
I tried creating a web browser, and Google blocked me - smaddock
https://blog.samuelmaddock.com/posts/google-widevine-blocked-my-browser/
======
kwindla
Let's add the US Congress and the EU to the long list of parties to blame for
the DRM situation. "Reverse engineering" software for the purposes of
"circumventing" copyright is illegal.

"Circumventing" is much more broadly defined than it should be.

It's not just illegal to redistribute copyrighted material. That's the point
of copyright and has been the case for a long time. It's also illegal to
watch/consume content yourself in any way that the copyright-holder didn't
explicitly enable, even if you have a general right to watch/consume that
content. You're not allowed to create a browser that can watch DRM-protected
Netflix content. And if someone does create such a browser, it's illegal for
you to use it, even if you pay for a Netflix subscription.

That's pretty new (circa 1996 or so).

In 2002 I went to see Lawrence Lessig argue the Supreme Court challenge of the
Digital Millennium Copyright Act, which introduced these anti-circumvention
concepts. Here are my notes:
[https://allafrica.com/staff/kwindla/eldred.txt](https://allafrica.com/staff/kwindla/eldred.txt)

~~~
krzyk
The above is most probably for US based clients. E.g. in Poland it is
perfectly legal to watch copyrighted material as long as you don't
redistribute it.

It is also legal to do a reverse engineering of software to allow it to run on
your system, software, hardware (so I think a browser also applies).

(I'm not a lawyer, just reading some of the more technical law articles)

~~~
the8472
Poland is an EU member, so your government must have some implementation of
the EU Copyright directive, which includes somewhat similar anti-circumvention
clauses as the DMCA[0].

There are lots of differences in the details, but I wouldn't make a blanket
statement that it's completely legal without actually checking the
corresponding laws.

[0]
[https://en.wikipedia.org/wiki/Copyright_Directive#Technologi...](https://en.wikipedia.org/wiki/Copyright_Directive#Technological_protection_measures)

~~~
janoc
You need to realize that the EU "directives" are not actually the law (aka the
thing that will get you prosecuted).

The directives are "transposed" into national law, country by country - and
each country can (and does) add a local "flavor" to it. So if the Poles have
watered down the anti-circumvention clause (it is very vague in the directive,
giving a ton of maneuvering space to the national parliaments), the situation
he is describing is very possible. On the opposite side of the spectrum is
traditionally France, with its (fortunately incredibly ineffective) three
strike system. Very different approaches to things even though both countries
are implementing the same copyright directive.

The other type of texts coming from Brussels are "regulations" \- those go
into effect immediately, without having to be rewritten into national laws.
GDPR is an example of such regulation.

~~~
M2Ys4U
You're absolutely correct. However,in the event that directives are not
transposed (or not transposed correctly) courts can find that the directive
_is_ (vertically) directly effective.

------
Daiz
Boy howdy, this is one subject where I loathe saying "I told you so", but... I
sure told you so.[1]

HTML DRM is antithetical to the Open Web itself. It was built on a sham of
"plugin-free" media playback, but all we did was change Flash and Silverlight
for a whole range of closed black boxes, which in turn are effectively all
controlled by Big Media ( _to make it crystal clear: EME was built with third-
party decryption modules in mind, and Big Media was obviously never going to
support any sort of decryption modules that they couldn 't control, so even if
your custom browser supports EME it's completely useless without a Big Media-
approved decryption module_). And make no mistake: Requiring permission from
Big Media to essentially build a fully-fledged browser is a 100% intended and
expected outcome of HTML DRM as conceived. Big Media would love nothing more
than to turn the entirety of the Open Web into Closed Web that they control,
and with HTML DRM they've certainly achieved a great step toward doing so, to
the detriment of public at wide. I'm sure they're positively salivating about
the thought of eventually reaching The Right to Read![2]

[1]
[https://news.ycombinator.com/item?id=7747142](https://news.ycombinator.com/item?id=7747142)

[2] [https://www.gnu.org/philosophy/right-to-
read.html](https://www.gnu.org/philosophy/right-to-read.html)

~~~
profmonocle
The saddest part is it doesn't even seem to _accomplish_ anything. What would-
be pirates are actually being foiled by this? Netflix, Hulu, and Amazon Prime
use EME, but all their exclusive content is still readily available on torrent
sites. Does it raise the difficulty bar? It's hard to imagine anyone who knows
how to rip video from their browser doesn't know how to torrent something.

~~~
antoinevg
DRM technologies are often sold to the public & content providers as an anti-
piracy measure but that has never been the intent.

It's _always_ been about control on the creation and manufacture of playback
platforms and/or devices.

~~~
molszanski
Yes! DRM is not about piracy, it is about CONTROLLING HOW YOU WATCH. Exclusive
deals, upsells, ads and devices.

~~~
5ersi
You don't need DRM for that. That is achieved by contracts.

~~~
rakoo
Contracts can't be enforced just because you want to, DRM gives you the means
to do it.

------
cmsimike
I don't know if this will be helpful to you but an open source media player,
Kodi, recently added support for Netflix in the latest version of the app (by
implementing a DRM engine for people to use).

This requires the use of the widevine library which then downloads things
behind the scenes upon use (I believe).
[https://forum.kodi.tv/showthread.php?tid=329767](https://forum.kodi.tv/showthread.php?tid=329767)

I can't imagine Google gave the OK to Kodi to use widevine so maybe you can
see what they did?

~~~
noitsnot
I hope Kodi makes some decent progress. I installed it a few weeks back and it
is a rough experience. The docs on how to do simple things seem to be
nonexistant because they don't want to be sued and shutdown entirely.

~~~
cmsimike
I think Kodi has made amazing progress. I've not had issues getting it
installed on different devices since the 15.x days. Currently run it on 4
different dedicated devices in my apartment as well as some mobile and media
devices.

> The docs on how to do simple things seem to be nonexistant because they
> don't want to be sued and shutdown entirely.

What docs are you looking for? They have a very extensive wiki as well as an
active community on their own forum.

~~~
pushpop
I’ve been running it since the earliest beta versions when it was literally
_Xbox Media Center_ \- a media center for modded Xboxes (original).

I’ve ran it on all kinds of hardware from laptops, Android phones and tablets,
Raspberry Pis (version 1 through to 3), Intel NUCs, etc. And obviously not
forgetting the Xbox. Until very recently it was my go to media center.

I even went as far as to write some plugins for it. But they were for version
8 or something. It was probably 10 years ago and hasn’t been maintained.

I’ve never used a media center - free or non-free - that was as easy to set up
nor ran as flawlessly as XBMC / Kodi did

~~~
kelnos
As a (former) plugin developer and long-time user and community member, I
don't think you're exactly the best person to evaluate today's install
usability for a non- or even somewhat-technical new-ish user.

~~~
pushpop
I'm really not sure what the point of your post is but what I can tell is
you've completely misunderstood my post (and possibly Kodi too?) because
several of the conditions you highlighted (eg "todays", "non-technical")
wasn't even in the scope of my monologue.

Besides, non-technical users wouldn't be ripping DVDs to a NFS / SMB share in
the first place (or using a home server / NAS for bittorrent / usenet / etc if
that's how one prefers to accumulate their video archive). So why would they
want a Media Centre that's designed for playing local or networked content?

Maybe what you're referring to is the stuff that has been in press a lot in
recent years; the stuff incorrectly named (imo) as "Kodi-boxes" (or similar).
I say "incorrectly named" because they used 3rd party plugins for illegal
streams but those really have naff all to do with the Kodi media centre
itself. It's like calling illegal downloading "Windows-boxes" because someone
uses a bittorrent client on Windows 10.

I guess you could argue that Kodi now fills a niche that is dying out - that's
certainly the case for me as I tend to use Netflix et al on my smart TV. But
for playing local / mountable files, Kodi still leads the pack in terms of
ease. Which is hardly surprising when you consider that's what the media
centre was built to do.

