This kind of hyperbole undermines the whole argument. The browser ecosystem was weakest when Microsoft released IE6 and then decided to not update it for half a decade. Today, by comparison, we are living in a land of plenty.
Even on the DRM front, the situation was no better in the past when you had to use Flash or Silverlight for DRM. At least now there is a clean interface to just the video decryption without requiring a whole bloated proprietary plugin. I don't quite understand the ideological bent that EME corrupts an open standard, but the same result from NPAPI is somehow less objectionable?
If the hope is that by standards bodies rejecting DRM on principle they will somehow strong-arm Big Content, I can tell you unequivocally that it ain't gonna happen. Cory Doctorow has not spent the last 10 years building a feature film streaming service and negotiating with rightsholders, but I have. In fact I spent most of that time fighting against DRM on a UX basis and trying to find loopholes, which works for small distributors but not for the studios. The torrent crowd would have you believe it's because they're stupid, but Big Content is anything but stupid. They know that there is no such thing as guaranteed copy protection and that there will always be an analog loophole. The reason they insist on DRM is as a means of control. They just need enough roadblocks in front of casual piracy to prevent devaluation of their content. If they were unwilling to accept any piracy they wouldn't stream to PCs at all. Which, BTW, is exactly what would happen if we succeed in outlawing DRM on PCs. They would literally pull the content, and say if you want to watch go buy an Approved Device. Customers wouldn't bat an eye either, because people prefer to watch on a television anyway; cheap streaming boxes / smart TVs are the future, not general purpose web browsers.
Making a huge issue of EME is just asinine and belies a complete ignorance of the market forces at work here. The studios have all the power, browser makers do not have any leverage. And in any case, if rightsholders want to play a cat and mouse game with DRM that should be their prerogative, but customers should also have the freedom to circumvent those measures. Where we need to focus our lobbying efforts is against the DMCA and infinite Copyright extension which broadly impacts consumer rights and the public benefit.
As far as I see it, EME would only be a loss for the Web and browser makers like Mozilla; in a similar way to, for example, losing the ability to "view source" would be a loss.
I think the real threat is from commercial entities who want EME for entirely separate reasons, i.e. Apple, Microsoft and Google, who also just-so-happen to make browsers. They can embrace/extend/extinguish the Web, by building an encryption standard into their particular browsers which none of the countless others are able to do (Firefox, Konqueror, Dillo, Netsurf, W3M, Lynx, EWW, Elinks, etc.). EME seems like an attempt to preempt such a situation, but I don't see how it can do anything to prevent it.
This is a much worse situation than some set-top box scenario, since it will bleed users from all browsers to those few with EME+plugins, and the Web will become yet another Microsoft Office document format.
The flaw in this line of reasoning is talking about it in the past tense and referring to “the Web” as if that's some central authority distinct from the browser manufacturers which can dictate terms. EME has already shipped in Chrome, Safari, Internet Explorer, Edge, Firefox, and Opera. The alternative was something like Apple, Google, and Microsoft hammering out an agreement privately and leaving Mozilla and possibly Opera out in the cold, stuck with either Flash or slowly bleeding users to a browser which offered a better experience.
Look at Netflix's support matrix now and notice how many people can now play movies without needing to install anything:
You're going to have a really hard time convincing most people that this is worse than the previous security, stability, and performance disaster of using NPAPI plugins. The vast majority of users think it's a plus that they can just search, click, and play without having to use a separate device or player application — how are you going to convince them that this should not be allowed?
Note also that this does not prevent the use of view source on netflix.com – only access to the decrypted video stream – and should any of the extremely rare browsers which you listed (several of which don't even support images or video of any sort!) decide they too wanted to support it, there's at least a standard process.
Netflix 'just worked' with Chrome but some French TV channels (looking at you M6!) are still stuck streaming Flash. Getting pipelight to work with Firefox took hours of fucking around and it still bombs on certain streams.
