
Browsers' bid for relevance is turning them into time-bombs - wallflower
https://thetech.com/2016/07/06/electronic-frontier-foundation
======
dasil003
> _The browser ecosystem is weaker than it’s ever been_

This kind of hyperbole undermines the whole argument. The browser ecosystem
was weakest when Microsoft released IE6 and then decided to not update it for
half a decade. Today, by comparison, we are living in a land of plenty.

Even on the DRM front, the situation was no better in the past when you had to
use Flash or Silverlight for DRM. At least now there is a clean interface to
just the video decryption without requiring a whole bloated proprietary
plugin. I don't quite understand the ideological bent that EME corrupts an
open standard, but the same result from NPAPI is somehow less objectionable?

If the hope is that by standards bodies rejecting DRM on principle they will
somehow strong-arm Big Content, I can tell you unequivocally that it ain't
gonna happen. Cory Doctorow has not spent the last 10 years building a feature
film streaming service and negotiating with rightsholders, but I have. In fact
I spent most of that time fighting against DRM on a UX basis and trying to
find loopholes, which works for small distributors but not for the studios.
The torrent crowd would have you believe it's because they're stupid, but Big
Content is anything but stupid. They know that there is no such thing as
guaranteed copy protection and that there will always be an analog loophole.
The reason they insist on DRM is as a means of control. They just need enough
roadblocks in front of casual piracy to prevent devaluation of their content.
If they were unwilling to accept any piracy they wouldn't stream to PCs at
all. Which, BTW, is exactly what would happen if we succeed in outlawing DRM
on PCs. They would literally pull the content, and say if you want to watch go
buy an Approved Device. Customers wouldn't bat an eye either, because people
prefer to watch on a television anyway; cheap streaming boxes / smart TVs are
the future, not general purpose web browsers.

Making a huge issue of EME is just asinine and belies a complete ignorance of
the market forces at work here. The studios have all the power, browser makers
do not have any leverage. And in any case, if rightsholders want to play a cat
and mouse game with DRM that should be their prerogative, but customers should
also have the freedom to circumvent those measures. Where we need to focus our
lobbying efforts is against the DMCA and infinite Copyright extension which
broadly impacts consumer rights and the public benefit.

~~~
chriswarbo
I don't understand why people think the Web needs Hollywood's video content.
Let them build proprietary set top boxes or whatever, who cares if it's not in
a browser? It's certainly not important enough to undermine the Web's
principles of openness, interoperability, free access to knowledge, etc.

As far as I see it, EME would only be a loss for the Web and browser makers
like Mozilla; in a similar way to, for example, losing the ability to "view
source" would be a loss.

I think the real threat is from commercial entities who want EME for entirely
separate reasons, i.e. Apple, Microsoft and Google, who also just-so-happen to
make browsers. They can embrace/extend/extinguish the Web, by building an
encryption standard into their particular browsers which none of the countless
others are able to do (Firefox, Konqueror, Dillo, Netsurf, W3M, Lynx, EWW,
Elinks, etc.). EME seems like an attempt to preempt such a situation, but I
don't see how it can do anything to prevent it.

This is a much worse situation than some set-top box scenario, since it will
bleed users from all browsers to those few with EME+plugins, and the Web will
become yet another Microsoft Office document format.

~~~
acdha
> I don't understand why people think the Web needs Hollywood's video content.
> Let them build proprietary set top boxes or whatever, who cares if it's not
> in a browser? It's certainly not important enough to undermine the Web's
> principles of openness, interoperability, free access to knowledge, etc. >
> As far as I see it, EME would only be a loss for the Web and browser makers
> like Mozilla; in a similar way to, for example, losing the ability to "view
> source" would be a loss.

The flaw in this line of reasoning is talking about it in the past tense and
referring to “the Web” as if that's some central authority distinct from the
browser manufacturers which can dictate terms. EME has already shipped in
Chrome, Safari, Internet Explorer, Edge, Firefox, and Opera. The alternative
was something like Apple, Google, and Microsoft hammering out an agreement
privately and leaving Mozilla and possibly Opera out in the cold, stuck with
either Flash or slowly bleeding users to a browser which offered a better
experience.

Look at Netflix's support matrix now and notice how many people can now play
movies without needing to install anything:

[https://help.netflix.com/en/node/23742](https://help.netflix.com/en/node/23742)

You're going to have a really hard time convincing most people that this is
worse than the previous security, stability, and performance disaster of using
NPAPI plugins. The vast majority of users think it's a plus that they can just
search, click, and play without having to use a separate device or player
application — how are you going to convince them that this should not be
allowed?

Note also that this does not prevent the use of view source on netflix.com –
only access to the decrypted video stream – and should any of the extremely
rare browsers which you listed (several of which don't even support images or
video of any sort!) decide they too wanted to support it, there's at least a
standard process.

~~~
azakai
> Look at Netflix's support matrix

Looks terrible, there is no mention of Linux at all.

