
What do we get for that DRM? - pwg
http://programming.oreilly.com/2013/10/what-do-we-get-for-that-drm.html
======
pyalot2
EME has a proprietary part, the CDM (content decryption module).

In order for the browser (its compositor etc.) to work, the browser needs
access to the plain (unencrypted) content, to do things like layering (alpha
blending) elements on top of each other, CSS transformations, CSS shading and
putting things into WebGL.

If the CDM would give the browser access to the plain content, then the
browser (or any program) could just dump the plain content to disk, exactly
what EME/CDM is designed to prevent. In that scenario only proprietary
browsers would be able to implement EME.

In above scenario, if EME was adopted across major web properties (like
netflix, amazon, youtube, vimeo, dailymotion, bbc, facebook etc.) then it
would mean that Open Source/community browsers would be regarded as "the
browsers that don't work" and would loose substantial market share and
couldn't gain traction. This would be very bad for the Web as it would revert
the Web back to a browser monoculture (of the kind we already had with IE6).
Innovation would stall.

I suspect that the existing EME/CDM implementation in IE11 and Chromebooks is
based on the CDM sharing plain content with the browser (for reasons I'll get
to below).

If the CDM does not share the plain content with the browser, and the browser
just gets to instruct the CDM to "draw there", then that means that: You
cannot layer stuff on top of the content (customized playback controls, user
annotations, closed captions, advertising, other informational/navigational
elements, branding etc.). You couldn't CSS transform the container with the
content. You couldn't CSS shade/filter the content. You couldn't control its
CSS opacity and you can't put the content into WebGL. You couldn't easily
implement tab-switching (or alternative schemes of tabbing).

This would be a serious drawback for EME, and it would make it practically
unusable on most web properties that might want to use it (every web property
adds its own social features, playback, branding and advertising to the
content it serves up).

That means that the only two choices to make EME work are either seriously
crippling the Web altogether by remaking it into a proprietary monoculture, or
crippling EME so much that nobody would want to use it.

It's a very bad standard.

~~~
acdha
> If the CDM does not share the plain content with the browser, and the
> browser just gets to instruct the CDM to "draw there", then that means that:
> You cannot layer stuff on top of the content (customized playback controls,
> user annotations, closed captions, advertising, other
> informational/navigational elements, branding etc.). You couldn't CSS
> transform the container with the content. You couldn't CSS shade/filter the
> content. You couldn't control its CSS opacity and you can't put the content
> into WebGL. You couldn't easily implement tab-switching (or alternative
> schemes of tabbing).

Almost none of this is true if the operating system allows you to provide a
write-only layer – you'd be limited to the operations which the GPU can
perform without the browser seeing the bits but that would address the needs
of most sites at or better than the current plugin situation.

That said, millions of people seem to be perfectly happy with all of those
restrictions as evidenced by the continued use of plugins which provide DRM
with exactly the same tradeoffs — currently you could save frames from
Flash/Silverlight but the content providers seem to have accepted that risk
and nobody bothers because there are easier options available.

The real question here isn't an endless rehash of the DRM debates but how to
change public opinion. We have a preponderance of evidence that most computer
users are happy to accept DRM if that's how they get convenient access to
things they want to see. The W3C is reacting to the strong, growing trend away
from web technologies so it's a bit pointless to criticize that unless you
have a viable plan to either get content providers to adopt less invasive but
equally effective technologies like watermarking or get the public to stop
paying for them.

Say we do draw a line and convince the W3C to drop EME — who benefits other
than Adobe and Microsoft? Apple doesn't need EME because they're selling
billions of dollars of movies through the iTunes store. Google will put EME or
the equivalent into Chrome for anything they can't sell through their store.

This places Firefox in a really unpleasant situation: Mozilla will either be
forced to license something, hope something changes before the plugin vendors
drop out, or lose market-share because users are more likely to switch to IE /
Safari / Chrome if something doesn't work in Firefox rather than not pay for
DRMed content.

~~~
kevingadd
The idea of a 'write-only layer' in the browser scenarios described is
ridiculous. It simply doesn't exist.