------
arendtio
DRM is just a huge pile of shit. I mean, if it would actually work I would say
okay, at least we have a solution that everyone is somehow happy with. But
instead we consumers just loose. To give a few examples:

\- When I want to watch movies on Amazon Prime Video, there are _some_ movies
I can't watch in HD, even if I paid for HD (so the movie obviously exists in
HD; probably dependent on the rights holder). The problem is that I can't see
if I can watch the HD version before I buy the movie.

\- On Netflix, I don't get 1080 at all with my browser, even if I pay for 4k.

\- Every few weeks, Spotify pushes a broken version of their web player to the
website and from one moment to the other, I can't listen to 'my' music anymore
until they fix it. The good news is that it seems to happen less frequently
lately. Nevertheless, that would not be a problem if I could listen to 'my'
music with a normal mp3 player.

\- A few hours ago, I wanted to play a game, but guess what... Steam had a
network problem [1] and didn't even let me enter the offline mode.

[1]
[https://store.steampowered.com/stats/](https://store.steampowered.com/stats/)

~~~
fratlas
The Netflix issue isn't really DRM, it's just a way to minimize bandwidth[1];
they found HQ 720 encodes to be sufficient quality for most consumers. I
personally find it lacking.

[1]: [https://medium.com/netflix-techblog/per-title-encode-
optimiz...](https://medium.com/netflix-techblog/per-title-encode-
optimization-7e99442b62a2)

~~~
dre54673
I pay for 4k netflix but can't watch it on my computer because of drm. On
Chrome it only streams up to 720p, and I have to use Edge for 1080p. To stream
4k you need to use their microsoft store app, a specific high-end processor or
graphics card, and on top of that you also need a monitor that supports hdcp
2.2. I have all of the above (1080ti and hdcp 2.2 compliant monitor) but still
can't stream 4k because my second monitor is not hdcp 2.2 compliant. The
monitor states that it is but I couldn't get it to work even after extensive
research. All of my setup is pretty modern and high-end and I still can't
stream 4k netflix because drm hardware keeps evolving. If this is supposed to
make me pirate less, it's not very effective.

~~~
isatty
I have a 1080ti too, 2x HDCP2.2 (over DP) compatible monitors and a 1 gbps
connection and yet I can’t even stream 1080p content on Linux, much less 4K.

I guess it’s still me to blame because I pay for it for friends and family who
use my account.

Anyway check your cable if your monitor states that it’s compatible.

------
_bxg1
DRM often results in a whitelist of media clients, killing standards in favor
of a centralized authority. HDCP does the same for video feeds (HDMI, etc.).
DRM-protected boxes can only output to DRM-protected displays, giving a
central authority the ability to effectively deny new client devices from
being made: [https://en.m.wikipedia.org/wiki/High-
bandwidth_Digital_Conte...](https://en.m.wikipedia.org/wiki/High-
bandwidth_Digital_Content_Protection)

~~~
Townley
Mind helping me understand this a bit better?

The link mentions that to produce a HDCP-compatible device (eg one that has an
HDMI port) it needs to be licensed, pay an annual fee, and make promises to
frustrate DRM-mitigation efforts.

If I wanted to make my own monitor with a VGA input (or, more practically,
pipe the signals coming from VGA into a program that does something with the
feed) I would just have to find a suitable adapter and receive the serial
data.

Does this mean that doing so with HDMI (either the real-world DIY monitor, or
the in-software feed-ingestion program) would be:

A) Difficult/time-consuming to write due to a lack of open drivers B) Run
afoul of IP laws pertaining to the HDMI standard and get me sued C) Prevented
by the cryptographic handshake that happens between an approved display and
the output drivers D) All of the above?

~~~
verall
Most of the above, with a couple caveats.

For HDMI, specifically:

A is true, as HDMI requires a pretty ugly IP core on an fpga or an asic to
process or produce the phy.

B is also true, as to sell a device with an HDMI port you have to join the
group and pay fees. If you're just hacking stuff together for personal use I
think you're A-okay here.

C is true ONLY in the case of HDCP protected content, as that handshake does
not occur for unprotected content or HDMI 1.0

Also, side note, VGA uses analog R/G/B channels so if you want to pipe signals
into the program you'd need an ADC to get useful values from it, and a pretty
fast one depending on your resolution.

~~~
__david__
Also I'm pretty sure the hdcp private keys have been factored, so anyone can
now make unauthorized but compatible devices.

~~~
krferriter
All DRM solutions eventually fail. It's an endless race. Companies pour
millions and millions into media DRM, and yet all of the content is cracked
and uploaded on pirate sites, without fail. They don't seem to understand how
much of a waste their efforts are, and the government doesn't seem to realize
how pointless, and stifling of innovation and competition laws like DMCA are.

~~~
rjf72
I imagine their argument looks something like: We earn billions of dollars a
year and want to earn more. We see people are downloading our stuff without
paying us. This technology/company/etc promises to make copyright infringement
more difficult and it'd only cost us _$y_ million. If we see even a 0.01%
increase in sales, it'll pay for itself in _x_ years. Do it!

And government is even more straight forward. Media companies/individuals
donate lots of money to campaigns, and there's a typical unspoken _quid quo
pro_. They donate getting politicians into office and hire some lobbyists who
know how to get those politicians what they want. In turn, those politicians
then pass the media company's legislation. Like much of what the government
does, the motivation is not a holistic effort to create a better country but
an individual effort to get elected or reelected.

Hahah, come to think of it - it emphasizes that governments and capitalism
suffer from the exact same problem. Capitalism works great when people put out
good products and look to get rewarded for doing so. And similarly governments
work great when politicians do good stuff and look to get rewarded for it.
Things only get really messed up when companies start with the goal of making
money instead of making a good product. And similarly, politics gets messed up
when politicians start with the goal of getting [re]elected instead of
creating good legislation. Because in both cases what makes the most money is
not necessarily the best product, and what gets you reelected is not
necessarily the most beneficial legislation.

~~~
verall
it's really a pitch that starts with the hardware companies and the media
companies buy into it because more DRM has no downside for them.

You better believe some "HDCP-certified 2.0" badge or whatever is on every
hdtv and gpu you find at best buy. I wonder if the engineers on hdcp 1.0 knew
how fast it would get cracked, but they knew that would just let them sell
another round of hardware for the 2nd version.

------
ktm5j
I also find the title to be rather sensational.. "I tried creating a web
browser" ^ "Google blocked me" implies that Google blocked them from creating
a web browser.. which is not the case.

~~~
danShumway
If a single company can effectively decide whether a bunch of 3rd party sites
that they don't control work on your browser, how is that any different?
Google is effectively deciding that anyone other than pre-approved browsers
can't play Netflix content.

If an ISP fully embraced the Net Neutrality repeal and started blocking video
content, and someone posted on HN that ISPs were "blocking them from building
a streaming service", no one would be complaining that, "technically you _can_
build it, you just can't reach any of your customers." Everyone on HN would
understand that part of building a service is the having the ability to reach
customers.

In the same way, part of building a web browser is having the ability to
render web content. If Google can block your custom browser from rendering
content, then for all practical purposes they are blocking your ability to
build a browser.

~~~
Mindwipe
> If a single company can effectively decide whether a bunch of 3rd party
> sites that they don't control work on your browser, how is that any
> different?

Because those third party sites choose to utilise closed software from that
company. And Netflix doesn't only utilise Widevine as a DRM, it uses several
different DRM systems, so Google don't have control over anything.

~~~
ggggtez
This. Netflix is buying security for their product by doing this.

We may all think (know) DRM is dumb, but DRM is more than just about how hard
it is to hack. Sure, everyone _could_ in theory reverse engineer this stuff.
But the point is that it's only legally protected as long as it's at least
_not trivial_. Open sourcing would probably invalidate their legal defences
against people downloading Netflix movies.

~~~
0815test
> invalidate their legal defences against people downloading Netflix movies.

I _highly_ doubt that. A ToS violation is still a ToS violation (in the case
of Netflix, which is expressly a _streaming_ service), and copyright
infringement is still copyright infringement. The legal protection that's
afforded to DRM itself is something that's literally only useful to you as a
content holder if you're looking to _abuse_ copyright and go far beyond what
copyright law actually grants you! That's what makes the whole notion so
problematic in the first place.

~~~
brianpgordon
Well, they are granting you a license to download the copyrighted content.
That's the consideration you get in exchange for paying subscription fees.
IANAL but it seems doubtful to me that copyright law on its own (without the
anti-circumvention parts of the DMCA) could be twisted to produce criminal
penalties for downloading licensed content in a non-streaming way given that
it's legal to download it in a streaming way. And ToS violations are not
criminal acts.

------
dec0dedab0de
Right, thats the whole thing that sucks about DRM and these video providers in
general. Not only do they want to protect their content from unauthorized
viewers, they want to control how it is consumed. Which to me is especially
outrageous because netflix and youtube are the only two with a good user
experience. (I used to count Hulu, but at some point they really fell off)

I would think that Amazon would lead the charge for an open standard for
distributing video which handles DRM, subscription, pay per view, etc. and
then all the non-Netflixes would publish to that standard, and let player
applications thrive. Even when using a Roku it feels like each app is
completely different. And most of them suck. Imagine if in 1985 Prism, HBO,
and Showtime all manufactured their own TVs and required you to use them, but
they all had wildly different layouts and remotes.

The idea of syncing up two video streams is awesome, I can see people enjoying
that, and it would encourage people to pay for whatever services their friends
have. Though it does sound a bit similar to rabb.it

~~~
imtringued
The entire idea behind DRM is to gain control over the user experience of
legitimate users. Pirates will always break whatever DRM scheme you use.
Wasting energy on them will always be futile. Controlling the user experience?
That's where you can make a lot of money by pushing out competitors.

~~~
pandler
I think this is an incomplete picture. Guessing at their motivations, DRM also
serves to reduce opportunities for casual copyright violation when you have to
jump through illegal (which is part of the scheme) hoops to circumvent it.

~~~
jdsully
But by and large people don't make mix tapes, or bootleg videos anymore. They
torrent it from the one person with the time to break the DRM. They would
likely still do this even if the content was DRM free since its easier.

------
gnomewascool
Regarding browser extensions, the Firefox "webextensions" API is (mostly)
compatible with Chromium's, so with relatively little effort you could target
both the Firefox and Chromium families of browsers.

Firefox compatibility is valuable because Firefox extensions don't have to be
distributed through the Mozilla add-on store (they do need to be signed by
AMO, but provided your extension isn't doing anything illegal, that should not
be an issue).

Finally, you could try redistributing unbranded Firefox or Chromium with your
extension pre-installed. Waterfox (a Firefox fork) can have DRM — it's
disabled by default, but it can be switched on — and I don't think they put a
great deal of effort into it, so I think that your "version" of Firefox could
also easily have DRM. (I have no idea whether the same holds for Chromium.)

~~~
smaddock
Sorry for the late reply. Building Metastream as a web browser instead of a
web extension was a complexity burden created solely by myself.

One of the main requirements I wanted was the ability to use the app with as
little centralized dependencies as possible. P2P is the primary way to connect
to users with the app, but even that requires a centralized signaling solution
which is prone to downtime. To mitigate this, users can also directly connect
to an IP address with the appropriate ports forwarded. Listening on a socket
is not supported by a web extension at this time.

Additionally, some actions on the web require a "user gesture" to be performed
such as fullscreening a video. I created an auto-fullscreen feature by
simulating a user gestured mouse click. It also only fullscreens within the
frame of the window instead of the entire screen. [1]

Other features not possible with a web extension/app include local file
reading (potential future feature) and Discord Rich Presence (currently
implemented).

[1]
[https://github.com/electron/electron/pull/17203](https://github.com/electron/electron/pull/17203)

~~~
gnomewascool
Thanks for the reply!

That makes sense and it's interesting to see the limitations of the "web
extension" framework.

The following isn't meant to try to convince you to use any particular
solution (I don't have any skin in the game), just some ideas in case you get
fed up even more by the problems with implementing DRM in your own browser.

Listening to a socket and reading local files is possible with "Native
messaging"[1]. In brief you have a small application running in the
background, outside the browser, which can listen to sockets or read local
files, and your browser extension communicates with it. This does bring added
complexity and might (haven't tested) bring additional latency, possibly
making it unacceptable.

[1] [https://developer.mozilla.org/en-US/docs/Mozilla/Add-
ons/Web...](https://developer.mozilla.org/en-US/docs/Mozilla/Add-
ons/WebExtensions/Native_messaging)

------
mmastrac
The blame for this sits squarely on the w3c for their efforts in trying to
replace flash by letting the content companies dictate standards for encrypted
playback.

If they had held fast, we could have forced the companies to do their key
management in something like WebAssembly and avoided this gatekeeping mess.

~~~
jcranmer
Blame Google and Microsoft. They were the people who created the
specification, and pushed for it, when Netflix came begging for a solution to
their DRM conundrum. Even if the W3C hadn't approved it, that's two of the big
four browser vendors who are committing to implementing it anyways, which is
enough to guarantee a de facto standard anyways.

~~~
tiraniddo
No, blame the movie studios, record labels etc. They're the one which require
asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe want to
support media content, but to do so requires towing the line with the media
companies otherwise they refuse to license the content (at least in HD+).

Having worked with various DRM teams I know that they have to treat their code
as if its the most secret code in the world, if they don't the media companies
can swoop in and ban them and then no Netflix for your users. This is why
Widevine code isn't open source (other than the glue EME code) and is almost
certainly the reason for the refusal to work with a small open-source form of
Chromium. If for example the project was used to "steal" content the media
companies would be mad at Widevine, with lasting repercussions for all Chrome
users.

It's worth noting that typically all DRM teams work as if the hosting
environment is an adversary. For example Widevine don't trust anything Chrome
says as someone could recompile it and lie about the security. The only times
this is relaxed is where the platform is deemed secure, such as CrOS or iOS.

~~~
jhasse
> No, blame the movie studios, record labels etc. They're the one which
> require asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe
> want to support media content, but to do so requires towing the line with
> the media companies otherwise they refuse to license the content (at least
> in HD+).

Let's say Google, Microsoft and Apple announce that they will be removing any
DRM from their browsers on 2020-01-01. They will also remove any DRM playback
app from their App Stores. So no Netflix on PCs, Macs, iPhones, iPads or any
Android device (including stuff like Android TV).

What do you think would happen?

~~~
rjmunro
Simple: You'd have to install a plugin or a separate special app to watch
video, like the bad old days of RealPlayer.

~~~
theprotocol
This is the most plausible outcome. Netflix wouldn't just leave that money on
the table and the most obvious thing to do would be to provide the support
they want from browsers themselves.

Users follow use cases and would not be averse to spending 30 seconds
installing something in order to watch their favorite content.

There's also sort of a game theory situation with the removal of DRM, as it
would be a competitive advantage being the only one that supports it.

~~~
bad_user
All Netflix movies are on PirateBay already, in spite of their DRM. I’ve seen
movies pop up on PirateBay the day they are released. They wouldn’t leave any
money on the table.

People paying for Netflix are paying for convenience. That wouldn’t change in
absence of DRM.

