Hacker News new | comments | show | ask | jobs | submit login
W3C abandons consensus, standardizes DRM, EFF resigns (boingboing.net)
2735 points by guelo 67 days ago | hide | past | web | favorite | 978 comments



Basically, unless you are writing a browser with decent marketshare, you defacto have no voice in making the standards. Basically, the only voices that matter are Mozilla (Firefox), Apple (Safari), Google(Chrome), and Microsoft (Edge/Explorer). Despite what any standard says, web developers are going to go by the behavior of the browsers do. The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.


The web has been engineered to a complexity level so grossly obscene that it is all but impossible for independent developers to produce fully independent web browsers anymore. You would need hundreds of millions of dollars in capital and strong leadership to produce a browser that would be successful in today's world.

I could dedicate the rest of my life working 100 hours a week on a browser, and I would die before I had something that could compete with browsers of 2017, let alone of the browsers far into the future at my demise. The standards grow in complexity faster than a small team of developers could possibly keep up with.

The best we have are attempts at forks of major browser engines, which will never gain any serious traction to have any power over the direction of web standards.

If people want to do something about it, they need to fork the web itself. HTTP, TLS, HTML, CSS, JS ... the entire stack needs to be scrapped and replaced with something sensible with a focus on simplicity. If a single highly talented developer working full-time can't implement a reasonable browser within a year, then the standard is too complex. This will of course never happen.

And so, on the subject of DRM, we've officially lost the war today. And combined with the impending loss of net neutrality, brace yourselves everyone: it's only going to get worse from here on out.


If we want to win that war, we should focus on content not technology, Mosaic got a lead in the game because, despite the 'techies' seeing no use for images, image support was added, with images came the transition of media, users were au fait with articles containing text and images and could now experience similar on line, this alone was not enough, content creators starting creating content that people wanted to consume, that's what drove people to 'get online', they were missing out.

Don't get me wrong, it's still a long shot, but if an organisation could build a raft of talent, get that talent to make content that was only available on an open and progressive platform, then you might get some traction. So what might that look like, well, say I had the funds to secure 100 of the worlds best financial journalists and only delivered that content on a novel protocol, do you think I might be able to persuade some people to run a novel application to access that content, oh hang on, did I just describe Bloomberg...


I agree.

Back in the dark ages, when the battle of www vs Gopher was still on, I sided heavily on the side of Gopher because it didn't get in the way of the content. Gopher was a means to navigate the maze of content and most of the content was textual, postscript and neatly typeset. You could sit down with it and read it focused or print it out.

We've regressed to the point where 5KiB of text comes with 2MiB of crap, meaning a noise to signal ratio of 26dB which is insane!

Really Gopher is dead though. We could do with a fresh start. A search engine like WAIS, a menu system like Gopher and a standard document format that allows you to get quality content on everything from your e-reader to paper without having to read some fucked up ebook flow layout conversion. And not postscript. Something you can author by hand.

I've even had enough of building things on the web. It is a horrible horrible thing to have to do. I envy system programmers who never see the pain of trying to keep a very large web application secure at even a basic level.


> We've regressed to the point where 5KiB of text comes with 2MiB of crap, meaning a noise to signal ratio of 26dB which is insane!

Unfortunately that's what the average layman wants. They want the SPA experience. That's what they want to pay for. What kind of professional am I if I don't give people what they want to pay for?

> I've even had enough of building things on the web. It is a horrible horrible thing to have to do. I envy system programmers who never see the pain of trying to keep a very large web application secure at even a basic level.

I build and maintain full stack web applications for my day job. Man, is it a pain. Between the database setup, server setup, back end application, front end application, security concerns, and browser compatibility issues, I rarely get to spend any time at all working on the business logic. Seriously, modern web development is 90% chasing down bugs, security enforcement, and fixing compatibility issues. Writing the business logic is the easy part.


>Seriously, modern web development is 90% chasing down bugs, security enforcement, and fixing compatibility issues.

That's true of most modern development. It might be more painful on the web, I wouldn't know, but systems programming is not really any different.


I think the only real difference is that, generally speaking, systems programming standards and best practices don't change weekly. Or, maybe they do. I don't work in that field professionally.


> Unfortunately that's what the average layman wants. They want the SPA experience.

What about that experience do they want, and how do you know they want it? Engagement metrics can make auto-playing video look like a great idea, but people dislike it enough that browsers are starting to block it.


> We've regressed to the point where 5KiB of text comes with 2MiB of crap, meaning a noise to signal ratio of 26dB which is insane!

Sadly the average clickbait article contains a lot less than 5000 characfters of actual text.


I don't see why these webpages need to be so huge. If websites used HTML5 properly and used CSS more extensively, a lot of the crap I feel could be removed.

Seriously, aside from graphics and video, what is taking up the size of these pages? Mountains of JavaScript?


As someone who used to work for a web optimization company, yes mountains of Javascript. Javascript for analytics, javascript for transitions, javascript for DRM, javascript for updating pricing in real time, javascript for fonts, javascript for colors, javascript to lazy load the images....six different style sheets and images that are downloaded and resized client side...and this is just the navigation bar.


Just for fun I like to pull up the browser diagnostics on pages, and watch the absurd number of requests build up. It's insane how much junk is downloaded on seemingly simple sites.


It's only insane if you subscribe to the idea that the 5 kibibytes of content is the purpose of a news or other site. Maybe as a user that's what you came for, but from a business perspective the purpose of the piece is to sneak 2 mebibytes of crap into your life. The snr on that is much better.

It's only insane if you have the tools to look at what's happening under the hood. Most people don't have any idea.


Hah... the _content_ is the noise in that case!


It's insane if you're paying for mobile data.


> And not postscript. Something you can author by hand.

How about TeX? Many sites already use js libraries that integrate latex.


I hope this was intended as a joke? Most users struggle with simple typesetting conventions like underscore/asterisk. HTML tags (or CSS) are out of reach for the vast majority. TeX isn't even part of the known universe for users!


> HTML tags (or CSS) are out of reach for the vast majority

CSS sure, but most people can learn the basic html tags in a minute. Same for the basic latex conventions.


I think this is a case where struggling == "doesn't want to learn". It's important to distinguish so you don't waste time trying to help the latter.


Not the worst idea. However not the best. Something between that and markdown.


Markdown is a bad joke.


It's really fine for casual documentation. I wouldn't write a book or a paper in it though.


For a straight-text book, actually, Markdown is excellent. You can include images, or for technical content, tables, easily.

Technical papers with formulae and complex references are slightly more detailed, but that ends up being gloss. Even LaTeX for a simple text is quite minimal (though you need the starting template).

Source: I've made something of a hobby of marking up source docs into HTML, LaTeX, and Markdown. Of the set, Markdown would be my first go-to, and I've used it for some book-length projects.

Example here: https://ello.co/dredmorbius/post/lhw2eq4qmnnwxijlcrfyba


> For a straight-text book, actually, Markdown is excellent. You can include images, or for technical content, tables, easily.

I would probably use org-mode for that.


Another solid option, yes.


R Markdown is a joy to use and people even do write books with it!


This is why I usually use just lynx.


I would but hardly anything works in it which is the problem.


I may be wrong, but isn't connecting to a web server by lynx illegal (considered "hacking") in some countries? I remember a case in the UK around the time of the London olympic games.


I'm not familiar with that case, but I don't think an accusation that using a text mode browser like Lynx constitutes "hacking" would stand up to any type of scrutiny. (I'm not a lawyer and I'm in the US; things may differ in the UK).

Lawyers will make the most egregious leaps and grasps to paint the opposing party in the worst light possible, especially in the early stages of the case, because if they don't claim that Lynx is a "hacker's tool" in the initial pleadings, then it may be looked upon with suspicion if they try to raise that point later. So they are essentially trying to reserve as many potentially beneficial claims as they can at once, including (and especially) any claim that may portend that the other party is a devious scoundrel with the worst possible intentions.

Lawyers will thus front-load with every kind of tenuous, ridiculous accusation they can (without presenting a significant risk to the licensing), expecting some of it to get "laughed out of court", just so that on the off chance that it doesn't, it will help their case.

I'm sure a real lawyer would contest that to some extent, and I'm sure there is slightly more nuance to it than that, but that is my layman's assessment and I think it is roughly accurate.

The takeaway is not to take legal pleadings too seriously, because the goal is not to find justice per se. It is for your side to win, to get what it wants, under the assumption that that automatically represents justice.


Please note that this wasn't related to some lawyer actions, but the Metropolitan Police's Computer Crime Unit acting on the basis of suspected offence under the Computer Misuse Act. The offensive act occurred while the browser was used for making a donation at a tsunami related website of the Disasters and Emergency Committee, where the browser showed up as an "unusual event" in the access logs.

I believe, the case is part of a more general theme (which is, indeed, related to the EME topic): There's a perceptible will to regulate any kind of browsing into consumer-style app usage. E.g., manually entering a URL ("URL hacking") has been considered a fraud attempt; using a browser which only supports the basic protocol set and not all of it is considered as possibly related to intrusion and terrorism (oh, that T-word again). In the end, we may wake up with the law enforcing a certain, standardized life style. We may wake up with a deregulated companies and strictly regulated citizens.


I understand you're referring to a criminal prosecution. Criminal prosecutors are, from my limited observations as a layperson with a minor interest in law, more guilty of this than anyone. They go hyper-aggressive on charges, expecting them to be pared down. Some of it is a ploy to get a quick plea. There is an element of calling the bluff, and the defendant's attorney would have to evaluate the situation and advise whether or not that was smart in the given case.

This is not to say there aren't ridiculous prosecutions that run their course, especially in niche areas that aren't widely understood and thus hard to create public outcry over, like insider trading or computer crimes. It's just to indicate that using Lynx, by itself, is not considered criminal by any sane person. It's a nit the prosecutors pick when they're trying to nail you on something larger, a detail they exaggerate to attempt to create the impression of one's villainous ways.

Just don't want people to uninstall Lynx in fear that they'll be arrested for firing it up. :)

EDIT: From re-reading your comment, it seems you're suggesting that this wasn't part of a larger operation, but that actual charges were brought because of a single aberrant entry in the access logs? I find this hard to imagine, but if true, I would guess that this is more along the lines of "abuse of police power to harass an enemy" than "literally a random dude who just visited our site in a text-based browser". I've read access logs for many years now and even small sites get all kinds of weird things in there, it doesn't seem plausible that something like that would flag off any kind of detector. Do you have a link to more details about the case?


I'd hypothesise that anyone skilled enough to be using a text browser is also skilled enough to be a "hacker" and will most likely have a computer filled with "hacking tools" and other "circumvention devices".