In the days of DVDs, GPU acceleration exposed the concept of 'overlays' that
you could dump YUV or RGB video content into, and those overlays would be
presented directly to the display - the RAMDAC overlaid them onto your
framebuffer when producing VGA/DVI/etc signals. This, at least, made it
possible to make such a mechanism 'write only', if you sufficiently secured
the output (via negotiation, or something) to ensure it wasn't being fed to a
capture device - you only had to deal with the analog hole.

But once you're trying to composite protected content into a webpage, you've
already lost the game. The content can be clipped, scaled, rotated, sheared,
faded, masked, filtered, and so on - all without writing any JS. All those
transformations would somehow have to be baked directly into this 'protected
rendering' pipeline and implemented cross-platform in such a way that none of
that data was accessible at any point in its myriad trips between the CPU and
GPU. You'd have to access-control all the cache textures on the GPU, all the
buffers on the CPU, all the intermediate information. You'd also have to
access-control the resulting framebuffer for the browser tab, and any other
intermediate framebuffers, along with the actual output from the GPU that's
sent to your display - and most displays these days are connected digitally,
so now you're dependent on your end-users having HDCP compliant displays
(which many do not).

It's a complete joke. EME cannot work. Period. Modern GPU/CPU configurations
are basically general-purpose compute hardware with mutually accessible memory
and the ability to do computations and read/write operations from inside
rendering routines (i.e. pixel shaders).

~~~
acdha
> The idea of a 'write-only layer' in the browser scenarios described is
> ridiculous. It simply doesn't exist.

I'm sure that will be quite a surprise to Microsoft as they shipped it years
ago.

You couldn't push every possible operation out to the GPU but there's no
technical reason why the subset of operations which a browser would use to
playback a video couldn't be supported, similar to the way a modern desktop
can be GPU accelerated but e.g. screen captures don't include windows where
restricted content is playing.

The problem is not technical – that ship sailed years ago – but business: the
content providers and consumers have accepted the current status quo with
plugins rendering the subset of paid content which isn't playing in a native
app. The businesses don't need perfection – they're already making truckloads
of cash. As I stated above, we really need to figure out how to disrupt that
if you want to see any change. Pretending that technical perfection is
necessary or that the public isn't willing to tolerate a billion dollar a year
status quo is just delaying that discussion.

~~~
shmerl
_> the content providers and consumers have accepted the current status quo
with plugins rendering the subset of paid content which isn't playing in a
native app._

This completely misses the point. Many users didn't accept any of that and
simply pirate all that content DRM free. If publishers care about increasing
the number of paying customers, they can stop using DRM, and then some part of
former pirates will start paying them. They are usually greedy for more money,
so "already making trackloads of cash" doesn't sound like an argument.

------
ZeroGravitas
I can kind of see what the supporters of this in the W3C are thinking: we want
Netflix/BBC etc. to be using 90% of our stack (and 10% in some binary CDM
blob), rather than 10% of our stack (and doing the rest in Silverlight or
Flash).

Google for example want to build Chromebooks. They want it to be built around
web technologies, with no plugins, but that means no Netflix (and Netflix in
turn are forced into this by Hollywood). No Netflix et al, makes Chromebooks
much less appealing in the market.

Overall I'm torn. I'd like to see Chromebooks replace Windows XP, and HTML5
replace Flash and Silverlight.

Maybe it'll make it all much clearer: You can't watch this video, not because
we haven't made Flash or Silverlight available but simply because we can't
trust your computer to keep things from you and obey our instructions instead.

~~~
pyalot2
It will be: "You can't watch this video because you don't have IE11 or Chrome"
because Firefox will be legally barred from accessing the CDM.

EME is steering full steam ahead into a new proprietary browser monopoly with
either Microsoft or Google coming out on top and having their position
cemented by DRM, forever, thanks to the DMCA (because when have meaningful
copyright reforms happened, ever?)

So what's at stake here is the future of the web, as we know it, as a
platform. And if you want to know how that future under EME looks like, go no
further than look back at the 6 years of utter stagnation when IE6 held that
monopoly.

~~~
chc
> _It will be: "You can't watch this video because you don't have IE11 or
> Chrome" because Firefox will be legally barred from accessing the CDM._

This is not in evidence. You might be right, but since there is no obvious
reason to believe it, surely you can see why others don't make that
assumption.

