
Tim Berners-Lee just gave us an opening to stop DRM in Web standards - mynameislegion
https://www.defectivebydesign.org/blog/tim_bernerslee_just_gave_us_opening_stop_drm_web_standards
======
eveningcoffee
Everyone who is ignorant towards the standard DRM in web browsers does not see
the forest behind the trees.

It does not stop with movies or music.

If DRM is deeply integrated into the web then everything will get affected by
it. Already today some publisher go to great lengths to try to disturb people
from copying simple text and images. It will get only worse.

Currently the openness of the web has been very beneficial to the people
willing to make an effort to learn the web technologies. I think that this has
opened the field for many talented people. You can just inspect the page and
try to learn how it is made by reverse engineering it. This will go away and
you will get the inaccessible binary blob instead.

~~~
sbuk
"some publisher go to great lengths to try to disturb people from copying
simple text and images"

Genuine question: why is this a problem if the publisher doesn't want a third
party to use their work without their permission, or at all? I ask as an
amateur photographer who doesn't want people to use their images without
permission, especially for commercial gain. I choose to license my work as CC
BY-NC-ND 4.0, but that doesn't mean others will necessarily honour my wishes.
How can this be policed on a network as vast as the Internet? I get why DRM is
almost assuredly not be the answer, but what are the other options (excluding
CC licensing)? My issue here is that we make a lot of noise as to _why_ DRM is
bad, but the other solutions that I've seen are as bad, or offer little real
protection to the content creator.

~~~
ingenter
The answer is that it's _technologically_ impossible to prevent third parties
from using your work if you publish it. DRM _doesn 't_ solve this problem, but
claims to do so. As a result, genuine users suffer from DRM.

~~~
sbuk
"DRM doesn't solve this problem"

Again, no wish to goad, but _why_?

~~~
ingenter
Because there is always a way to extract the "protected" work. See:
[https://en.wikipedia.org/wiki/Analog_hole](https://en.wikipedia.org/wiki/Analog_hole).

If you're a photographer, I can always make a screenshot, or record the video
from my HDMI/DVI cable to the monitor or take a very precise photo of my
screen, and I WILL get the photo from your website or app.

There is plenty of evidence that DRM doesn't stop copying: millions of
torrents ripped from crunchyroll/hulu/netflix/Blu-Rays, all of those have some
sort of DRM, all of them were circumvented. There are people who think that
DRM is not _designed_ to stop copying, but it's designed to control how
legitimate users consume your product (see: DVD ads).

Edit: Please don't assume that this is the _only_ argument I have, it's just
the most obvious argument from the top of my head. There are plenty of people
who explain the negative sides of DRM and reasons it doesn't solve the problem
you described. They do it in a very eloquent way with rigorous arguments, and
I don't believe that I _need_ to repeat those arguments. I'd like you to
listen to Cory Doctorow:
[https://www.youtube.com/watch?v=HUEvRyemKSg](https://www.youtube.com/watch?v=HUEvRyemKSg)

~~~
sbuk
Thanks. It's an iteresting discussion that needs to be had. As I said, I often
see things along the lines of 'It's just bad, m'kay' without any reason. Your
explanation is reasoned and cogent. Again, Thanks!

------
gcp
As others have pointed out, this amounts to nothing. At worst there'll be no
standard, at best there'll be a standard not under W3C control.

That being said, Netflix was a big pusher for EME, as far as I know not
because they wanted it, but because the studios they license from demand DRM.
Yet, they seem to have lost most of their "movie studio" catalogue and are now
focusing on originals.

Netflix guys, what about allowing us to see the originals even if we don't
have a CDM installed? That would kill DRM/EME faster than hollow FSF & EFF
victories. FSF/EFF guys, doesn't this sound like a more promising campaign to
you?

