
HTML5 and DRM - Keverw
http://kevinwhitman.com/2012/02/05/html5-and-drm/
======
Chris_Newton
A few observations, from someone whose business is making decisions about this
stuff right now:

1\. It's easy for a consumer to say DRM is evil or to claim that it doesn't
work anyway. It's a lot harder to literally bank on those things by
irrevocably giving away the content your start-up has spent much time and
money building.

2\. It's easy to assume that any protection will be cracked eventually, and
for mass market content like Hollywood movies and pop music it probably will.
But many smaller companies are both producing niche content for smaller
audiences, making them rather less likely to be cracked, and aiming for rather
more modest profits, meaning that if someone rips their stuff and puts it
somewhere Google can find there is a real danger of catastrophic actual
losses.

3\. It's easy to say that HTML5 video is the future and Flash needs to die.
Apple and Google would be more credible when making such claims if their own
browsers weren't riddled with bugs and limitations in this area and if they
gave straight answers about exactly which video formats they support.

4\. Open Source software that doesn't support locked up content or formats
_will_ give an inferior user experience for the foreseeable future. Whether
that loss is acceptable to the users and developers of such software is
something only they can decide.

Just to be clear: I am not a fan of excessive copyright protections, certainly
not a fan of DRM, generally in favour of openness, and sincerely hoping that
we can find a viable model for our business that fits with those beliefs. I
should also add that I'm not writing on behalf of anyone but myself in a
personal capacity here.

But from a realistic point of view as a businessman, those arguing for
unrestricted HTML5 video vs. DRM/Flash need a _far_ stronger case than they
typically make today before their arguments are going to be as convincing as
they would like.

~~~
jasonlotito
1\. Literally giving away your content has nothing to do with DRM, but rather,
your business model. If you elect to give away your content for free, that's
your choice. Others have already proven that giving away DRM-free content can
lead to making a tidy profit. See the humble-bundles and Louis CK's recent
experiment as demonstrations. Look at Bandcamp.com, and the countless artists
selling DRM free content. I've spent more money there the past year then
anything the labels have produced.

2\. Less likely to be cracked? That's wishful thinking at best. It's already
been shown countless times that smaller companies content will be cracked just
as readily as larger companies. It's not as if they are using some other form
of DRM.

3\. Which bugs afflict you in the video playing department? I've found that
playing videos without Flash is fairly simple. Granted, you need to provide 2
videos, but you'll what you need. Are you referring to lack of DRM support in
these browsers? In fact, I'm not really sure what you are referring to here.

4\. That's not true. Rather, content that includes extras like DRM will
provide an inferior user experience. I'm sorry, but even Valve, who I love,
doesn't have as great an experience as I can get if they'd remove the DRM. And
it's because of the DRM they use. If you attach DRM to your content, you are
degrading the UX. There is no argument against that. It's simply the way it
is. Even if you simply put your content in a membership area, I have to log in
rather than simply see that content. If I have to install some 3rd party
software to read that content, it's a degraded experience. I'm sorry, but it's
the content providers that choose to degrade the experience. At least man up
and take ownership.

Finally, you claim people like me need a far stronger argument. I guess that's
fair. We could all use stronger arguments. But at the same time, the arguments
for DRM aren't strong either. The only argument in favor of DRM that I can get
behind is: "It's my content, I can do what I want with it." Yes, you can, and
I support that. Beyond that, not much more can be said.

~~~
Chris_Newton
1\. Please note that I'm not suggesting that serving DRM-free content _can't_
make a decent profit. Personally, I really hope it would for us as well and
that we will be able to do exactly that. But I have to separate my desire to
run that kind of company from the commercial reality that in contrast to the
humble bundles and Louis CK, we are highly unlikely to wind up with vast
amounts of Internet coverage on high volume web sites that reach a lot of our
target audience who are likely to look upon us favourably precisely because we
are making a point of not using DRM.

2\. If you've got any serious data to share on this point, I'd appreciate
links. I've been researching the real effects of copyright, infringement, DRM,
etc. for a long time, and I've found few studies with anything resembling a
sound methodology and unbiased reporting, and even fewer that consider
anything but mass-market Big Media operations.

3\. I'm not sure this is a good place to enumerate every likely browser bug
we're currently tracking, but I'll give a few examples:

\- Some browsers are not detecting the end of a video properly (no JS event
fires/can't replay -- not really much doubt that this is a bug).

\- Some smartphones play videos fullscreen whether you like it or not
(unhelpful if there are other controls beyond the universal video ones that
users should be able to reach with one touch -- this is an active choice, but
limits the quality of the experience we can offer to users).

\- Several mobile devices reportedly support H.264 at a certain profile and
level, but in practice seem to require more specific settings (which don't
always seem to be clearly documented in the guidelines published by the
browser/OS developers -- this may or may not be down to bugs, but without
clear specs and completely standardised formats it's in any case a significant
drain on resources just investigating and testing across a wide field of
devices).

I'm not referring to DRM at all here, just the problems of using HTML5
technology that isn't sufficiently standardised yet relative to the one-size-
fits-all-except-iOS of Flash.

4\. In our tests, H.264 in an MP4 file (using the features that are supported
in browsers) gets modestly better quality at a given bit rate than a WebM
stack and completely outclasses Ogg/Theora/Vorbis. If you have a browser like
Firefox that for cultural/legal/whatever reasons won't support H.264, then the
best result is that Firefox users will see lower-quality video or need more
bandwidth to see the same quality. There's not really anything ambiguous about
this.