> _And if you want to know how that future under EME looks like, go no further
> than look back at the 6 years of utter stagnation when IE6 held that
> monopoly._

I can't understand what parallel you're trying to draw here. The IE 6 monopoly
did not arise because of a DRM standard; it arose because Microsoft killed its
competition by giving its browser away for free with Windows.

~~~
pyalot2
> I can't understand what parallel you're trying to draw here. The IE 6
> monopoly did not arise because of a DRM standard; it arose because Microsoft
> killed its competition by giving its browser away for free with Windows.

That's correct on the cause. But the cause of why a monopoly comes into being
doesn't matter. The effect is what matters, those years spent with the web
standing still technology wise.

Just like microsoft managed to kill other browsers because they bundled it
with their OS, they're now trying to kill other browsers by bundling them with
the one and only DRM that will make Netflix work.

------
Pxtl
Improvements to a general-purpose plug-in interface rather than using the old
Netscape one would make more sense than specifically targeting video plug-ins.

------
malandrew

        "After acknowledging that, however, he goes on to define 
        an open web as a marketplace, something that is “universal 
        in that it can contain anything”, rather than being 
        universal in that its content can be read by anyone."
    

That's a very naïve view and one that I wouldn't expect from TBL. The open
web, as a marketplace, is already universal in that it can contain anything.
Every single one of the things that DRM is meant to protect can already exist
on the open web. The problem is that the publishers are too stubborn to allow
content without DRM. That's either a legal problem or bureaucratic problem,
but it is certainly not a technical problem.

The W3C should only be standardizing technical solutions to technical
problems, not technical solutions to social or legal problems.

------
FedRegister
Bah, fork the W3C standards, strip out the DRM bullshit, and support an open,
community maintained browser that's focused on the users, not sucking at the
teet of Google.

~~~
pyalot2
The W3C standards are so far licensed non-derivatively, but that's about to
change.

------
antocv
Yes indeed, the consumers got nothing in return for accepting DRM, for
accepting the side-stepping the term "buy" \- the ebooks are still way too
expensive and it can be argued the popularity of eReaders and eBook buying has
come at a time after DRM became viable, unlike music piracy - which came
before DRM and DMCA even existed. eBooks, readers and stores, all began with
DRM, and the prices have only gone up - despite the consumers giving up their
ownership.

It looks almost like DRM is designed to empower a few at the expense of the
many.

~~~
pyalot2
The biggest proponent of EME/DRM is microsoft. And they are the first who have
put it into their desktop browser (IE11).

Microsoft was also the party most eager to stiffle dissent in the encrypted
media working group by the likes of me, EFF, etc. and who aggressively boxed
this "standard" trough with almost daily telephone conferences they held with
apple, google, bbc, netflix etc.

DRM is designed to put up barriers against competitors. It's designed to
stiffle innovation and to vendor-lock in users and authors.

Why do you think Microsoft is all over EME like flies over cowdung? Microsoft
has lost tremendous amounts of browser market share, and here comes EME/DRM,
and they finally see a credible chance to lock "the web" back into their
platform.

~~~
TylerE
I don't fundamentally understand why this rant is relevant towards a
discussion of _standardized_ DRM. IMO the debate is not "standardized DRM vs
no DRM" but "standardized DRM vs ad-hoc DRM".

~~~
ZeroGravitas
Well, for starters, they're not standardizing the DRM. They're standardizing
the way you talk to the DRM, but your fully compliant standard browser will
not show you Netflix until Netflix has shipped their ad-hoc DRM solution on
your platform.

~~~
chc
That doesn't really address the question Tyler was asking, though. The
question is, how does standardizing the way you talk to the DRM make the
situation worse than one where they didn't standardize the way you talk to the
DRM?

~~~
jlgreco
_" So the argument "Oh Apple and Microsoft are just gonna profit off EME" is
moot, they're gonna pull their vendor-lock in and non-standard web fraud
anyway, but now they get to say "waaaat? we're not evil! see, it's a
standard!!!""_

~~~
chc
So they'll use one justification rather than another? That doesn't even seem
worth noticing, much less protesting.