~~~
acdha
I get where that's coming from – I've run Linux since the mid-90s, along with
other rarely supported systems like BeOS and OS/2 – but … how many people does
this actually affect? Linux on the desktop remains a small minority and the
percentage of Linux desktop users who are unwilling to use Chrome is even
smaller.

Again, I don't love DRM but we need a reason for a significant number of
people to care. We've had a couple decades for angry nerds ranting on the
Internet to show results and it's hard to say that we've done anything. The
one area where DRM was rolled back is music and that was a combination of
widespread unencumbered CDs and, mostly, Steve Jobs scaring the music labels
more than piracy.

We need a better approach to avoid repeating that cycle of failure again. Most
people think Netflix is good – what's going to make them decide to cancel
their subscription?

~~~
azakai
Linux might be a small (but rising) percentage. But the bigger point is that
Linux is a free operating system. If Linux can't run web content, that means

1\. You need to pay someone for an OS in order to view the web.

2\. The OS market isn't open, someone else can't just make an OS that people
will use, because it can't view the web.

~~~
acdha
You seem to be ignoring the fact that Chrome for Linux exists but even if it
didn't, it seems liked you're trying to argue that other people should be
compelled to support your operating system of choice, not to mention
conflating a small percentage of content with “the web".

Was the OS market not open when Flash for Linux didn't exist? FreeBSD?
TempleOS?

What percentage of content needs to use EME before you “can't view the web”?
If everything else but Netflix works, is the web open or closed?

More to the point, what do you expect to accomplish here – is hyperbole going
to convince people to use Linux, cancel their Netflix/Amazon/etc.
subscription, etc? If not, I would again suggest finding an argument which
will appeal to a non-trivial number of people. Why should they care enough to
change their spending or contact their representatives?

~~~
khedoros
> What percentage of content needs to use EME before you “can't view the web”?
> If everything else but Netflix works, is the web open or closed?

If the EME are part of the HTML5 standard, but in practice they require some
proprietary blob to operate, then the web isn't completely open. It doesn't
mean that it's completely closed. Whether that matters depends, I suppose, on
whether you want to take a pragmatic or ideological stance.

> More to the point, what do you expect to accomplish here

Does a complaint have to be a call to action?

> If not, I would again suggest finding an argument which will appeal to a
> non-trivial number of people.

I don't think an argument, as such, will sway many people. If EME (or similar
closed technologies) cause enough problems for enough people (for some
definition of "enough"), _that_ will change peoples' opinions. Things have to
get _really, really_ bad before most people will ask for change.

------
pdkl95
re: Cory Doctorow & DRM

I highly recommend watching his talk[1] month ago at the Internet Archive
about fighting DRM. Unlike many previous talks, this time he focuses on
supporting ourselves and our fellow engineers by taking bad options off the
table _before_ they become temptation. It's a lot harder to allow a "little"
corruption of open standards if that kind of option is forbidden with a
Ulysses pact.

[1]
[https://www.youtube.com/watch?v=zlN6wjeCJYk](https://www.youtube.com/watch?v=zlN6wjeCJYk)

------
jkot
> _makes it a crime to circumvent an “effective means of access control” that
> sits between users and copyrighted works_

US had always legal troubles with cryptography. In past programs like PGP,
TrueCrypt etc were developed outside US. That can easily happen with browsers.

~~~
thaumasiotes
Huh? PGP was developed in, and published from, the US. Hence the criminal
investigation.

~~~
drxzcl
It's was split off at version 2.6.3(i) into an "international version" that
was exported by printing the source into several large books and scanning them
in, and then further developed outside of the US. I believe most current PGP
versions are descended from the international branch, but I could be wrong.

~~~
effie
That sounds interesting. What was the point of printing source and scanning it
back into computer? Did that bypass the export law back then?

~~~
kalleboo
[http://www.pgpi.org/pgpi/project/scanning/](http://www.pgpi.org/pgpi/project/scanning/)

> However, the Export Regulations only covers software in electronic form
> (e.g. on disks, or via the Internet).

------
azakai
> some of the biggest tech corporations in the world today support EME

Not just support, Google and Microsoft invented it:

[https://www.w3.org/TR/encrypted-media/](https://www.w3.org/TR/encrypted-
media/)

The best way to fight back against EME is to put pressure on those companies
and their browsers.

------
millstone
This is the first time I've heard of EME. This caught my eye:

> Although some of the biggest tech corporations in the world today support
> EME, very few of them could have come into being if EME-style rules had been
> in place at their inception.

Why is that? It looks like EME is just about streaming video - how would this
have prevented Apple/Google/Amazon etc from coming into being?