If we have to have DRM it's got to be preferable suffering it through an open standard rather than black boxes forced on us through shitty plugins riddled with security holes.
Looks terrible, there is no mention of Linux at all.
Again, I don't love DRM but we need a reason for a significant number of people to care. We've had a couple decades for angry nerds ranting on the Internet to show results and it's hard to say that we've done anything. The one area where DRM was rolled back is music and that was a combination of widespread unencumbered CDs and, mostly, Steve Jobs scaring the music labels more than piracy.
We need a better approach to avoid repeating that cycle of failure again. Most people think Netflix is good – what's going to make them decide to cancel their subscription?
I'd actually argue that we have. Sure, a lot of the mp3 stuff was Jobs, but I'd argue that the game was changed so that we can't do the same with mp3s. We downloaded mp3s, but we stream movies. Now, I think streaming is superior in many ways, and I'm not bashing it, but it did change the game.
Free software is becoming more and more common. Sure, it moves slower than proprietary software, but I'd argue that's a feature, not a bug. We now have MS open-sourcing a lot of stuff, and including bash in their stack. Apple is trying to become more open, and focus more on privacy. Linux is getting more games than ever.
I really view this new DRM scheme as a desperate attempt from a dying industry. And I do think eventually we'll look back, thinking it was absurd.
1. You need to pay someone for an OS in order to view the web.
2. The OS market isn't open, someone else can't just make an OS that people will use, because it can't view the web.
Was the OS market not open when Flash for Linux didn't exist? FreeBSD? TempleOS?
What percentage of content needs to use EME before you “can't view the web”? If everything else but Netflix works, is the web open or closed?
More to the point, what do you expect to accomplish here – is hyperbole going to convince people to use Linux, cancel their Netflix/Amazon/etc. subscription, etc? If not, I would again suggest finding an argument which will appeal to a non-trivial number of people. Why should they care enough to change their spending or contact their representatives?
If the EME are part of the HTML5 standard, but in practice they require some proprietary blob to operate, then the web isn't completely open. It doesn't mean that it's completely closed. Whether that matters depends, I suppose, on whether you want to take a pragmatic or ideological stance.
> More to the point, what do you expect to accomplish here
Does a complaint have to be a call to action?
> If not, I would again suggest finding an argument which will appeal to a non-trivial number of people.
I don't think an argument, as such, will sway many people. If EME (or similar closed technologies) cause enough problems for enough people (for some definition of "enough"), that will change peoples' opinions. Things have to get really, really bad before most people will ask for change.
The OS market wouldn't be open anyway, because it naturally forms a monopoly/oligopoly.
That support matrix seems to be "Windows or OSX". If you want to make an encryption standard which works on Windows and OSX, why not get Microsoft and Apple around a table to hammer out an OS service/library?
Sounds easier than getting Microsoft (IE/Edge), Apple (Safari), Google (Chrome), Mozilla and Opera around a table to do the same thing at the browser level.
Also: Firefox is quite capable of following Apple, Microsoft and Google. The idea that MozCorp is not a Corp isn't right either.
So whilst "the web should not support rights management and voluntarily cede such content to other platforms" is a perfectly reasonable argument, I don't think the sanctity of View Source or Mozilla is a supporting point in favour.
> View Source is already useless on most large sites
No it isn't. Web devs can easily read source on almost all sites all the time.
> Modern web sources aren't meant to be read by humans
Yes they are - that why we've got view-source.
> and it's really only one or two steps above being handed a compiled binary.
That's the point - it's NOT compiled binary.
The sanctity of View Source is exactly what's in question here, and I stand in the group that says "no" to closed-source web specifications.
So, uhh, I tried to view-source on a gmail tab. A solid wall of code. There's nothing there meaningful, not like the web pages of 1999 used to be.
If you're telling me you can browse the wall of code on a site like gmail.com and learn new tips and tricks from it, well, pull the other one, it's got bells on.