~~~
AimHere
> At worst there'll be no standard, at best there'll be a standard not under
> W3C control

Wrong way around. From the anti-DRM POV, the best case is no standard, since
that likely turns DRM web content platforms into an ugly battleground where
multiple competing proprietary companies use horrendous tactics to fight over
user share and platform dominance. All sorts of third party browser plugins
will be needed, with the resulting mess of upgrades and incompatibilities and
platform dependencies, and the whole world just ends up hating the whole mess
and goes back to the free internet. Think in terms of Flash vs Silverlight vs
Java applets all being superceded by the considerably less awful HTML5.

The point is to make DRM-afflicted content into as bad a product as possible.
Having a standard for DRM is only a good thing if those against it have
already admitted defeat.

The worry is if the content providers get together and make a standard outside
of the W3C, and DRM content becomes a usable product without any consortium
input.

~~~
richardwhiuk
If W3C doesn't make progress in the way that the browser makers want, they'll
just go around them. This isn't a possibility - it's happened before with
WHATWG. The W3C exists to serve the browser and content makers who want this.

~~~
acdha
That's the part I think a lot of people forget: Apple, Google, and Microsoft
are also DRM vendors. There is no nefarious third party needed to put DRM into
most of the browsers people use, and Mozilla doesn't have anywhere enough
market-share to do more than slow that.

------
lucb1e
> DRM's dark history — from the Sony rootkit malware to draconian anti-
> circumvention laws — demonstrates that integrating it into Web standards
> would be nothing but bad for Web users.

This is where I get scared. What if DRM does not become a web standard? What
is the alternative that companies will want to use instead?

That is for me the only reason why standardization might potentially be a good
thing. Not because DRM is good, but because the alternative might be worse.

Everything in the past has been broken anyway. From CSS to AACS to HDCP[1]. I
was hoping Firefox (and perhaps Chromium, but Google would probably not be so
kind as to open source that part of the code) would have the DRM code built in
so that we can spoof the whole thing with simple modifications. Better than
having to reverse engineer Sony malware.

[1]
[https://en.wikipedia.org/wiki/Illegal_number](https://en.wikipedia.org/wiki/Illegal_number)

~~~
kijin
If you standardize it, you legitimize it.

The most important difference between Sony malware and an open-source crypto
library is not that the former is more difficult to reverse-engineer. It is
that the former is _illegal_ to reverse-engineer, at least in some parts of
the world. This is what gives content owners the illusion that their DRM
protects them. They are not looking for bulletproof technical protection.
Social and legal high ground is good enough for them and their propaganda
machine.

If DRM becomes standardized, it becomes much harder for the rest of us to make
a convincing argument that this crap is not what the web was meant to be. The
next thing you know, users of DRM-free browsers will be shown error pages
telling them upgrade to a more standards-compliant alternative.

~~~
catdog
> If you standardize it, you legitimize it.

Your post pretty much nails the importance of opposing this in a few words.
The (not) standardization of DRM is first and foremost a very strong political
move.

------
grogenaut
EDIT: I'm not trying to bag on them, I just think they need to work on their
messaging if they want to be effective:

That website seems about as in touch with people not of the same mindset as
the back pages of norml's website (once you got past the parts written by a pr
person). It's got a rotating banner to "cancel netflix" which links to a 2013
post about how netflix will make you use only certain browsers. Makes the site
either seem disused... or "tinfoil" as I think most consumers love netflix.

(note I only used norml as an example because their site used to (and may
still be) well articulated argument on the front which quickly devolves into
what many people would see as weakly argued reasons for letting me get high.
it's why, in any movement, you put your articulate people out front even if
they're not the real driver).

