watching.

~~~
shmerl
It's not always the publisher. It can benefit some middle parties which
implement DRM. Or for example mobile carriers which use DRM to prevent users
from switching. Or whatever other monopolistic lock-in scenario.

When publishers realize that monopoly falls to some other hands, they quickly
become sober and find common sense. When monopoly remains theirs, they pretend
that DRM is needed for other reasons.

------
cwyers
The handwringing over this strikes me as extreme. Mozilla already ships with
the ability for users to enable closed-source, proprietary DRM schemes to view
web content -- the Flash and Silverlight plugins. Moving from the current
regime of Flash/Silverlight to the EME is a move towards openness, not away
from it -- the DRM scheme is still closed, but the content itself is more open
and standard than before, as you're no longer tying yourself to Flash's
implementation of video streaming.

~~~
quasque
I agree, and think the sandboxing of the DRM plugin is a positive step towards
more openness as well - the opaque algorithm implementing the DRM can
apparently only touch the video streams it's being fed, and a unique
identifier generated by the browser. Much better than the current situation of
Flash having arbitrary network access and suchlike.

In concept, I think it's not too much different from server-side website code
being mostly closed source. The only difference is that this component happens
to be running on your computer.

Also there is prior form for this in similarly open systems, e.g. tainted
modules in the Linux kernel, which seem to have turned out okay.

------
higherpurpose
> Each person will be able to decide whether to activate the DRM
> implementation or to leave it off and not watch DRM-controlled content.

At first glance this may seem pretty "reasonable", but it really isn't. It's
like putting a backdoor in every Intel chip (such as say through TPM 2.0), and
then just telling people "look, if you don't want the backdoor activated, you
can disable it - Now here's the list of 10 instructions to do so..."

It's an _illusion of choice_ , and nothing more. While some may be content
that this option exists, the reality is that DRM is now getting _pushed_ to
billions of users out there through the web, as the default for soon most
video platforms.

I don't fully blame Mozilla for this. In fact I blame Netflix first, and
Google and Microsoft second. This Gang of Three is the one that made it happen
in the first place. But I am saying that Mozilla's attempts to alleviate our
concerns aren't very effective or particularly useful.

~~~
sp332
It's off by default, though. Isn't that the opposite of your scenario?

------
noonespecial
_A number of content owners (in particular film and TV studios) require
technical mechanisms to reduce the ways in which people can use that content_

Drm is the opposite of serving users. By definition. The "challenge" is
actually to select which privileged users you still want to serve in spite of
the not-serving default.

------
cjkaminski
I wish I could be against all DRM. Like many things in life, it's not that
simple. I'm proud of Apple for successfully taking DRM out of the equation
from music sales. But what about non-sales interactions?

We don't get DRM-free copies of all our music from Spotify, nor should we
reasonably expect that. We are subscribing to a service that allows us access
to music so long as we are paying customers. Why shouldn't there be light-
touch DRM in place to keep us from flagrantly abusing the system and retaining
all copies of the music after if/when we cancel our subscription?

Should we reasonably expect to be able to keep a copy of a television show
that we streamed from abc.go.com? ABC makes far less money from showing us ads
than if we purchased a copy from iTunes. They do this, part and parcel,
because we don't get to keep a copy of the show after we're done watching.

From my perspective, DRM has no place in a "sales" relationship. We should
have full usage rights whenever we buy a book, movie, or song.

DRM should exist for subscription services and ad-supported streaming. DRM
should essentially serve to enforce the social and legal contract that says we
are "borrowing" the books, movies, or songs for long as we have that
relationship. Once that relationship is over, we can't use that stuff any
more.

I suggest that we create an open-source DRM system designed to fairly protect
the content creator in cases where the audience is "borrowing" the creative
work (whether ad-supported or subscription).

~~~
__david__
> We don't get DRM-free copies of all our music from Spotify, nor should we
> reasonably expect that.

Why not? I use a number of internet "radio" stations that send DRM free mp3
streams to my computer (complete with ads). Some even have paid accounts that
stream at a higher bitrate.

The only reason Spotify can't do that is because the recording studios act
like frightened little children, scared that someone is going to take their
toys away. They've (somewhat successfully) planted the meme that DRM is
required or the evil pirates will just steal everything and they'll go out of
business. But I just don't buy it.

------
davexunit
Mozilla should have done the right thing and stood by their beliefs that DRM
is harmful to the free web. Instead, they folded to the media corporations and
implemented EME. I understand the tremendous pressure they must have been
under, but it was the wrong decision. Mozilla is not serving the users by
allowing Netflix, Amazon, and others to trample their freedom for the sake of
watching TV shows.

Mozilla, please remove this anti-feature. Do the right thing.

~~~
mconley_
Mozilla can't serve it's mission, or it's users, by dying valiantly on a hill
somewhere.

------
chimeracoder
> It will be easier for Firefox users to play DRM-enabled videos because they
> will not have to download Flash or Silverlight first. Firefox users will be
> able to choose whether to activate the new DRM system before it is accessed.

Why not have this downloaded upon first use, the way that Flash and
Silverlight have been?

Also, isn't this what users on many Linux distros (e.g. Iceweasel on Debian)
will have to do anyway?

~~~
grincho
Mozilla employee here, speaking for myself but pretty close to the info
source.

That's actually what we're looking at doing: the sandbox would be in there,
harmless, by default, but the actual crypto module (the "CDM") would download
from Adobe upon first need. (And they have committed to support the platforms
we support, Linux included.) The exact UI is still up in the air. I could
imagine us using the opportunity to display a message to educate users as to
what DRM is and whose phone number to call if they don't like it. ;-)

~~~
chimeracoder
> I could imagine us using the opportunity to display a message to educate
> users as to what DRM is and whose phone number to call if they don't like
> it. ;-)

Please do this!

I understand that Mozilla has been backed into a corner on this, so I get why
you'll be adding this (much as I wish you didn't have to). But that doesn't
mean forgetting about the issue entirely.

I wouldn't ask this of any of the other major browser vendors, but I like to
hold Mozilla/Firefox to a higher standard. :)

------
jordigh
So... how long until we reverse-engineer the CDM and write a free decryptor?
Is there any indication that reverse-engineering the CDM would be
technologically unfeasible?

[https://en.wikipedia.org/wiki/Smart_cow_problem](https://en.wikipedia.org/wiki/Smart_cow_problem)

~~~
aqme28
You often don't need to decrypt the content. Nothing is stopping you from
screen-recording video that's behind DRM and putting it up on Piratebay.

~~~
__david__
Sure, but re-encoding will degrade the quality. It's much better to just strip
the DRM.

------
fixermark
Is it part of the nature of the DRM technology that it can't be walled off in
an XPI? I find myself thinking the change would be significantly more
palatable for those who care deeply about the division of open and closed
source if Mozilla could implement this by building a video-supporting XPI that
users can choose to not install (thereby verifying that no closed-source blobs
are living in their browser, spying on them or whatever closed-source blobs do
that is so undesirable).

 _Edit_ : Ah, I see. [https://hacks.mozilla.org/2014/05/reconciling-mozillas-
missi...](https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-
and-w3c-eme/) clarifies the intent to remove plugins from the web altogether.

------
jejones3141
With that title, a Damon Knight story leaps to mind...

------
ademarre
Mozilla should implement the closed-source portion as an official addon. They
can give the user a choice to include it or not during the installation. Maybe
this is what they're doing; their post wasn't completely clear on that.