Some sites are pushing shitty, hard to read code, sure. But instead of allowing them to continue working against the spirit of the system, we should shame them, and use them as examples of what not to do. If a couple of bad politicians abuse their system, we don't say "fuck it. lets go back to a monarchy"
Heck I picked the front page of BBC News and opened it up. Wall of minified JS. Further down the page we see something that vaguely resembles normal HTML except for stuff like this:
Modern web sources are also made by people out for money and/or marketing, who by now even seem to have forgotten about graceful degradation and other things that would slow them down.
You don't ask IKEA what the best wood for a solid table is, what means "best" for them has to do with money and the ability to produce in bulk, while a carpenter who worked with all sorts of wood and isn't bothered about those restraints as much will give you a completely different answer. That's kind of how the web became, because IKEA is making more money with selling tables than master carpenters, or even just because they occured later chronologically, because they are "more modern" (which says nothing about quality and only something about time), they are now somehow seen as experts on tables.
It's interesting that in some ways today's JS heavy client apps are more open than similar server side apps from even just a couple years ago: obfuscated code is still viewable client side and browsers are good at providing deminified views in browser dev tools, and if sourcemaps are left in then you can jump directly to the unobfuscated/deminified sources in browser dev tools. Plus, most communications between chunky JS apps and their servers increasingly use friendly REST protocols, which again is its own sort of win for discoverability and friendliness to an informed user poking around inside of how things work.
The situation was a lot better when you needed Flash or Silverlight, the browser was not broken by design. And you could run a browser without an encrypted bi-directional channel outside of the user's control. (Which incidentally is the argument with which I got the security section into the EME standard.)
On your argument, that content producers are not stupid. I am not claiming that, but their situation with or without DRM is exactly the same; anybody who wants the movie for free can easily find a torrent, anybody who wants a legal stream pays Netflix. The only reason for DRM is, that they want a answer when their shareholders ask what is done against piracy. That is basically the definition of bullshit, a technical standard with a sole non-technical purpose.
The reason free software is winning (Android has a Linux kernel, OS X is based on a BSD, Apache and Nginx run most of the web, etc.) is that the free software ecosystem is quite resistant against this kind of bullshit. Free software developer do what is technically right most of the time, while proprietary software developers have to deal with that kind of market forces all the time. And because of that, we get better software and at some point the market forces are such, that companies switch to the superior, that is the open, product.
I'm no fan of EME but you completely lost me there. GCC has been kept monolithic not for technical reasons, but for fear of modularization leading companies to close source their frontends. This has come up again now that LLVM/Clang is gaining on GCC
The decision to avoid a stable ABI or even API for Linux drivers is again driven by non-technical reasons (Linus actually specifically says the reasons are non-technical).
Whether or not you agree with these reasons, I find it hard to call them any more "technical" than the reasons you ascribe to the "rights holders" (also am I the only one that thinks it's silly that the term these companies prefer to call themselves by feels a lot like "landlords"? Who as we all know are universally loved!).
As far as getting better software, it depends. A lot of free software projects end up just doing what the creators feel is interesting instead of things users actually want (cf. Linux on the desktop). I'm not faulting them for that (it's their project and time after all!) but it does sometimes leave users of free software out in the cold unless they have the skills and time to contribute the features themselves.
(Hopefully something better than running a fork, but that option is there.)
I think EFF's point is that new browsers wouldn't be able to ship an EME feature without specific approval from the studios... at least that was my reading from previous articles here. I can't find the reference now.
A second look reveals media.eme.enabled in Firefox, so it's already possible to turn it off.
I do like comments such as yours that highlight the influence of economics because that factor is almost always missing from naive commentaries about "github vs git" or "gmail vs mydomain.com" or "Facebook vs mydomain/Usenet/IPFS/etc".
However, Cory is actually emphasizing something else that you only mentioned at the end:
>, but customers should also have the freedom to circumvent those measures.
Yes, Cory is against DRM in general, but the particular essay is focused on the interaction of DMCA and DRM causing innocent people who analyze/research browsers to become defacto criminals. While the "market forces" aspect is part of the DRM push, it's not relevant to this particular essay.
The analogy would be Microsoft Steve Ballmer's assertion that the GPL "infects" other commercial software. (The "infection" is by design of course.) Therefore, many businesses deliberately avoid it. Cory doesn't want the criminal nature of DMCA to "infect" browsers which then allows content publishers like Disney to put browser researchers into jail.
Theoretically, the DRM and "reverse engineering is a crime" could be orthogonal issues, but the current USA law doesn't separate them. This is the nuance that pushes many to keep DRM out of browsers.
I don't know what the solution is. Maybe the community does something like FFMPEG distributions. The widely distributed binaries do not include patented code. However, hardcore devs can download sources of any patent-encumbered code (e.g. AAC codec) and build their own binaries for their private use. They just can't publicly redistribute it without threat of a lawsuit. It's possible to distribute 2 separate binary builds (firefox_drm & firefox_nodrm) but I'm guessing it would cause confusion. Most users would default to just downloading the DRM version "because it plays all the videos I want to see on the web." Then you're right back to Cory's argument about the criminalization "time bomb" infecting browsers.
And they surely know that one able person to circumvent the copy protection suffices.
> They just need enough roadblocks in front of casual piracy to prevent devaluation of their content.
Using DRM on the viewers is a devaluation of their content since I know people who would rather "pirate" instead of buy DRMed content even though they do have moral reservations against illegal copying.
Thus I can hardly imagine a better advocacy for priracy (ironically even from the side of the rightholders) than the rightholders insisting on DRM. Thus every "hardcore pirate" can say that say still have the better product and every fencesitter can warrant their piracy by soliloquizing that they really, really would buy the product but there is no product available without DRM.
It's certainly interesting to imagine what an Open DRM standard might look like. It's probably something more like a "blockchain" than existing DRM.
Um, you're aware that the video decryption modules EME downloads are bloated proprietary plugins, right? There's no open standard to decrypt video, which is Doctorow's whole point.
Yes, it's proprietary and non-free. Everyone knows that and we can debate the implications but there's absolutely no possible interpretation where that isn't a huge win for security and stability.
Even the W3C is skeptical of the security of CDMs: https://www.w3.org/TR/encrypted-media/#cdm-security.
My point was about what we're not exposed to: bugs in Flash/Silverlight or exposed OS features being used in unexpected ways. That's a huge amount of code with a history of exploits and almost none of it is necessary to play a video but it's still enabled and ready to attack.
Just because a DRM standard doesn't go through doesn't mean that it's any easier or harder for the majority of customers to illegitimately acquire content, and nor is it any easier or harder for a company to provide illegitimate content, especially in the centrally-hosted streaming form.
If you're saying that there's always a way to acquire content, since content must ultimately be decrypted on some legitimate system, then companies will continue to have the technical reach to efficiently acquire content. What stops them is legal censure and international trade deals, not a DRM standard.
What a DRM standard does do is make legitimate content experience more enjoyable for customers because now there are fewer plugins, which could also translate to security benefits.
At worse, we end up with a world like we have now, where content providers still do business with Netflix and Hulu, and companies use flash or some other plugin to secure their content, and people still have the same ease / difficulty of acquiring illegitimate content.
As long as users can't right-click and select "save video" (not possible on any video using DASH) it will still be easier to torrent things.
If this is what they're trying to do, it seems pretty stupid to me? Casual piracy has not been enabled by casual pirates recording off their radio/TV since VCRs died. Casual piracy is enabled by determined attackers and a distribution network that lets them reach casual viewers.
But the DRM they seem to be pursuing is quite a few steps above macrovision's quaint protection, and threatens all kinds of new poisonous side effects. Reality does not seem to reflect this minimal effort theory.
I don't own a tv. This is true of a growing section of the people I know. A majority of people I've asked consume greater than 75% of their Hollywood content through a steaming service. You have won that battle.
Today Hollywood's major leverage is not pulling content from the web (it simply can't) but from competing services. Netflix and Amazon recognise this which is why they are trying to become content producers.
"Customers wouldn't bat an eye either..."
So what's the problem then?
Customers come first, right?
If they are happy, then what's the problem?
Why force commercial content into the so-called "general purpose" web browser? The way you describe your negotiations I get the impression that scare tactics, e.g., piracy, are being used as leverage.
What are you hoping to achieve?
Also, it is interesting how you transitioned from DRM in a browser to "DRM on PCs". This is a much broader question.
Is the only purpose of a personal computer to run a web browser?
Is the only purpose of the internet "the web"?
Is the only use of a network to transfer commercial content?
Studios have no power, they just think they have.
The same result from NPAPI is the same objectionable. That's why NPAPI is deprecated.
There shouldn't be DRM in web browsers. Any DRM of any kind. If Hollywood then wants to only distribute movies via Comcast and not the web, let them. They'll lose a large revenue stream to spite themselves, smaller studios who use the web anyway will get a large uptick in viewers on mobile devices and PCs which will erode the big studios' power, Hollywood will get pressure from all sides to support the popular platforms anyway, and it doesn't even matter if they don't.
People aren't going to stop buying iPhones just because they can't watch certain feature length movies on the 6" screen.
As for the viability of independent content. The last decade has been a damning indictment of that argument. Between high quality digital cameras and YouTube, it's never been easier to release independent content into the world. Yet, what rocketed YouTube to popularity? Being able to watch the Daily Show without paying. Same thing with games. With open source game engines and Steam, it's easier than ever to release independent games. Yet, companies like EA with borderline abusive customer practices are taking it in with Call of Duty 17.
And there are a lot more little studios than there are browser or OS vendors, so there would certainly be movies available. Which would put pressure on more studios to make movies available, which would put pressure on the remaining studios to not abandon a proven revenue stream etc.
I'm also not sure how the argument that people will pirate Hollywood content rather than watch independent content on devices that don't support DRM is supposed to improve Hollywood's bargaining position. It's pretty much the pure distillation of the point that offering content without DRM will reduce piracy and increase revenue.
And "companies with abusive practices are very profitable" sounds like the argument for platform vendors restricting the abusive practices.
I highly recommend watching his talk month ago at the Internet Archive about fighting DRM. Unlike many previous talks, this time he focuses on supporting ourselves and our fellow engineers by taking bad options off the table before they become temptation. It's a lot harder to allow a "little" corruption of open standards if that kind of option is forbidden with a Ulysses pact.
US had always legal troubles with cryptography. In past programs like PGP, TrueCrypt etc were developed outside US. That can easily happen with browsers.
> However, the Export Regulations only covers software in electronic form (e.g. on disks, or via the Internet).
Not just support, Google and Microsoft invented it:
The best way to fight back against EME is to put pressure on those companies and their browsers.
> Although some of the biggest tech corporations in the world today support EME, very few of them could have come into being if EME-style rules had been in place at their inception.
Why is that? It looks like EME is just about streaming video - how would this have prevented Apple/Google/Amazon etc from coming into being?
You cannot just implement the royalty free web standard specifications and expect the web to work. You also need some corporate agreements.
Arguably this isn't really worse than needing flash or silver light. But at the same time it looked like these were on their way out and that the battle for a 100% open standards web was being won. And Flash & friends could be installed by end users, while CDMs need to come bundled in the browser. Also, in web standards circles, flash and co were considered problems to be solved, while EME is presented as the solution.
So if you're a new browser vendor, and have an inovative (and legal) business model, either Hollywood likes it, or you will not be able to support the whole web.
If you've ever thought DRM made no sense at av the tech or crypto level, read that to see that you are right but focusing on the wrong aspect, and that strategically it makes perfect sense (and is even nastier).
Everybody already knows that. But Hollywood can't actually admit to that because it's blatant cartoon villain-style robber baron behavior, so they keep insisting that the purpose of DRM is to "protect content" from "pirates." Which means we have to keep pointing out that it has never done that.