Basically anyone that can use a text based browser also is using some form of *nix and knows how to handle a command line application. They probably tinker with computers and so have many low level tools at their disposal.


It can never be illegal to use any tool. It is the intent and action carried out with the tool that decides whether it is illegal.

Consider the difference carrying a knife, being a hunter, and carrying a knife being a bankrobber and going into a bank to use it.


Compare Linux Reviews, "Solaris-user arrested by British Police for using Lynx" -- http://linuxreviews.org/news/2005/01/28_0001/28_0001.html.en


That is scary indeed. Was he convicted? Police do make mistakes and one can only hope that they are corrected.


I faintly recall reading (to my utter astonishment) that he was at least not freed from the accusation as you would have expected. I tried a search for any follow-ups, but to no avail. Maybe due to the "right to forget." (Information conveyed without warranty, liability or claim of correctness. It has been 12 years since, I may be in error.)


He might have never been charged, and being released without charge is rarely reported.


> It can never be illegal to use any tool. It is the intent and action carried out with the tool that decides whether it is illegal.

Since illegality is, literally, whatever is contrary to the law, anything at all can be illegal. We can hope that crazy things won't be illegal, and decry their illegality—but, since it's convenient for a government to impose sufficiently many laws that anyone can have some infraction pinned on him or her (https://www.youtube.com/watch?v=JwsLAqjqnxo), to say that any particular thing can't be illegal is probably wishful thinking.


Oh it most certainly can... it SHOULDN'T but it absolutely can.


Perhaps the knife was a bit exagerated. It will be considered a weapon in many jurisdictions. Lynx however will/should hardly be considered a hacking tool. curl has been in deep waters many times, equally perplexing as the lynx scenario. https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warnin...


I don't see any way to win that war. The IP oligarchs have won it. They own the W3C now.

But there is clearly a demand for DRM-free browsers. And if the worst fears are realized, and mainstream browsers won't display media without DRM, or become snooping devices for IP oligarchs, that demand will increase.

Sure, it'll never be more than a niche, but DRM-free browsers will be there for those who want them.


There's an easy way to win that war: diversify the content you consume. If you're willing to step outside of the immensely popular, there are great treasures to be found.

IP owners are protecting their assets which are worth a lot. The irony is that the value of those assets come from us content consumers. And I'll be the first to admit that I'm a lot less interested in the local amateur hockey team than the national league team I follow. I chose to consume that brand. But I don't have to.

Yes I lament the loss of a vision for free-flowing information. But the society in which we live, unfortunately, values and protects powerful asset owners. Technology cannot fix a society problem.


For individuals, sure. But the war was about norms for the Web. And that's lost. Again, by the way. The first time, as I recall, being in ~1995, when the commercial takeover really got started. So it goes.


> mainstream browsers won't display media without DRM

Seriously?

Nothing has really changed, has it? Video services want to use DRM so they developed or bought tools to do so. A de facto standard emerged around the frameworks and the W3C essentially ratified the standard. If I understand it correctly, the standard itself isn't DRM, rather it's a place where DRM controls can be installed.

I get that the EFF saw this as an opportunity to ask for a promise from DRM companies to not sue researchers and I applaud them for that. But now that they lost that battle, I think it's entirely appropriate for them to drop out and apply their resources elsewhere. For example, if they can get rid of the ability to sue researchers in the first place, then none of this really matters.

I don't think there's a demand for DRM free browsers but there is a demand for DRM free content.


This is a paranoid slippery slope.

EME existed for several years already, and was implemented in browsers. Standardization doesn't change much.

And no one except the big movie producers even wants to use DRM. If you don't watch movies on the web, you'll never see DRM.

Firefox is DRM-free by default. It will download Widevine CDM if you start watching Netflix, but you can untick a flag in the settings to completely forbid it from downloading the CDM, if you're afraid of accidentally signing up for Netflix :D


> Firefox is DRM-free by default.

It is now. But next year? In five years? And if it's gone, then what?

> This is a paranoid slippery slope.

Well, it's a slippery slope. And I do tend to plan for the worst. Plus a safety factor.


Open source software can never be completely "gone".

The "OMG EVERYTHING WILL BE DRM" panic is not new. We've had widely available DRM back when Flash was super popular. And still, to this day, the only DRM'd thing is movies.


The only thing? What about computer software?

Maybe you meant to type 'the only thing I care about'.


I actually don't care about movies, very rarely watch them at all. The vast majority of video I watch is YouTube.

I meant to type "I never actually saw DRM on the web in person".

Also, proprietary desktop software is still usually "protected" by just a serial number :D


> Also, proprietary desktop software is still usually "protected" by just a serial number :D

The ineffectuality of most DRM isn't really an argument for it (or even just an argument against arguments against it), though.


> Also, proprietary desktop software is still usually "protected" by just a serial number :D

Not really; there's a lot of sophisticated DRM going around at least since the 70's..


> But there is clearly a demand for DRM-free browsers.

There is not a demand for DRM-free browser.

I don't know anyone in the real world that demands a DRM-free browser.


They probably won't tell you what they really want ;)


I've no crystal ball, so looking back, monopolies and incumbent monoliths encounter resistance as they mature, there are more examples of the status quo being that they wither under the weight of complexity, this is certainly not over while consumers consume content, consumers own their time, content creators own their content, everything else is middleman stuff.


You wouldn't need to scrap all of it by a long shot. You could take a small subset of the stack and make something enormously simpler to implement. Start with supporting only one version of HTTP, TLS, (X)HTML, CSS and JS and fork them if necessary. Even drop CSS to start with and finally start relying on semantic markup and good browser defaults. Use existing open source libraries where available, such as for TLS and markup/media parsing. Pull out libraries for everything so the browser is easily composable and forkable. You don't want JS support at all? Compile without it.


Not many would be interested in an un-designable web. It bares no comparison to what browsers are capable of delivering for UX currently.

What you are suggesting then, a non-comparable browser experience, already exists and has for years, yet to no avail. You would get niche technologists and die hard enthusiasts only and the rest of the world would trudge happily into the future, DRM and net nutrality distant memories.

What you and I want, what HN and friends want, is not even a debate most realise is happening let alone that it affects them and will affect them profoundly in the future.

The masses are deciding what our internet will look like for they comandeered it years ago.


Yeah, yeah, the world is going to shit and nobody cares. How about doing something about it instead of telling everybody it can't possibly work? And why do we need the rest of the world on the bandwagon for it to work? The web was built without the masses, and still is. The open web still vastly outweighs the closed parts in amount of content. A bunch of freedom stealing technologies have died silently over the years despite often resulting in "cool" UX wholly different from plain HTML, such as Flash, Silverlight, and Java applets. EME is a fundamentally different wedge inserted between users and their machines by evil corporations, but not one that is in any way unbeatable. So screw 'em, and let's fork the web!


Forking the technologies that underpin the platform of the web I think tackles the wrong problem. The problem I see facing the open web is the consolidation of users and services into single platforms. Facebook is an easy example. You can build a Facebook alternative with any technology you like, it would take a completely different force to change the social paradigm around it.

The great thing about the open web that you rightly mention is still kicking, is that it's full of places and services that are driven by humans and passionate communities. Nothing about EME stops those communities existing, but nothing about those communities is going to stop Netflix being the most popular platform and using EME/DRM.

If you will excuse my fluffy analogy, the web is a farmers market that has a shopping mall being built right next door. What I think would help the web, is educating people that it's better to go to the farmers market so that we can support entrepreneurial and local community endeavors rather than stuffing corporate coffers and enabling that consolidation.


> Start with supporting only one version of HTTP, TLS, (X)HTML, CSS and JS and fork them if necessary.

The support for different versions that does exist in browsers tends to be minute: ripping out support for older versions would cut out almost no code, because there's basically nothing specifically handling them. (Heck, the only forks in CSS are for quirks and limited quirks mode, and both of them affect very, very little of the layout engine.)


Now that's an idea I could get behind !


> If people want to do something about it, they need to fork the web itself. HTTP, TLS, HTML, CSS, JS ... the entire stack needs to be scrapped and replaced with something sensible with a focus on simplicity.

That's flash.


> That's flash

Comedy aside, CSS isn't the problem, but if an experienced web-dev can't make a site without learning for 5+ years and then feel like they have no knowledge of web development then we have a problem, and that's where we are now.

The problem with the long list of frameworks and libraries available is that there is no easy way to make a web2.0 site without years and years of learning and then the resulting site is a mish-mash of what works without it being easy to maintain. Sitting here looking at .NET & angularjs 1.x and wondering where it all went wrong (actually, not the.,NET part, that seems to work).


What do you mean by "make a site"? I made qemu.org last year with 10-years-old knowledge of web development and, apart from the obviously not-done-by-a-graphics-designer theme, it _is_ a decent site, responsive and with a 2010s-ish look.

99% of websites can be done with either a static generator (lean) or WordPress (somewhat bloated, but really mostly standard libraries that can be cached and/or served by a CDN). The remaining 1% are the really bloated ones and sure they are the ones that we visit all the time (medium, BBC, whatever). But it's certainly possible to make a site with not too much knowledge of web development.


edit: ignore the huffy tone this came out in, it wasn't meant that way, early morning.

I was talking about work as a professional developer. We can all 'make a site', there exists any number of solutions for that, CMSes like Wordpress, Drupal etc don't count in this argument unless _you_ wrote Wordpress or Drupal from the ground up. Being a wordpress hack isn't being a developer. You won't ever be asked to write something straightforward in enterprise, you'll need to know at least HTML5 & CSS & angular 1.0 & 2+ (or similar) & docker & gulp/grunt & backend & databases & jenkins & MVC & node/npm & version control & bootstrap (or similar) and and and.

99% of sites outside of a company that makes real money and doesn't just serve a page are sites that aren't what developers actually do at work.


CSS makes semantic markup work. CSS is not the issue, the issue is getting a decent graphical editor that does it well.


Correction: its the loss of _American_ net neutrality, places such as the EU for example already has enforced net neutrality for all members.


I don't think that's strictly true. For example many mobile ISPs here meter data differently depending on whether it's from their fav websites (Facebook, Snapchat, Netflix etc.) or from the lame weird web where nerds go.


Agree. Here's how to approach it, imho:

1. Assume we will eventually converge to a virtual machine target like WASM. Thus, eventually, browsers will only have to implement the low-level instructions of WASM, which will make building a browser much simpler. Note that as a side-effect, browsers may also become more secure.