------
oliv__
"Defective by Design"

Sounds like pretty much everything that's manufactured these days...

~~~
lucb1e
Dishonest by design I'd say. Many many vendors do not provide security
updates[1], lock down their platform physically[2] and digitally[3], do not
provide customer service[4], or make things that are intended to break before
you may expect. There is 2-year warranty for electronics in the EU, but good
luck suing some big American corp for your 1 year 11 month old device.

[1] IoT & Android comes to mind.

[2] Funny new screws in every iPhone come to mind, but of course there are a
thousand product categories where the same happens.

[3] DRM in any kind of way. I would personally count all closed source
software in this category, but as a software engineer who might like to tweak
a feature in the source, I have a different perspective on what "locked down
software" means.

[4] Google for any product, Microsoft for Windows, and many other such
companies. Either they have a big fortune to not care about the couple of
customers that run into trouble (e.g. Google), or they think it's not their
responsibility since they don't sell directly to customers (Microsoft).

------
Waterluvian
Isn't this just an arms race that they can never win? Regardless of source,
encryption, format, etc. If a frame of a movie eventually makes it to my video
card's buffer, I can get at it, right? There is no end-to-end encryption from
source into my brain.

I can only see this just being a colossal inconvenience for users, developers,
and many many innocent applications.

~~~
mordocai
The end game would be decrypting it in the display device (better have a movie
conglomerate approved video card and display device so everything supports the
drm!) + one of the many solutions lately that can cause recording devices to
(voluntarily at the device level, not at the user level) turn off.

Then of course you just use a non-broken recording device and record it but
it'd be potentially very hard to get a purely digital signal out of a system
like that (unless they mess it up, which they will).

And in the end pirates will continue getting to it an alternative way or
cracking the drm and as you say, users are the ones inconvenienced.

------
contingencies
Vote with your money. Don't buy Apple or Google devices, don't pay for Netflix
or similar DRM streaming systems, don't buy Kindle books, don't buy Steam
games. Buy unlocked media only, and don't forget to create some of your own.

~~~
givinguflac
I wouldn't ever buy content I will own with DRM, but if you think you'll ever
see streaming without DRM you're crazy. Personally I've done my fair share of
pirating for various reasons, and I think streaming services are the ONLY
reasonable use case for DRM. You aren't actually purchasing content.

~~~
contingencies
Streaming without DRM comes pre-installed on TVs here in China, and there are
many torrent-based solutions as well.

------
throw2016
I think DRM is anti culture. Human history has been about sharing. We are a
product of the whole. Cultural wealth has been passed down hundreds of years.
Now the story tellers and singers do not want you to repeat their stuff, which
put in perspective is not a very cultural thing to do.

And the only reason they can do this is because interests can congregate and
technology can be abused but it seems morally and ethically questionable. You
are not stealing anything, you are watching or listening to a product of our
culture. You do not take anything away from anyone.

Its just a small period of 70 years before the internet when mass media and
content creators could colloborate to 'manufacture trends', hits and
disproportionate wealth.

Before that artists went broke and risked everything just to get their stuff
published and out to readers and viewers. Obviously this is not how it should
be but the whole 'jetset star lifestyle' may not always be possible simply
because you are an artist.

The problem is now that kind of 'trend manufacturing' is much harder to pull
off. But the entire industry from studios to artists have got throughly
spoilt, got used to those disproportionate returns and are now throwing all
their toys out of the pram.

Artists create but the rest of the world is also busy creating stuff.
Engineers, industrial designers, scientists, programmers, eveyone is creating
stuff. Can anyone just be 'entitled' to extraordinary wealth just because they
create. Maybe its their cost structures, business models and expectations that
need to change.

DRM is just a tantrum backed by money, its rent seeking of the worst kind and
our democractic institutions and systems are so compromised by special
interests they will continue to get their way.

------
wooptoo
That's a bit disheartening. Instead of having a basic standard to start with,
we will now have none.

The issue that FSF and others appears to have is with the Content Decryption
Module which is a binary blob at the moment. Standardising/opening up the CDM
spec could have been done afterwards.

If the W3C were a bit sneakier they could have played a bait-and-switch game
on the content providers and push for a standard/opensource CDM at some point.
Why couldn't there be an open-source CDM?

~~~
cyphar
> Why couldn't there be an open-source CDM?

You could have an "open source" implementation. But you couldn't have an
effective free software implementation, because it wouldn't be possible for it
to be an effective DRM measure. If you have free software DRM, what stops a
user from removing the DRM components (hint: nothing)?