~~~
chriswarbo
Google wants to steal Web content by downloading (i.e. pirating) it, using
automatic programs called "crawlers" which cause pages to be served but don't
provide any revenue via ad views. That's theft, and it shouldn't be allowed.

They also want to use that content in unapproved ways, for example to extract
keywords and links. They then serve this unlicensed information publically,
_with their own ads_.

Thankfully, we can put a stop to such wholesale commercial piracy by
encrypting our content using EME.

</sarcasm>

~~~
sievebrain
That's a really terrible analogy.

The web already has that kind of DRM and always did: robots.txt, enforced by
social convention rather than encryption.

And yes some companies ban crawlers and try to get their content out of search
engines for questionable reasons. More often, they try to strongarm Google so
their content is still there, but they get paid for the privilege, which is
not a reasonable approach and thus not supported by the robots.txt "DRM"
protocol.

~~~
erlehmann_
robots.txt is not DRM: it can be freely implemented by anyone without special
knowledge – and ignoring it does not lead to a criminal investigation.

------
tehabe
The only issue I'm having with Cory's piece is, that it seems that there is a
solution outside of politics. Even so I kinda know that he aware of that. Only
politics can change the way copyright is working. Sadly in the last decades,
it mostly listend to the copyright holders and transformed a limited monopoly
right into a property.

------
symlinkk
playing the devil's advocate - without EME how would movie studios agree to
letting you stream their movies on Netflix?

~~~
slavik81
Netflix has copy protection and yet movies are still all readily available on
pirate sites. What difference does EME actually make to the movie studios'
bottom line?

~~~
sievebrain
DRM pushes people towards legit outlets, often because the pirate version is
of lower quality, bound with malware, or arrives later than the legit version
does. Stop seeing DRM as an unbreakable lock and start seeing it as a cost
optimisation problem and you'll understand.q

~~~
lisivka
DRM pushes people against legit outlets, often because legit version is of
lower quality (e.g. HDCP), bound with malware (e.g. Sony rootkit), or arrives
later or even never, because market too low to care about (e.g. Linux/BSD, or
local markets of non-English speaking countries), that the pirated version
does.

------
legulere
The bigger problem of web browsers is the standards really. There are many
issues with them and the browsers need to maintain backwards compatibility.

Those standards are hacked together like javascript, underspecified, feature
bloated and only subsets are supported.

And it's only getting worse. The SVG path grammar for instance will get even
more complex in SVG2 even though many implementations for parsing it are
buggy.

------
ryanmarsh
The web is fucking fine, you know what isn't fine? Email. Email is a fucking
mess.

------
dredmorbius
And if we call the MAFFIA's bluf and strip video and audio from browsers,
where it never should have been, and create a unified multimedia retrieval,
queueing, and playback system?

1\. No more fudging autoplay anything. Win.

2\. Media interface can be DRMd (if you're a fool / slave to the boss) or
free.

3\. Instant DRM-free ecosystem.

~~~
dingo_bat
I'm totally fine with this. Almost all the video I watch over the Internet is
Youtube and Facebook. Let them both create native apps. The browser doesn't
need to be able to stream video inside the page. You can always follow a video
link and open it in an application of your choice. This is actually great.

~~~
dredmorbius
I'm actually going one step further.

For _text_, tabs and such somewhat make sense.

For audio/video, they almost never do. I can _listen_ to one stream at a time.
I might be able to watch 2-3, but only one's going to be getting any
attention, the others are, say, monitored for intrest (something software
should be able to do far better than I).

I've argued for some time[1] that "the browser" should be divided into about 4
distinct apps. It's already partway there.

1\. Reading / commenting / research. Essentially _no_ remotely-imposed style.
Support front/index, gallery, article, and discussion formats, possibly a few
others, _whose rendering properties are defined locally_, _by the user._
Pocket, Readability (which appears all but dead), Instapaper, and Pinboard all
fit this model. Arguably emacs as well.

2\. An app framework. This is where Chrome is headed, possibly Firefox too.

3\. A dedicated commerce app. Privacy, security, feedback, etc., within it.
We've got a few candidates in iTunes / Apple Store, Google Play, and Amazon
Store. I'd prefer an open version, not sure we'll see it.

4\. A multimedia app. Podcasts, streams, and media downloads, with scheduling,
queue management, high-level _and consistent_ playback controls (fast/slow,
fwd/back, skip), etc. The idea being that _only one damned item at a time
would be played, and you could control your media from one damned place._

I've been _exceptionally_ dissatisfied with the State of the Web since ~2009.

_______________________________

Notes:

1\.
[https://www.reddit.com/r/dredmorbius/comments/256lxu/tabbed_...](https://www.reddit.com/r/dredmorbius/comments/256lxu/tabbed_browsing_a_lousy_bandaid_over_poor_browser/)