2. Start with a working webbrowser, like Firefox or Chromium.

3. Step by step, move functionality from the browser into the browser's user-space. Eventually, JavaScript and the rendering of CSS and HTML will run in the browser's user-space.


I think you're right, but only for a narrow definition of "browser". Sure, something that looks and works exactly like Chrome, Safari, et. al. would be a gargantuan effort for a sole developer. But an 'HTTP client' can take many forms and still offer value, even advantages over the existing browsers which serve a very specific remit.

A basic text browser is the kind of thing that's buildable in a year. Moreover, once you start building that, maybe you have an idea for certain features that current browsers don't do well (bookmarking, navigation) or at all (change monitoring, api integration, editing).

I'm optimistic that there is a lot of unlocked potential in the HTTP/HTML platform.


Should a single developer working full time be able to implement an OS within a year?

The web is pretty much an operating system.


Ideally, yes. It may not've been popular at that point, but Linus did. But what about the next Linus of 2017? Something like that's not going to be possible anymore. Just the basic necessary hardware drivers alone. The hardest challenge for Linux was just avoiding Winmodems. These days the entire nouveau project with years of research can't even manage to change the clock speed of your GPU. VESA's been all but abandoned so there's not even a way to set a widescreen framebuffer anymore for pure software rendering.

Nothing is gained from having hopelessly complex technology.


The next Linus of 2017 will be on a completely different platform, not PCs or smartphones. That's the nature of disruptive innovations.


You say that like Linus didn't write linux on the same platform everyone else was using


We should all move back to gopher. Seriously.


I call dibs on the first gopher based social network...

[edit] So I've read the RFC (https://tools.ietf.org/html/rfc1436) looks like it should be fairly simple, we can run gopher servers on both user machine and remote servers, so I can store my personal details locally, then give permission to other remote gopher servers to access that in a granular manner, third parties can operate gopher servers I can interface with to access 'cloud' style computing, storage, search, and manage contacts/calendars, sorted :)

[edit 2] Looks like Gopher has a pulse, you can access around 4.9 million unique 'files' using an HTML>Gopher tool run on this site http://gopher.floodgap.com/gopher/ here's a nice Ars write up https://arstechnica.com/tech-policy/2009/11/the-web-may-have...

[edit 3] My build of firefox does not seem to have Gopher support, it recognises the link (chrome just does nothing), but asks you for a local application to fulfil the request :( [edit 4] It's now a plugin for firefox, https://addons.mozilla.org/en-US/firefox/addon/overbiteff/


Cool, I'm searching Gopher, and it works :) Nice and quick, no tracking, no ads, just need something to consume, anyone want to help me whip up an HN > Gopher widget ;)


there's nothing new right, gopher://hngopher.com/1


I am all for text-only, structured web; but gopher transfer protocol is broken mess (which is an achievement considering simplicity of it's purpose).


Why stop with creating a browser from scratch? You'll need hundreds of millions of dollars in capital just to build your own compiler technology that would be successful enough and incorporates enough instruction set optimizations present in commercial CPUs that your custom browser can be built upon.

Maybe you'll need your own hardware as well...


I am hoping feature-testing continues to be a good practice - I don't expect to have webgl, the webusb, or webaudio APIs available...


ehhh HTML parsers/DOMs are trivially easy to write. after that you need to go get a JS lib (like ducktape) and write a css and json parser.

After that all you need is a layout engine, which GUI tookits like tk and gtk+ already have for text editing.


Parsers for valid HTML are trivially easy to write. The hard part is dealing with garbage HTML tag soup and still rendering something that looks good. Browsers have to figure out what the page author intended and work around all the content defects.


Parsers for invalid HTML are trivially easy to write: you literally just implement the spec, and that's not hard, and then you implement every major browser.


You're joking right? Sometimes it's hard to tell...


I'm not joking. It's not that hard. You literally pick up the spec and implement it, it's mostly just fairly boring menial work.


I think you misunderstood. There is no "spec" for handling all of the invalid HTML out there. That's part of what makes writing a browser so hard. It's far from being menial work.


AFAIK all major browsers have converged on the parsing algorithm described in the HTML5 spec.

It‘s super lenient and very messy but at least it‘s consistent.

IMHO this was one of the biggest benefits coming out of the HTML5 efforts.


Indeed. 15 years ago it was a huge amount of work reverse-engineering other browsers around parser behaviour; 10 years ago it was a huge amount of work finding where the draft spec broke sites; today it's pretty much just implementing the spec.


as the standard gets bloatted, new players could leverage this weakness and build something entirely new. yes, reinvent the wheel. =)


This is really the issue. If we could convince media rightsholders that DRM is harmful and unnecessary then all of this heartache wouldn't be necessary.

I don't expect this to happen in my lifetime. Any slight glimmer of hope from Apple ditching DRM on iTunes has died as nobody else shows the slightest interest in following their lead.


It seems self-evidently unharmful, in that we appear to be in a golden era of delivering content online so extraordinary that it threatens traditional television networks.

I understand that this is an extremely unpopular sentiment on HN, but here goes: at least with respect to video content, the industry seems to have largely proven DRM concerns unfounded.

Update: modulo the Hickson concerns below. Continuing:

DRM certainly has kept some (power) user-friendly features off the market. You can take this as a serious harm inflicted by DRM. But I don't think it's reasonable to take that harm in isolation; the alternative isn't simply a world with no such limitations, but also a world with less content made available online.

But I don't see a lot of evidence that those limitations, if genuinely important to users, can't be competed away. The restrictions might be dealbreakers for Paramount, but in 2017, Netflix can route around Paramount.


There are additional concerns associated with DRM that aren't revealed in the Hickson post - he speaks solely to the point of intention behind DRM. That begs the question: are there unintended victims of DRM?

Yes, there are.

Copyright law in most countries is the result of a long history of back-and-forth fighting between content creators and content consumers. Copyright infringement has a number of carve-outs that allow people to access works in specific circumstances. Canada's copyright act, for instance, has a section which enumerates a number of these.

29 - Exceptions 29 - Fair Dealing 29.21 - Non-commercial User-generated Content 29.22 - Reproduction for Private Purposes 29.23 - Fixing Signals and Recording Programs for Later Listening or Viewing 29.24 - Backup Copies 29.3 - Acts Undertaken without Motive of Gain 29.4 - Educational Institutions 30.1 - Libraries, Archives and Museums 30.3 - Machines Installed in Educational Institutions, Libraries, Archives and Museums 30.4 - Libraries, Archives and Museums in Educational Institutions 30.5 - Library and Archives of Canada 30.6 - Computer Programs 30.62 - Encryption Research 30.63 - Security 30.7 - Incidental Inclusion 30.71 - Temporary Reproductions for Technological Processes 30.8 - Ephemeral Recordings 31 - Retransmission 31.1 - Network Services 32 - Persons with Perceptual Disabilities 32.1 - Statutory Obligations 32.2 - Miscellaneous

Before continuing with the discussion regarding how DRM is not an issue, take a look at the exceptions in your own country.

These are not small losses, but they are a negative space. You won't know what you're missing because now it just plain won't happen.


> between content creators and content consumers

I think of it as the triumvirate of creators, owners (distributors) and consumers. The owners argue as if they create, the do not, they simply own the rights to distribute and take money. The vast majority of creators are getting shafted as well.


>The owners argue as if they create, the do not, they simply own the rights to distribute and take money.

No. Creators are the owners of whatever they create unless and until they sign those rights away. And they sign it away for something they get in return.

It may well be that the media industry is structured in a way that puts creators at an unfair disadvantage in their dealings with media companies. If that is so then it should change.

But using this issue to justify completely unrestricted copying of all content regardless of what creators want is a cop out. Invoking the big business bogeyman as the sole response to all copyright issues is unconvincing, insufficient and ineffective.

What we need is a form of DRM that guarantees fair use rights and doesn't give draconian enforcement and surveillance powers to copyright owners.


This. I think people forget that just because big companies are pushing it doesn't mean everyone who creates and wants limited protections is working under a big company's banner.

For me, streaming is a concession to people who prefer it to owning their music. I don't want them ripping a stream I made $0.004 on (at best) thinking it's a fair exchange of value. My focus is on Bandcamp and other stores that offer DRM-free downloads. Without some kind of friction for copying off streaming sites, if you could just click "download" and not pay me anything, I just wouldn't put my music there.

My belief is someone who goes and pays a fair amount for the music understands it costs money to create, and will encourage the people they share it with under the CC BY-NC-ND 3.0 license to help me make more by buying their own copy (or a subscription).


Which is why I buy my music from DRM free, full fidelity sites like Bandcamp.


You are putting words in my mouth. I didn't use corporate rights holder argument to justify unrestricted copying. But DRM is enforce market and device segmentation, not to empower content _creators_.


>DRM certainly has kept some (power) user-friendly features off the market.

Is watching Netflix at 1080p or more a power user feature? Because currently that's heavily restricted by DRM. Not possible on any open-source operating system, restricted to a few browsers on Mac and Windows. 4K is only enabled on Microsoft Edge and only if you also activate a bunch of hardware DRM features. So I have to watch 720p content on a 1440p screen which is ridiculous.

>But I don't see a lot of evidence that those limitations, if genuinely important to users, can't be competed away.

Amazon Prime imposes similar restrictions and is only slightly better at providing 1080p. Meanwhile piratebay still has more choice with more quality and is the only hope at "competition" to make them change their minds.

We are in a world where picking your devices freely is blocked by Amazon/Netflix and the content providers while at the same time those same companies want us to help them push for net neutrality. Commoditize the industries you depend on and capture the ones that depend on you seems to be the play and we should fight it wherever we can.


> Is watching Netflix at 1080p or more a power user feature? Because currently that's heavily restricted by DRM. Not possible on any open-source operating system, restricted to a few browsers on Mac and Windows.

Consuming content anything else than the mainstream browsers on anything else than the mainstream operating systems or devices is definitely a power user feature, yes.


I guess Google Chrome on Windows must be a niche thing then. Because that only gets 720p.


> Not possible on any open-source operating system

So where do you get more than 720p if you don't get it neither on open source operating systems nor on Chrome on Windows? If you get 720p max everywhere, why do you think this has anything to do with DRM?


You do get better quality, but only if your system has an OS-level DRM implementation and the browser uses it. This is the case for IE Edge on recent Windows, but not much else.

Chrome on Windows uses its own Widevine DRM implementation instead of the OS-integrated one.

This shitshow is referred to as "robustness requirements" and Netflix apparently agreed to serve high-resolution video only to DRM implementations of certain "robustness" level (OS-integrated DRM with video drivers that co-conspire in enforcing restrictions on the actual device owner).