As for DRM, if it ever interferes noticeably with legitimate users, that's
obviously a bad thing. Again, my personal line is that any technology we do
decide to use to protect our content in any way should be transparent to
someone using our service legitimately. But if we're talking about someone
visiting a web page to watch a video, why does the user care what technology
is being used to achieve that as long as it looks and sounds as it should? If
in some alternate reality I could use a plug-in on iOS smartphones to provide
a better user interface instead of relying on Apple's compulsory full-screen
presentation, or if we decided to produce an iPhone app for the same reason,
would you still object to requiring 3rd party software so a customer could use
our service more easily?

> But at the same time, the arguments for DRM aren't strong either.

The argument for some form of transparent DRM in our internal discussions is
simple and compelling: either it works and we potentially make more sales to
legal customers at the expense of pirates, or it doesn't work and we're
probably no worse off than we would have been anyway. Unless either the
implementation costs are high or we're at risk of losing significant numbers
of legitimate customers for some reason, it's essentially a plan with no
drawbacks other than the bad taste it leaves in the mouth.

Once again, I feel I should stress that I'm writing personally here and not in
any official capacity. I should also be clear that I am playing devil's
advocate to some extent, as are other people when we debate this in-house. No-
one is evangelising DRM here, we're just not buying the anti-DRM arguments
without reading the full brochure either.

> The only argument in favor of DRM that I can get behind is: "It's my
> content, I can do what I want with it."

Well, yes, and to the extent that "I can do what I want with it" means "I can
run a viable business that helps my paying customers" and "People who don't
pay us for it don't get to have it" I don't think anyone here has much of a
problem with that.

If genuine users have even the slightest problem because of any technological
content protection measures, that's a serious issue for me.

If it costs us a lot of time and/or money to implement those measures and they
don't generate a worthwhile return, that's also a serious issue.

However, being nice to people who are blatantly trying to rip us off rather
than paying a price that, frankly, almost anyone in our target market can
easily afford is... not a priority, let's say.

------
shmerl
DRM shouldn't be promoted, period.

~~~
gurkendoktor
I'd usually agree, but for one-time video watching, I don't see the harm.
There is nothing that might break for legal customers in the future because
there _is no future_ , unlike with a purchased item.

I never watch series episodes twice, and I'd rather pay small money to see
them once than to buy DRM-free video files. Statistically, I must be the
minority because Apple stopped offering series rentals. :(

~~~
Keverw
Yeah. I don't have a problem with it for one time viewing but still don't want
to force flash. Maybe give the studio a option... But still don't care for
flash myself.

------
rachelbythebay
Apparently I need to turn on Javascript on my Mobile Safari to view this
page... even though I'm running Firefox on an actual computer. How odd.

(And kicking the two divs which hold that warning out of the way with Firefox
10's web inspector and a "display: none" gives a perfectly reasonable page.
Why not just show that all the time?)

------
pmjordan
Interestingly, Webkit on iOS devices CAN play back DRMd content via the HTML5
video tag. As far as I can tell, the web server can request a special Apple-
signed client SSL certificate. With this, either the whole video can be
streamed via SSL, or you can gate access to the keys used to encrypt the video
(via Apple's HTTP live streaming encryption).

The latter is of course nonstandard, but cooperative browser vendors could
easily implement the pure SSL authentication. I can't imagine Flash or
Silverlight video is any more secure than that. There's of course no way a
truly open source browser would be trusted in this way; the certificate would
have to be hard to extract.

(This comment might make me sound pro-DRM. I'm not, just making some technical
observations)

------
pornel
Since open DRM is a logical impossibility, adding DRM to HTML5 video would
mean going back to square one: playback would require some kind of closed-
source binary blob developed in secrecy by a single vendor.

Adoption of such DRM would be at mercy of PHBs from big media, so they
wouldn't choose a vendor that values openness and end-user freedoms.

In that case just use Flash or Silverlight, as "HTML5 DRM" won't be any
better: you won't see it in FOSS browsers (due to licensing/goals), Apple
devices (Apple has their own DRM already and market power to keep it that way)
or niche platforms that aren't "commercially-viable".

------
geuis
Getting an error like this from CloudFlare seriously casts doubt on their
ability to operate. One of the big things they claim is being a solution to
exactly this problem.

------
Thomaschaaf
So your startup will basically do what videojs.com (<http://videojs.com/>)
does + DRM? I guess it could work but maybe very easy to duplicate. At least
from how I understand your approach.

P.S.: Bing Cache works

~~~
Keverw
No. It's a video on demand service. Also planning on doing live channels and
some other stuff. Right now our plan is to serve content in HTML5 but it
doesn't really have DRM. So I think that will limit the content we can get
from studios.

~~~
dmethvin
Absolutely it will limit what studios allow--as in the major studios will
allow nothing. HTML5 video only supports standard HTTP download of a single
unencrypted stream, and I'm not clear on how a token scheme will provide any
real security for that unencrypted stream.

There are the bandwidth-divining problems since you'll want a higher quality
stream on a fast connection than a slow one and HTML5 video has no built-in
way to do that. On iOS you can use HTTP Live Streaming via Safari, but if you
depend on that you're locked into a single platform.

What is driving your startup to use HTML5 video? Are you trying to avoid
licensing fees for DRM technologies? A lot of these problems can be overcome
if you build an app, perhaps it's possible to use a hybrid approach in
PhoneGap so you can maintain a HTML UI but play video via a proprietary video
library that supports DRM.

------
Thomaschaaf
Website is down. No Google Cache.

~~~
quink
I don't know if this will work, didn't last time, but here goes:

[Bing
Cache]([http://cc.bingj.com/cache.aspx?d=691260178405&w=1e1573b4...](http://cc.bingj.com/cache.aspx?d=691260178405&w=1e1573b4,3d02e81f))