Their actual reason for pushing DRM is why we need to get rid of it.
They also want to use that content in unapproved ways, for example to extract keywords and links. They then serve this unlicensed information publically, with their own ads.
Thankfully, we can put a stop to such wholesale commercial piracy by encrypting our content using EME.
The web already has that kind of DRM and always did: robots.txt, enforced by social convention rather than encryption.
And yes some companies ban crawlers and try to get their content out of search engines for questionable reasons. More often, they try to strongarm Google so their content is still there, but they get paid for the privilege, which is not a reasonable approach and thus not supported by the robots.txt "DRM" protocol.
<sarcasm-against-strawman /> tag.
20 years from now we'll all be reminiscing about the days when the web was still open. We'll kick ourselves for folding on this issue in just because we wanted to watch some throwaway movies on netflix.
Secondly, who cares whether netflix gets the rights to stream movies? That's their problem, not mine. Instead of finding a better solution, they make it everyone else's problem by pushing EME and shoehorning DRM into html.
You said a mouthful.
This is what the last 14 years look like in my rear-view. To be honest, I did get kicked off FB for being too old, my Ebay junky problem preceded this century and I did love playing euchre w/ my gramma on Excite. Then the dotcom refugees came back and those start-up search guys came & wrote in big letters on the wall(and plainly in the 1st paragraphs of their EULA). Of course, everybody eventually follows the easy money path and the privacy fleecing is thusly justified, "Everybody's doing it!".
They'll agree to it because they need the web to survive. Services like Netflix are the future of media distribution - physical media like DVDs and CDs are going extinct, and movie theaters are dying off. Mass media needs the web, but the web doesn't need mass media.
But is DRM really containing piracy? In most cases, no. What stops people from pirating content en masse is the existence of convenient, legal streaming services and the general disposition of most people to want to avoid breaking the law. People will tend to prefer legal services if they're convenient and inexpensive, even though piracy is free.
So, the pirates are still going to pirate, and DRM of any flavor likely isn't going to stop them. Copyright owners are going to have to put up with it because every distribution model other than streaming over the web will probably lose them even more money than piracy will in the long run.
It's not like adding EME is suddenly going to allow anyone to do something that they've never done before.
The only ones with true root access are Apple and Samsung/Google.
More and more it feels like we are reinventing the mainframe/minicomp era.
And it's only getting worse. The SVG path grammar for instance will get even more complex in SVG2 even though many implementations for parsing it are buggy.
1. No more fudging autoplay anything. Win.
2. Media interface can be DRMd (if you're a fool / slave to the boss) or free.
3. Instant DRM-free ecosystem.
For _text_, tabs and such somewhat make sense.
For audio/video, they almost never do. I can _listen_ to one stream at a time. I might be able to watch 2-3, but only one's going to be getting any attention, the others are, say, monitored for intrest (something software should be able to do far better than I).
I've argued for some time that "the browser" should be divided into about 4 distinct apps. It's already partway there.
1. Reading / commenting / research. Essentially _no_ remotely-imposed style. Support front/index, gallery, article, and discussion formats, possibly a few others, _whose rendering properties are defined locally_, by the user. Pocket, Readability (which appears all but dead), Instapaper, and Pinboard all fit this model. Arguably emacs as well.
2. An app framework. This is where Chrome is headed, possibly Firefox too.
3. A dedicated commerce app. Privacy, security, feedback, etc., within it. We've got a few candidates in iTunes / Apple Store, Google Play, and Amazon Store. I'd prefer an open version, not sure we'll see it.
4. A multimedia app. Podcasts, streams, and media downloads, with scheduling, queue management, high-level and consistent playback controls (fast/slow, fwd/back, skip), etc. The idea being that only one damned item at a time would be played, and you could control your media from one damned place.
I've been exceptionally dissatisfied with the State of the Web since ~2009.