All this complexity to protect the content and yet there isn't a movie or TV show out there you can't find in crisp 1080p on Usenet or torrent sites with one quick search.


That's the maddening part that's driving me away from Netflix and similar services. I am completely willing to a pay reasonable sum for content, and the current batch of media providers do a tolerable job, but limiting the image quality because my computer is too free is just silly.

I can get the exact same episode or film — in any resolution — on my HTPC in five minutes, DRM free, by breaking the rules.


Netflix's Windows Store app doesn't have the 720p limitation. I think it may just be a thin shell around Edge, but I'm not 100% sure. It definitely has to do with DRM.


You can see the system requirements here:

https://help.netflix.com/en/node/23742

1080p is available on Explorer/Windows and Safari/OSX. 4K is available on Edge/Windows with HDCP 2.2 and "Intel's 7th generation Core CPU".


On televisions. Most 4k TVs and the increasingly common 4k streaming boxes support 4k playback for the major services that offer it (basically Netflix and Amazon AFAIK).

I don't know if this has much to do with DRM, or if it's just a matter of supporting HEVC.


I think you're discounting the opportunity cost here.

In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers. We could be in a DRM-free world, without the inconveniences of elaborate technical restrictions on pass-through and mutual device compatibility, or black box binary blobs on otherwise open source operating systems.

With a look on TPB, it seems evident that DRM doesn't work to prevent piracy. Any technical means that would be used to download a rate-adaptive video stream and save locally in the absence of DRM would seem to me to be more involved for the end consumer than downloading pirated media directly - so I don't think DRM even works as a speed-bump.

A standards body is a great place to achieve consensus around a negotiating position. I don't think the consensus that was reached was the one that leads to the best final result. The distance between where we are now, and that final result, is the cost of this decision.


I see how that gets us to a DRM-free world, but not so much why ordinary consumers would care. To a first approximation, no ordinary consumer uses TPB. Unauthorized copies are less convenient (especially since mainstream playback devices won't play them) and frequently of lower quality. The price point for legitimate copies is low enough that the purchase decision isn't that hard.

A standards body is a great place to achieve consensus around a negotiating position, but a pretty big chunk of this standards body doesn't want the negotiating position you want.


The arguments I've seen in favour of supporting DRM are all about enabling the delivery of "protected" media to the consumer - but it's competition of a Prisoner's dilemma kind that drives them there.

If any one vendor - it doesn't matter whether it's a browser, or an operating system, or a graphics card, or a monitor, etc. - agrees to add DRM technology, they hope they'll get an increase in usage / sales at the margin by convincing shy media producers to distribute.

The only way to stop it is to band together and refuse across the board. Individually, everybody gets picked off. You can't be the only monitor that can't play movies, or the only browser that can't show the latest episode of GoT.


Your points about usage of TPB, less convenience, lower quality, cost being low enough - all of them seem to be from the U.S. or first world perspective. In many other countries, TPB or equivalent is very common across classes of people (not just students but also workers in different non-technology industries). Unauthorized copies are more convenient because most people watch media on a tiny laptop or a small monitor desktop (often several years old or low end), where a free VLC or other player will play whatever is thrown at it. Quality of the video/audio isn't a big deal on these lower end, smaller screen and older devices (plus, many people may prefer lower quality for the lower data consumed from a broadband connection).

One might argue that these people would never pay for content and so mustn't be considered when talking about paid content. But given a chance not to jump through hoops and with geography specific pricing, there are ways to get people to pay. That could add up when done right on a large population base. Right now the big content houses are literally leaving money on the table and encouraging piracy (to put it in a different way)!


> TPB, less convenience, lower quality

For me, a DRM-free experience is one I can enjoy on all platforms and devices I have. It also has a much better general UX.

Measured in all ways I can measure quality, DRM only reduces it. Thus sites like TPB still has the upper hand for people who care about quality, portability and UX.


TPB quality is usually very good, 1GB per hour is common and 4GB per hour is possible for high demand stuff. Plus you get a much better library. A fast internet connection makes the inconvenience of downloading vs. streaming go away.


1GB per hour isn't enough if you have a big screen (I use a 100" screen with projector). Not even Amazon encodes video well, they have particularly poor colour quantization that ends up filling the screen with blotchy seas of uniform colour; Netflix has the best encoding settings IME.


You are not downloading the right type releases.

WRT movies:

WEBDL is usually 4-5GB

720p Bluray: 6GB

1080p: 8GB and up.


Right, so since movies are about 2 hours, divide those numbers by 2 to get GB per hour. It's hard to find that quality for good but unpopular movies or shows. But then again, it's usually hard to find good but unpopular movies or shows at all on Netflix.


Not to mention that you can usually start streaming a decent torrent after the first 10%.


The tracker/torrent numbers I see are consistent with more than a quarter of US college-aged people using them, and more than three quarters watching media obtained that way—those are better numbers than HBO. It absolutely has a role in tastemaking.


Curious, who publishes figures on this?


>To a first approximation, no ordinary consumer uses TPB.

I'm not sure how true that is. Currently getting content is easy enough that the average consumer doesn't use it, but at least back in the mid 00's the technical people in my social circle got introduced to torrents by people who didn't know how turn off a computer except by unplugging it. They we're willing to take all sorts of risks with their computer on sketchy sites the second it became the easiest way to get their content.

If torrents and piracy become the easiest way again, I could easily see regular people going right back to it.


Related: remember SOPA, and the street protests with which Poland led the way to shutting it down in Europe?

I still really don't think the protests happened because people suddenly became aware of abstract consequences of an obscure deal proposal. But exactly at that time, in an unrelated case, FBI shut down Megavideo, widely used by regular people then. This is what they took as a future of Internet under SOPA, and that's why, I believe (based on first-hand experience), they went to the streets.


Yea, I don't think the op does this himself but as a group the people on hacker news vasciliate between, comouter literacy is the new literacy and something that requires you downloading two programs(Torrent software and VPN) and go to one website, is beyond anyone but software devs. Computer literacy _is_ the new literacy so is it suprising that regular people can start doing things on computers for themselves?


Unauthorized copies tend to be more convenient, since the days of region free DVD players.

I strongly believe that the convenience of Netflix and iTunes only exists because of piracy, and the industry would never have chosen it otherwise. They'd be stuck on pay per view.


That's only true if you ignore the problem of malware getting on people's systems via pirated downloads. This is a large and significant source of malware (as people tend to override virus scanners and such).

Piracy does have serious negative side effects on both content creators and end users. It's kind of a hacker fantasy that it doesn't.


> To a first approximation, no ordinary consumer uses TPB.

Ordinary consumers get it via sneaker-net on a USB key that they can now plug directly into their TV. Before that there was pirated DVD's and video cassettes, but the ease and cost of piracy is still improving faster than legitimate methods.


Unauthorized copies are less convenient (especially since mainstream playback devices won't play them) and frequently of lower quality.

HD .mkv files can be viewed on virtually any device, including "smart" TVs long forgotten by their manufacturers which do not support Netflix/Roku/whatever apps, open source devices, smartphones, or regular computers. Usually, you just need to plug in a USB drive and press play.

They can also be of arbitrary high quality. And usually higher, not lower than streaming sources which adjust to network conditions.

It's true that the plans at legitimate distributors are currently very inexpensive. A good seedbox will run higher than Spotify and Netflix subscriptions plus a bowl of nachos but neither the quality, nor the choice, or convenience are even close to piracy.


In my experience, it has always been easier to pirate movies and TV shows - especially in the last few years. Netflix only had a few of the shows I watch, I had to get HBO Go for the rest. Now Disney is pulling everything to their service. You need multiple services, each with their own apps. Good luck on a 10Mbps connection. Getting DVDs is impossible less than a year after release. With CouchPotato, I find the movie on IMDb and click a button to add to to downloads. Sonarr downloads new episodes of shows just hours after release. Even Stremio (think PopcornTime, but better) is easier to use than most streaming services.


"lower quality"?

You can download entire BluRay disks, about 40GB, 4K shows, 10GB IIRC.

You are wrong. Pirates have the same or HIGHER quality video in most cases.


> no ordinary consumer uses TPB

In the US, maybe. In some other, less capitalist countries… well, paying for non-physical things seemed ridiculous. Still kinda does, but app stores have somewhat changed that.


In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers.

Doesn't seem obvious to me. Why wouldn't they use their existing native apps?


Netflix, the original HTML DRM-pusher, actually does. For a gazillion kinds of platforms and devices and they're doing fine.

In fact it seems they have apps for all platforms out there, except the traditional desktop, something it would cost them almost nothing to provide on top of their existing app-offerings.

Basically Netflix is the best proof you have that you don't need DRM in HTML.

And yet here we are. It's absolutely infuriating.


So what's the benefit to consumers if streaming services abandon the web? I know of one such service - NowTV, that insisted on me downloading the native app on macOS instead of watching within the browser. Personally I preferred Netflix's browser version, DRM notwithstanding.

DRM is the price that content providers ask of Netflix. Netflix is fine with that, because the alternative is less content. Browser makers are ok with that, because the alternative is fewer people on browsers and more people on native apps. I'm personally ok with that because I dislike installing apps and I prefer the browser, although most people don't have a preference.


So what's the benefit to consumers if streaming services abandon the web?

1. It avoids the ethical problem of pushing DRM onto people who just want a browser. (Firefox does offer a EME-free version, but you have to look for it, when you might not even know what EME is). If a CDM module installed automatically by Firefox becomes an exploit vector, they are ethically responsible, in my opinion.

2. It preserves browser competition. CDM modules only work in approved browsers, so people building new browsers are at a disadvantage. They may be able to use Firefox's sandboxed component, but it's not clear yet.

3. It avoids having second-class OSs for those browsers. For example, Firefox runs on MIPS and SPARC, but the CDM modules don't.

4. It makes it more expensive to use DRM.


> It makes it more expensive to use DRM.

This misses my point. No one cares about DRM - not the streaming service, or the browser vendors or most importantly, the users. Consumers have voted with their wallets on this - they'd rather watch Netflix than torrent.

Maybe I'm being callous, but I don't care much about "the ethical problem of pushing DRM". Nor do I care much about MIPS and SPARC. How many end users are running MIPS and SPARC anyway? And I especially don't care about it being difficult to use DRM. All of this sounds like ideological purity, which in my opinion, is a waste of time.


You asked for benefits, I listed them. I don't care that you don't care :)


That's fair. I'm the first to admit that my personal opinion is irrelevant. I made the mistake of saying "I don't care", hoping you'd understand I meant "the vast majority doesn't care".

Could you list some benefits that would be appreciated by more than 0.1% of society?