~~~
theprotocol
I think you're greatly underestimating how much more cumbersome torrenting is
even compared to a plugin, especially for "normal" users who are not
necessarily tech-savvy.

~~~
bad_user
This argument is repeated ad nauseam but it’s false, all it takes is a
torrenting app installed, that’s the only threshold.

But back to the point, if Netflix wouldn’t use DRM, it would change absolutely
nothing since copyright infringement is still illegal and those DRM
protections are completely useless.

~~~
fixermark
Can my torrenting app stream my video, or do I have to wait for a full
assembly of the pieces from torrent hosts and enough downloaded to watch it?

If the latter, torrenting is plenty cumbersome enough that if the studios are
pushing movie-viewing to "Pay us money or you have to torrent it," they're
winning.

~~~
radisb
Pop-Corn Time would like to have a word with you

~~~
fixermark
I don't think it would, unless it begins playing within thirty seconds of the
user choosing a video and provides an uninterrupted streaming experience?

Last I checked, the BitTorrent protocol didn't provide packet sorting that
would allow for this behavior (by forcing the beginning of the movie's
bytestream to be the first data downloaded), so my mistake if the protocol has
improved and I was unaware it provided this service.

~~~
Dylan16807
The _downloading_ client is in charge of which parts of the file it gets
first. It can easily go in order.

~~~
fixermark
How easily, and how much setup is necessary? Remember, we're talking about
competing with a service that doesn't even make the end-user consider whether
that is a problem that needs to be solved (just plug in a credit card and off
you go).

~~~
Dylan16807
A coder spent an hour changing the code, once, and now it requires zero effort
for users. They never know the difference. Open popcorn time and wait for it
to quickly buffer.

------
NeekGerd
Had the same issue with an Electron app of mine, published on the AppStore
with 10k users or so.

It's been more than a year that I'm in contact with Google/Widevine, waiting
for my license.

This is a nightmare. It's such an obvious gatekeeping mechanism.

~~~
sroussey
What license?

~~~
gpvos
Widevine.

------
qntty
Sorry, for those of us not privy to how Widevine works, what's the problem
exactly? What do you need Google's approval for and why?

~~~
thefounder
Yes, you need Google's approval because now all major browsers have a black-
box/binary blob which downloads other funky binary stuff so that it can
decrypt video content. As you might figure out Google/Wildevine org gives the
blackbox only to approved developers/devices/applications.

Bonus DRM: If your license is not "the most certified" your browser/player
will play only shitty/low quality versions of the video. There are other
goodies of course like not being able to play the content offline.

~~~
mcv
So how do open source browsers like Chromium and Firefox do this? Surely if
they have access to the blackbox, then anyone does? And if they don't, it
means you can't watch Netflix on some major browsers.

~~~
sherincall
Not sure if it's still the case, but it used to be that Firefox on Linux could
only stream 720p videos.

~~~
pmontra
Firefox on Ubuntu 16.04 NVIDIA proprietary driver here. I searched for 1080p
on YouTube and the first result is this harmless video
[https://www.youtube.com/watch?v=DQuhA5ZCV9M](https://www.youtube.com/watch?v=DQuhA5ZCV9M)
It started at 720p, then I switched it to 1080p and it started playing at that
resolution. However I didn't count the lines and I don't know if this is the
kind of streaming you're writing about. Maybe Netflix? I can't check that.

~~~
jhasse
Most YouTube videos (including the one you linked) don't use DRM, that's why
1080p works on Linux. Netflix only works with up to 720p on Linux.

~~~
floatboth
I'm pretty sure YouTube doesn't support DRM _at all_. Premium originals (e.g.
Mind Field) play in 4K for me on FreeBSD (for which no one has ever compiled
Widevine or anything like that)

~~~
jhasse
Premium is DRM-free, but Google Play purchases, which you can watch on
YouTube, use DRM.

------
kodablah
> For the last 2 years I’ve been working on a web browser that now cannot be
> completed because Google, the creators of the open source browser Chrome,
> won’t allow DRM in an open source project.

It can too be completed, you're just not gonna have DRM'd content. I have a
browser that has the same problem, and I just leave pages that can't do video
playback (which doesn't include YouTube because they use WebM). There's still
value in a non-DRM'd browser for most of the web, and hey, if enough of us use
one maybe sites will start being more liberal in the licensing of their video
(but let's be honest, probably not).

~~~
_bxg1
You're right in general, but the OP's browser seems fairly useless without it

~~~
johndavidback
Yes - reading the post it appears OP's specific value proposition is keeping
DRM'd videos in sync. This reminds me of watching Dawson's Creek with my
girlfriend in 8th grade - we'd call eachother on the phone and watch the show
at the same time. Anyway this would be the browser version of that, from what
I understand.

~~~
akhilcacharya
The hack some people have is to just _stream the browser_.

I do that sometimes using Parsec and it works reasonably with GPU hardware
encoding.

~~~
imtringued
Why bother with parsec when rabb.it exists?

~~~
akhilcacharya
I used Rabbit quite a bit but latency has gotten really bad lately. The
hardware acceleration and my solid upload pipe makes parsec significantly
better to use.

------
sli
> ...the creators of the _open source_ browser Chrome, ...

This assumption is a mistake the author is making. Chrome is, for all
practical purposes, closed-source and proprietary. It's Chromium that is open-
source. So far as I know, Chromium does not have Widevine included by default.

~~~
tomxor
This is correct, I use chromium - netflix and amazon do not work... the rest
of the web is perfectly fine though.

It may have been a stupid decision for W£C to include DRM in the spec, but
frankly the rest of the internet doesn't give a shit - As far as OSS is
concerned it's another 3rd party blob like flash and not a true part of the
web. As far as I can tell the author is trying to use this third party blob
specifically - not the rest of the browser for which no one has any authority
in the creation of...

~~~
tellak
I use chromium and Widevine works fine (Netflix works fine)

------
geofft
> _Google, the creators of the open source browser Chrome, won’t allow DRM in
> an open source project._

Chrome is not an open-source browser. Chromium is, and Chromium doesn't have
Widevine support.

Download and sandbox the Widevine binary blob the same way that Firefox does.
Done.

~~~
jhasse
> Download and sandbox the Widevine binary blob the same way that Firefox
> does. Done.

Mozilla has a license to redistribute the binary. You can't simply do that
(legally).

~~~
geofft
Did Metastream ask for a license to redistribute the binary?

We don't know anything about the conversation with Widevine other than that
they wrote, "I'm sorry but we're not supporting an open source solution like
this". They clearly _are_ supporting an open source solution like Firefox. So
what is the difference, and can Metastream be less "like this" and more like
Firefox?

~~~
jhasse
I would guess, that they fear, that Metastream could implement a feature,
where only one of the users has paid for the content and streams it to his
peers.

~~~
smaddock
Those were my initial thoughts, Google misunderstanding how Metastream works.
It only sends playback information, no streaming of video/audio content. Each
user needs to be logged into their own session on each web service.

------
ohithereyou
This is why I break DRM when I can, treating its presence as advisory at best.

From a balancing test standpoint, if you want a technological solution to
people copying your work then I think you should not be allowed to claim
copyright protection of your work. Pick a legal or technical solution to
unauthorized copying, not both.

~~~
gerash
What kind of argument is that? Do you choose to either prosecute a burgler or
put a lock on your door but not both?

That said, the media industry as a whole has pushed more than what's necessary
to protect its content (eg. DMCA, extending the copyright window) and a more
fruitful course of action is to get Congress to change those laws.

~~~
_mdpn
>Do you choose to either prosecute a burgler or put a lock on your door but
not both?

Physical property and intellectual property are not the same, so this analogy
does not hold.

Copyright is fundamentally a balancing act between these two opposing
interests:

    
    
      - the right of a creator to make money of their creation for a limited time
    
      - the right of the public "to promote the progress of science and useful arts"
    

There is no such duty for a physical property owner to allow others to access,
view, or build upon his property.

If you choose to use technological means to deny society the second interest
above you should not also be allowed to claim the protection of the first
interest above.

------
noodlesUK
All this content having DRM drives me totally crazy. I don’t have a windows
machine or games console where I live that can output 4K, but I have a laptop
and desktop running various Linux distros that both have very nice 4K
monitors. It appears that the only places where I can get content that will
play at native quality on them is through the usual illegitimate sources or
through breaking BD drm. Anyone who says that this (Netflix, Amazon etc) is a
smooth process doesn’t care about quality (or heaven forbid offline access).
I’m sure Netflix likes the free reduction in bandwith for desktop users
though...

------
shawnz
Google is being blatantly anticompetitive here and it's definitely not fair to
OP. But as an aside, I actually would prefer this functionality to be provided
by a browser extension rather than a separate app, like the OP describes at
the end of the article. Please pursue this option! I think it would be much
more convenient than having to launch a separate app, even if the
functionality is reduced.

~~~
smaddock
There are some features which make a desktop application more appealing to me.
One feature required changing browser behavior [1] which wouldn't otherwise be
possible.

A WebExtension could work, but has potential to run into the same gatekeeping
issue of being removed by Google from their Web Store. With Google having ~70%
market share, this wouldn't be a good outcome.

[1]
[https://github.com/electron/electron/pull/17203](https://github.com/electron/electron/pull/17203)

~~~
43920
This is sort of a ridiculous hack, but you could probably override
Element.prototype.webkitRequestFullscreen, and manually resize the element to
take up the whole browseer window rather than entering fullscreen.

~~~
smaddock
At one point I did try this, but it ends up being a much more complex
solution. It turns out it's fairly difficult to ensure the element appears
above every other element. I was using 'position: fixed' with the maximum
z-index value.

------
mr_puzzled
How does firefox manage to play drm content? Maybe OP could use firefox's
approach? Someone mentioned below that redistributing is not allowed, but
downloading at runtime is ok. Not sure about it, but if anyone knows about
this, please explain it to the rest of us.

~~~
jhasse
I would guess that Firefox's approach is only possible, because Mozilla made
sure it is. I doubt that anyone else is allowed to "redistribute" the binary
by automatically downloading it at runtime without getting a license.

------
mangecoeur
If only we'd been warned about the risks of handing over so much influence to
Google by basing everything around their browser... >-<

~~~
jhasse
The situation would be the same, if his web browser was a fork of Firefox.

------
numbsafari
> Waiting 4 months for a minimal response from a vendor with

> such a large percentage of the market is unacceptable.

Umm... expecting any kind of response from a vendor with such a large
percentage of the market is... kinda arrogant.

Who are you to demand any kind of response from anyone? Big project or small?
You'd probably be less offended if you had a better sense of self awareness
about the nature of your relationship with Google.

Thinking that Google should kowtow to your desire to build a product is pretty
foolish. You need to build a product and get some traction and then have some
leverage. Widevine is evil. Google is evil.

... but so is Electron, and requiring your users to use a custom browser to
use your product / feature. How about an Web Extension that coordinates
playback in the browser, as opposed to a whole custom browser?

~~~
RandomBacon
> expecting any kind of response from a vendor with such a large percentage of
> the market is... kinda arrogant.

Are you saying Google is too big to be responsible?

Amazon is huge, and I'm able to get a customer service represenatitve in
seconds.

~~~
glennpratt
I don't see your point. For products you pay for, you can get Google support
in seconds as well.

This really isn't a customer support question.

~~~
NewsAware
Not really. Tried to get an invoice for a Playstore Dev account (50€) which
didn't show up in Google Wallet 2weeks ago and support was non-responsive

------
vanilla
Here is a good talk on that topic[1].

Widevine does not come bundled with Firefox & Chrome. Each installation has to
download the Widevine binary. You would be able to use the binary to implement
DRM support, like Kodi did.

[1]:
[https://www.youtube.com/watch?v=3Y3R_snaDDc](https://www.youtube.com/watch?v=3Y3R_snaDDc)

------
wolfgke
As I often write here on HN: "Learn the lessson not to make yourself dependent
on a despot.".

~~~
smaddock
This is true, but isn't always possible if you want to ship within a
reasonable time frame.

------
whatamidoingyo
Stop using Google products. Should have used Firefox. Seriously. Stop allowing
them to contain their control. As stated in the article, Google's browser has
70% market share. Firefox is the browser we need.

"Don't be evil" has been changed, remember? They now embrace evil, they love
it.

Edit: downvote this all you want, I really don't care. You're going to be at
fault for the destruction of the web in the future.

------
jwildeboer
“I forked Chromium and Google refuses to give me the proprietary bits” seems
to be a better headline IMHO.

------
krmboya
> “This is a prime example for why free as in beer is not enough. Small share
> browsers are at the mercy of Google, and Google is stalling us for no
> communicated-to-us reason.” - Brian Bondy, Co-founder & CTO of Brave

Stallman strikes again

------
nprateem
Open an EU anti-trust case. If you're not an EU citizen try finding someone
who can take it to the EU who is, or look into whether you can get the EU to
act on your behalf anyway.

------
lanevorockz
DRM is just another extension of the lockup of information. Sadly, the
information age ended up doing the opposite than I hoped. We should be pushing
for a more free and open thinking society, instead we are capitalising all
information while banning any dissenters.

------
holoduke
Yes there are many more examples not widely known where Google is abusing
their monopoly. Firebase fcm push notification system is a good example. If
you want to implement your own push notification service on android phones.
Well too bad. Only Google is allowed to have special privileges so that their
firebase service on phones works even when a phone is in doze mode. If you run
into firebase quota issues like our company is having it is just too bad.

------
iheartpotatoes
I didn't follow the extension workaround. Won't google block that as well, or
are the different rules for extensions?

Also, thanks for pushing on them. I've seen numbers posts on HN recently about
the opaque walls folks encounter on Google, Amazon and Facebook property
monopolies. This is just another great example. Would it make sense to file
this with the EFF? Someone has to be collecting all of these issues for the
impending class-action suit?

------
vkaku
I'm pretty sure there are options, none of which are efficient, but here they
are:

1\. Firefox consumes the Widevine as a plugin, and the way to load that may be
a straightforward one, through an interface.

2\. Support a different DRM scheme that has an open interface and is popular

3\. Disassemble Widevine or talk to hackers who've understood it. Clean room
disassembly is legal in many parts of the world.

4\. Don't drop this project, but put up a placeholder and evangelise better
DRM standards. Pretty sure that if it involves crypto and it's not open
source, it is an attractive target with an exploit in the works. That's what
it is going to lead to, and by then you'd already have a working
implementation.

------
codewiz
Google blocked... what? The blogpost shows the answer from Google, but
crucially omits to say what exactly the author was asking for.

~~~
rement
Widevine is the DRM component used in chromium based browsers. You need a
license from them to run DRM based content in your browser. Widevine was
purchased by Google in 2010

[https://en.wikipedia.org/wiki/Widevine](https://en.wikipedia.org/wiki/Widevine)

------
lunulata
People seem to get surprised when Google acts like a for profit corporation...
why? That's exactly what they are and have been for a very long time. I guess
they have a good publicist. In reality, Google discourages competition in the
browser, search engine, and email space by denying some of their many services
(which you shouldn't depend on for open source software unless it has an open
source license) and worse, blacklisting competitors. I've read posts from
creators of search engines and email services on here that eventually were
blacklisted by Google to squelch their growth.

------
peterwwillis
Is this a late april fools joke?

 _" Metastream: Watch streaming media with friends."_

He's complaining that they won't let him use DRM. But his project's purpose is
to literally broadcast media to your friends.

 _DRM exists to prevent that._

~~~
smaddock
It doesn't. It transmits playback state, but doesn't stream any video or audio
content. Each user needs to be logged into web services on their own client.

------
todipa
Send this to the @EU_Commission - they might look into it.

------
sipos
DRM never really works.

The best implemented DRM makes it hardly any more inconvenient for people to
use it, and people accept it most of the time, Steam for example. It always
puts some people off, who end up pirating it when they wouldn't otherwise
have, though.

Even the best DRM is always cracked by those that want to. There is no DRM
system that has ever been created that will not be defeated, because it is
trying to achieve the impossible. You have to give legal consumers access to
the content to consume it, so they always have access to copy it. It will
never work. If DRM didn't exist, piracy would be a lot less common.

Most people stopped pirating music when it became easily available without
DRM.

Ultimately, all DRM gets cracked, and this is the only real response to it.

Annoyingly, DRM only doesn't hit sales harder because it is defeated. If it
was impossible to defeat a particular piece of DRM, it would harm sales of
content using it much more, but the harm to the content sellers is limited by
the fact that it is always cracked early on and made available to consumers
they have cut off. For example, I have a Netflix subscription, which I use in
an otherwise open source browser, using the widevine plugin ripped out of
Chrome. If this wasn't relatively easy, I would just not use Netflix. Netflix
is only getting money from me because the DRM they use is easy to defeat
illegally. If the DRM worked, I'd stop paying for Netflix, because I wouldn't
be able to use it and it'd be much easier to watch the same content by
downloading it from Usenet.

------
burtonator
I had a similar response when developing Polar but for Electron and the MS app
store.

I write a few posts about it here:

[https://getpolarized.io/2019/02/13/microsoft-blocking-
electr...](https://getpolarized.io/2019/02/13/microsoft-blocking-electron-
apps-from-app-store.html)

[https://getpolarized.io/2019/02/28/dear-app-stores-dont-
bloc...](https://getpolarized.io/2019/02/28/dear-app-stores-dont-block-apps-
lead-with-the-carrot.html)

It took me four weeks to unblock me and I finally had a chance to re-publish
to the MS app store and I'm waiting for their final approval of my app.

YES.. I can develop the app without being in an app store , but my
distribution will be dramatically reduced.

Doesn't make sense to have an app with no users.

Google is probably not actually targeting this app specifically just that
they've been insanely incompetent lately and screwing over developers ALL over
the ecosystem including Android, Chrome Extensions, etc.

Our chrome extension continues to need approval every time we publish it EVEN
if we just update the assets/images.

Google is really dropping the ball and pissing off developers left and right.

Over at /r/androiddev people are actually talking about protests at Google
IO...

------
merb
Basically it's possible to download Google Chrome and extract it:

[https://aur.archlinux.org/cgit/aur.git/tree/?h=chromium-
wide...](https://aur.archlinux.org/cgit/aur.git/tree/?h=chromium-widevine)

Basically Arch Linux Downloads Google Chrome, Extracts the *.so file and puts
it into the chromium lib directory. (This could've been done in his own
browser aswell.

~~~
grapeli23
There is no such package 'chromium-widevine' in the Arch Linux repository.

sudo pacman -S chromium-widevine

error: target not found: chromium-widevine

~~~
rcxdude
It is in the AUR (arch-linux user repository). Packages in there are submitted
by the community and there is deliberately some barrier to installing them,
including requiring that you build them yourself (this is because the packages
are not vetted before they are posted, and they could be malicious).

------
writepub
The title is totally and completely inaccurate. Google is NOT blocking the
author from creating a web browser. Google is apparently unable to license the
DRM code/binary to the author.

Just to set the record straight, the author's browser is based off Chromium,
funded largely by Google. However, for whatever reasons (and I can see many
legal ones for the inability to license a DRM module), Google cannot license
the DRM module. The author is free to implement it himself, Google is not
"blocking" him.

Another point of note - the author is NOT entitled to widevine, so this
pitchforking of Google is simply uncalled for. If the author finds Google to
be "blocking" him, maybe asking Apple or Mozilla for WideVine support in a
browser that competes with their own offerings is a way to go, and to validate
which company is actually willing to work with competing open source offerings

------
DCKing
Out of curiosity, is there any reusable alternative for Google's Widevine
module? It seems both Chromium and Firefox use this, and all other open source
browsers are based on them. Safari and Internet Explorer DRM would be tied to
specific platforms and also not reusable, I'm guessing?

How (re)usable is Adobe's Primetime DRM for something like this? Primetime was
removed from Firefox in version 52 (pre-Quantum) in early 2017 [1]. Are there
any others?

[1]: [https://www.ghacks.net/2017/01/10/firefox-52-adobe-
primetime...](https://www.ghacks.net/2017/01/10/firefox-52-adobe-primetime-
cdm-removal/)

~~~
smaddock
There might be potential for Microsoft's PlayReady DRM with their move to a
Chromium-based browser. I contacted them while waiting to hear back from
Widevine and got this response.

> For Windows Electron/Chromium will not work with PlayReady at this time. I
> have provided your feedback to the engineering team for future planning.
> Currently PlayReady can be integrated in a PWA/(Windows Store HTML/JS app)
> and there would be no royalties on Windows.

------
wolco
So google won't let you use there DRM. Firefox doesn't support this.

Don't allow DRM sources hulu/netflix otherwise make a deal with each company.
Your problem is with the video providers not a third party who has a solution
you want to use.

~~~
kllrnohj
> Firefox doesn't support this.

[https://support.mozilla.org/en-US/kb/enable-
drm](https://support.mozilla.org/en-US/kb/enable-drm)

"Firefox for desktop supports the Google Widevine CDM for playing DRM-
controlled content. Firefox downloads and enables the Google Widevine CDM by
default to give users a smooth experience on sites that require DRM."

------
4RealFreedom
I wonder if you could fight DRM content in Japan. Last week there was a story
on HN about a few people being prosecuted for spreading a virus which was
actually just a javascript trick. DRM seems like it would fall under the same
category.

------
ghostbrainalpha
The core functionality of Metastream (his browser), the ability to sync videos
and watch them as a group is very cool and super useful in a classroom or
study group environment.

Does anyone know if there is another way of going about doing this?

------
tlb
I'd be happy to use one browser for Netflix and another browser with better
privacy/security/adblock/anti-track/bookmarking/speed for everything else. I'm
already in this world: I use Brave for most things, except for a banking site
where it doesn't work.\

The browser should explain clearly what's wrong and what to do when a site
requires DRM. Don't be like QuickTime, where opening any unsupported file
bounces you to a FAQ page where the question you most likely have ("how do I
view this video") leads to a huge run-around.

------
ezoe
So he tried to create a chromium based browser which sync the DRM protected
video playback with other peer and blocked by Google. He totally deserved it.
He was just wasting time to build software on top of evil DRM.

~~~
smaddock
I don't see the issue here, no video or audio content is being streamed. It's
only state such as time and play/pause.

------
nerdile
So the article is complaining that companies that chose to create a gated
consortium to protect content are exhibiting gatekeeping behaviors and not
representing open ideals.

Um, duh?

These entities have elected to participate in two communities - open where it
commoditizes their competitors (e.g. Chromium, Netflix service infra) and
closed where it protects their differentiation (e.g. Chrome, Netflix licensed
content).

As an open community, instead of demanding access to the gated communities,
and whining when companies innovate behind walls, we should be building
better, richer solutions in the open.

------
apk-d
What IS the point of video DRM anyway? I can't remember a single instance of a
thing I wanted to watch not being available for torrenting over the years,
maybe barring some really obscure television episodes I wouldn't find on
Netflix anyway. I do pay for (most of) the content I watch these days (now
that I can kinda-sorta afford it), but it's not because it's not available one
thepiratebay search away. Mainstream stuff usually comes out within hours of
the release.

------
kowdermeister
This sucks, I know how bad if feels when you rely on a major vendor that can
make or break your product. I was somewhat relieved that it happened when I
already abandoned the project for a better one but had I invested more time
into it I would have been furious.

The only thing I wonder here is that DRM was a thing when he started working
on this project, didn't he see this coming? By this I mean that project
research should start with the hardest part, at least that's what I usually
do.

------
drosan
I certainly agree that overpowered Google folks are basically bunch of shady
dweebs now, and DRM is garbage practice overall.

However I simply cannot empathize with you because you made another
Webkit/chromium-based thing, and that is certainly not the thing we need right
now. With Google monopoly in the web the thing we need is the actual good
deviation of their w3c 'standards' realization, like Firefox.

Reskinning Chrome with arguably useful "multiplayer" play-pause feature is
just meh.

------
cprecioso
Maybe a solution for the problem in the post: one way to simulate Electron but
using full Chrome instead of the DRM-less Chromium, is to make the app target
Carlo[1] instead. It's basically what a Chrome app used to be (now
deprecated), but run from a Node.js script.

[1]:
[https://github.com/GoogleChromeLabs/carlo](https://github.com/GoogleChromeLabs/carlo)

------
deadmik3
Another story to add to the long list of "don't like X? just create your own"
fails thanks to the monoliths running the internet

------
1337shadow
I already use chromium for most streaming, and firefox as main browser that i
spend 97% of my time on (with noscript of course). If your browser is better
than firefox I will switch, but you're not helped by my factor of love for
firefox.

As for DRM users, just post a version with the crack somewhere with a tor
browser and fake identity and let the streisand effect be.

------
shurcooL
> the open source browser Chrome

That doesn’t sound right. It should either say “open source browser Chromium”
or “closed source browser Chrome”.

------
ben509
If you had to run this stuff on another platform, you'd just spin up a VM or
container, right?

To get around the legal issue that they won't do this for an open source
project, just create a shell corporation.

That shell corp then writes a closed-source plugin wrapper in another project
entirely.

Put widevine in that wrapper. Then your open source project just has to
include that plugin.

------
yellowapple
Maybe look at how Firefox does it? Seems to have no problem downloading and
running Widevine on-the-fly (it even sandboxes it).

------
maketechfair
I hear you, it seems that technology is all about stonewalling these days...

I'm trying to bring to light a bug that allows to skip Ads in YouTube (no add-
ons, extensions, etc.), but just can't get any attention:
[https://twitter.com/maketechfair](https://twitter.com/maketechfair)

------
ggggtez
Sucks, I agree, but this shouldn't be surprising. No one wants to open source
their DRM. The title made me think they blocked you from creating a browser,
which clearly isn't the case, unless you really feel that Widevine support is
necessary for a browser these days (is it? I have no idea...)

------
yason
I would assume Google would not even be allowed to let third-party developers
use their DRM implementation even if they wanted to. The real stakeholders
would grumble a stern no. If this is true the real fix would be to patch the
copyright law, IP licensing, and the contracts with content producers.

------
avmich
Is the Chrome web browser buildable from sources?

If yes, what's the difference which allows Chrome to work with DRM and doesn't
allow another code to do that?

I don't think I understand the problem. What does it mean "won't allow DRM" \-
you can always write code which you like, right?

~~~
deckar01
Building Chrome requires downloading proprietary binaries that they licensed.
Chromium does not include these and does not include widevine by default, but
it can be installed as a plugin.

[https://wiki.archlinux.org/index.php/chromium#Widevine_Conte...](https://wiki.archlinux.org/index.php/chromium#Widevine_Content_Decryption_Module_plugin)

~~~
avmich
Can't those proprietary binaries be used in another browser? Is the API known?

~~~
int_19h
It requires a license to actually use. And it looks like they verify your
binary's signature in the licensed version.

~~~
avmich
I'm not sure I understand. Can't you have Chromium browser work with that
software? And modified Chromium browser, e.g. Firefox? I don't remember I
accept licenses at least as a user.

~~~
darkpuma
> _" And modified Chromium browser, e.g. Firefox?"_

(Firefox is not a chromium derivative.)

~~~
avmich
Any browser could be made from Chromium by sufficient modification.

I mean, if something open source works, anything else open source can also be
made to work.

Even if something that works includes binary blobs, you can still modify open
source parts while keeping that blob and keeping the system working. So I'm
not sure what is the original problem.

------
shapiro92
Can someone explain to me why this project requires a DRM? From my
understanding the DRM is used to block people from taking the content itself,
but if this has public/private/offline abilities what is the point of a DRM?
it is supposed to be between peers.

------
tathougies
Um... I think you can just re-use the widevine shared object that Google
Chrome comes with. You can't distribute it, but you should be able to include
instructions for those downloading your project on how to acquire it.

But, I mean, Google is crappy. No surprise there.

------
gregknicholson
> I’m now only left with two options regarding the fate of Metastream: stop
> development of a desktop browser version, or pivot my project to a browser
> extension with reduced features.

Is there some reason you can't make a fork/distro of Firefox?

------
conmarap
> Google, the creators of the open source browser Chrome

Uhm... Chrome is positively not open source. Chromium is.

Getting past this technicality, I can't help but wonder what other browser
vendors that have forked Chromium did in order to not get blocked.

------
new12345
I think its logical step on the part of Google. They invested in integrating
Widevine in Chrome and they want it to be a distinguishing feature of Chrome.
Why do you expect a profit seeking company to help their own competition?

------
voldacar
So is widevine essentially just a bunch of built-in javascript functions that
the netflix website calls when you try to play a video?

If so, couldn't you just copy and paste the implementation into your browser
from the chrome source?

------
gregknicholson
> the creators of the open source browser Chrome

Chromium is open source, and Chrome may _look_ 99% identical, but we have no
idea what hidden differences there are between Chromium and Chrome, because
Chrome isn't open source.

------
snurk
A very misleading title. But the content is nothing to get upset about.
Reasonable people can easily disagree:

* Google didn't can can't block a new web browser from working. * OP is making an _opensource_ browser * OP's browser is specifically made for showing videos in some kind of P2P architecture. * OP is upset because he can't play some other peoples' videos in his new browser.

The R in DRM, standing for Rights is relevant: this isn't your content, OP.
Thousands of creatives, artists, and investors put time, sweat and blood into
these. They've chosen DRM as the way to get paid. You have no right to their
content. If you don't like DRM then vote with your feet - watch others'
content, and find another way to compensate them.

------
alvalentini
The real issue I see is that there is no commercial appetite for such a
solution and that this world is so dominated by humongous corporations that
things like this simply have no solution.

------
chadlavi
Are there grounds to sue someone like Netflix under the ADA if their content
is not accessible in a standards-compliant browser that happens not to be
allowed to access closed-source DRM?

------
ikeboy
Interestingly, Amazon prime didn't give me HD video on Ubuntu chrome, but
worked and gave me 1080p if I changed the user agent to a recent windows one,
in chrome.

Still can't get 4k anywhere.

------
charlesdm
Not completely legal for distribution, but you can embed the Chrome Widevine
binary in a Chromium Embedded Framework application. I have done so myself in
the past. Works great.

------
Driky
"Don't be evil" they said... Most people working at google might be nice
people but the one in control are the they ass holes that you will find
anywhere else :-(

------
bredren
Regarding the product, is this for allowing friends to watch Game of Thrones
and other shows together remotely?

Because I had this idea and was wondering what tech would be required to solve
it.

------
cyborgx7
I have lost all sympathy for the big media industry. Pirate it all. Paying you
just gives me a worse experience and you more power to make things worse.

It's a lose-lose-lose proposition.

------
miki123211
When Doctorov cried wolf. Nobody listened. The wolf is here.

------
mikorym
Are users here who use others browsers than Firefox?

For example, if you are browsing the web without looking at pictures, I
sometimes find Lynx useful to filter out the clutter.

------
shmerl
DRM is not compatible with open source approach. So ditch DRM if you are
making an open source browser. You'll deal with less garbage in result.

------
babypuncher
Is there anything preventing a Firefox-derived project from using the Widevine
CDM plugin? Or does that only work with official builds from Mozilla?

------
pytyper2
This seems like poor planning, I would have recommended to verify licenses for
all required technology were available before investing time.

------
trhway
Well, Google blocked the poster from creating a DRM player, not web browser -
those are 2 very different things. DRM is eating the web.

------
3327
HI Please post this and bring to the attention of the DOJ.

Microsoft got broken up for anti-trust behavior that is PEANUTS relatively
speaking today. Bill Gates was right, (proven overt time) - that the OS is not
the competitive advantage - its the platform and ecosystem as a whole.

Google should be broken up, so should facebook and so should Apple.

Amazon? I don't know they seem fairly diversified and although are decimating
e-commerce its a more difficult sell.

------
Exuma
What is "synchronized playback"?

~~~
smaddock
Every user in a session will see the same playback timestamp for a video.

------
wesleyvicthor
the size of this comments thread and the amount of information on it is
directly proportional to the even bigger hole you are getting into. You either
come with a well defined plan of revenue for a company, so you can fulfil
their Legal statement or you will only transmit DRM free content.

------
jokoon
I noticed that some video streaming services are using HTS, some weird tech
that is not file based, which makes it quite difficult to download those
files, even downloadvideohelper won't do it directly, you need some third
party executable.

The web is mostly open, but there are still things out there built to
explicitely prevent users from doing what they want, and it seems that even
firefox supports this tech.

------
sigi45
Sooo the author builds a browser with the assumption that he just can use DRM
stuff?

Thats an assumption i would say is not given. If you build something like this
and you expect to support DRM, do your homework on DRM before you start
building stuff around it.

------
musicale
How about the browser just tells the DRM that it's Firefox?

------
emilfihlman
What's the effort being done in cracking these DRM schemes? Surely they are
only running on the browser userspace and thus entirely crackable?

------
tapatio
"Don't be evil."

------
timmit
anyway, you deserve my star. :thumb up

------
KorematsuFred
Can someone please give me a Tl;dr for this post ? Why would google have any
say in someone making a web browser ? Where does their path have to cross ?

~~~
lostmyoldone
This certainly isn't short, but I don't know how to make it shorter, as I
don't know what you don't know, and what you want to know.

You need a DRM "capable" video component to be allowed to play most internet
video content that isn't directly user generated, or news.

The consequence is that the giants holding the rights to these components are
effectively holding the keys to a decent chunk of the internet. For a browser
specifically made for synced playback of movies, they essentially hold the
keys to _all_ of it. The big movie studios simply won't allow either streaming
or download without you using one of these solutions on both ends of the
stream.

The author applied for some form of license of the purportedly free and open
Widevine DRM component which is used/approved by almost all big streaming
sites. The request was rejected citing a somewhat odd reason: That the project
was open source.

This is odd because [https://github.com/castlabs/electron-
releases](https://github.com/castlabs/electron-releases) is open source,
apparently "blessed" by Google/Widevine, and available to use on the only
condition you get a license from Widevine. Which should then be impossible?

Which leads us to several somewhat plausible conclusions. Either the author
requested the wrong licence/needs a feature not available in previously
mentioned projects, someone at Widevine made a mistake, or there is a _lot_ of
smoke and mirrors going on to either make it seem Widevine is accessible to
anyone when it truly isn't.

------
gcb0
let's address the elephant in the room.

Google got the authority from everyone here who accepted chrome and IE DRM by
default, to the point that even Firefox was forced to give in, so you all
could be sedated by Netflix and other DRMed content.

~~~
sergiotapia
Truth hurts. Is it too late to open up the web? I've already switched to
Firefox.

~~~
kllrnohj
Firefox uses Google's Widevine for DRM content:
[https://support.mozilla.org/en-US/kb/enable-
drm](https://support.mozilla.org/en-US/kb/enable-drm)

"Firefox downloads and enables the Google Widevine CDM by default to give
users a smooth experience on sites that require DRM."

~~~
Egraveline
So did Firefox have to ask permission from google? Or do they just do it
without asking? Sorry I don’t know much about this.

~~~
toyg
I suspect the issue is that Firefox uses Widevine in a straightforward manner
(play the content to one browser), whereas OP’s scenario needs some sort of
additional insight in what the plugin is doing.

~~~
rcxdude
No, the issue is entirely that firefox has market share and any given
alternative browser project does not.

------
sureaboutthis
This is the only reason you can't watch Netflix on FreeBSD using chromium or
Firefox, too.

~~~
veryworried
How do you hack around it?

~~~
Evidlo
By getting media from "alternative" DRM free sources.

~~~
berbec
I've acquired media from "the usual places" for which I own the physical disc
because it's easier and faster than handbraking it myself.

------
hnsukas
I tried make any comment. Hacker news shadow banned me.

------
sonnyblarney
Anyone care to explain why widevine would not support specifically an 'open
sourced' solution? As opposed to a 'closed source'?

------
andrewmcwatters
"I tried creating an Electron app with Widevine support and Google won't let
me."

------
jsdevtom
What is a DRM?

------
amsdmasdmasdasd
That's a good thing tho

------
alexnewman
I wont use browsers with widevine. I refused to include widevine in any
browser I worked on. Widevine is clearly a backdoor and chrome is often
installed setuid root

~~~
asveikau
Who installs chrome as setuid root?

~~~
alexnewman
[https://forum.unity.com/threads/why-does-chrome-sandbox-
need...](https://forum.unity.com/threads/why-does-chrome-sandbox-need-root-
rights-suid-set.365818/)

------
boramalper
Since when HN started (up)voting items by their title?

The title is nothing but a textbook example of clickbait: it's sensational but
worse, it's deceiving (Google's response is NOT at all related to your
electron based browser with <0.001% market share, nor has Google "blocked" you
in the first place...)

Gosh I am angry.

------
toyg
(Burning some karma...)

So he built an app that is a thin layer over someone else’s app, to play
someone else’s content, and he’s upset he cannot get for free the nice things
someone else paid for (in development time). My heart bleeds.

~~~
anonymousab
I see nothing indicating that he wouldn't opt to write a compliant DRM plugin
at his own cost, or pay for the license or plugin if it were required.

~~~
toyg
He said the browser cannot be completed because Google won't _allow_ their
stuff to be used in an OSS project. It's clear he never countenanced the
possibility that * gasp * somebody could deny him access to their software. He
might have offered to pay, but the substance is basically the same: he assumed
he could get access to somebody else's stuff, when there was no such guarantee
(if anything, Google carefully insulating it from Chromium should have been a
big hint of things to come).

------
otterley
Flagging for inaccurate/inflammatory title. Google isn’t stopping the author
from creating a web browser.

~~~
ambicapter
Just from creating a browser with a reasonable feature set, like, say, the
ability to play non-obscure videos.

~~~
kllrnohj
Why can't the author do the same thing Firefox does, which also uses Widevine
DRM with no issues?

~~~
ambicapter
RTFA. Widevine is owned by Google. Google gives Firefox permission to use
Widevine. Google took 4 months to give this individual a one-line rejection,
ostensibly his only option for supporting DRM in a chromium-based solution
like the one he is using (Electron). Now what?

~~~
kllrnohj
I did RTFA did you? TFA has no mention of Firefox or Mozilla, nor why the
download at runtime approach that Firefox uses is not viable for them. Firefox
doesn't bundle widevine in their distribution. That changes things here. Maybe
it's still not viable for some reason, but TFA certainly doesn't go into it at
all.