~~~
DiabloD3
Nothing will EVER stop it. DRM is a scam, nothing more, nothing less. As long
as human beings have access to the data that they are (legally) allowed to
have access to, unencrypted data will exist and will be pirated.

Steam solved the DRM issue eons ago: become the best place to get something,
and people will flock to you to get it.

~~~
cyphar
> Nothing will EVER stop it. DRM is a scam, nothing more, nothing less.

I'm very anti-DRM. My point to GP was that there's no point wishing for a free
software DRM implementation -- because there's no way the people orchestrating
the DRM conspiracy would allow for someone to remove their precious
cashcow^Wdigital restrictions.

> As long as human beings have access to the data that they are (legally)
> allowed to have access to, unencrypted data will exist and will be pirated.

Yes, this is true. But I really wish we would solve the actual problem:
corporations thinking that DRM is actually a benefit to anyone.

> Steam solved the DRM issue eons ago: become the best place to get something,
> and people will flock to you to get it.

Steam has DRM (the games are tied to Steam IIRC so if your account ever gets
deleted you're fucked), so I don't know what you mean by "solved the DRM
issue".

~~~
imtringued
DRM is optional on steam. The publisher has to decide to use it. The DRM is
also trivially breakable.

~~~
cyphar
Do you have any stats on how many publishers use the DRM? I get the feeling
that the numbers are quite high for AAA games. Also, the DRM being "trivially
breakable" doesn't actually help anyone -- if you buy a game then break the
DRM you're implicitly signalling that DRM is good to publishers.

------
ubersoldat2k7
There seems to be lots of confusion of what EME is because people bring up
images, text and games. First of all, EME is targeted to video and, to less
extent, music streaming. Streaming video content to web browsers is,
currently, a mess. There are many DRM schemes and each does its own crazy shit
to try and make it work on everyone's browser. It's also expensive. So
expensive that only big companies will target big platforms.

Also, EME doesn't affect only web browsers, it also affects SmartTVs which are
limited to a few DRM products.

What EME and CENC try to achieve is to add simplicity to this process and for
open source products to be able to compete with closed source ones. Even small
DRM products are moving on this direction because it's impossible for them to
target all platforms. On this regard, even an open source DRM scheme could be
achieved and compete.

DRM, EME and CENC will happen, and this only hurts open source products like
Linux and Firefox. But it will happen.

------
INTPenis
Pardon my cynicism but there is no stopping this. Money talks, money is power,
activists lack both the power and organisation of large corporations.

I foresee a near future where only a few in society will be able to use the
internet safely. There will be subcultures, small segregated pockets of people
who refuse the big corporate alternatives on the internet.

We're already seeing this today, think about it. I'm speaking from a Swedish
perspective but when piracy on the www was relatively new in the 90s you'd go
to "your guy" with the CD-burners and they would give you the movie, game,
software you needed.

Only a few people knew enough to keep up with the trends, the BBS, the FTP
sites and the newsgroups. Though there was little to none legal problems there
were instead technical problems to piracy.

Then we had the piracy golden age, from about 98 to 2015, or today even. When
everyone and their grandmother pirated. It was so easy, and torrents made it
even easier.

But now the biggest ISP in Sweden has started handing over personal
information of their subscribers to foreign companies who are sending monetary
demands to the customers if their IP is found on trackers. So instead of being
taken to court, just pay the money right?

That's just the start, it will only get worse because corporations have all
the power.

But let's look at another example less sinister than piracy. Let's look at
simple tracking and web security. Even there you have to be relatively
computer savvy to keep up with the new tools, Adblock is out, uBlock is in,
Noscript author is under fire, alternatives are often hosted on github.

See what I mean? Safe web browsing is being restricted to a few people savvy
enough, or interested enough, to keep up with that scene.

So already, today we're seeing what the future holds for the internet. Any
privacy conscious, safe browsing will be pushed to minority subcultures using
different platforms, tools and networks than the rest of the population.

The internet will be just another TV or Radio, with indie broadcasters
fighting to remain free in a vast sea of big corporations.

We'll most definitely always have open source browsers but the question is how
well these browsers will support the new DRM internet that I foresee in our
futures.

So pardon my cynicism when I see no positive outcome for DRM on the web. I see
instead a majority of content under DRM protection, some of it being copied by
a small minority in society and spread through other smaller networks of
people who refuse the mainstream web standards.

How this is achieved is just a technicality. It is inevitable because there's
money in it and as long as there's money in it corporations will pour money
into lobbying to change the rules in their favor.

~~~
CaptSpify
I kind of have a pet theory on this: We need to take away the money aspect
from here. We've started entering a post-scarcity society, but our economic
models don't account for that. It's free to distribute media, but our economic
model demands that we have a paid gateway. I don't know how to solve this, but
I do think that we'd be better off once we get it fixed.

~~~
teddyh
[https://en.wikipedia.org/wiki/Opposition_to_copyright](https://en.wikipedia.org/wiki/Opposition_to_copyright)

------
pc2g4d
I'm just not so sure the EME is so horrible. If companies want to deliver
their content encrypted then they will do so.

------
oldmanjay
The politics of desire always make for fascinating attempts at rationalization

------
Jaruzel
Unfortunately, it's peoples very nature to avoid paying for things if they
don't have to. Whereas I don't support the wholesale DRMing of everything, I
do support the Content Creators right to be remunerated for their work.

Without DRM, people will steal stuff without regard for the creators survival.
This was seen most visible in the Pop Music industry. Piracy was so rife, that
indie musicians were considered too big a risk for the labels, who turned to
low-risk-low-cost 'music factory' style churning out of the same low quality
pap that the popular charts is now peppered with.

If we don't protect artists (by this I mean, musicians, game designers, visual
artists, program makers etc.) from the people trying to steal from them, there
will be no quality content going forward, and the only form of entertainment
will come from the mega-corps trying to peddle their wares in the guise of ad-
laden media.

So, in my view, a standard cross-platform secure DRM model for the web is
required. If you want to consume it, you should be prepared to pay for it.

~~~
pedrocr
> So, in my view, a standard cross-platform secure DRM model for the web is
> required. If you want to consume it, you should be prepared to pay for it.

These are completely orthogonal to one another. People pay for content when
they can get a good service at a fair price. For the longest time it was
_much_ easier to torrent movies and shows than to try and navigate through the
cesspool of TV scheduling, ads, etc. Netflix fixed that and now people pay for
content. The same happened with music. DRM solves nothing as it only takes one
determined person to break it and then everyone else gets a great experience.
Meanwhile all your paying customers have to suffer through a poor experience
thanks to DRM. It's self-defeating.

~~~
Jaruzel
> Meanwhile all your paying customers have to suffer through a poor experience
> thanks to DRM.

No, that's all thanks to rubbish DRM. You are confusing the concept of DRM
with the implementation. Good DRM should be seamless and no-different (to the
end user) to non-DRM content - it's this area that is failing, and why the
current failure to settle on a good DRM standard is resulting in so many badly
implemented proprietary systems.

~~~
pedrocr
>Good DRM should be seamless and no-different (to the end user) to non-DRM
content

There is no such thing. DRM tries to do something that's fundamentally
impossible. It wants to allow you to view content while at the same time not
allow you to copy it but that's a distinction that only exists in intent not
technically. It's also impossible in practice since at best it could aim to be
as good as not existing at all but since it's not made of magic pixie dust but
is actual hardware and software it will both fail open and fail closed. The
fail open cases will be used to get the content out of it. The fail closed
ones will frustrate users who just want to be able to view their content who
will then grab the illegal copies and will soon figure out that they are
paying for an inferior experience.

~~~
Jaruzel
I kinda agree there. If you can see it - it can be copied.

Maybe the best counter to DRM is for people to be more honest :)