Why isn't all software native apps?

It comes down to the same set of reasons.


Most software don't have to choose between giving up DRM or not using web apps. I'm not convinced at all that their choice would be the former, especially since their clients already use native apps heavily.


> In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers. We could be in a DRM-free world, without the inconveniences of elaborate technical restrictions on pass-through and mutual device compatibility, or black box binary blobs on otherwise open source operating systems.

Well, that, or they would have went the direction of newspapers & news - give up on producing quality content, and instead cater to the lowest common denominator by producing the cheapest, most polarising content possible.


In a large way, they already do that. They produce by viewership numbers, DRM or not.


> In a world where browser manufacturers, as a block, refused to implement DRM

This is a world where we were a couple years ago. The content providers used plugins to provide DRM for the raw video (Widevine for example) or serve the video inside a container that has DRM (flash/silverlight). One of the main reasons for flash and silverlight dying away is that browsers could do more and more of what they did. And playing video the way the content producers/distributors wanted is a big part of that.


The really insane part is that the DRM is pointless anyway, you can go onto any file sharing/streaming site within minutes of a Netflix release dropping and it's there in HD.

I still maintain my netflix account 1) because my mum uses it with her Roku and 2) because they should be paid for providing value and good TV.

I have the technical skills (like nearly all HN readers I'd imagine) to stream whatever I want with essentially 0% chance of getting caught but I don't because NF has most of the content I want to watch and I don't watch that much anyway.


> The really insane part is that the DRM is pointless anyway

DRM may be pointless if you think its main goal is a way to prevent people from watching content they did not directly pay for.

But that is missing the point. It does not matter that you, an individual, can break it. It's a divide and conquer strategy: we as a community have to follow the rules and that's what matters.

DRM is about and has been extremely successful at giving content owners leverage over playback devices (you effectively cannot ship a playback device at any real scale without following the rules the content owners set) and transitively to players down the content pipe. That is why it is evil. It's the most clear manifestation of an unjust instrument of power over the user, to put it in Stallman words.


> (you effectively cannot ship a playback device at any real scale without following the rules the content owners set)

Except a desktop PC/laptop - hence https://youtu.be/HUEvRyemKSg


This is a really important talk, here's the Doctorow article based on it, if anyone wants to read instead of watch: https://boingboing.net/2012/01/10/lockdown.html

It's already happening too, note the way Netflix refuses to send higher quality streams to the PC, except through IE/Edge or the native app (which exhibits strange, tell-tale behaviors on multi-monitor setups).


I remember I has signed up for Audible - and was completely prepared to pay their subscription fees, despite a lot of content being available on pirate sites for $0. But I am old enough to value my time and pay reasonable fee for just mere convenience. And also it's the right thing to do, right?

Turned out, however, that I could not play this content on most of my devices, because it was DRMed into something awful, despite being regular sound files that anything can play underneath, and those devices did not support it.

So, I did two things: a) I downloaded the DRMed files that I had on my subscription, and spent an hour (probably should have taken less, but I have never done it before) on extracting regular MP3s from them and b) I cancelled my Audible subscription. So DRM wasn't just pointless to me, it was bad for both myself and Audible (I started with thinking they are awesome and now I low-key despise them).


You can get rid of the DRM easily with FFmpeg:

ffmpeg -activation_bytes 1CEB00DA -i test.aax -vn -c:a copy output.mp4

See: http://ffmpeg.org/ffmpeg-all.html#Audible-AAX


Thank you for that, I have a bunch of Audible titles that I want to listen to but I prefer another audiobook player.

The fact that it's a choice between "use the player I like" and "listen to the books I bought" is why DRM is evil.


I'm an admirer of well-done DRM technology but I think I agree with the subtext here, which is that DRM doesn't have much of a future. Ironically, the thing that is likely to end DRM is standardized DRM. By making it easier for technology/content companies to deal in premium content, content providers are making it easier to compete with them for their middleman role in funding content.


What annoys me is that DRM could be great for consumer privacy. I could have chat windows that are encrypted streams rendered fully in hardware. There are numerous legitimate reason to want to avoid data being generally accessible. But DRM seems to focus exclusively on content.


Maybe Mozilla should up this up to end users. Then Feinstein will make silicon valley break DRM and the NSA will enable 4k Netflix everywhere.


In theory I don't have a problem with DRM if it was "perfect" (worked everywhere, didn't suffer all the problems with current systems) but I just don't see that happening since the incentive to stop at "well it's good enough and it works on 95% of our customers machines" is always there.

I also don't really like blackboxes I can't at least theoretically look at the code for if I want to, I don't like it with the Intel manaement engines (and AMD) etc either but that is a trade off I have to make if I want to run new hardware, compromising my security so I can watch a movie is a lot less enticing.

This is the kind of future I fear https://en.wikipedia.org/wiki/Noir_(novel) (and if anyone is wondering my username isn't a co-incidence).


Standardized DRM also makes it much easier to break and distribute the content. Break it once and you're done. When any vendor can build in whatever kind of DRM they want, it requires a virtual toolkit that can overcome whatever DRM approach the vendor happens to have chosen that day.


The big guys know that DRM doesn't work. DRM is about putting "color onto the bits" so people can be sued.

Nothing more; nothing less.


Far too many people seem to not realise this, and if you want to argue with content producers about it, arguing over the existence of content on TPB won't get you anywhere because they're not totally blind and can see it doesn't stop content from getting there.


> color onto the bits

Does that mean (effectively) watermarking?

Do pirated releases even come from (defeated) DRM sources these days?


I believe it's a reference to http://ansuz.sooke.bc.ca/entry/23


Just noticed the Terry Davis cameo in the comments with one of his random generated god quotes - http://ansuz.sooke.bc.ca/entry/23#terry-a-davis-1274100060

This article got even better.


I think he's referring to this classic article (or one of its follow-ups): http://ansuz.sooke.bc.ca/entry/23


DRM isn't about making things impossible to pirate, it's about making them harder to pirate.

IMO, some people will always pirate your movie/music/games/whatever. But if the crack lasts a few weeks, or if you have to unplug your DVD drive to get it to work, or if it's a low quality cam rip, or if all the good torrent sites have been shut down and now the last ones are infested with spyware, or if there's a risk of getting sued by the MPAA... all of these are factors that'll tilt the pirate vs buy decision.


There is an argument that there wouldn't necessarily be that much less content online. If your options are either deliver DRM free content or leave money on the table from the gigantic streaming media boom then it's hard for companies to ignore potential profits.

The problem with DRM is that it gave them a way to have their cake and eat it too, at the expense of the general public. Every time you have to use a shitty half baked interface to select your movie/TV show (I'm looking at you, Netflix and Amazon) you can thank DRM.


Maybe the harm will be realized in the long run, when you want to watch something that is no longer available?

For example, the Netflix library changes every now and then (at least that I've been able to detect), and there's more than one show that I can no longer watch anymore that I wish I could.

That to me is harmful because I don't really know when this happens until I search for it and it's no longer there. So I end up buying DVDs of shows/movies I really would like to re-watch in the future just so I can avoid Netflix's listing changes.

I guess the argument is that if there were no DRM I could download those shows I like the most and watch them at anytime, regardless of whether Netflix wants me to or not.

Not sure about the reasons for others to consider DRM harmful (or not), but this one to me is really important and would love to have a DRM-free alternative besides pirating (due to inconvenience mainly, and due to general concern for downloading stuff that might not be what it supposedly should be).

However this looks like wishful thinking at best, as time goes by and DRM is pushed further.


Netflix announces which content will be added/removed months ahead of time. The decision to remove content is driven primarily by the principal right holders - Netflix is largely just "leasing" the shows that it presents (hence the company's shift to producing its own content).

To present it as a decision solely made by Netflix grossly underestimates the contractual complexity and involved parties responsible for turning a screenplay into something you can stream in 4K, all of whom have ownership stakes to lesser or greater degrees.


I didn't mean to imply that shows got delisted at the sole discretion of Netflix. I understand that it's a complex decision with multiple stakeholders, and would even like to think that Netflix benefits the most from NOT delisting shows (i.e. they are on "my" side).

I was merely trying to point out that whoever decides what gets delisted (in this case for the sake of simplicity I said Netflix), has control over what I will be able to watch instead of me.


DRM is harmful. Its prerequisite is that users do not control their hardware. This has far reaching consequences that go well beyond media consumption and entertainment.


That's not axiomatic; in fact, it's a normative claim, not a positive one.

The argument is not that there are no consequences, but that DRM is a net positive because those consequences are the trade off for more and better content online.

Why don't you clarify why you think the tradeoff is not worth it, instead of just saying DRM = bad?


But the consequences affect everybody, all the time, even those that do not want to watch DRM'ed stuff online. That price is too high.


How do the consequences affect everybody, all the time?

Why is the price too high?

I'm not being obtuse, this is legitimately not obvious to me. Unpack your reasoning a bit, because I still don't see why it's axiomatic that DRM can't be a valuable tradeoff.


As was said before, DRM implies that no user controls their machine because it implies that someone else's content is always "safe" on that user's machine. DRM is inherently pernicious to everything from basic computer security to a democratic society.

The right to read:

https://www.gnu.org/philosophy/right-to-read.html


I still control my machine. I just run software that I don't understand to get content to play.

If I wasn't able to run a certain subset of software, i.e. DRM, then my machine would be less universal, not more.


No, you do not control your machine.

Controling your machine does not imply you always understand what it is doing, jusy like controling your car doesn't imply you always know exactly where it is and how it got there. You may give your keys to your spouse to drive somewhere and you trust that they do just that. Back to computers, that means when you run someones elses software you don't necessarily know how it is doing what it is doing and you trust it does what you hope it does, yet you could be in control.

So when do you lose control? In the world of cars, when you do not have the choice whom to give your keys, when someone has the power to take your keys independently of what you want, then you do not have control. In the world of computers, DRM is to take your keys, or to never give them to you, in the first place. DRM has led to components in each and every PC that are built to be beyond the control of the owner.

I don't see a big problem with a DRM-capable computer on it's own, however, I don't think it's ideal and would argue against it. But the _big_ problem starts when I cannot buy a computer without it, anymore. That is where we are.


But the _big_ problem starts when I cannot buy a computer without it, anymore.

So make one. There'll be a lot of things it won't be able to do, but nobody's going to put a gun to your head and order you to stop producing a DRM-free machine for yourself.

Meanwhile, the "you don't control your machine" argument suffers from the same fundamental tension as many of the RMS/GNU/FSF positions: in the name of freeing you from restrictions, they impose restrictions. The GPL, in the name of protecting what you can do with the software, specifies some things you must never be allowed to do with the software. The hardcore anti-DRM position, in the name of protecting what you can do with the hardware, specifies some things you must never be allowed to do with the hardware.

Now, that's not necessarily bad; there are arguments to be made that trading off a small amount of freedom to do a handful of things protects a large amount of freedom to do many things. But unfortunately that's not a type of argument RMS/GNU/FSF can admit to, because they frame things in absolutist moral terms. The absolutist cannot speak in terms of tradeoffs. To do so is to compromise the entire position and, worse, to open the door to others who might propose a different set of tradeoffs and argue that they're as reasonable as the absolutist's proposal; at that point, as the famous line goes, you're just haggling over your price.

So if you want a computer with no DRM, by all means go and build one. Refuse to put anything in it that you don't absolutely control. You'll be giving up quite a few things, like being able to play back popular media, but if that's the tradeoff you want you certainly are free to go and have it.

What you can't do is force others to abide by that; most people simply do not care that there are things in their computers not fully under their control, or if they reflect on it are willing to accept the tradeoff of, say, having hardware/software that will refuse to play certain media unless certain third-party-imposed conditions are met. You could argue that the overwhelming majority of them have never thought about this and probably wouldn't come to a rigorous and well-informed decision about it, but morally you have no inherent right to substitute your judgment of what's good for them in place of their judgment of what's good for them. The most you can do is build your own computer which does things the way you want, install only software that you personally trust to abide by your principles, and advocate for others to do the same.


This is an excellent comment, to which I might add: framing a persuasive argument based on the position that DRM (or nearly anything) is an unequivocal bad is very nearly guaranteed to be untenable and inherently inconsistent.

If you truly believe that DRM is harmful in general, you need to construct an argument that appeals to educating people about which practical freedoms they care about will be lost. At that point you need to accept that they might not care about those freedoms.

But if you construct an argument from the axiom that users shouldn't introduce anything into their systems they can't reasonably control, you've fundamentally isolated almost everyone who you want to convince. Of those remaining to listen, most will typically already be on your side end evangelizing the same thing. In order to be consistent, arguing from a core axiom of user freedom and choice requires sacrificing things like hardware security modules, which are a giant leap forward for user security. You can have the absolute freedom to do anything if you'd like, but you might find that there are relatively few ways to apply that freedom if you do.

The alternative is a balanced approach: you don't start from an axiom that users need to be inherently free, and that some amount of tradeoff in freedom is beneficial and desirable. Then you go on to demonstrate why DRM in particular is bad in general. But this is a much weaker position in general, and framed this way you'll have fewer people to argue with.


I think its pretty clear that there is no "moral right" (as if such a think even exists) about that, but we need to continue advocating others about how artificial such restrictions are. I know people who genuinely think its just not technically possible to play 4K Netflix video on Firefox while the reality is that its just an artificial restriction. And if people don't oppose that, its going to get more universal. It sucks that instead of software empowering users, we're really just moving backwards.


The last CD I bought was DRM protected. It was impossible to play it on my car stereo. I had to make a recording/copy and burn that to a cd in order to play it. Never bought a CD again.

Imagine I would make the money I pay for media also DRM protected, so it can only be spend in a specific way? Would they accept my money?


What they said was that DRM = user does not control their hardware, not DRM = bad. And that's true.


they said both (and both are true)


I paid for spotify. Then they cut 10% of the music I listen to. Then they did that what seemed like every month until I cancelled.

If the social contract for DRM was "subscribe to a growing library of content for an inflation-adjusted rate", that'd be fine. Instead, the contract is "cede all your rights until there are no technological alternatives and a few monopolies own the whole market".

Not cool. I'd love to see the w3c disband over this.


> If the social contract for DRM was "subscribe to a growing library of content for an inflation-adjusted rate", that'd be fine. Instead, the contract is "cede all your rights until there are no technological alternatives and a few monopolies own the whole market".

Hacker News everyone, where one week the film companies are evil because they won't give Netflix all their content so people can have one streaming service and the next we have "monopolies own<ing> the whole market.


It harms anyone who wants to use streaming content offline on devices they control.

I often have slow internet access in my home which limits my ability to stream. If I can download when I have a good connection I can view later when my connection goes to shit. This is not an option with most streaming services (eg Netflix). I pay for these services. I should have control of how and when I view the content.


Netflix allows you to download videos. I've watched several episodes of Star Trek on a train this way.


Not on desktop. I hate watching movies and TV on a small phone screen.


Windows 10 desktops can download content through the app.


You can even download Netflix to your phone and watch it later.


And then it casually and silently deletes them after some unspecified time. Which has screwed me before on a long flights.

Now I always pirate media in advance I intend to watch in the air. I don't want to have to babysit my netflix downloads to make sure that they really are downloaded.


Wow, really? Yeah, that's a bit enraging. Idiosyncrasies like this should at least be exposed in the UI. An expiration countdown in this case.


Not all shows support that, though.


I have the same issue. I have a Netflix subscription, but I also pirate things that are available there e.g. via PT, because I can then just use VLC and have that better user experience, including the possibility of taking the movie onto a train.

I think the limitations on playback are an unreasonable burden. More fundamentally, I think I should have the right to gain the fullest possible degree of control and knowledge of the workings of my computing equipment without being punished by the legal system. Just like I should have the right to repair, inspect and modify the physical objects I buy, should I be allowed to do that with my computing hardware and their information contents.

In the near future neural networks will recreate full software packages just from being connected to cloud-based applications that stream video and commands back and forth from a browser window (or a VNC-like desktop client/app). The DRM systems will always be cracked, because you fundamentally can't and should not be able to control what people do with the information you give them, and eventually even running the DRM by not sending the executable code at all will not be enough to make software impossible to copy.

However, I don't think this will be a large problem, because you can still fine people for sharing copyrighted material with randoms (I'm not sure I think that's a good idea, haven't thought about it enough), and once you have enough clients that integrate content stores and payment functionality with playback, you can get a user experience that is so much better than that of Spotify.

I think the right to free computation and inspection, repair, integration and modification of computing systems should be enshrined in national constitutions, as it is as fundamental as the right to free expression, and perhaps just the newest incarnation (and necessary extension) of that same principle.


> It seems self-evidently unharmful, in that we appear to be in a golden era of delivering content online so extraordinary that it threatens traditional television networks.

One of the main reasons we need so much new content is because a large percentage of old content is no longer accessible, mostly for reasons related to rights management.


There are so many excellent films made in the second half of the twentieth century that most people will only encounter when, ironically, a broadcaster shows it on classical linear television.

I had hopes that Netflix becoming a global phenomenon meant that a vast library of content would become available, but instead we are now in an era of increasing fragmentation of content offered, with content providers becoming content creators (fine), for exclusive content (rather limiting), offering only a token of third party content of dubious quality (hey!).

Here is a radical though: reduce copyright to 28 years, and let the Netflixes and HBO's compete against that! Not going to happen of course — the best some of us can do in the meantime is pretend copyright did end after such a term, or just meekly submit to whatever is made available, DRM-shackles and all.


> There are so many excellent films made in the second half of the twentieth century that most people will only encounter when, ironically, a broadcaster shows it on classical linear television.

Yep, I would have never discovers Jeremiah Johnson without TMC.

> Here is a radical though: reduce copyright to 28 years, and let the Netflixes and HBO's compete against that! Not going to happen of course — the best some of us can do in the meantime is pretend copyright did end after such a term, or just meekly submit to whatever is made available, DRM-shackles and all.

This is the real root of this issue. You're completely on the right track.

Originally, copyright only protected an idea for a very short amount of time. Basically the amount of time required to go to market with an idea. Copyright was intended to protect the little guy entering the industry so larger competitors couldn't steal their ideas until after the little guy entered the market.

Now, on the other hand, copyright accomplishes the exact opposite. It protects the big guys by ensuring that no-one can ever use or improve upon their ideas/products without their express consent for what seems like an eternity(see Disney constantly requesting copyright extensions on Mickey Mouse). There should be a hard limit on copyright of 5 years, maybe 10 for IP. As you said above, this will never happen as there are too many people and companies feeding off the current system. Disrupting the status quo would result in an eruption of outcry from studios, record labels, and publishers.

That said, I think we can all agree that is absolutely absurd that record labels are still profiting off of albums where every person who worked on them is now dead for an example.

Let's also be real here and address the issue that artists don't really benefit from signing on to contracts with large corporations outside of maybe better publicity. 90% of the proceeds from listens on spotify or shows on Netflix are going to the companies that own the rights and not the musicians/actors. That's why most non-mainstream music is moving into self publishing/independent labels.


What, you mean return copyright to a state that worked for, what, a century, and which meant that people could actually freely remix things they saw as adolescents within their lifetimes? Blasphemy!


This radical thought have been more or less argued in court by Eben Moglen. He failed (and I can feel he was very sad about that - I certainly was)


I'm somewhat sympathetic to the argument for DRM (we need to ensure artists receive fair compensation for their work), but I wonder:

If the entertainment industry could survive the age of "DVD ripping with abandon", can't it survive the age of "people copying Netflix movies with abandon"? Do industry leaders anticipate the latter will be much worse than the former? Is the cash flow situation that dire?

Or is DRM about something besides preventing piracy?


How do you prevent someone from capturing their screen and recording a movie? Do you really think it will stop or slow down piracy ?

What we do know for certain is it will strip you as a consumer of control over of hardware and software that you purchased.


FYI, they literally try to do that. HDCP is DRM between displays and video output devices.


It's supply and demand.

Nothing will stop 'piracy' - noting will stop any crime.

Copying DVD's required cost and labour. There's a limit to how much pirating any individual can do.

Over the net - it's rather instantaneous.

DRM'd content raises the bar beyond most people, so it cuts down on piracy.


> DRM'd content raises the bar beyond most people, so it cuts down on piracy.

All it takes is one individual to make a "DRM" free version of a movie and begin to torrent to the public - and then the bar is lowered to the average consumer / pirate..


Cinavia does exactly that via watermarking the audio channel. Various playback devices are required to embed a Cinavia detector as part of their licensing requirements.


> the alternative isn't simply a world with no such limitations, but also a world with less content made available online.

I don't buy this. Do you have data supporting this claim?

Disclaimer: I am totally biased and think IP laws are morally wrong and a huge regressive tax on the poor.


IP laws are why rich and powerful media companies can't take my independent creations without compensation and profit off them without risk of a lawsuit. Copyright serves a valuable purpose, even if lobbyists and the big companies they serve seem to not understand (or care about) copyright's function.

Copyright is DRM without the D. It puts just enough friction on using my creations commercially to make them decide to pay me rather than risk consequences. I don't mind it going public domain after a while. I'm not greedy, and I understand that culture needs to be fed to continue producing more.


It's not harmful to them. I suggest reading this if you haven't already: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2


Thanks for that! From my reading of the end, it seems to me that there is inherent conflict of interest in being a content-licensee and a browser-maker with respect to DRM e.g. an analogy that builds on foxes guarding the hen house.


Make a browser extension that works across all browsers to sync user data. Then inform consumers. Consumers then easily switch to better independent browser builds, forcing media holders' hands. If consumers have no desire or ability to become aware, and can't muster the will to delay gratification for a few days it's hopeless. Consumer awareness must be the end goal; rather than establishing a smaller subset of aware representatives to tell the media holders the consumers care. The media distribution channels own the media right holders. They control the flow of $ completely. Six corporations have complete control. Same corporations choose which of the infinite security flaws to discuss on the news, and effectively dictate the browsers and consumption methods/endpoints people use. No solution will acomplish the result of total consumer awareness, for any period of time, without first achieving consumer awareness.


We have to forbid DRM by legal means...

Void copyright if DRM is employed, the same way you can have secret parents.

Legal protection shouldn't come without a price.


There are some blockchain based systems in the works that may help with this mess. If a middleman can be removed, content creators could publish directly to p2p networks without losing the ability to earn money from their contributions. Instead of relying on some rights mgmt company to authorize content they could create a smart contract to programmatically allocate earnings to all parties involved. Time will tell but check out http://www.pepperlaw.com/publications/music-and-the-blockcha...

This also has the side effect of eliminating curation bias / censorship allowing for all sorts of new content to become available that might not otherwise be allowed on iTunes/Netflix etc.


That article seems like a winning buzzword-bingo game by someone selling blockchains.Anyone who wants to sell online already can and there are plenty of people who do with either no middlemen or by picking a third party who shares some philosophical goals. Similarly, unless you're trying to sell completely illegal content it's trivial to buy or sell content which the major players choose not to carry — e.g. iTunes and Netflix not offering porn hasn't seemed to prevent anyone from watching it.

The actual problems here are discovery and piracy. The former increases the benefits (real and perceived) of middlemen with promotional channels, speaking to both to the creators wanting their work to be found and anyone finding it. The latter is similarly important: most artists don't make money so every lost sale counts and for every artist who believes content should be unencumbered there seem to be more who demand DRM, especially the mainstream ones with the most customers.

Not addressing both of those is fatal: if customers can't find what they want easily, the service is unlikely to make it out of the indie market. The key thing to remember is that outside of the diehard anti-DRM community, nobody sees this as a problem – most people find what they want on a major service, pay an acceptable amount, and leave satisfied.

Blockchains don't solve those problems and add new ones, like performance and irrecoverably failing open if there's a bug, which are likely showstoppers.


iTunes ditching DRM for purchased audio was never really a glimmer of hope for video, and lets face it this discussion is really about video more than anything else.

iTunes movies still have DRM. Arguably DRM free audio had extremely little bearing on the future of video, given the very different demands of each marketplace.

Remember also, that with a few exceptions (Sony rootkit anyone?), music had a long history of being DRM free before digital distribution came along (vinyl, tape, CD etc). Video distribution by contrast has a long tradition of many copy prevention "solutions" over the years on many different physical formats.


> If we could convince media rightsholders

Even that is not ultimately necessary. What we need to do is convince politicians that it's a bad thing, and in theory we should have a lot more influence over those. They can pass the necessary laws to say DRM is illegal and it would be much better plus potentially easier than crawling and begging to the media companies to throw us a bone.

In practice it's not so easy because the US has a broken and corrupt political system where the politicians are more dependent on rich donors than on the People who vote for them.

So once again we arrive to the same conclusion Larry Lessig did many years ago: if you want to fix the copyright issues, or the climate issues, or healthcare issues, or any other big issue, you need to fix money in politics first. Everyone on all sides, no matter what other conflicting issues they have with each other, should be working hard on that issue if they want any hope for their other issues.


"It is very difficult to make someone understand something if their livelihood is predicated on them not understanding it."


Could we put a moratorium on just posting cynical quotes that almost everyone has heard without adding something original to the discussion?


But... but... you're the product! Don't you get it!?


Or we could convince media rightsholders that they don't need to deliver their DRMed content through the Web.


You'd have to convince them that DRM is against their best interest or provide them with something event better than DRM for their best interest. That's much tougher.


Didn't I used to be able to buy mp3s from amazon - no DRM? That was before spotify and other streaming solutions of course.

Do people want DRM-free media, or do they want ease of use?


You can still buy m4as from iTunes, no DRM.


Do people want DRM-free media, or do they want ease of use?

There's no technical reason why there has to be a choice between the two. Spotify could implement 'Save to device' or 'Share this song offline' features very easily. The only reason they don't is down to the politics of ownership.


Spotify does implement save to device; their sole requirement is you go online once very 30 days.


So in other words, no this isn't yours, we're going to decide if you can have it.

NIMBY.


It took me a while to understand how politics are very different than the binary world of logic and strictly enforced rule of my CS universe.

In politics, very often, there are no strictly enforced rules, there are groups of pressures pushing in opposing directions. W3C has no way to prevent proprietary browsers for doing what they want, they just put some pressure on them. They know that going through W3C is the easiest way to agree on a standard and to provide interoperability for their users.

This is a small amount of pushing power.

EFF withdrawing is normal: that's the main item they were interested in. The question now is to see whether Mozilla will stay.


> In politics, very often, there are no strictly enforced rules, there are groups of pressures pushing in opposing directions.

All power is ultimately politics, not rules. People can use politics to change the rules, which happens often through lobbyists, influence, or even force.

Powerful actors operate on the level of politics; they write the rules. The plebeians operate at the level of rules. If I'm unhappy with something a major corporation does, I can operate within the rules and complain to a regulator or take the company to court. If the corporation is unhappy then they get the rules changed, for example by having laws passed that prohibit my lawsuit, eliminate their liability, or hamstring the regulator. It also happens in smaller domains, such as among employees of a business: those skilled in politics get the internal decisions and rules made in their favor.

The exception is, broadly speaking, more common than the process described above: The issues most people deal with in their everyday lives aren't important enough to motivate political action.


>>> The issues most people deal with in their everyday lives aren't important enough to motivate political action.

Save for the fact that their life is completely shaped by politics.

I like your analysis a lot, but I don't like your conclusion. Because ultimately, humans make politics, so one can influence them. In french there's a saying : if you don't care about politics, then politics will take care of you...


> In french there's a saying : if you don't care about politics, then politics will take care of you...

There is an English template for expressing this idea; it goes "You may not be interested in politics, but politics is interested in you".

I don't know what originally filled the spot where I've put in "politics".


Maybe 'war'?


Louis XIV had "Ultima ratio regum" on his cannons.


Spinoza's Political Philosophy too (IIRC)


> I don't like your conclusion. Because ultimately, humans make politics, so one can influence them.

I agree with you; I meant to imply that as part of the mechanism.


As several people have pointed out elsewhere in these comments, Mozilla has already implemented EME. That makes it seem unlikely that it would quit over the adoption of this recommendation, even though Mozilla also stated that DRM is bad.


> This is a small amount of pushing power.

Not true. See Google's NaCl and Mozilla and Microsoft's own alternatives to that. Neither went anywhere because each browser pushed in a different direction. It's only through W3C that they managed to build WebAssembly and all agree to use it.

I see this DRM thing the same way. Without W3C they may have built their own DRM solutions (and in fact, they have, years ago), but they wouldn't be compatible with each other, which means they wouldn't get too much adoption either.


> I see this DRM thing the same way. Without W3C they may have built their own DRM solutions (and in fact, they have, years ago), but they wouldn't be compatible with each other, which means they wouldn't get too much adoption either.

Prior to the first spec being presented to the W3C, it had already been worked on by two of the biggest browser vendors.


I would suggest not underestimating Mozilla's market influence.

It would be possible to create a browser that displays DRM content and ignores DRM. The only thing that content publishers could do is ban that browser. And then it would adapt to disguise itself as other browsers.

DRM on the web can only happen if all of the major players (that is, browser publishers) agree to play along.

I am very excited about this news, this is probably the most important news in weeks, and could impact the Internet for years to come.


> I would suggest not underestimating Mozilla's market influence.

They have no market influence. They have maybe ~10% of the market globally (I've seen figures between 5-15%), and that's primarily desktop - which is decreasing daily. On mobile it's even worse (probably less than 1%).

Any influence they have solely extends to the desktop, and that's not the primary way people are interacting with the internet nowadays.


Market share isn't immutable! Market share changes based on capabilities. I dropped IE for FF when I got a basic understanding of computers, I dropped FF when it became clear it was a memory hog, and now I kind of toggle between Chrome and FF. I think that, with killer features like breaking out of DRM, the market share could change.


> I think that, with killer features like breaking out of DRM, the market share could change.

That's not a killer feature to the market: I bet 99/100 people don't know what DRM is or what it stands for. They just care that they can watch videos or not.

For better or the worse the overwhelming majority of browser users don't know, care, or have any idea about how the internet is standardized, how DRM works, and why it matters to them.


I actually don't see how using the browser would provide any practical value. If you pay for a streaming service you might as well just watch the legit DRM'd version. If you're watching a pirate stream you might as well stream from a pirate who cracked the DRM on their side.


Of course for the worse. As usual worst things in the world come with a silent agreement of majority.


Ignorance != agreement


> I think that, with killer features like breaking out of DRM, the market share could change.

Indeed, that would kill Firefox once and for all.


Unless you value the fact that Firefox comes from an organisation which values the freedom of the user and are willing to tolerate a dip in quality (as perceived by the typical user, not a techie) compared to a product from an organisation which has far greater resources at its disposal, and unless a lot of other people are going to do the same, it'll never work.

I use Firefox and almost never use another browser but I'm afraid over time, it's share of the market will fall. This news makes me fear so even more. I do hope I am proven wrong though. I've seen one monopolist fall. I do hope I see many more.


Indeed. People who want nothing to do with DRM will want alternatives. Once DRM-integrated browsers are compromised at scale, more people will want alternatives.


> They have no market influence.

In other words you have no idea what you're talking about, and why should anything else you say be treated any differently?


If what the above says is true (Though Im not sure it is possible), and Mozilla can provide a way to display DRM content without adopting DRM standard, I would think that would increase its marketshare.


You nailed it.

The user cares about access to content. The user does not care about DRM. The user does not care about corporate interests. Ad blockers are proof of this. The user wants what they want, and the people who provide that to them with the fewest hassles are the ones who win.

Everyone needs to appreciate that "cost" is a gigantic hassle to most people, no matter how much money they have. The concept of owning their content is another big consideration for people, which is why we saw "rental" models for video streaming fail in the past compared to "ownership" models.


> It would be possible to create a browser that displays DRM content and ignores DRM.

The DMCA makes this illegal. No browser vendor is going to take that risk. Maybe some anonymous developers will release a firefox fork or similar, but that's a big risk. Not to mention, most groups who pirate content tend to keep their methods secret and only release the content.


The only people who give a @!#$ about the DMCA are lawyers. It's going to be repealed eventually.


DMCA has no reach outside of USA.


But multiple regional equivalents exist.


Well, it didn't until TPP, and what's to stop more agreements pushed through closed channels to make it truly global?


So hopefully Firefox will simply display DRM content and ignore any restriction DRM imposes.


EME plugins will use whatever user-hostile platform-specific opaque techniques necessary to communicate with the host OS in their attempt to ensure compliance.

If the browser interferes with them, or the OS can't promise a "secure" chain from plugin-output > display, they can just refuse to stream the content.

You can bet EME plugins will be highly platform specific, and poorly supported, if at all, on platforms that respect their users.


Firefox will heavily sandbox their EME plugins. They get no direct access to the host OS.


Anyone taking bets on how long it will be before CDMs start requiring extensions that allow access to platform Output Protection/HDCP mechanisms?

If nothing else, the standard already allows for the CDM to access the network (albeit managed by the user-agent) which means, for example, it could ping Microsoft to ask about this particular Win10 computer (as identified by user agent, IP address, and/or user account data from the content provider).

Netflix/Microsoft/Hollywood/etc. aren't going to stop until they can close the loop as much as possible, with MS and hardware manufacturers already working to tighten things from the other end (see HDCP and the various frameworks for "protected content" that MS has been working towards).

Either providers will push to integrate those platform-level frameworks, or they'll just stop offering content to web browsers entirely.


> with MS and hardware manufacturers already working to tighten things from the other end (see HDCP and the various frameworks for "protected content" that MS has been working towards).

HN users would do well to keep this in mind the next time they are singing MS's praises about how MS are embracing open source and becoming the savior of all things programming.


Apple and Google also have platform-level frameworks on their OSes.


Probably not while Mozilla Foundation is a US organization.


Wouldn't publishers just refuse to distribute keys to said browser?


You build a plugin framework that lets users pirate keys without exposing the author to excessive DMCA risk.


I think the author of such a plugin would be at considerable legal risk.


So are all major piracy operations in existence today and yet most of them operate without any real penalties. Look at The Pirate Bay and Giganews, both of those have been operating under enormous "legal risk" for over a decade.

Piracy is never going away and this re-run of corporations trying to control content created by people (corporations are not people) will fail the same way that every single previous effort has failed. Piracy will outlive the old fools pushing for these programs.

I'm not saying piracy is the answer, but once these troublesome corporate fools have all died sanity will return to the market and piracy will be replaced by pro-consumer models.


If they where in the US.


Lots of this stuff is so US focused. Any European nation for one will let you reverse engineer stuff you buy or download to your own heart's content in the safety of your own home. I expect many countries in the world are civilized like that.


Almost every country, with the exception of Israel, has implemented the anti-DRM provisions of the WIPO Copyright Treaty using similar language to the United States, or worse. In the European countries, it's embodied in the European Copyright Directive: https://en.wikipedia.org/wiki/Copyright_Directive#Technologi...

That's one of the reason why we argued so strongly that the W3C should include a covenant. Even if EFF continues to successfully obtain temporary exemptions from the DMCA in the tri-annual review, we can't do that for security researchers or lobby for similar fair use exemptions in every country.


You're right. I've done some digging, and some similar language has been implemented at least in the Netherlands (for the Dutch, this is article 29a of our Auteurswet). Although it's somewhat vague, it does bum me out. It seems the Dutch implementation has not been enforced all that often (mostly to combat game console mod chips), but it has been used to fight security researchers publishing stuff on security weaknesses in our public transport RFID cards... Thought we were better than that.


It's a terrain, some points are higher than others.

Not convinced any country isn't underwater though.


New Zealand isn't a party to that WIPO treaties [1], but it does have a law implementing restrictions on circumventing Technological protection measures (TPM) [2]. But unlike the DMCA, the NZ law lists lots of exceptions that allow you to circumvent TPMs. In fact it says "Nothing in this Act prevents any person from using a TPM circumvention device to exercise a permitted act under Part 3." Part 3 of the Copyright 1994 [3] is the (very long) part that lists everything you can do with a copyrighted work, including the NZ equivalent of fair use, research, education, archiving, backup, decompiling software, etc, etc.

[1] http://www.copyright.org.nz/international.php

[2] http://www.legislation.govt.nz/act/public/2008/0027/latest/D...

[3] http://www.legislation.govt.nz/act/public/1994/0143/latest/D...


> download to your own heart's content in the safety of your own home

Nein.


> I think the author of such a plugin would be at considerable legal risk.

If they are caught... ;-)


That sounds like a strong case for anonymous authorship.


> displays DRM content and ignores DRM

Nothing says "attempting to survive as a legitimate corporate entity" like "let's flagrantly violate https://en.wikipedia.org/wiki/WIPO_Copyright_and_Performance... ..."


Who needs to "survive as a legitimate corporate entity"? All you need is to publish a browser. And basic browsers aren't that hard. Just be anonymous.

Edit: If oligarchs create unworkable rules, why not create a new game?


I don't believe this formal standardization will affect end-user web browser features.

All major browsers (Firefox, Chrome, IE, Edge, Safari) have already included HTML EME DRM support for years, so it is a de-facto standard already.


> The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.

This is the world we live in. People are willing to sacrifice privacy and security in favor of convenience. Sounds a hell of a lot like a book I read in high school.

People are so willing to make these sacrifices because they don't even understand what they're sacrificing. They don't understand what they're sacrificing because they couldn't be bothered. Apathy is the disease that will bring down the world. I'm calling it now.


It is truly a tragedy of the commons. It makes sense for the individual to consume their content, they're not giving up much by themselves. The problem arises when everyone does it.


> The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.

This is simply not true. Netflix's entire business model is based around one thing: video content delivery. It started with DVDs in red envelopes, and has evolved to be app-based streaming now. Neither of these two things has any relevance to web browsers.

Netflix's wish to be able to provide its content on as many platforms as possible for the lowest cost? Yes, that would make a lot more sense for why they are pushing this. Not an enticing enough argument for destroying web browser-based DRMs imo.


I agree. I'm curious as to what percentage of Netflix users primarily stream through a web browser rather than an app. I know my personal experience amounts to basically nothing but I can't even remember the last time I watched something on Netflix through a browser. I just have a hard time imagining that a lack of Netflix would kill Firefox.


"... web developers are going to go by the behavior of [what] the browsers do."

I have pointed this out before.

It is an important point that I think perhaps is overlooked when users ponder how to change the web.

Want to change how the web is presented, fix annoyances, scratch an itch?

Try to achieve through web development? Good luck.

Try to achieve through browser development? Far more interesting. Alternative, open source, non-commercial browser. For example, implements limited set of features.

Web development follows browser development.

For example, a browser that does not automatically follow URLs so that ads and other crud can be loaded into pages.

Giving users access to a browser like this may be a far more effective means of influencing web development away from annoying "user experiences".

If such annoyances rely on a certain modern web browser feature, then use a browser that lacks the feature.

Non-commercial means developers do not care about "market share". They are not trying to "compete" with the major browsers on features. They care about creating a superior alternative to major browsers that shifts the focus from advertisers and media companies to users.

If the annoyances users have while using major browsers are bad enough, then they will try alternatives and the "market share" may shift. Or maybe not. But who cares? Because with an alternative browser "market share" is not the goal.

In another thread, a Chrome developer perhaps a former Firefox developer tells of how they dropped some feature because it was too "power-user" and that is not "what [they] were going for". Maybe you are within the market they "are going for". And maybe you are not. If you are not, then waiting for developers at a large corporation, whose customers are advertisers, to cater to your needs is futile.


The original vision for hypertext absolutely had multiple "browsers/clients" and feature parity between them was not even remotely an issue.

The idea was that you tell the server what capabilities you have, it then tells you what it wants to offer you and a negotiation ensues.

I have no idea where this concept of a "standardized hypertext client" came from! ;-)


It has always been like this (see browser wars, WHATWG).

In this case W3C is involved just as a tool. Microsoft/Netflix didn't need W3C for anything other than the brand name lending legitimacy to the spec they've designed and implemented before presenting it to the W3C, and didn't materially change it after.


Pale Moon will be the last outpost in the world of suitable open-source browsers?

https://github.com/MoonchildProductions/Pale-Moon/issues/135...


GNU IceCat would be a better choice of "last outpost".


>The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla

Didn't Spotify just abandon Safari (OS X) because unlike Mozilla it doesn't support the DRM they need?


Safari supports DRM, it just uses FairPlay instead of Widevine. https://en.wikipedia.org/wiki/FairPlay


I 100% agree, and I wouldn't have agreed to it had I not been on a standardization committee in a before/after situation. The before was mainly implementers. At least they had a super majority. After was 5% implementers and it was a complete disaster. That 95% was like a kid in a candy store: no regard for implementation difficulty or what it would do to language consistency. Thankfully, the effort died quite quickly, so I never had to make much of the issue.


Sadly that is the ugly Truth about politics. Not really about rules it is all about power, hard power.


They could definitely hurt Netflix by making it a shitty, barely workable experience.


Who watches Netflix with their browser?


I'm guessing you don't have young kids? I say that because if I want to watch any R rated content (like Bojack Horseman for example, which I did last week), the only place I can safely do that is in my office with headphones on, since the toddler tends to creepily sneak up on us in the middle of the night after climbing out of bed.


Due to DRM it's the only (legal) way I can watch it on my computer.


You can download the app.


Only if there is an app for your OS that's up to date.

More importantly, I'd prefer not to use the netflix app/site at all. I'd much prefer to pay for content and have a variety of apps to choose from.


Who doesn't?


If I'm on my computer as opposed to a mobile or TV device, I use the browser. It's not as often, but I definitely have done so, even within the past week.


I do all the time, although I do it in a separate window with all the browser chrome hidden (and usually maximized to a side monitor anyway).


Me. I'm on my computer 50% of my day. I have it handy the most often.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: