Basically, unless you are writing a browser with decent marketshare, you defacto have no voice in making the standards. Basically, the only voices that matter are Mozilla (Firefox), Apple (Safari), Google(Chrome), and Microsoft (Edge/Explorer). Despite what any standard says, web developers are going to go by the behavior of the browsers do. The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.
The web has been engineered to a complexity level so grossly obscene that it is all but impossible for independent developers to produce fully independent web browsers anymore. You would need hundreds of millions of dollars in capital and strong leadership to produce a browser that would be successful in today's world.
I could dedicate the rest of my life working 100 hours a week on a browser, and I would die before I had something that could compete with browsers of 2017, let alone of the browsers far into the future at my demise. The standards grow in complexity faster than a small team of developers could possibly keep up with.
The best we have are attempts at forks of major browser engines, which will never gain any serious traction to have any power over the direction of web standards.
If people want to do something about it, they need to fork the web itself. HTTP, TLS, HTML, CSS, JS ... the entire stack needs to be scrapped and replaced with something sensible with a focus on simplicity. If a single highly talented developer working full-time can't implement a reasonable browser within a year, then the standard is too complex. This will of course never happen.
And so, on the subject of DRM, we've officially lost the war today. And combined with the impending loss of net neutrality, brace yourselves everyone: it's only going to get worse from here on out.
If we want to win that war, we should focus on content not technology, Mosaic got a lead in the game because, despite the 'techies' seeing no use for images, image support was added, with images came the transition of media, users were au fait with articles containing text and images and could now experience similar on line, this alone was not enough, content creators starting creating content that people wanted to consume, that's what drove people to 'get online', they were missing out.
Don't get me wrong, it's still a long shot, but if an organisation could build a raft of talent, get that talent to make content that was only available on an open and progressive platform, then you might get some traction. So what might that look like, well, say I had the funds to secure 100 of the worlds best financial journalists and only delivered that content on a novel protocol, do you think I might be able to persuade some people to run a novel application to access that content, oh hang on, did I just describe Bloomberg...
Back in the dark ages, when the battle of www vs Gopher was still on, I sided heavily on the side of Gopher because it didn't get in the way of the content. Gopher was a means to navigate the maze of content and most of the content was textual, postscript and neatly typeset. You could sit down with it and read it focused or print it out.
We've regressed to the point where 5KiB of text comes with 2MiB of crap, meaning a noise to signal ratio of 26dB which is insane!
Really Gopher is dead though. We could do with a fresh start. A search engine like WAIS, a menu system like Gopher and a standard document format that allows you to get quality content on everything from your e-reader to paper without having to read some fucked up ebook flow layout conversion. And not postscript. Something you can author by hand.
I've even had enough of building things on the web. It is a horrible horrible thing to have to do. I envy system programmers who never see the pain of trying to keep a very large web application secure at even a basic level.
> We've regressed to the point where 5KiB of text comes with 2MiB of crap, meaning a noise to signal ratio of 26dB which is insane!
Unfortunately that's what the average layman wants. They want the SPA experience. That's what they want to pay for. What kind of professional am I if I don't give people what they want to pay for?
> I've even had enough of building things on the web. It is a horrible horrible thing to have to do. I envy system programmers who never see the pain of trying to keep a very large web application secure at even a basic level.
I build and maintain full stack web applications for my day job. Man, is it a pain. Between the database setup, server setup, back end application, front end application, security concerns, and browser compatibility issues, I rarely get to spend any time at all working on the business logic. Seriously, modern web development is 90% chasing down bugs, security enforcement, and fixing compatibility issues. Writing the business logic is the easy part.
I think the only real difference is that, generally speaking, systems programming standards and best practices don't change weekly. Or, maybe they do. I don't work in that field professionally.
> Unfortunately that's what the average layman wants. They want the SPA experience.
What about that experience do they want, and how do you know they want it? Engagement metrics can make auto-playing video look like a great idea, but people dislike it enough that browsers are starting to block it.
I don't see why these webpages need to be so huge. If websites used HTML5 properly and used CSS more extensively, a lot of the crap I feel could be removed.
Seriously, aside from graphics and video, what is taking up the size of these pages? Mountains of JavaScript?
As someone who used to work for a web optimization company, yes mountains of Javascript. Javascript for analytics, javascript for transitions, javascript for DRM, javascript for updating pricing in real time, javascript for fonts, javascript for colors, javascript to lazy load the images....six different style sheets and images that are downloaded and resized client side...and this is just the navigation bar.
Just for fun I like to pull up the browser diagnostics on pages, and watch the absurd number of requests build up. It's insane how much junk is downloaded on seemingly simple sites.
It's only insane if you subscribe to the idea that the 5 kibibytes of content is the purpose of a news or other site. Maybe as a user that's what you came for, but from a business perspective the purpose of the piece is to sneak 2 mebibytes of crap into your life. The snr on that is much better.
It's only insane if you have the tools to look at what's happening under the hood. Most people don't have any idea.
I may be wrong, but isn't connecting to a web server by lynx illegal (considered "hacking") in some countries? I remember a case in the UK around the time of the London olympic games.
I'm not familiar with that case, but I don't think an accusation that using a text mode browser like Lynx constitutes "hacking" would stand up to any type of scrutiny. (I'm not a lawyer and I'm in the US; things may differ in the UK).
Lawyers will make the most egregious leaps and grasps to paint the opposing party in the worst light possible, especially in the early stages of the case, because if they don't claim that Lynx is a "hacker's tool" in the initial pleadings, then it may be looked upon with suspicion if they try to raise that point later. So they are essentially trying to reserve as many potentially beneficial claims as they can at once, including (and especially) any claim that may portend that the other party is a devious scoundrel with the worst possible intentions.
Lawyers will thus front-load with every kind of tenuous, ridiculous accusation they can (without presenting a significant risk to the licensing), expecting some of it to get "laughed out of court", just so that on the off chance that it doesn't, it will help their case.
I'm sure a real lawyer would contest that to some extent, and I'm sure there is slightly more nuance to it than that, but that is my layman's assessment and I think it is roughly accurate.
The takeaway is not to take legal pleadings too seriously, because the goal is not to find justice per se. It is for your side to win, to get what it wants, under the assumption that that automatically represents justice.
Please note that this wasn't related to some lawyer actions, but the Metropolitan Police's Computer Crime Unit acting on the basis of suspected offence under the Computer Misuse Act. The offensive act occurred while the browser was used for making a donation at a tsunami related website of the Disasters and Emergency Committee, where the browser showed up as an "unusual event" in the access logs.
I believe, the case is part of a more general theme (which is, indeed, related to the EME topic): There's a perceptible will to regulate any kind of browsing into consumer-style app usage. E.g., manually entering a URL ("URL hacking") has been considered a fraud attempt; using a browser which only supports the basic protocol set and not all of it is considered as possibly related to intrusion and terrorism (oh, that T-word again). In the end, we may wake up with the law enforcing a certain, standardized life style. We may wake up with a deregulated companies and strictly regulated citizens.
I understand you're referring to a criminal prosecution. Criminal prosecutors are, from my limited observations as a layperson with a minor interest in law, more guilty of this than anyone. They go hyper-aggressive on charges, expecting them to be pared down. Some of it is a ploy to get a quick plea. There is an element of calling the bluff, and the defendant's attorney would have to evaluate the situation and advise whether or not that was smart in the given case.
This is not to say there aren't ridiculous prosecutions that run their course, especially in niche areas that aren't widely understood and thus hard to create public outcry over, like insider trading or computer crimes. It's just to indicate that using Lynx, by itself, is not considered criminal by any sane person. It's a nit the prosecutors pick when they're trying to nail you on something larger, a detail they exaggerate to attempt to create the impression of one's villainous ways.
Just don't want people to uninstall Lynx in fear that they'll be arrested for firing it up. :)
EDIT: From re-reading your comment, it seems you're suggesting that this wasn't part of a larger operation, but that actual charges were brought because of a single aberrant entry in the access logs? I find this hard to imagine, but if true, I would guess that this is more along the lines of "abuse of police power to harass an enemy" than "literally a random dude who just visited our site in a text-based browser". I've read access logs for many years now and even small sites get all kinds of weird things in there, it doesn't seem plausible that something like that would flag off any kind of detector. Do you have a link to more details about the case?
I'd hypothesise that anyone skilled enough to be using a text browser is also skilled enough to be a "hacker" and will most likely have a computer filled with "hacking tools" and other "circumvention devices".
Basically anyone that can use a text based browser also is using some form of *nix and knows how to handle a command line application. They probably tinker with computers and so have many low level tools at their disposal.
I faintly recall reading (to my utter astonishment) that he was at least not freed from the accusation as you would have expected. I tried a search for any follow-ups, but to no avail. Maybe due to the "right to forget." (Information conveyed without warranty, liability or claim of correctness. It has been 12 years since, I may be in error.)
> It can never be illegal to use any tool. It is the intent and action carried out with the tool that decides whether it is illegal.
Since illegality is, literally, whatever is contrary to the law, anything at all can be illegal. We can hope that crazy things won't be illegal, and decry their illegality—but, since it's convenient for a government to impose sufficiently many laws that anyone can have some infraction pinned on him or her (https://www.youtube.com/watch?v=JwsLAqjqnxo), to say that any particular thing can't be illegal is probably wishful thinking.
Perhaps the knife was a bit exagerated. It will be considered a weapon in many jurisdictions. Lynx however will/should hardly be considered a hacking tool. curl has been in deep waters many times, equally perplexing as the lynx scenario. https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warnin...
I hope this was intended as a joke? Most users struggle with simple typesetting conventions like underscore/asterisk. HTML tags (or CSS) are out of reach for the vast majority. TeX isn't even part of the known universe for users!
For a straight-text book, actually, Markdown is excellent. You can include images, or for technical content, tables, easily.
Technical papers with formulae and complex references are slightly more detailed, but that ends up being gloss. Even LaTeX for a simple text is quite minimal (though you need the starting template).
Source: I've made something of a hobby of marking up source docs into HTML, LaTeX, and Markdown. Of the set, Markdown would be my first go-to, and I've used it for some book-length projects.
I don't see any way to win that war. The IP oligarchs have won it. They own the W3C now.
But there is clearly a demand for DRM-free browsers. And if the worst fears are realized, and mainstream browsers won't display media without DRM, or become snooping devices for IP oligarchs, that demand will increase.
Sure, it'll never be more than a niche, but DRM-free browsers will be there for those who want them.
There's an easy way to win that war: diversify the content you consume. If you're willing to step outside of the immensely popular, there are great treasures to be found.
IP owners are protecting their assets which are worth a lot. The irony is that the value of those assets come from us content consumers. And I'll be the first to admit that I'm a lot less interested in the local amateur hockey team than the national league team I follow. I chose to consume that brand. But I don't have to.
Yes I lament the loss of a vision for free-flowing information. But the society in which we live, unfortunately, values and protects powerful asset owners. Technology cannot fix a society problem.
For individuals, sure. But the war was about norms for the Web. And that's lost. Again, by the way. The first time, as I recall, being in ~1995, when the commercial takeover really got started. So it goes.
> mainstream browsers won't display media without DRM
Seriously?
Nothing has really changed, has it? Video services want to use DRM so they developed or bought tools to do so. A de facto standard emerged around the frameworks and the W3C essentially ratified the standard. If I understand it correctly, the standard itself isn't DRM, rather it's a place where DRM controls can be installed.
I get that the EFF saw this as an opportunity to ask for a promise from DRM companies to not sue researchers and I applaud them for that. But now that they lost that battle, I think it's entirely appropriate for them to drop out and apply their resources elsewhere. For example, if they can get rid of the ability to sue researchers in the first place, then none of this really matters.
I don't think there's a demand for DRM free browsers but there is a demand for DRM free content.
EME existed for several years already, and was implemented in browsers. Standardization doesn't change much.
And no one except the big movie producers even wants to use DRM. If you don't watch movies on the web, you'll never see DRM.
Firefox is DRM-free by default. It will download Widevine CDM if you start watching Netflix, but you can untick a flag in the settings to completely forbid it from downloading the CDM, if you're afraid of accidentally signing up for Netflix :D
Open source software can never be completely "gone".
The "OMG EVERYTHING WILL BE DRM" panic is not new. We've had widely available DRM back when Flash was super popular. And still, to this day, the only DRM'd thing is movies.
I've no crystal ball, so looking back, monopolies and incumbent monoliths encounter resistance as they mature, there are more examples of the status quo being that they wither under the weight of complexity, this is certainly not over while consumers consume content, consumers own their time, content creators own their content, everything else is middleman stuff.
You wouldn't need to scrap all of it by a long shot. You could take a small subset of the stack and make something enormously simpler to implement. Start with supporting only one version of HTTP, TLS, (X)HTML, CSS and JS and fork them if necessary. Even drop CSS to start with and finally start relying on semantic markup and good browser defaults. Use existing open source libraries where available, such as for TLS and markup/media parsing. Pull out libraries for everything so the browser is easily composable and forkable. You don't want JS support at all? Compile without it.
Not many would be interested in an un-designable web. It bares no comparison to what browsers are capable of delivering for UX currently.
What you are suggesting then, a non-comparable browser experience, already exists and has for years, yet to no avail. You would get niche technologists and die hard enthusiasts only and the rest of the world would trudge happily into the future, DRM and net nutrality distant memories.
What you and I want, what HN and friends want, is not even a debate most realise is happening let alone that it affects them and will affect them profoundly in the future.
The masses are deciding what our internet will look like for they comandeered it years ago.
Yeah, yeah, the world is going to shit and nobody cares. How about doing something about it instead of telling everybody it can't possibly work? And why do we need the rest of the world on the bandwagon for it to work? The web was built without the masses, and still is. The open web still vastly outweighs the closed parts in amount of content. A bunch of freedom stealing technologies have died silently over the years despite often resulting in "cool" UX wholly different from plain HTML, such as Flash, Silverlight, and Java applets. EME is a fundamentally different wedge inserted between users and their machines by evil corporations, but not one that is in any way unbeatable. So screw 'em, and let's fork the web!
Forking the technologies that underpin the platform of the web I think tackles the wrong problem. The problem I see facing the open web is the consolidation of users and services into single platforms. Facebook is an easy example. You can build a Facebook alternative with any technology you like, it would take a completely different force to change the social paradigm around it.
The great thing about the open web that you rightly mention is still kicking, is that it's full of places and services that are driven by humans and passionate communities. Nothing about EME stops those communities existing, but nothing about those communities is going to stop Netflix being the most popular platform and using EME/DRM.
If you will excuse my fluffy analogy, the web is a farmers market that has a shopping mall being built right next door. What I think would help the web, is educating people that it's better to go to the farmers market so that we can support entrepreneurial and local community endeavors rather than stuffing corporate coffers and enabling that consolidation.
> Start with supporting only one version of HTTP, TLS, (X)HTML, CSS and JS and fork them if necessary.
The support for different versions that does exist in browsers tends to be minute: ripping out support for older versions would cut out almost no code, because there's basically nothing specifically handling them. (Heck, the only forks in CSS are for quirks and limited quirks mode, and both of them affect very, very little of the layout engine.)
> If people want to do something about it, they need to fork the web itself. HTTP, TLS, HTML, CSS, JS ... the entire stack needs to be scrapped and replaced with something sensible with a focus on simplicity.
Comedy aside, CSS isn't the problem, but if an experienced web-dev can't make a site without learning for 5+ years and then feel like they have no knowledge of web development then we have a problem, and that's where we are now.
The problem with the long list of frameworks and libraries available is that there is no easy way to make a web2.0 site without years and years of learning and then the resulting site is a mish-mash of what works without it being easy to maintain. Sitting here looking at .NET & angularjs 1.x and wondering where it all went wrong (actually, not the.,NET part, that seems to work).
What do you mean by "make a site"? I made qemu.org last year with 10-years-old knowledge of web development and, apart from the obviously not-done-by-a-graphics-designer theme, it _is_ a decent site, responsive and with a 2010s-ish look.
99% of websites can be done with either a static generator (lean) or WordPress (somewhat bloated, but really mostly standard libraries that can be cached and/or served by a CDN). The remaining 1% are the really bloated ones and sure they are the ones that we visit all the time (medium, BBC, whatever). But it's certainly possible to make a site with not too much knowledge of web development.
edit: ignore the huffy tone this came out in, it wasn't meant that way, early morning.
I was talking about work as a professional developer. We can all 'make a site', there exists any number of solutions for that, CMSes like Wordpress, Drupal etc don't count in this argument unless _you_ wrote Wordpress or Drupal from the ground up. Being a wordpress hack isn't being a developer. You won't ever be asked to write something straightforward in enterprise, you'll need to know at least HTML5 & CSS & angular 1.0 & 2+ (or similar) & docker & gulp/grunt & backend & databases & jenkins & MVC & node/npm & version control & bootstrap (or similar) and and and.
99% of sites outside of a company that makes real money and doesn't just serve a page are sites that aren't what developers actually do at work.
I don't think that's strictly true. For example many mobile ISPs here meter data differently depending on whether it's from their fav websites (Facebook, Snapchat, Netflix etc.) or from the lame weird web where nerds go.
1. Assume we will eventually converge to a virtual machine target like WASM. Thus, eventually, browsers will only have to implement the low-level instructions of WASM, which will make building a browser much simpler. Note that as a side-effect, browsers may also become more secure.
2. Start with a working webbrowser, like Firefox or Chromium.
3. Step by step, move functionality from the browser into the browser's user-space. Eventually, JavaScript and the rendering of CSS and HTML will run in the browser's user-space.
Ideally, yes. It may not've been popular at that point, but Linus did. But what about the next Linus of 2017? Something like that's not going to be possible anymore. Just the basic necessary hardware drivers alone. The hardest challenge for Linux was just avoiding Winmodems. These days the entire nouveau project with years of research can't even manage to change the clock speed of your GPU. VESA's been all but abandoned so there's not even a way to set a widescreen framebuffer anymore for pure software rendering.
Nothing is gained from having hopelessly complex technology.
I think you're right, but only for a narrow definition of "browser". Sure, something that looks and works exactly like Chrome, Safari, et. al. would be a gargantuan effort for a sole developer. But an 'HTTP client' can take many forms and still offer value, even advantages over the existing browsers which serve a very specific remit.
A basic text browser is the kind of thing that's buildable in a year. Moreover, once you start building that, maybe you have an idea for certain features that current browsers don't do well (bookmarking, navigation) or at all (change monitoring, api integration, editing).
I'm optimistic that there is a lot of unlocked potential in the HTTP/HTML platform.
I call dibs on the first gopher based social network...
[edit] So I've read the RFC (https://tools.ietf.org/html/rfc1436) looks like it should be fairly simple, we can run gopher servers on both user machine and remote servers, so I can store my personal details locally, then give permission to other remote gopher servers to access that in a granular manner, third parties can operate gopher servers I can interface with to access 'cloud' style computing, storage, search, and manage contacts/calendars, sorted :)
[edit 3] My build of firefox does not seem to have Gopher support, it recognises the link (chrome just does nothing), but asks you for a local application to fulfil the request :(
[edit 4] It's now a plugin for firefox, https://addons.mozilla.org/en-US/firefox/addon/overbiteff/
Cool, I'm searching Gopher, and it works :) Nice and quick, no tracking, no ads, just need something to consume, anyone want to help me whip up an HN > Gopher widget ;)
Why stop with creating a browser from scratch? You'll need hundreds of millions of dollars in capital just to build your own compiler technology that would be successful enough and incorporates enough instruction set optimizations present in commercial CPUs that your custom browser can be built upon.
Parsers for valid HTML are trivially easy to write. The hard part is dealing with garbage HTML tag soup and still rendering something that looks good. Browsers have to figure out what the page author intended and work around all the content defects.
Parsers for invalid HTML are trivially easy to write: you literally just implement the spec, and that's not hard, and then you implement every major browser.
I think you misunderstood. There is no "spec" for handling all of the invalid HTML out there. That's part of what makes writing a browser so hard. It's far from being menial work.
Indeed. 15 years ago it was a huge amount of work reverse-engineering other browsers around parser behaviour; 10 years ago it was a huge amount of work finding where the draft spec broke sites; today it's pretty much just implementing the spec.
This is really the issue. If we could convince media rightsholders that DRM is harmful and unnecessary then all of this heartache wouldn't be necessary.
I don't expect this to happen in my lifetime. Any slight glimmer of hope from Apple ditching DRM on iTunes has died as nobody else shows the slightest interest in following their lead.
It seems self-evidently unharmful, in that we appear to be in a golden era of delivering content online so extraordinary that it threatens traditional television networks.
I understand that this is an extremely unpopular sentiment on HN, but here goes: at least with respect to video content, the industry seems to have largely proven DRM concerns unfounded.
Update: modulo the Hickson concerns below. Continuing:
DRM certainly has kept some (power) user-friendly features off the market. You can take this as a serious harm inflicted by DRM. But I don't think it's reasonable to take that harm in isolation; the alternative isn't simply a world with no such limitations, but also a world with less content made available online.
But I don't see a lot of evidence that those limitations, if genuinely important to users, can't be competed away. The restrictions might be dealbreakers for Paramount, but in 2017, Netflix can route around Paramount.
There are additional concerns associated with DRM that aren't revealed in the Hickson post - he speaks solely to the point of intention behind DRM. That begs the question: are there unintended victims of DRM?
Yes, there are.
Copyright law in most countries is the result of a long history of back-and-forth fighting between content creators and content consumers. Copyright infringement has a number of carve-outs that allow people to access works in specific circumstances. Canada's copyright act, for instance, has a section which enumerates a number of these.
29 - Exceptions
29 - Fair Dealing
29.21 - Non-commercial User-generated Content
29.22 - Reproduction for Private Purposes
29.23 - Fixing Signals and Recording Programs for Later Listening or Viewing
29.24 - Backup Copies
29.3 - Acts Undertaken without Motive of Gain
29.4 - Educational Institutions
30.1 - Libraries, Archives and Museums
30.3 - Machines Installed in Educational Institutions, Libraries, Archives and Museums
30.4 - Libraries, Archives and Museums in Educational Institutions
30.5 - Library and Archives of Canada
30.6 - Computer Programs
30.62 - Encryption Research
30.63 - Security
30.7 - Incidental Inclusion
30.71 - Temporary Reproductions for Technological Processes
30.8 - Ephemeral Recordings
31 - Retransmission
31.1 - Network Services
32 - Persons with Perceptual Disabilities
32.1 - Statutory Obligations
32.2 - Miscellaneous
Before continuing with the discussion regarding how DRM is not an issue, take a look at the exceptions in your own country.
These are not small losses, but they are a negative space. You won't know what you're missing because now it just plain won't happen.
I think of it as the triumvirate of creators, owners (distributors) and consumers. The owners argue as if they create, the do not, they simply own the rights to distribute and take money. The vast majority of creators are getting shafted as well.
>The owners argue as if they create, the do not, they simply own the rights to distribute and take money.
No. Creators are the owners of whatever they create unless and until they sign those rights away. And they sign it away for something they get in return.
It may well be that the media industry is structured in a way that puts creators at an unfair disadvantage in their dealings with media companies. If that is so then it should change.
But using this issue to justify completely unrestricted copying of all content regardless of what creators want is a cop out. Invoking the big business bogeyman as the sole response to all copyright issues is unconvincing, insufficient and ineffective.
What we need is a form of DRM that guarantees fair use rights and doesn't give draconian enforcement and surveillance powers to copyright owners.
This. I think people forget that just because big companies are pushing it doesn't mean everyone who creates and wants limited protections is working under a big company's banner.
For me, streaming is a concession to people who prefer it to owning their music. I don't want them ripping a stream I made $0.004 on (at best) thinking it's a fair exchange of value. My focus is on Bandcamp and other stores that offer DRM-free downloads. Without some kind of friction for copying off streaming sites, if you could just click "download" and not pay me anything, I just wouldn't put my music there.
My belief is someone who goes and pays a fair amount for the music understands it costs money to create, and will encourage the people they share it with under the CC BY-NC-ND 3.0 license to help me make more by buying their own copy (or a subscription).
You are putting words in my mouth. I didn't use corporate rights holder argument to justify unrestricted copying. But DRM is enforce market and device segmentation, not to empower content _creators_.
>DRM certainly has kept some (power) user-friendly features off the market.
Is watching Netflix at 1080p or more a power user feature? Because currently that's heavily restricted by DRM. Not possible on any open-source operating system, restricted to a few browsers on Mac and Windows. 4K is only enabled on Microsoft Edge and only if you also activate a bunch of hardware DRM features. So I have to watch 720p content on a 1440p screen which is ridiculous.
>But I don't see a lot of evidence that those limitations, if genuinely important to users, can't be competed away.
Amazon Prime imposes similar restrictions and is only slightly better at providing 1080p. Meanwhile piratebay still has more choice with more quality and is the only hope at "competition" to make them change their minds.
We are in a world where picking your devices freely is blocked by Amazon/Netflix and the content providers while at the same time those same companies want us to help them push for net neutrality. Commoditize the industries you depend on and capture the ones that depend on you seems to be the play and we should fight it wherever we can.
> Is watching Netflix at 1080p or more a power user feature? Because currently that's heavily restricted by DRM. Not possible on any open-source operating system, restricted to a few browsers on Mac and Windows.
Consuming content anything else than the mainstream browsers on anything else than the mainstream operating systems or devices is definitely a power user feature, yes.
> Not possible on any open-source operating system
So where do you get more than 720p if you don't get it neither on open source operating systems nor on Chrome on Windows? If you get 720p max everywhere, why do you think this has anything to do with DRM?
You do get better quality, but only if your system has an OS-level DRM implementation and the browser uses it. This is the case for IE Edge on recent Windows, but not much else.
Chrome on Windows uses its own Widevine DRM implementation instead of the OS-integrated one.
This shitshow is referred to as "robustness requirements" and Netflix apparently agreed to serve high-resolution video only to DRM implementations of certain "robustness" level (OS-integrated DRM with video drivers that co-conspire in enforcing restrictions on the actual device owner).
All this complexity to protect the content and yet there isn't a movie or TV show out there you can't find in crisp 1080p on Usenet or torrent sites with one quick search.
That's the maddening part that's driving me away from Netflix and similar services. I am completely willing to a pay reasonable sum for content, and the current batch of media providers do a tolerable job, but limiting the image quality because my computer is too free is just silly.
I can get the exact same episode or film — in any resolution — on my HTPC in five minutes, DRM free, by breaking the rules.
Netflix's Windows Store app doesn't have the 720p limitation. I think it may just be a thin shell around Edge, but I'm not 100% sure. It definitely has to do with DRM.
On televisions. Most 4k TVs and the increasingly common 4k streaming boxes support 4k playback for the major services that offer it (basically Netflix and Amazon AFAIK).
I don't know if this has much to do with DRM, or if it's just a matter of supporting HEVC.
I think you're discounting the opportunity cost here.
In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers. We could be in a DRM-free world, without the inconveniences of elaborate technical restrictions on pass-through and mutual device compatibility, or black box binary blobs on otherwise open source operating systems.
With a look on TPB, it seems evident that DRM doesn't work to prevent piracy. Any technical means that would be used to download a rate-adaptive video stream and save locally in the absence of DRM would seem to me to be more involved for the end consumer than downloading pirated media directly - so I don't think DRM even works as a speed-bump.
A standards body is a great place to achieve consensus around a negotiating position. I don't think the consensus that was reached was the one that leads to the best final result. The distance between where we are now, and that final result, is the cost of this decision.
I see how that gets us to a DRM-free world, but not so much why ordinary consumers would care. To a first approximation, no ordinary consumer uses TPB. Unauthorized copies are less convenient (especially since mainstream playback devices won't play them) and frequently of lower quality. The price point for legitimate copies is low enough that the purchase decision isn't that hard.
A standards body is a great place to achieve consensus around a negotiating position, but a pretty big chunk of this standards body doesn't want the negotiating position you want.
The arguments I've seen in favour of supporting DRM are all about enabling the delivery of "protected" media to the consumer - but it's competition of a Prisoner's dilemma kind that drives them there.
If any one vendor - it doesn't matter whether it's a browser, or an operating system, or a graphics card, or a monitor, etc. - agrees to add DRM technology, they hope they'll get an increase in usage / sales at the margin by convincing shy media producers to distribute.
The only way to stop it is to band together and refuse across the board. Individually, everybody gets picked off. You can't be the only monitor that can't play movies, or the only browser that can't show the latest episode of GoT.
Your points about usage of TPB, less convenience, lower quality, cost being low enough - all of them seem to be from the U.S. or first world perspective. In many other countries, TPB or equivalent is very common across classes of people (not just students but also workers in different non-technology industries). Unauthorized copies are more convenient because most people watch media on a tiny laptop or a small monitor desktop (often several years old or low end), where a free VLC or other player will play whatever is thrown at it. Quality of the video/audio isn't a big deal on these lower end, smaller screen and older devices (plus, many people may prefer lower quality for the lower data consumed from a broadband connection).
One might argue that these people would never pay for content and so mustn't be considered when talking about paid content. But given a chance not to jump through hoops and with geography specific pricing, there are ways to get people to pay. That could add up when done right on a large population base. Right now the big content houses are literally leaving money on the table and encouraging piracy (to put it in a different way)!
For me, a DRM-free experience is one I can enjoy on all platforms and devices I have. It also has a much better general UX.
Measured in all ways I can measure quality, DRM only reduces it. Thus sites like TPB still has the upper hand for people who care about quality, portability and UX.
TPB quality is usually very good, 1GB per hour is common and 4GB per hour is possible for high demand stuff. Plus you get a much better library. A fast internet connection makes the inconvenience of downloading vs. streaming go away.
1GB per hour isn't enough if you have a big screen (I use a 100" screen with projector). Not even Amazon encodes video well, they have particularly poor colour quantization that ends up filling the screen with blotchy seas of uniform colour; Netflix has the best encoding settings IME.
Right, so since movies are about 2 hours, divide those numbers by 2 to get GB per hour. It's hard to find that quality for good but unpopular movies or shows. But then again, it's usually hard to find good but unpopular movies or shows at all on Netflix.
The tracker/torrent numbers I see are consistent with more than a quarter of US college-aged people using them, and more than three quarters watching media obtained that way—those are better numbers than HBO. It absolutely has a role in tastemaking.
>To a first approximation, no ordinary consumer uses TPB.
I'm not sure how true that is. Currently getting content is easy enough that the average consumer doesn't use it, but at least back in the mid 00's the technical people in my social circle got introduced to torrents by people who didn't know how turn off a computer except by unplugging it. They we're willing to take all sorts of risks with their computer on sketchy sites the second it became the easiest way to get their content.
If torrents and piracy become the easiest way again, I could easily see regular people going right back to it.
Related: remember SOPA, and the street protests with which Poland led the way to shutting it down in Europe?
I still really don't think the protests happened because people suddenly became aware of abstract consequences of an obscure deal proposal. But exactly at that time, in an unrelated case, FBI shut down Megavideo, widely used by regular people then. This is what they took as a future of Internet under SOPA, and that's why, I believe (based on first-hand experience), they went to the streets.
Yea, I don't think the op does this himself but as a group the people on hacker news vasciliate between, comouter literacy is the new literacy and something that requires you downloading two programs(Torrent software and VPN) and go to one website, is beyond anyone but software devs. Computer literacy _is_ the new literacy so is it suprising that regular people can start doing things on computers for themselves?
Unauthorized copies tend to be more convenient, since the days of region free DVD players.
I strongly believe that the convenience of Netflix and iTunes only exists because of piracy, and the industry would never have chosen it otherwise. They'd be stuck on pay per view.
That's only true if you ignore the problem of malware getting on people's systems via pirated downloads. This is a large and significant source of malware (as people tend to override virus scanners and such).
Piracy does have serious negative side effects on both content creators and end users. It's kind of a hacker fantasy that it doesn't.
> To a first approximation, no ordinary consumer uses TPB.
Ordinary consumers get it via sneaker-net on a USB key that they can now plug directly into their TV. Before that there was pirated DVD's and video cassettes, but the ease and cost of piracy is still improving faster than legitimate methods.
Unauthorized copies are less convenient (especially since mainstream playback devices won't play them) and frequently of lower quality.
HD .mkv files can be viewed on virtually any device, including "smart" TVs long forgotten by their manufacturers which do not support Netflix/Roku/whatever apps, open source devices, smartphones, or regular computers. Usually, you just need to plug in a USB drive and press play.
They can also be of arbitrary high quality. And usually higher, not lower than streaming sources which adjust to network conditions.
It's true that the plans at legitimate distributors are currently very inexpensive. A good seedbox will run higher than Spotify and Netflix subscriptions plus a bowl of nachos but neither the quality, nor the choice, or convenience are even close to piracy.
In my experience, it has always been easier to pirate movies and TV shows - especially in the last few years.
Netflix only had a few of the shows I watch, I had to get HBO Go for the rest. Now Disney is pulling everything to their service.
You need multiple services, each with their own apps. Good luck on a 10Mbps connection. Getting DVDs is impossible less than a year after release.
With CouchPotato, I find the movie on IMDb and click a button to add to to downloads. Sonarr downloads new episodes of shows just hours after release.
Even Stremio (think PopcornTime, but better) is easier to use than most streaming services.
In the US, maybe. In some other, less capitalist countries… well, paying for non-physical things seemed ridiculous. Still kinda does, but app stores have somewhat changed that.
In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers.
Doesn't seem obvious to me. Why wouldn't they use their existing native apps?
Netflix, the original HTML DRM-pusher, actually does. For a gazillion kinds of platforms and devices and they're doing fine.
In fact it seems they have apps for all platforms out there, except the traditional desktop, something it would cost them almost nothing to provide on top of their existing app-offerings.
Basically Netflix is the best proof you have that you don't need DRM in HTML.
So what's the benefit to consumers if streaming services abandon the web? I know of one such service - NowTV, that insisted on me downloading the native app on macOS instead of watching within the browser. Personally I preferred Netflix's browser version, DRM notwithstanding.
DRM is the price that content providers ask of Netflix. Netflix is fine with that, because the alternative is less content. Browser makers are ok with that, because the alternative is fewer people on browsers and more people on native apps. I'm personally ok with that because I dislike installing apps and I prefer the browser, although most people don't have a preference.
So what's the benefit to consumers if streaming services abandon the web?
1. It avoids the ethical problem of pushing DRM onto people who just want a browser. (Firefox does offer a EME-free version, but you have to look for it, when you might not even know what EME is). If a CDM module installed automatically by Firefox becomes an exploit vector, they are ethically responsible, in my opinion.
2. It preserves browser competition. CDM modules only work in approved browsers, so people building new browsers are at a disadvantage. They may be able to use Firefox's sandboxed component, but it's not clear yet.
3. It avoids having second-class OSs for those browsers. For example, Firefox runs on MIPS and SPARC, but the CDM modules don't.
This misses my point. No one cares about DRM - not the streaming service, or the browser vendors or most importantly, the users. Consumers have voted with their wallets on this - they'd rather watch Netflix than torrent.
Maybe I'm being callous, but I don't care much about "the ethical problem of pushing DRM". Nor do I care much about MIPS and SPARC. How many end users are running MIPS and SPARC anyway? And I especially don't care about it being difficult to use DRM. All of this sounds like ideological purity, which in my opinion, is a waste of time.
That's fair. I'm the first to admit that my personal opinion is irrelevant. I made the mistake of saying "I don't care", hoping you'd understand I meant "the vast majority doesn't care".
Could you list some benefits that would be appreciated by more than 0.1% of society?
Most software don't have to choose between giving up DRM or not using web apps. I'm not convinced at all that their choice would be the former, especially since their clients already use native apps heavily.
> In a world where browser manufacturers, as a block, refused to implement DRM, it's seems obvious that sooner or later visual media producers would be forced to the table, to gain access to paying consumers. We could be in a DRM-free world, without the inconveniences of elaborate technical restrictions on pass-through and mutual device compatibility, or black box binary blobs on otherwise open source operating systems.
Well, that, or they would have went the direction of newspapers & news - give up on producing quality content, and instead cater to the lowest common denominator by producing the cheapest, most polarising content possible.
> In a world where browser manufacturers, as a block, refused to implement DRM
This is a world where we were a couple years ago. The content providers used plugins to provide DRM for the raw video (Widevine for example) or serve the video inside a container that has DRM (flash/silverlight). One of the main reasons for flash and silverlight dying away is that browsers could do more and more of what they did. And playing video the way the content producers/distributors wanted is a big part of that.
The really insane part is that the DRM is pointless anyway, you can go onto any file sharing/streaming site within minutes of a Netflix release dropping and it's there in HD.
I still maintain my netflix account 1) because my mum uses it with her Roku and 2) because they should be paid for providing value and good TV.
I have the technical skills (like nearly all HN readers I'd imagine) to stream whatever I want with essentially 0% chance of getting caught but I don't because NF has most of the content I want to watch and I don't watch that much anyway.
> The really insane part is that the DRM is pointless anyway
DRM may be pointless if you think its main goal is a way to prevent people from watching content they did not directly pay for.
But that is missing the point. It does not matter that you, an individual, can break it. It's a divide and conquer strategy: we as a community have to follow the rules and that's what matters.
DRM is about and has been extremely successful at giving content owners leverage over playback devices (you effectively cannot ship a playback device at any real scale without following the rules the content owners set) and transitively to players down the content pipe. That is why it is evil. It's the most clear manifestation of an unjust instrument of power over the user, to put it in Stallman words.
It's already happening too, note the way Netflix refuses to send higher quality streams to the PC, except through IE/Edge or the native app (which exhibits strange, tell-tale behaviors on multi-monitor setups).
I remember I has signed up for Audible - and was completely prepared to pay their subscription fees, despite a lot of content being available on pirate sites for $0. But I am old enough to value my time and pay reasonable fee for just mere convenience. And also it's the right thing to do, right?
Turned out, however, that I could not play this content on most of my devices, because it was DRMed into something awful, despite being regular sound files that anything can play underneath, and those devices did not support it.
So, I did two things: a) I downloaded the DRMed files that I had on my subscription, and spent an hour (probably should have taken less, but I have never done it before) on extracting regular MP3s from them and b) I cancelled my Audible subscription. So DRM wasn't just pointless to me, it was bad for both myself and Audible (I started with thinking they are awesome and now I low-key despise them).
I'm an admirer of well-done DRM technology but I think I agree with the subtext here, which is that DRM doesn't have much of a future. Ironically, the thing that is likely to end DRM is standardized DRM. By making it easier for technology/content companies to deal in premium content, content providers are making it easier to compete with them for their middleman role in funding content.
What annoys me is that DRM could be great for consumer privacy. I could have chat windows that are encrypted streams rendered fully in hardware. There are numerous legitimate reason to want to avoid data being generally accessible. But DRM seems to focus exclusively on content.
In theory I don't have a problem with DRM if it was "perfect" (worked everywhere, didn't suffer all the problems with current systems) but I just don't see that happening since the incentive to stop at "well it's good enough and it works on 95% of our customers machines" is always there.
I also don't really like blackboxes I can't at least theoretically look at the code for if I want to, I don't like it with the Intel manaement engines (and AMD) etc either but that is a trade off I have to make if I want to run new hardware, compromising my security so I can watch a movie is a lot less enticing.
Standardized DRM also makes it much easier to break and distribute the content. Break it once and you're done. When any vendor can build in whatever kind of DRM they want, it requires a virtual toolkit that can overcome whatever DRM approach the vendor happens to have chosen that day.
Far too many people seem to not realise this, and if you want to argue with content producers about it, arguing over the existence of content on TPB won't get you anywhere because they're not totally blind and can see it doesn't stop content from getting there.
DRM isn't about making things impossible to pirate, it's about making them harder to pirate.
IMO, some people will always pirate your movie/music/games/whatever. But if the crack lasts a few weeks, or if you have to unplug your DVD drive to get it to work, or if it's a low quality cam rip, or if all the good torrent sites have been shut down and now the last ones are infested with spyware, or if there's a risk of getting sued by the MPAA... all of these are factors that'll tilt the pirate vs buy decision.
There is an argument that there wouldn't necessarily be that much less content online. If your options are either deliver DRM free content or leave money on the table from the gigantic streaming media boom then it's hard for companies to ignore potential profits.
The problem with DRM is that it gave them a way to have their cake and eat it too, at the expense of the general public. Every time you have to use a shitty half baked interface to select your movie/TV show (I'm looking at you, Netflix and Amazon) you can thank DRM.
Maybe the harm will be realized in the long run, when you want to watch something that is no longer available?
For example, the Netflix library changes every now and then (at least that I've been able to detect), and there's more than one show that I can no longer watch anymore that I wish I could.
That to me is harmful because I don't really know when this happens until I search for it and it's no longer there. So I end up buying DVDs of shows/movies I really would like to re-watch in the future just so I can avoid Netflix's listing changes.
I guess the argument is that if there were no DRM I could download those shows I like the most and watch them at anytime, regardless of whether Netflix wants me to or not.
Not sure about the reasons for others to consider DRM harmful (or not), but this one to me is really important and would love to have a DRM-free alternative besides pirating (due to inconvenience mainly, and due to general concern for downloading stuff that might not be what it supposedly should be).
However this looks like wishful thinking at best, as time goes by and DRM is pushed further.
Netflix announces which content will be added/removed months ahead of time. The decision to remove content is driven primarily by the principal right holders - Netflix is largely just "leasing" the shows that it presents (hence the company's shift to producing its own content).
To present it as a decision solely made by Netflix grossly underestimates the contractual complexity and involved parties responsible for turning a screenplay into something you can stream in 4K, all of whom have ownership stakes to lesser or greater degrees.
I didn't mean to imply that shows got delisted at the sole discretion of Netflix. I understand that it's a complex decision with multiple stakeholders, and would even like to think that Netflix benefits the most from NOT delisting shows (i.e. they are on "my" side).
I was merely trying to point out that whoever decides what gets delisted (in this case for the sake of simplicity I said Netflix), has control over what I will be able to watch instead of me.
DRM is harmful. Its prerequisite is that users do not control their hardware. This has far reaching consequences that go well beyond media consumption and entertainment.
That's not axiomatic; in fact, it's a normative claim, not a positive one.
The argument is not that there are no consequences, but that DRM is a net positive because those consequences are the trade off for more and better content online.
Why don't you clarify why you think the tradeoff is not worth it, instead of just saying DRM = bad?
How do the consequences affect everybody, all the time?
Why is the price too high?
I'm not being obtuse, this is legitimately not obvious to me. Unpack your reasoning a bit, because I still don't see why it's axiomatic that DRM can't be a valuable tradeoff.
As was said before, DRM implies that no user controls their machine because it implies that someone else's content is always "safe" on that user's machine. DRM is inherently pernicious to everything from basic computer security to a democratic society.
Controling your machine does not imply you always understand what it is doing, jusy like controling your car doesn't imply you always know exactly where it is and how it got there. You may give your keys to your spouse to drive somewhere and you trust that they do just that. Back to computers, that means when you run someones elses software you don't necessarily know how it is doing what it is doing and you trust it does what you hope it does, yet you could be in control.
So when do you lose control? In the world of cars, when you do not have the choice whom to give your keys, when someone has the power to take your keys independently of what you want, then you do not have control. In the world of computers, DRM is to take your keys, or to never give them to you, in the first place. DRM has led to components in each and every PC that are built to be beyond the control of the owner.
I don't see a big problem with a DRM-capable computer on it's own, however, I don't think it's ideal and would argue against it. But the _big_ problem starts when I cannot buy a computer without it, anymore. That is where we are.
But the _big_ problem starts when I cannot buy a computer without it, anymore.
So make one. There'll be a lot of things it won't be able to do, but nobody's going to put a gun to your head and order you to stop producing a DRM-free machine for yourself.
Meanwhile, the "you don't control your machine" argument suffers from the same fundamental tension as many of the RMS/GNU/FSF positions: in the name of freeing you from restrictions, they impose restrictions. The GPL, in the name of protecting what you can do with the software, specifies some things you must never be allowed to do with the software. The hardcore anti-DRM position, in the name of protecting what you can do with the hardware, specifies some things you must never be allowed to do with the hardware.
Now, that's not necessarily bad; there are arguments to be made that trading off a small amount of freedom to do a handful of things protects a large amount of freedom to do many things. But unfortunately that's not a type of argument RMS/GNU/FSF can admit to, because they frame things in absolutist moral terms. The absolutist cannot speak in terms of tradeoffs. To do so is to compromise the entire position and, worse, to open the door to others who might propose a different set of tradeoffs and argue that they're as reasonable as the absolutist's proposal; at that point, as the famous line goes, you're just haggling over your price.
So if you want a computer with no DRM, by all means go and build one. Refuse to put anything in it that you don't absolutely control. You'll be giving up quite a few things, like being able to play back popular media, but if that's the tradeoff you want you certainly are free to go and have it.
What you can't do is force others to abide by that; most people simply do not care that there are things in their computers not fully under their control, or if they reflect on it are willing to accept the tradeoff of, say, having hardware/software that will refuse to play certain media unless certain third-party-imposed conditions are met. You could argue that the overwhelming majority of them have never thought about this and probably wouldn't come to a rigorous and well-informed decision about it, but morally you have no inherent right to substitute your judgment of what's good for them in place of their judgment of what's good for them. The most you can do is build your own computer which does things the way you want, install only software that you personally trust to abide by your principles, and advocate for others to do the same.
This is an excellent comment, to which I might add: framing a persuasive argument based on the position that DRM (or nearly anything) is an unequivocal bad is very nearly guaranteed to be untenable and inherently inconsistent.
If you truly believe that DRM is harmful in general, you need to construct an argument that appeals to educating people about which practical freedoms they care about will be lost. At that point you need to accept that they might not care about those freedoms.
But if you construct an argument from the axiom that users shouldn't introduce anything into their systems they can't reasonably control, you've fundamentally isolated almost everyone who you want to convince. Of those remaining to listen, most will typically already be on your side end evangelizing the same thing. In order to be consistent, arguing from a core axiom of user freedom and choice requires sacrificing things like hardware security modules, which are a giant leap forward for user security. You can have the absolute freedom to do anything if you'd like, but you might find that there are relatively few ways to apply that freedom if you do.
The alternative is a balanced approach: you don't start from an axiom that users need to be inherently free, and that some amount of tradeoff in freedom is beneficial and desirable. Then you go on to demonstrate why DRM in particular is bad in general. But this is a much weaker position in general, and framed this way you'll have fewer people to argue with.
I think its pretty clear that there is no "moral right" (as if such a think even exists) about that, but we need to continue advocating others about how artificial such restrictions are. I know people who genuinely think its just not technically possible to play 4K Netflix video on Firefox while the reality is that its just an artificial restriction. And if people don't oppose that, its going to get more universal. It sucks that instead of software empowering users, we're really just moving backwards.
The last CD I bought was DRM protected. It was impossible to play it on my car stereo. I had to make a recording/copy and burn that to a cd in order to play it. Never bought a CD again.
Imagine I would make the money I pay for media also DRM protected, so it can only be spend in a specific way? Would they accept my money?
I paid for spotify. Then they cut 10% of the music I listen to. Then they did that what seemed like every month until I cancelled.
If the social contract for DRM was "subscribe to a growing library of content for an inflation-adjusted rate", that'd be fine. Instead, the contract is "cede all your rights until there are no technological alternatives and a few monopolies own the whole market".
Not cool. I'd love to see the w3c disband over this.
> If the social contract for DRM was "subscribe to a growing library of content for an inflation-adjusted rate", that'd be fine. Instead, the contract is "cede all your rights until there are no technological alternatives and a few monopolies own the whole market".
Hacker News everyone, where one week the film companies are evil because they won't give Netflix all their content so people can have one streaming service and the next we have "monopolies own<ing> the whole market.
It harms anyone who wants to use streaming content offline on devices they control.
I often have slow internet access in my home which limits my ability to stream. If I can download when I have a good connection I can view later when my connection goes to shit. This is not an option with most streaming services (eg Netflix). I pay for these services. I should have control of how and when I view the content.
And then it casually and silently deletes them after some unspecified time. Which has screwed me before on a long flights.
Now I always pirate media in advance I intend to watch in the air. I don't want to have to babysit my netflix downloads to make sure that they really are downloaded.
I have the same issue. I have a Netflix subscription, but I also pirate things that are available there e.g. via PT, because I can then just use VLC and have that better user experience, including the possibility of taking the movie onto a train.
I think the limitations on playback are an unreasonable burden. More fundamentally, I think I should have the right to gain the fullest possible degree of control and knowledge of the workings of my computing equipment without being punished by the legal system. Just like I should have the right to repair, inspect and modify the physical objects I buy, should I be allowed to do that with my computing hardware and their information contents.
In the near future neural networks will recreate full software packages just from being connected to cloud-based applications that stream video and commands back and forth from a browser window (or a VNC-like desktop client/app). The DRM systems will always be cracked, because you fundamentally can't and should not be able to control what people do with the information you give them, and eventually even running the DRM by not sending the executable code at all will not be enough to make software impossible to copy.
However, I don't think this will be a large problem, because you can still fine people for sharing copyrighted material with randoms (I'm not sure I think that's a good idea, haven't thought about it enough), and once you have enough clients that integrate content stores and payment functionality with playback, you can get a user experience that is so much better than that of Spotify.
I think the right to free computation and inspection, repair, integration and modification of computing systems should be enshrined in national constitutions, as it is as fundamental as the right to free expression, and perhaps just the newest incarnation (and necessary extension) of that same principle.
> It seems self-evidently unharmful, in that we appear to be in a golden era of delivering content online so extraordinary that it threatens traditional television networks.
One of the main reasons we need so much new content is because a large percentage of old content is no longer accessible, mostly for reasons related to rights management.
There are so many excellent films made in the second half of the twentieth century that most people will only encounter when, ironically, a broadcaster shows it on classical linear television.
I had hopes that Netflix becoming a global phenomenon meant that a vast library of content would become available, but instead we are now in an era of increasing fragmentation of content offered, with content providers becoming content creators (fine), for exclusive content (rather limiting), offering only a token of third party content of dubious quality (hey!).
Here is a radical though: reduce copyright to 28 years, and let the Netflixes and HBO's compete against that! Not going to happen of course — the best some of us can do in the meantime is pretend copyright did end after such a term, or just meekly submit to whatever is made available, DRM-shackles and all.
> There are so many excellent films made in the second half of the twentieth century that most people will only encounter when, ironically, a broadcaster shows it on classical linear television.
Yep, I would have never discovers Jeremiah Johnson without TMC.
> Here is a radical though: reduce copyright to 28 years, and let the Netflixes and HBO's compete against that! Not going to happen of course — the best some of us can do in the meantime is pretend copyright did end after such a term, or just meekly submit to whatever is made available, DRM-shackles and all.
This is the real root of this issue. You're completely on the right track.
Originally, copyright only protected an idea for a very short amount of time. Basically the amount of time required to go to market with an idea. Copyright was intended to protect the little guy entering the industry so larger competitors couldn't steal their ideas until after the little guy entered the market.
Now, on the other hand, copyright accomplishes the exact opposite. It protects the big guys by ensuring that no-one can ever use or improve upon their ideas/products without their express consent for what seems like an eternity(see Disney constantly requesting copyright extensions on Mickey Mouse). There should be a hard limit on copyright of 5 years, maybe 10 for IP. As you said above, this will never happen as there are too many people and companies feeding off the current system. Disrupting the status quo would result in an eruption of outcry from studios, record labels, and publishers.
That said, I think we can all agree that is absolutely absurd that record labels are still profiting off of albums where every person who worked on them is now dead for an example.
Let's also be real here and address the issue that artists don't really benefit from signing on to contracts with large corporations outside of maybe better publicity. 90% of the proceeds from listens on spotify or shows on Netflix are going to the companies that own the rights and not the musicians/actors. That's why most non-mainstream music is moving into self publishing/independent labels.
What, you mean return copyright to a state that worked for, what, a century, and which meant that people could actually freely remix things they saw as adolescents within their lifetimes? Blasphemy!
I'm somewhat sympathetic to the argument for DRM (we need to ensure artists receive fair compensation for their work), but I wonder:
If the entertainment industry could survive the age of "DVD ripping with abandon", can't it survive the age of "people copying Netflix movies with abandon"? Do industry leaders anticipate the latter will be much worse than the former? Is the cash flow situation that dire?
Or is DRM about something besides preventing piracy?
> DRM'd content raises the bar beyond most people, so it cuts down on piracy.
All it takes is one individual to make a "DRM" free version of a movie and begin to torrent to the public - and then the bar is lowered to the average consumer / pirate..
Cinavia does exactly that via watermarking the audio channel. Various playback devices are required to embed a Cinavia detector as part of their licensing requirements.
IP laws are why rich and powerful media companies can't take my independent creations without compensation and profit off them without risk of a lawsuit. Copyright serves a valuable purpose, even if lobbyists and the big companies they serve seem to not understand (or care about) copyright's function.
Copyright is DRM without the D. It puts just enough friction on using my creations commercially to make them decide to pay me rather than risk consequences. I don't mind it going public domain after a while. I'm not greedy, and I understand that culture needs to be fed to continue producing more.
Thanks for that! From my reading of the end, it seems to me that there is inherent conflict of interest in being a content-licensee and a browser-maker with respect to DRM e.g. an analogy that builds on foxes guarding the hen house.
Make a browser extension that works across all browsers to sync user data. Then inform consumers. Consumers then easily switch to better independent browser builds, forcing media holders' hands.
If consumers have no desire or ability to become aware, and can't muster the will to delay gratification for a few days it's hopeless. Consumer awareness must be the end goal; rather than establishing a smaller subset of aware representatives to tell the media holders the consumers care. The media distribution channels own the media right holders. They control the flow of $ completely. Six corporations have complete control. Same corporations choose which of the infinite security flaws to discuss on the news, and effectively dictate the browsers and consumption methods/endpoints people use. No solution will acomplish the result of total consumer awareness, for any period of time, without first achieving consumer awareness.
There are some blockchain based systems in the works that may help with this mess. If a middleman can be removed, content creators could publish directly to p2p networks without losing the ability to earn money from their contributions. Instead of relying on some rights mgmt company to authorize content they could create a smart contract to programmatically allocate earnings to all parties involved. Time will tell but check out http://www.pepperlaw.com/publications/music-and-the-blockcha...
This also has the side effect of eliminating curation bias / censorship allowing for all sorts of new content to become available that might not otherwise be allowed on iTunes/Netflix etc.
That article seems like a winning buzzword-bingo game by someone selling blockchains.Anyone who wants to sell online already can and there are plenty of people who do with either no middlemen or by picking a third party who shares some philosophical goals. Similarly, unless you're trying to sell completely illegal content it's trivial to buy or sell content which the major players choose not to carry — e.g. iTunes and Netflix not offering porn hasn't seemed to prevent anyone from watching it.
The actual problems here are discovery and piracy. The former increases the benefits (real and perceived) of middlemen with promotional channels, speaking to both to the creators wanting their work to be found and anyone finding it. The latter is similarly important: most artists don't make money so every lost sale counts and for every artist who believes content should be unencumbered there seem to be more who demand DRM, especially the mainstream ones with the most customers.
Not addressing both of those is fatal: if customers can't find what they want easily, the service is unlikely to make it out of the indie market. The key thing to remember is that outside of the diehard anti-DRM community, nobody sees this as a problem – most people find what they want on a major service, pay an acceptable amount, and leave satisfied.
Blockchains don't solve those problems and add new ones, like performance and irrecoverably failing open if there's a bug, which are likely showstoppers.
iTunes ditching DRM for purchased audio was never really a glimmer of hope for video, and lets face it this discussion is really about video more than anything else.
iTunes movies still have DRM. Arguably DRM free audio had extremely little bearing on the future of video, given the very different demands of each marketplace.
Remember also, that with a few exceptions (Sony rootkit anyone?), music had a long history of being DRM free before digital distribution came along (vinyl, tape, CD etc). Video distribution by contrast has a long tradition of many copy prevention "solutions" over the years on many different physical formats.
Even that is not ultimately necessary. What we need to do is convince politicians that it's a bad thing, and in theory we should have a lot more influence over those. They can pass the necessary laws to say DRM is illegal and it would be much better plus potentially easier than crawling and begging to the media companies to throw us a bone.
In practice it's not so easy because the US has a broken and corrupt political system where the politicians are more dependent on rich donors than on the People who vote for them.
So once again we arrive to the same conclusion Larry Lessig did many years ago: if you want to fix the copyright issues, or the climate issues, or healthcare issues, or any other big issue, you need to fix money in politics first. Everyone on all sides, no matter what other conflicting issues they have with each other, should be working hard on that issue if they want any hope for their other issues.
You'd have to convince them that DRM is against their best interest or provide them with something event better than DRM for their best interest. That's much tougher.
Do people want DRM-free media, or do they want ease of use?
There's no technical reason why there has to be a choice between the two. Spotify could implement 'Save to device' or 'Share this song offline' features very easily. The only reason they don't is down to the politics of ownership.
It took me a while to understand how politics are very different than the binary world of logic and strictly enforced rule of my CS universe.
In politics, very often, there are no strictly enforced rules, there are groups of pressures pushing in opposing directions. W3C has no way to prevent proprietary browsers for doing what they want, they just put some pressure on them. They know that going through W3C is the easiest way to agree on a standard and to provide interoperability for their users.
This is a small amount of pushing power.
EFF withdrawing is normal: that's the main item they were interested in. The question now is to see whether Mozilla will stay.
> In politics, very often, there are no strictly enforced rules, there are groups of pressures pushing in opposing directions.
All power is ultimately politics, not rules. People can use politics to change the rules, which happens often through lobbyists, influence, or even force.
Powerful actors operate on the level of politics; they write the rules. The plebeians operate at the level of rules. If I'm unhappy with something a major corporation does, I can operate within the rules and complain to a regulator or take the company to court. If the corporation is unhappy then they get the rules changed, for example by having laws passed that prohibit my lawsuit, eliminate their liability, or hamstring the regulator. It also happens in smaller domains, such as among employees of a business: those skilled in politics get the internal decisions and rules made in their favor.
The exception is, broadly speaking, more common than the process described above: The issues most people deal with in their everyday lives aren't important enough to motivate political action.
>>> The issues most people deal with in their everyday lives aren't important enough to motivate political action.
Save for the fact that their life is completely shaped by politics.
I like your analysis a lot, but I don't like your conclusion. Because ultimately, humans make politics, so one can influence them. In french there's a saying : if you don't care about politics, then politics will take care of you...
As several people have pointed out elsewhere in these comments, Mozilla has already implemented EME. That makes it seem unlikely that it would quit over the adoption of this recommendation, even though Mozilla also stated that DRM is bad.
Not true. See Google's NaCl and Mozilla and Microsoft's own alternatives to that. Neither went anywhere because each browser pushed in a different direction. It's only through W3C that they managed to build WebAssembly and all agree to use it.
I see this DRM thing the same way. Without W3C they may have built their own DRM solutions (and in fact, they have, years ago), but they wouldn't be compatible with each other, which means they wouldn't get too much adoption either.
> I see this DRM thing the same way. Without W3C they may have built their own DRM solutions (and in fact, they have, years ago), but they wouldn't be compatible with each other, which means they wouldn't get too much adoption either.
Prior to the first spec being presented to the W3C, it had already been worked on by two of the biggest browser vendors.
> The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.
This is the world we live in. People are willing to sacrifice privacy and security in favor of convenience. Sounds a hell of a lot like a book I read in high school.
People are so willing to make these sacrifices because they don't even understand what they're sacrificing. They don't understand what they're sacrificing because they couldn't be bothered. Apathy is the disease that will bring down the world. I'm calling it now.
It is truly a tragedy of the commons. It makes sense for the individual to consume their content, they're not giving up much by themselves. The problem arises when everyone does it.
> The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest.
This is simply not true. Netflix's entire business model is based around one thing: video content delivery. It started with DVDs in red envelopes, and has evolved to be app-based streaming now. Neither of these two things has any relevance to web browsers.
Netflix's wish to be able to provide its content on as many platforms as possible for the lowest cost? Yes, that would make a lot more sense for why they are pushing this. Not an enticing enough argument for destroying web browser-based DRMs imo.
I agree. I'm curious as to what percentage of Netflix users primarily stream through a web browser rather than an app. I know my personal experience amounts to basically nothing but I can't even remember the last time I watched something on Netflix through a browser. I just have a hard time imagining that a lack of Netflix would kill Firefox.
It has always been like this (see browser wars, WHATWG).
In this case W3C is involved just as a tool. Microsoft/Netflix didn't need W3C for anything other than the brand name lending legitimacy to the spec they've designed and implemented before presenting it to the W3C, and didn't materially change it after.
I 100% agree, and I wouldn't have agreed to it had I not been on a standardization committee in a before/after situation. The before was mainly implementers. At least they had a super majority. After was 5% implementers and it was a complete disaster. That 95% was like a kid in a candy store: no regard for implementation difficulty or what it would do to language consistency. Thankfully, the effort died quite quickly, so I never had to make much of the issue.
I would suggest not underestimating Mozilla's market influence.
It would be possible to create a browser that displays DRM content and ignores DRM. The only thing that content publishers could do is ban that browser. And then it would adapt to disguise itself as other browsers.
DRM on the web can only happen if all of the major players (that is, browser publishers) agree to play along.
I am very excited about this news, this is probably the most important news in weeks, and could impact the Internet for years to come.
> I would suggest not underestimating Mozilla's market influence.
They have no market influence. They have maybe ~10% of the market globally (I've seen figures between 5-15%), and that's primarily desktop - which is decreasing daily. On mobile it's even worse (probably less than 1%).
Any influence they have solely extends to the desktop, and that's not the primary way people are interacting with the internet nowadays.
Market share isn't immutable! Market share changes based on capabilities. I dropped IE for FF when I got a basic understanding of computers, I dropped FF when it became clear it was a memory hog, and now I kind of toggle between Chrome and FF. I think that, with killer features like breaking out of DRM, the market share could change.
> I think that, with killer features like breaking out of DRM, the market share could change.
That's not a killer feature to the market: I bet 99/100 people don't know what DRM is or what it stands for. They just care that they can watch videos or not.
For better or the worse the overwhelming majority of browser users don't know, care, or have any idea about how the internet is standardized, how DRM works, and why it matters to them.
I actually don't see how using the browser would provide any practical value. If you pay for a streaming service you might as well just watch the legit DRM'd version. If you're watching a pirate stream you might as well stream from a pirate who cracked the DRM on their side.
Unless you value the fact that Firefox comes from an organisation which values the freedom of the user and are willing to tolerate a dip in quality (as perceived by the typical user, not a techie) compared to a product from an organisation which has far greater resources at its disposal, and unless a lot of other people are going to do the same, it'll never work.
I use Firefox and almost never use another browser but I'm afraid over time, it's share of the market will fall. This news makes me fear so even more. I do hope I am proven wrong though. I've seen one monopolist fall. I do hope I see many more.
Indeed. People who want nothing to do with DRM will want alternatives. Once DRM-integrated browsers are compromised at scale, more people will want alternatives.
If what the above says is true (Though Im not sure it is possible), and Mozilla can provide a way to display DRM content without adopting DRM standard, I would think that would increase its marketshare.
The user cares about access to content. The user does not care about DRM. The user does not care about corporate interests. Ad blockers are proof of this. The user wants what they want, and the people who provide that to them with the fewest hassles are the ones who win.
Everyone needs to appreciate that "cost" is a gigantic hassle to most people, no matter how much money they have. The concept of owning their content is another big consideration for people, which is why we saw "rental" models for video streaming fail in the past compared to "ownership" models.
> It would be possible to create a browser that displays DRM content and ignores DRM.
The DMCA makes this illegal. No browser vendor is going to take that risk. Maybe some anonymous developers will release a firefox fork or similar, but that's a big risk. Not to mention, most groups who pirate content tend to keep their methods secret and only release the content.
EME plugins will use whatever user-hostile platform-specific opaque techniques necessary to communicate with the host OS in their attempt to ensure compliance.
If the browser interferes with them, or the OS can't promise a "secure" chain from plugin-output > display, they can just refuse to stream the content.
You can bet EME plugins will be highly platform specific, and poorly supported, if at all, on platforms that respect their users.
Anyone taking bets on how long it will be before CDMs start requiring extensions that allow access to platform Output Protection/HDCP mechanisms?
If nothing else, the standard already allows for the CDM to access the network (albeit managed by the user-agent) which means, for example, it could ping Microsoft to ask about this particular Win10 computer (as identified by user agent, IP address, and/or user account data from the content provider).
Netflix/Microsoft/Hollywood/etc. aren't going to stop until they can close the loop as much as possible, with MS and hardware manufacturers already working to tighten things from the other end (see HDCP and the various frameworks for "protected content" that MS has been working towards).
Either providers will push to integrate those platform-level frameworks, or they'll just stop offering content to web browsers entirely.
> with MS and hardware manufacturers already working to tighten things from the other end (see HDCP and the various frameworks for "protected content" that MS has been working towards).
HN users would do well to keep this in mind the next time they are singing MS's praises about how MS are embracing open source and becoming the savior of all things programming.
So are all major piracy operations in existence today and yet most of them operate without any real penalties. Look at The Pirate Bay and Giganews, both of those have been operating under enormous "legal risk" for over a decade.
Piracy is never going away and this re-run of corporations trying to control content created by people (corporations are not people) will fail the same way that every single previous effort has failed. Piracy will outlive the old fools pushing for these programs.
I'm not saying piracy is the answer, but once these troublesome corporate fools have all died sanity will return to the market and piracy will be replaced by pro-consumer models.
Lots of this stuff is so US focused. Any European nation for one will let you reverse engineer stuff you buy or download to your own heart's content in the safety of your own home. I expect many countries in the world are civilized like that.
Almost every country, with the exception of Israel, has implemented the anti-DRM provisions of the WIPO Copyright Treaty using similar language to the United States, or worse. In the European countries, it's embodied in the European Copyright Directive: https://en.wikipedia.org/wiki/Copyright_Directive#Technologi...
That's one of the reason why we argued so strongly that the W3C should include a covenant. Even if EFF continues to successfully obtain temporary exemptions from the DMCA in the tri-annual review, we can't do that for security researchers or lobby for similar fair use exemptions in every country.
You're right. I've done some digging, and some similar language has been implemented at least in the Netherlands (for the Dutch, this is article 29a of our Auteurswet). Although it's somewhat vague, it does bum me out. It seems the Dutch implementation has not been enforced all that often (mostly to combat game console mod chips), but it has been used to fight security researchers publishing stuff on security weaknesses in our public transport RFID cards... Thought we were better than that.
New Zealand isn't a party to that WIPO treaties [1], but it does have a law implementing restrictions on circumventing Technological protection measures (TPM) [2]. But unlike the DMCA, the NZ law lists lots of exceptions that allow you to circumvent TPMs. In fact it says "Nothing in this Act prevents any person from using a TPM circumvention device to exercise a permitted act under Part 3." Part 3 of the Copyright 1994 [3] is the (very long) part that lists everything you can do with a copyrighted work, including the NZ equivalent of fair use, research, education, archiving, backup, decompiling software, etc, etc.
"... web developers are going to go by the behavior of [what] the browsers do."
I have pointed this out before.
It is an important point that I think perhaps is overlooked when users ponder how to change the web.
Want to change how the web is presented, fix annoyances, scratch an itch?
Try to achieve through web development? Good luck.
Try to achieve through browser development? Far more interesting. Alternative, open source, non-commercial browser. For example, implements limited set of features.
Web development follows browser development.
For example, a browser that does not automatically follow URLs so that ads and other crud can be loaded into pages.
Giving users access to a browser like this may be a far more effective means of influencing web development away from annoying "user experiences".
If such annoyances rely on a certain modern web browser feature, then use a browser that lacks the feature.
Non-commercial means developers do not care about "market share". They are not trying to "compete" with the major browsers on features. They care about creating a superior alternative to major browsers that shifts the focus from advertisers and media companies to users.
If the annoyances users have while using major browsers are bad enough, then they will try alternatives and the "market share" may shift. Or maybe not. But who cares? Because with an alternative browser "market share" is not the goal.
In another thread, a Chrome developer perhaps a former Firefox developer tells of how they dropped some feature because it was too "power-user" and that is not "what [they] were going for". Maybe you are within the market they "are going for". And maybe you are not. If you are not, then waiting for developers at a large corporation, whose customers are advertisers, to cater to your needs is futile.
I'm guessing you don't have young kids? I say that because if I want to watch any R rated content (like Bojack Horseman for example, which I did last week), the only place I can safely do that is in my office with headphones on, since the toddler tends to creepily sneak up on us in the middle of the night after climbing out of bed.
If I'm on my computer as opposed to a mobile or TV device, I use the browser. It's not as often, but I definitely have done so, even within the past week.
What people don't get is that EME sets a strange precedent in the history of HTML.
Web browsers have always been very hackable. HTTP meant you could always look at the traffic being exchanged. And because there was little point in obscuring anything, web browsers allowed you to look into and modify everything:
- view/modify document source
- view/modify DOM
- debug script
- and so on
This is how CSS was defined too. It was supposed to be a compromise between how the user liked things styled, and how the vendor suggested styling the content.
EME brings something new to the table: locked LOGIC. This not a bad thing per se but takes html in a completely different direction than what it used to be.
The main concern is not DRM. The main concern is that this is a step in a direction where web browsers become unscrutable virtual machines running code that cannot be looked into. It's basically a step turning HTML into silverlight. This may happen for instance if the gaming industry decides that they need EME for in-browser games.
And most importantly this is done for all the wrong reasons: EME cannot stop anyone from copying the rendered content. And it certainly doesn't prevent anyone from downloading copied content.
So EME is just a stupid thing that technology-dumb media dudes are imposing on web developers for no reason and that may have far reaching consequences on the future of html... That's what's worth talking about.
I do not understand DRM/silverlight properly. Does this means that I won't be able to see what code is running in my browser for eg. JS collecting data in the background or use things like adblocker, greasemonkey etc.
No. The changes that are happening only affect DRM. So it means that when you watch a video/audio in the browser, there will be some encryption applied deep within the browser.
But it is a paradigm shift in the sense that it is the first time that a change is introduced in HTML that restricts the user from accessing the actual content that is being displayed.
Effectively, similar changes to the standard could be introduced to prevent users from tinkering with ads, or to prevent users from opting out of data collection.
In that sense, it opens the way to your browser being more like your phone.
Again, it's not _bad_ in itself, but it is a paradigm shift.
> I won't be able to see what code is running in my browser
Yes, but it's not JS. It's a plug-in the EME spec calls "CDM", and it is allowed to be anything, including kernel modules and hardware.
Websites that sign contracts with CDM plug-in vendors can use these unrestricted plug-ins, but you aren't allowed to check what they're doing because of DMCA.
If there aren't already enterprise software firms investigating how to offer their SuperWidgetron 10000 HR system through EME in the browser, I will eat my hat.
The single very small purpose will soon enough be worked around, messed with and extended to do more than it was ever "supposed" to - just look at JavaScript.
Where is the source code of the DRM module that shows that the only thing the code do to the stream is decode audio and video?
Oh, that part is not part of the open part of the standard. The super cookies, the administrative hooks into the operative system, the access to everything from the webcam to the hard drive, all that is what the EME is talking to through an interface labeled audio and video stream. A perfectly sand boxed interface. The buss transporting data from the browser to the module is not very useful as an attack surface when you full control of the module itself.
Those are good questions – and you might find Firefox's sandboxing implementation worth study – but that's not what we were talking about. Currently there's no talk of implementing restrictions on code, etc. within browsers and it hurts the cause to spread easily disproven claims that it's happening now.
For the record, the EFF only joined the W3C to fight EME in the first place. They're not resigning in protest, they're leaving the group because they didn't win the single battle they joined for the purpose of fighting.
Do you have a source for that? The latest article that references the W3C on their site already shows them as a member, and it appears that they were heavily involved in Do Not Track work before EME. Did they post something somewhere when they were joining?
> So last week, EFF increased its involvement in the W3C from being a regular participant and invited expert to a full member, to challenge DRM in the group's future work
Can anybody explain to me what will change because of this decision? DRM has been very much part of the internet since 1995 when RealPlayer was released. DRM has been part of content delivery ever since then. It has not ever seem to have decreased in popularity, quite the opposite. The browsers that 99.9% of people use have already implemented this standard for years anyway. It's not obvious to me that this decision changes anything (it seems this is the status quo already) but maybe there's something I'm missing.
What's going to change from today to tomorrow because of this decision? Or is the meltdown here just people now realizing that the battle is lost, even though it was lost already a long time ago?
One thing I do understand is that this contended decision is a serious break from tradition and apparently a dick move (although I'd need to see some additional sources on that). But that doesn't seem to be the main topic of the discussion in these comments anyway.
The fear is that this makes it far too easy to use DRM for webpage owners. Previously, you had to pull in a slow-ass Flash-plugin or similar, which was very much known to bring all kinds of security issues.
Now you just say "DRM this" and it does it, and you have the security issues whether you use DRM or not.
As a result, webpage owners might start DRMing things that were previously just not worth DRMing. Like images, text.
If you want to cite a news article in the future, you might have to type it off by hand instead of copy-pasting the part.
Also, just like DRM has done before, it's going to make content inaccessible for those who want to view that content at a later point with different technology, except that this time around it's not just going to be Netflix, it's going to be a good portion of the web.
So, yes, DRM has been part of the web for a long time, but how big that part is, is going to dramatically change.
> The fear is that this makes it far too easy to use DRM for webpage owners. Previously, you had to pull in a slow-ass Flash-plugin or similar, which was very much known to bring all kinds of security issues.
"Previously" in this case would have been four years ago, would it not? Ever since then, EME has already been reality. If EME has been reality and commonplace since then, what does this W3C decision really change?
> Now you just say "DRM this" and it does it, and you have the security issues whether you use DRM or not.
> As a result, webpage owners might start DRMing things that were previously just not worth DRMing. Like images, text.
> If you want to cite a news article in the future, you might have to type it off by hand instead of copy-pasting the part.
I would like to see some evidence for that. From a very brief read of what the EME spec defines, I don't believe this is technically possible in the spec. The spec only applies to 'protect' byte streams sent to audio and video codecs. If it were possible I think we would have seen implementations already since implementations have existed since 2013.
I hate DRM as much as the next guy, but we shouldn't need FUD to get that point across.
> "Previously" in this case would have been four years ago, would it not? Ever since then, EME has already been reality. If EME has been reality and commonplace since then, what does this W3C decision really change?
There is no FUD here. The W3C should not be involved in standardizing DRM API. If browsers want to implement DRM it is their problems. Everybody dropped the ball here. Mozilla, the W3C ... they could have just said no, that's not our problem, they were too corrupt to do that, they just signed the death of the open web.
I agree with most of what you say, except your first sentence.
The FUD here is that the implication is that now text and images will be DRM'ed. EME only allows DRM'ing video and audio. Facts matter, and making stuff up to 'support' the point does not help. His post literally starts with "the fear is..." and then provides no facts to support it.
It may be so that they signed the death of the open web. But it seems to me that if this is your definition of the death of the open web, the open web has been dead since the broad support and use of the <object> or <embed> tags with RealPlayer, Flash and Silverlight - and very dead since broad adoption of EME before the W3C had any standards on it. Signing that death after all this time does not add anything except for some symbolism.
You can DRM images with EME fairly easily: you just have a single frame video. And you can always take the Twitter approach with text and just render it into an image, which is then just a single frame video.
That said, the text option is not that realistic as long as there are legal obligations as regards accessibility, which will require the accessibility tree to contain a closed captioned version of the media (and that isn't encrypted).
Sure, everything can be hacked into a video on the web. But luckily that makes your web page unusable, unaccessible, and also un-SEO-able. It would also require you to have expensive DRM authoring tools to have you actually create DRM signatures (it's not just a switch you can flip on). Let me rephrase: EME can only be practically applied to actual audio and video.
The point still stands. EME has been commonplace for three years now. If the fear that it would grip beyond audio and video in the real world is based in reality, we would have seen it by now. The W3C decision changes nothing for the people who would use it.
Yep, but that's absolutely what's going to happen. People love to put square pegs in round holes. I'd be surprised if most things weren't DRMed within 5 years.
I don't buy it. People could DRM up the internet - including text and images - much more easily - for years with Flash and Silverlight. People could use the everything-is-a-DRMed-single-frame-video-now hack since 2014. Neither have been a problem. I've never even seen the latter happening, even as a proof of concept (although I suspect someone will point me to one shortly).
There will be absolutely no change. All major browsers already implement EME (this includes Edge, IE, Chrome, Safari, Firefox, Opera and a bunch of minor ones).
I personally think it is a step forward, as it is much better than Silverlight. Now all the client behaviour is out in the open, and only the DRM piece is proprietary.
There is no way that removing EME will make things better, that would just require all streaming services to build native clients or browser plugins, which isn't exactly improving any transparency.
People were naively thinking/hoping that once Flash and plugins die, DRM would magically disappear and media companies would start putting all their content on the open web, for anyone to access.
I'm with you, I'd much rather have a clean, secure and well implemented option, rather than each company trying to hack together a solution that will be buggy, insecure and inefficient.
The option of there being no DRM was realistically never on the table, as much as people would've liked it to be.
The option of there being no DRM was realistically never on the table, as much as people would've liked it to be.
Way back in the 2000s when HDTV was getting off the ground, the networks demanded that all recording devices support a "broadcast flag" that would allow them to prevent recording. CBS in particular said that unless this was legally mandated, they would refuse to broadcast in HD. Instead we called their bluff, and they backed down because it turns out they don't hate money: https://www.eff.org/deeplinks/2009/06/dtv-era-no-broadcast
Sure, media companies would prefer a world where everything is DRMed and all computing devices are locked down, and if we hand that to them on a silver platter they'll take it. But I don't believe for a second that they can't survive without it.
I wouldn't say that. If it between having no DRM and having no web presence, I think broadcasters would pick no DRM. DRM really doesn't do very much to protect against piracy. It's just a way for C-level execs to show they are doing something to protect their IP. It's a kind of security theater.
I think it's foolish to think that. Right now, if you wanted to share a video from HBO to your friend (assuming you couldn't give your account), what are your options. There's no easy way for you to just give that content to your friend. You'd have to link them to a third-party site hosting the content, which is not the same thing.
With no DRM, it would be as simple as doing a right-click and copy video link.
The recording industry was very hardline with DRM, until one day Apple decided they won't support DRM anymore in the iTunes Store. Thus no music is purchased with DRM from any of the major e-tailers.
If the choice is no DRM or literally not making any money on the Internet, content creators will choose no DRM every time. Technologists have all the leverage here. If the web simply didn't support DRM, do you think Netflix, Hulu, and NBCUniversal would pack their bags and lose on billions of dollars because of some theoretical increases in piracy? Of course not. They'd just offer their content with no DRM.
There are many file sharing, illicit streaming and torrent websites that have the entire HBO catalog available. They are pretty easy to find with simple Google searches. Piracy is not esoteric, it's pervasive even today. There is absolutely no technical obstacle to watching any HBO or major studio's content online for free. And that's arguably a lot easier then figuring out how to copy a huge file for non-technical users. DRM can't have any major effect here, people who want to pirate will pirate, DRM be damned.
The only thing DRM does is introduce barriers to legitimate interoperability and innovation. You get situations like "does this operating system or device support Netflix?" which is unheard if the web was truly an open system.
> The recording industry was very hardline with DRM, until one day Apple decided they won't support DRM anymore in the iTunes Store. Thus no music is purchased with DRM from any of the major e-tailers.
This is not comparable in my opinion. Music was bought, downloaded, stored locally and used on countless devices - from your living room setup, your NAS and media center, to portable players or your car. It made no sense to restrict that kind of content to specific software like iTunes.
A Netflix stream doesnt face the same problems. Compatibility isn't an issue here. Most consumers will never run into problems with Netflix' DRM.
That said, of course if it was possible to buy and download movies for permanent offline viewing, similar to music purchases, it would be absolutely necessary to provide that content DRM-free.
I'm not talking about temporary offline access to Netflix movies or buying/renting a movie via iTunes.
I meant purchasing a real video file that I can put on my NAS and view in a player of my choice. Similar to music. I'm not aware of any video services that offers that.
Why, precisely, do you think you can't play the video file in a player of your choice? That is literally what DRM is - technical restrictions against using content you have purchased in a manner you desire. They provide the file in an encrypted format that only their own player can decrypt.
When iTunes used DRM for music, only Apple's devices could play music you bought from iTunes, too.
I'm aware of that and have been criticizing the movie industry's requirement to ship content with DRM for a long time, particularly as an avid and frequent buyer of DRM-free, lossless music.
However you're right - the iTunes purchasing example shouldn't have been part of my previous response.
On the other hand I think DRM is fine, if not a necessity, for a subscription service like Netflix. It is basically renting content and my expectations towards these services are very different from a store that offers purchasing, which should absolutely be a DRM-free experience. The fact that it's not is exactly the reason why I don't buy films on those platforms, unlike music, which is available countless large and niche stores.
> I'd much rather have a clean, secure and well implemented option, rather than each company trying to hack together a solution that will be buggy, insecure and inefficient.
So with EME vendors can still do this: "hack together a solution that will be buggy, insecure and inefficient"
EME just gives a basic API and a way to get this DRM stuff into the browser. This doesn't do what you think it does.
One great thing about the personal computer revolution and the World Wide Web is that, thanks to its open specs nature, pretty much anything can be part of the Internet. That doesn't mean everything should be part of the standards: EME requires a piece of software called the Content Decryption Module, which is developed for Hollywood by software companies like Microsoft and Adobe, and can not be open source. So basically what the W3C is saying here is that every standard complaint browsers should include a binary blob from a private company. And that is, by the way, what will change from today to tomorrow.
This goes completely against the nature of the Internet, and it's also useless (as it will not stop "piracy"). I can't believe the W3C is doing this, it's extremely sad and marks a dangerous precedent.
In recent times pretty much all the DRM vehicles have been canned as native code browser extensions have become 'bad' for malicious code. So the DRM delivery mechanisms like java plugins, flash and so on are being taken out of the web and this standard sticks it back in. I have mixed feelings about this until I really dig into how the interface is supposed to work.
So it was almost out as part of the modern web stuff, and it came back the very next day.
As a follow up, isn't all this DRM for naught? If you send the video and the audio to my computer, I can record it after it's decrypted. What problem does this really solve? I already use netflix/amazon because it's more convenient than torrenting, unless it isn't. Seems the possibility is nil DRM-free versions of DRM content won't be available anyway.
You're right, content will always be pirated. However, security and rights management is never about definitive solutions. DRM makes it hard for 99% of the people and that's enough for copyright holders. They can focus their resources on the other 1% (unfortunately including poeple with legitimate reasons).
I'm not agreeing with this but it's how it is and I don't see that changing. I agree with another commenter that it's been like this for virtually forever and this decision doesn't change much.
Does it though? I mean, there are already non-drm versions available, and have been "forever". Yet 99% of people still choose netflix because it's easier. Even the 1% choose netflix because it is easier.
How does restricting the delivery of legitimate/legal content impact the way that people consume illegitimate/illegal content?
I also don't see it changing, but it seems like it will have /obviously/ literally zero impact on the availability of pirated content, and how/if people use pirated content.
I don't think this is true. You can find illegal streams for many (most? (all?)) TV shows with a quick Google search. It's also pretty common knowledge that TPB and similar torrent sites exist, and you don't have to be in the top 1% of computer users to install a BitTorrent client.
IMO we have oversupply of interchangeably disposable content fighting for a limited number of clicks, if someone makes it hard for their customers to engage, they are shooting themselves in the foot. E.g. whenever I'm greeted with a paywall, that tab is instaclosed.
If DRM has already existed for years, and the majority of browsers have already accepted EME as a de facto standard by implementing it, wouldn't codifying that standard be positive?
It's like arguing that Flash is a standard because the majority of browsers supported it. DRM isn't the open web and should have nothing to do with the W3C. You want to force DRM onto your users? write a native app.
We could "solve" the entire ad-blocking "problem" by delivering DRM-protected web pages that cannot be modified by the end consumer, merely viewed. This would also "solve" the "problem" of scraping.
All that is needed now is a DRM format that delivers HTML/JavaScript and is implemented by Chrome, Safari, and maybe Edge.
We're losing the internet day by day, if we haven't done so already.
I've seen people and posts here and there calling for attention on these issues, but imho it's all too subtle. We should start using harsher terminology for what's actually happening. This is flat out CORRUPTION, and I'm not seeing anyone express it as such.
It's probably too late already, and unfortunately, this is merely a reflection on what's happening in the world in the larger geo-political context. Corruption everywhere.
If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
This Web's about to be eaten by DRM and WebAssembly anyway. Pretty soon it'll just be a way to deliver QT apps (or some other framework that runs in WebAssembly and renders to OpenGL or similar) and video. A web where the only thing you'll find when you follow a link is more documents (or a download) and pages can't try to make your computer do a bunch of stuff you don't want it to would be nice to have again, and it's clear now that the system itself has to ban the capabilities that enable all the garbage, or it'll take over.
> If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
I already use noscript, but most people won't like having to hit 'temporarily allow' and reloading the page 1-3 times before most sites will function. Also, sites that lean heavily on trendy frameworks like fucking React often just white-screen because of their extreme reliance on JS. I'm hugely against its adoption for that reason, but I understand that I'm in the minority there.
I dunno, it just seems like common sense at this point. Javascript is a powerful attack vector, like ads. And many people already use adblockers in some capacity, for that kind of reason.
It'll definitely suck as HTML5's various peripheral features become strong and widely-used attack vectors.
I mean, if a site legitimately needs a large amount of dynamic communication back to the server... Fine, whitewall me until I enable your JavaScript. I understand that server-side rendering is basically dead. But it's really frustrating when it's things that could be easily served statically, like blogs.
Hey, I love ASP.NET as much as the next guy. But there's no mistaking the large trend from what used to be entirely server-side rendering (LAMP days) to REST services with JavaScript front-ends.
Ultimately, I think the failure of the open web runs deeper than that. When I visit, for example, a cookbook website, when I view a recipe, the problem isn't just that the site can run arbitrary scripts on my computer. It's also that I have no control over how that recipe displays because so much of that display is in HTML. I can't pull it into a useful format and store it with all my other recipes because it's in HTML. And contrary to its goals, HTML isn't a semantic markup language. I can't automatically convert imperial into metric units, because they aren't represented as measurements at all. I can't configure the display of the recipes for my nearsighted grandmother because that configuration happens when the recipe is rendered from a recipe document into an HTML document. The failure of the open web is that we need JavaScript to reasonably render the various kinds of documents which are being stripped of their metadata so they can be shoehorned into a non-semantic document format.
Removing JavaScript prevents malware and adware vendors from running their programs on our machines, but it doesn't empower users. We can control or data but we still can't analyze data websites give us.
The way forward, I think, is to create more standardized document types and let people build renderers for them. If I go to a cookbook website, I should be able to download recipe documents. If I don't like how my cookbook program renders the recipe, I should be able to download another program can render it. This breaks the power that websites have as the sole entities with the capability to render their documents, and gives the power back to users.
I'll repost a comment by mcphage on why this doesn't work, in general. TL;DR is that common ontologies sound great but don't work in reality, because it leaves no room for value-added services from individual providers. (Recipes would probably be OK, because there's just not a lot of value-add you can really provide. Or, alternatively, I'm just completely ignorant about how value could be added.)
I'm not sure this goal is very practical, even in the toy example you used (being able to swap data sources for weather forecasts).
If you can use a common vocabulary to access multiple APIs, that requires that all APIs implement the same feature set. Which means getting the API sources to agree on the features to implement, and how to describe them, and stop them from adding any features on that the others don't have. But of course, they'll all be motivated to add their own features, to distinguish themselves from their competition.
And once a API consumer is using a feature that other API producers don't support, then the consumer is locked into that producer, and the whole shared vocabulary is for naught. And of course the API consumers will be looking for additional features, because those translate into features that they can offer to their customers.
Basically, this requires API producers to work together to hobble their ability to meet their customers' needs, all to make it easier for their customers to drop them for a competing endpoint. So it looks like a net negative for everybody.
To still allow for competition, you define a base feature set and representation, and then you allow vendor extensions. You need some sort of standards body that can promote vendor extensions to standardized, supported things. And clients can choose to support whatever (or no) vendor extensions that they want to.
However, I agree with you that it's not very practical, but for different reasons: 1) competitors don't necessarily like to cooperate to that level and 2) it will slow down progress a lot, which is a decently good reason for #1. And 3), which I think is the big one:
Companies doing this stuff really don't want standards if they're the first-mover, because standards necessarily enable competition. If I'm an anti-competitive producer (or even just a producer that doesn't mind competition, but wants to maintain a head start long enough to secure a market position), I don't want to start off with a standard: I want to do my own thing, and get people to adopt it, and then I can lock them in, at least temporarily. If someone comes along later and clones my format, that's fine, but they have to do work to figure it out, and I still own the format, so I'm naturally ahead.
> To still allow for competition, you define a base feature set and representation, and then you allow vendor extensions. You need some sort of standards body that can promote vendor extensions to standardized, supported things. And clients can choose to support whatever (or no) vendor extensions that they want to.
Right. The problem is in the first step. The moment a consumer likes a vendor extension and begins relying on it, they are locked in until the standards body gets around to standardizing it. So all this cooperation to pick a standard and maintain it, and consumers still end up locked in because they like certain extensions more than others. And software providers for consumers still have to write individualized support for all the providers to in order to manage all their extensions.
So all these cycles went to building a standard, and where's the actual win? We still have handlers customized to individual providers. We still have consumers choosing to rely on singular providers.
That's just the tradeoff you make. The lock-in is only temporary until the new feature is standardized. If users like the non-standard feature enough to use it and want it in the standard, then it's a good thing. Otherwise you end up with stagnant crap and no innovation.
Yes, this model makes it so content creators actually have to create content or their customers will drop them for a better content creator. That sounds great for users.
I'm not sure why I should care that a few user-hostile rent-seeking entities won't have complete control of the internet anymore.
The API extensions causing vendor lock-in complaint is fairly bogus. Features would be driven by the content renderers, not the content creators. It's that very abdication of power that browsers have given to content creators that the system I'm proposing would avoid.
An interesting choice of example because recipes are one of the best defined and used micro formats on schema.org and used practically by google (which encourages adoption). Writing a generic recipe reader is relatively easy, I've done it although not for your use case. Your point stands though, just not for recipes IMO.
Oh but don't worry! As soon as someone breaks www.cookbooksRus.com's "Encrypted Media Extensions," you or someone totally benevolent will be able to help render ANYONE's www.cookbooksRus.com browser-experience!
Server-protection isn't always a 0-sum game against client-protection, but in this case it totally is.
Sure, and I'm sure the users will step up to fund your legal defense when you go down for violating the DMCA and CFAA and whatever else they can come up with.
Phooey & patooh! Obv the internet population doesn't know what's good for them. Politicians are WAAAAAY smarter than normal people. Everyone knows this.
One must simply route their VPN traffic through Eritrea => Thailand => Russia => Cyprus => China => back to some AWS server in SF & rejoice.
Just make it more expensive to trace you than the value of what you took/broke/F'd-with! Lawyers' fees not necessary!
Respectfully, I see your complaint as conflating or combining several orthogonal issues. Addressing your sight-impaired grandmother's needs is a matter of accessibility; user-centric responsive design considerations relate more to CSS than JS.
Gotta push back against the "create more standardized doc types" bit (wat) -- it sounds like you want more APIs and more user-friendly tools for consuming them, which would be great and is more compatible with reality. SoA and recent shifts toward empowered-client approaches like GraphQL are steps in that direction.
I'm also glad you mentioned "documents" so often, because your ideas relate to a document-centric web. Which is not what we have. Rather it's evolved into an application delivery context.
> Respectfully, I see your complaint as conflating or combining several orthogonal issues. Addressing your sight-impaired grandmother's needs is a matter of accessibility; user-centric responsive design considerations relate more to CSS than JS.
That's exactly what I'm saying. JavaScript isn't the only part of the problem: HTML and CSS are also components of the problem.
Your distinction between applications and documents is an insightful one. Perhaps one way to describe the problem is that HTML and CSS contain elements of "application" rather than "document". If we think of a document as being purely semantic and layout/style as being elements of an application's rendering, then it becomes clear that only a fraction of HTML is actually document-relevant. CSS and the rest of HTML is application.
I think you're too quick to put DRM and WebAssembly in the same bucket. Yes, WebAssembly could lead to a future of closed-source proprietary technology on the web (and in that sense is similar to DRM), but the difference is that WebAssembly offers technical value. WebAssembly is a tradeoff for the public, whereas DRM exists strictly to restrict the public.
I don't really see any new threat from WebAssembly. Isn't the only threat that the same malicious code can run with better performance than JavaScript? As far as I can tell, WebAssembly doesn't provide any additional access to native system features like this DRM spec does.
Indeed, from what I'm reading it looks like most of the usual JS tasks (like DOM manipulation, listening to input, and network requests) still need to happen by your WebAssembly module calling out to normal JS.
I am bitter that XML/XSLT lost in favor of HTML/CSS. It promised a stricter separation of content and formating and would probably have required less javascript to do the crucial functions.
Unfortunately, among the crucial functions nowadays are the silly cosmetics, the parallax scrolling, the animated backgrounds, that allow marketers to pretend to have a website when all they have is formating for zero content. We failed to provide them with this fluff.
Hard to believe in 2017, but as recently as five years ago Google (of all people) published the Caja compiler [1] for sandboxed/statically verified JavaScript subsets, and there was AdSafe aiming for safe JavaScript as well.
I don't know its current status with the committee, but https://github.com/tc39/proposal-frozen-realms proposes something equivalent to Caja for modern JS. It can be a lot simpler now because ES6+ is much closer to what's needed than JS was when Caja was made.
adsafe, and all static lint of ads, was dead from the beginning. If companies serve whatever comes from the ad networks, specially dynamic URLS, there is absolutely no way to enforce anything. You can check, but you can't enforce.
the only sane solution on ads is SafeFrames [1]. Which does not do much, but at least it prevents ads from scrapping the page and stealing your cookies from the main domain you are visiting. That is already a win, considering the mess it is now without it.
Count me in. And count my web server in as well, we'd make sure all pages are compatible.
Your computer belongs to you. I'm ready to escape the cycle of 'oh they own everything because they snuck human rights violations into their software and hardware and nobody stopped them'.
Wait, what? Perhaps you are right, but how do you make the leap from "W3C standardizes DRM" and "the Web is about to be eaten by DRM?"
The Web is used for so many things these days. It is a publishing platform that allows anyone to host their own content to the entire internet, thanks to Web Browsers just loading it. I can see IPFS being an improvement over the Web but besides the web server being a single point of failure, why is a DRM standard specifically going to destroy the Web?
Wordpress is used to power 20% of new sites. My own company is developing an open source platform for communities to run their own social networks (https://qbix.com) so what is this "eating" you speak of?
EDIT: This has been one of my most downvoted comments ever. Can someone explain the rationale? (Is it super obvious that the Web will be killed by DRM that asking the question should be punished?)
DRM and webassembly. The end of openness in both cases—though at least WebAssembly means we eventually won't have to write Javascript anymore, which is nice as far as that goes.
Sure, Javascript uglifiers and frameworks mucking with HTML standards and the DOM had already made "view source" nigh-worthless, and there were DRM'd plugins of course, and browsers had supported some schemes for a while as a de facto standard, but this still feels like a last-straw kind of situation to me.
> My own company is developing an open source platform for communities to run their own social networks (https://qbix.com) so what is this "eating" you speak of?
Sure, it's already the world's premiere delivery mechanism for "apps", advertisements, and mass surveillance software. I know. That's exactly the kind of thing that I don't mind living somewhere, but I'd like it not to be all mixed up in my networked hypertext document reader.
This Web's over. Anyone hosting an After-Web? I could do with a little more Webbing.
[EDIT] Though actually your thing seems fine. I saw "social network" and glossed over the rest. Sorry.
It's not a technical problem. It's a political problem. Those with the means will seek to control the web, no matter what technical solutions are invented to keep it open. Preventing tyrannical control of the web is an endless struggle.
There was a time browser worked for you. Opera up to 12.xx offered a panel letting you configure what JS can/cant do. It even let you configure global/per domain storage quotas and forbid websites from dumping megabytes of garbage on harddrive (Im talking to you ad network trackers/wikipedia). You can check out all of the sweet customization Opera 12.xx provided:
We don't need a new web; just more browsers that respect the user's privacy. There are many ways to achieve this. At gngr[0], we are taking a "safe by default" approach. This is very similar to the NoScript / uMatrix approach, but with one difference: the browser itself is offering this and is hence more water tight. There are no behind-the-scenes requests that a plugin can't block.
> If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
Why not just do this yourself? Fork chromium and start commenting stuff you don't want out. It would likely only take a weekend or two of hacking...
I can't tell if you're being sarcastic or not, but I'll point out anyway that literally every single feature of the current internet is opt-in. Most of the time it's not even difficult to opt-out.
If you really want a separate internet without the "bad parts", you can still use Gopher. There are still sites around, and you won't even get images, which were the first thing to "ruin" the internet, and were the launching point down the slippery slope to DRM video.
On a side note, it's interesting that so many HN readers are against this kind of DRM, but at the same time there's a large group here who are against ad-blockers. Ad-revenue is the main driver motivating companies to shoe-horn this crap into the web. It's not a coincidence that the biggest ad company in the world also makes one of the most popular web browsers and is a huge media distributor.
Do you have any evidence or reason to believe there is actual corruption on the committee (aside from them making a decision you disagree with)?
I suspect I agree with you on DRM but this style of debate, where there is no attempt to argue or explain the issue, and the first line of argument is personal attacks or denigrating anyone with an opposing viewpoint, is depressing. Consider that accusing climate scientists of corruption has also been fairly effective.
For this particular issue, Netflix etc already requires DRM to play in a browser, and the browsers already provide DRM for Netflix etc to use. I would like to understand what the consequences of this decision are, if some of the way this works is standardized. Will this lead to more DRM? Is the only conceivable explanation that the MPAA is slipping the W3C members some bribes?
"In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem"
With so much money involved here, it's quite naive to believe the W3C members are virgins here and did this out love for the web and for the consumers.
And:
"It is clear that the W3C allowing DRM technologies to be developed at the W3C is just a naked ploy for the W3C to get more (paying) member companies to join"[0]
A lot of people think that the battle here is EME versus DRM-free content, but that's not the case. You can still have all the DRM-free content you want, whether that's YouTube videos or iTunes MP3s.
Really, the decision being made is between EME and Adobe Flash. Flash was the one cross-platform way to serve DRMed content before EME. And now that EME is ratified, Adobe, Microsoft, Google and Mozilla can all work together to get rid of Flash, and all the 0-days it has been responsible for, and improve security and battery life for everyone on the Internet. https://blog.chromium.org/2017/07/so-long-and-thanks-for-all...
Of course, we should also work to get rid of DRM -- it gets in the way of legitimate uses, and annoys legitimate users far more than it annoys pirates. But rather than vilifying Google and W3C and expecting them to be our saviors, instead we should be talking to Hollywood and Authors to adopt a DRM-free model just as many top musicians already have.
Disclaimer: I work at YouTube, and this is my personal opinion, not that of my employer.
You don't need to embrace DRM in order to stop using Adobe flash. The multiple browser currently in use for the last few years that don't have adobe flash installed is a rather strong proof of that. you would have an argument if EME came first and then flash had started to decline, but that is a false history. Flash started decline many years ago, and EME was forced onto the standard as an reaction to that.
W3C abandoning consensus (58.4%!) and open standards are biggest change in the organizations history. Its not just about DRM.
Netflix has never existed without DRM. Flash, Winevine or whatever other technology they use, they've always had something. Without it, they would never be allowed to exist by the people who own the content. It's naive to believe they would just stop using DRM magically.
They would find another more hacky, less secure and less user-friendly solution, and everyone would be worse for it.
The chain of events is not that EME has enabled Netflix to exist. Netflix and flash came first, and EME came afterward.
Lets be honest here. The argument being presented is that Netflix might create a new form of DRM without EME. We might get something worse then flash. There might even be a bad argument that Netflix and the content creator will abandon the market and millions in revenue if they can't get DRM.
A bunch of things that could happen, but not things that have happened. Flash have decline in used and Netflix was created in time before EME. To claim that EME was a requisite for those events is a logical impossibility.
> the decision being made is between EME and Adobe Flash
Flash is a mix of dying and dead, mostly the latter. Having to use Flash is a strong economic and practical motivation not to use DRM, and if that wasn't the case there wouldn't be so much pressure to implement something in the browser itself.
That's pretty unlikely. If Flash (and Silverlight) died and browsers didn't have anything built-in, the studios/distributors would just get together and form a company to build a new plugin that does the job. Or worse, we'd have several competing implementations.
Regardless of which of these occurs, you can bet that they wouldn't bother to sandbox the implementations, and we'd end up with the same security issues we had with Flash.
If browser vendors don't want to play ball (NPAPI is dying/dead, PPAPI and NativeClient are Chrome-only, etc.), then forget about in-browser video: they'd just build native apps instead. And maybe that's not a bad outcome for people who want the web to remain pure, but as a practical matter and a person who runs Linux, I like being able to run Netflix on my laptop.
I'm completely flabbergasted that people seem to believe that DRM would somehow magically disappear if the W3C hadn't been willing to discuss EME.
You're looking at this as black and white, when reality doesn't work that way. It being infeasible to completely remove DRM from everything doesn't mean there isn't value in discouraging its use. And that's exactly what economic and practical incentives would do if including DRM meant they lost users.
So, the argument is ... either cede control of your browser to us in a form where it is illegal to examine what we do with it OR we will continue to use a piece of crappy technology that exposes you to security problems.
That sounds less like a technical problem and more like a threat to me. Because neither of those are actually technically necessary, except to support a business model that depends on some form of DRM.
but the converse is also true: if they don't implement EME, then you are welcome to install any third-party attack surface on your PC that you wish.
so why should _I_ have to install the un-auditable attack vector on _my_ machine?
you are well-positioned to understand this issue, so I'm baffled about how you can conclude this should be part of the default software suite in a browser.
> A lot of people think that the battle here is EME versus DRM-free content, but that's not the case.
Yes it is.
Suppose that in order to play DRMed content, the user was required to be staked to the ground and covered in angry fire ants. Nobody would be willing to do that, so people who use DRM would have no customers, so everyone would stop using DRM.
EME is in the opposite direction from this, so it will cause more DRM and less DRM-free content.
Adobe Flash has been slowly dying for years, which is not a problem.
In reality, all that will happen is that users will continue to be forced into using native applications where DRM can be enforced arbitrarily by whatever service they are trying to use.
And then DRMed content will be properly separated off into its miserable DRM slum that everyone hates, the cost of using it will be higher, users will complain more, companies who don't use DRM will capture more of the market, etc.
What "miserable slum", though? Honestly, I find Netflix's Android app an absolute delight to use. Even if I'm sitting on my couch with my laptop, I'll pick up my phone to cast something to the TV before I use my laptop for that purpose.
All in all, average customers (as in, not the majority of the HN crowd) seem perfectly happy with the current experience. Even if they had to install a native app to watch Netflix on their laptop, I doubt that would change their perception much.
That seems to be the false dichotomy. The claim is that EME is justified in order to get rid of the oh-so-evil Adobe Flash. But if using native apps is a satisfactory alternative that can also replace Flash then why do we need to corrupt the web?
Because "corrupting the web" is still going to be a better experience for consumers, and cheaper/easier to implement for producers. If EME didn't make it in, they'd build their own native apps, but they don't want to have to do that if they can help it.
The fun thing about DRM, is that people love to defeat it.
They (the general public AND 3DM, to TorrentFreak, bunch of whiners IMO) said Denuvo was the death of cracking and piracy. 3DM: No games crackable in 2 years time, said the headline.
now the cracking scene, which was mostly dying, has seen some revival.
It has adapted, but it's a slow moving ship.
Now a new generation (or the older generation, who knows, I'm just relaying my own observations)) are taking everything being thrown at them: encryption, virtualization, obfuscation, changing keys each patch, etc and making it look like light work to crack properly.
They make short, short work of it for the amount of complexity involved. So I hope they continue to throw new things at them with Denuvo, to keep them interested.
One group cracks the base game, sometimes someone else grabs all the updates and rolls them into a cracked patch, etc.
It's nice to see some life return to something that was basically dead, made automated.
In January 2016, 3DM reportedly nearly gave up attempting to crack Just Cause 3, which is protected with Denuvo, due to the difficulties associated with the process.[8] They also warned that due to the current trends in encryption technology, in two years' time, the cracking of video games may become impossible.[8][9]
"There's a lot of money involved, therefore there must be foul play."
I personally would much rather have a secure, optimized and clean implementation, rather than hacky plugins and poorly developed solutions that put me at risk and destroy performance.
DRM is also how you get media companies to publish on the web.
Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
This whole process of enabling DRM is web developer's efforts to kiss media-companies ass in order for them to publish their products on the web. Artists and other creatives have the option to publish their works wherever they see fit. It's their creation, not the public's. In fact, there are actual art galleries that won't sell you their works if they don't deem you sufficient enough. How you exhibit their work matters to them. That's their right.
The web needs these media companies more than the media companies need the web.
Anyone that complains about DRM is doing it wrong. You are limiting the web because you are saying you don't want media companies to publish on the web. You are now causing the web to compete against media companies private apps or physical media, which is a losing proposition.
No one gives a shit about freedom. Everyone wants to use rights-managed content online. And the ONLY way to do that is with DRM.
So, yah, I'm not seeing any corruption here. Just acknowledgement of the fact that artists own their works, and web developers need to kiss their ass if they want artists to publish on the web.
> The web needs these media companies more than the media companies need the web
When you hear about the multi-billion dollar fines and the immense amount of resources spent chasing down and punishing pirates, I have a hard time following this argument. I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares or this
> other revenue paths that they're perfectly happy with
> I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares
Right, and that's exactly what EME is. Because DRM-free content is a show-stopper for them right now, but they recognize that DRM is a pain point for customers.
Do us a favor and actually think your cunning plan through for a minute.
Why should content owners post their products for free consumption? What is the incentive for them to do that? How much money do you think they will make?
In case you haven't noticed, the web is losing to apps at every level, from things like Facebook/Instagram/Snapchat to shopping apps. Even newsreaders are being turned into apps. My parents only use the Apple newsreader, for example.
Do normal people even use the web anymore? It seems the web is only used by tech developers.
Requiring a server to playback the media is already the strongest form of DRM possible. If that's not enough they can just make their own native applications that implement all the DRM that they could possibly want. The only disadvantage of a native application is that they are not crossplatform and EME CDMs aren't exactly cross platform either. They are native code that require the module to be ported to the operating system that.
What's the point of the web if it's just another crappy proprietary platform? EME is basically Flash 2.0.
>Such a sad loss for the web..
What loss? Is the only purpose of a software platform to devour everything without any integrity and it's worthless if it fails to adhere to the will of multibillion dollar companies?
That's a gross exaggeration; it's nothing of the sort.
Flash is a generic application framework that gets more or less unfettered access to the network, local machine, and browser state (Chrome's Pepper Flash improved a lot of this, fortunately). EME is a heavily-sandboxed decryption and display engine, and nothing more.
Heavily sandboxed, eh? On most devices that implement EME, the DRM implementations run with privileges exceeding that of any user code, e.g. in the TrustZone environment on most Android devices.
The Microsoft DRM implementation is built into Windows (and made available to Websites via EME) and requires cooperating device drivers or no highres video for you.
Huh? TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.
"Cooperating device drivers" isn't really the right way to look at it. The drivers themselves don't have any code that will refuse to play high-res video. The EME is just able to use the trust chain to validate that the output path hasn't been tampered with.
Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.
> TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.
Right, which is why you might want to use it for handling key material or other sensitive things. Except you now have some gigantic DRM blob (the Widevine trustlet is huge compared to most saner ones) running in your "trusted" environment, able to access your actual sensitive data. That privilege should not be given out like candy (and generally isn't, except when DRM is involved).
> "Cooperating device drivers" isn't really the right way to look at it.
At least video vendors used to claim that DRM-related obligations prevent them from publishing specs for and/or open-sourcing those parts of their driver code that deal with video decoding/output.
> Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.
So, I've just finished writing my trustlet. How do I get it to load on common consumer devices? The ones I have all seem to require that I get it signed by the vendor which doesn't reply to my mails. How should I proceed?
> Media companies couldn't give any less fucks about the web.
This is pure bluster. As if they'd just walk away from one of the highest reach distribution platforms and all the money that comes with it just because they were denied a gaping vulnerability surface that provides no benefit for either them or the consumer. Sure, instead of learning the lesson from Spotify they'll just leave pirating as the #1 accessible and convenient method of getting content.
The media companies are coming to the web, DRM or no DRM, but of course it costs them nothing to bluff and claim they will take their ball and go unless they get all the special treatment they want.
They certainly wouldn't walk away from the web for discovery and advertising, but they can and would easily walk away from it for the last part of distribution: sending you the content bits and having them display on your screen. They don't need the web for that, and they can build a perfectly good experience without it.
>Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
No they can't. Physical media is going under. Newspapers and magazines are folding, music is primarily distributed digitally, even TV stations are treating the web as their primary means of content distribution. Media companies have no other revenue paths that will matter over a decade, much less a century, and most no longer have the money, resources or capabilities to do anything else.
>The web needs these media companies more than the media companies need the web.
The web is nothing but a network of networks. It wouldn't even blink if every big media company went bankrupt and took all of their content with them. The web would be a lot less interesting and a lot less fun, and make a lot less money, but it would still exist, and people would just keep distributing and pirating what they have.
Media companies, meanwhile, have bet their entire future on the web, and are only now realizing that it isn't the gravy train they thought it was.
> Just acknowledgement of the fact that artists own their works, and web developers need to kiss their ass if they want artists to publish on the web.
Whether or not artists own their works is orthogonal to the fact that digital content distribution has rendered their works nearly valueless, and opened a nearly infinite competitive market for similar work.
Rights are irrelevant. Morality is irrelevant. What the artists want or feel entitled to is irrelevant. The cultural significance of the corpus is irrelevant. Effective DRM is technically impossible and if that's what artists are depending on to survive in the digital age, then they will lose.
They can die like the dinosaurs, or adapt to the new order and become birds. But they cannot, ever, ever unstrike the meteor that is the web.
I think you're conflating "the web" with "the internet". Media companies only need the web for discovery; for display they can release native desktop apps, which can even be launched from the web.
I'm not thrilled with DRM in the browser, but at least it's heavily sandboxed, and is way preferable to a series of native apps that get full access to my desktop.
Doesn't matter, because we don't currently live in a world where that's necessary. If Netflix/Hulu/HBO/etc. weren't available through the browser, you better believe they'd install the native apps. Sure, there will still be plenty of (mostly long-tail) DRM-free content available through the browser, but the stuff with mass appeal won't lose much of that appeal just because people need to install an app.
Then let them suffer the loss of revenue from losing all of those potential customers. Content producers who don't use DRM will be happy to take those customers from them, and those will be the content producers who have more money with which to make new content tomorrow.
Native apps on tablets, phones, and set top boxes are the future (present, really) of that, anyway.
Linux users could be a bit more screwed if publishers had to move to Windows/Mac apps if interested in desktop/laptop users, but otherwise it wouldn't be a big impact for the big properties.
What's the difference to a user of opening a Netflix app vs going there in the browser? Basically nothing.
Do we want apps on the web, or in the OS—that's the only question here. Browser vendors are incentivized to provide a path for apps in browser, because otherwise they become less relevant. And so this is the result.
(Personally I'd rather have OS-level native apps anyway. So please, kill DRM in the browser. Browsers are massive resource hogs. Netflix devs would probably be happy too to not have to deal with cross-browser-compatibility shit. The web is a mess already.)
> Linux users could be a bit more screwed if publishers had to move to Windows/Mac apps if interested in desktop/laptop users
There is not any kind of real difference between not having a native app (or whatever WINE patches are needed to run it) and not having some platform-specific EME black box binary.
> What's the difference to a user of opening a Netflix app vs going there in the browser? Basically nothing.
For Netflix? Basically nothing. For the other 99.9% of websites that aren't as big as Netflix? Users balk at installing apps from little known sources, so those websites then won't have DRM.
Linux is a small meaningless edge case for these companies anyway, I just mentioned it because the portability of a plugin is much higher than of a full native app - so if there's any chance it'll be supported, it's in the web-based world.
How many sites will be using this outside of stuff like Netflix/Amazon/PS Vue/Sling and co? Buying someone's DRM solution or building your own only makes sense for high-dollar content?
But again, from my perspective as someone who wants to write code for anything but browsers, anything that moves dev jobs away from the web is good news for me.
> Linux is a small meaningless edge case for these companies anyway, I just mentioned it because the portability of a plugin is much higher than of a full native app - so if there's any chance it'll be supported, it's in the web-based world.
It's already supported both ways. Chrome on Linux can play Netflix, and before that there were third party packages that would install the Netflix app for Windows along with all of the patches necessary to make it run on Linux.
It should obviously also be possible to run the Netflix app for Android on Linux, as demonstrated by the fact that all the phones are doing it.
It doesn't really matter how hard it is to make it work, because for a high value target like Netflix, someone will make it work. And none of that will actually satisfy the free software people regardless, because it's a binary blob either way.
> How many sites will be using this outside of stuff like Netflix/Amazon/PS Vue/Sling and co? Buying someone's DRM solution or building your own only makes sense for high-dollar content?
How many sites used to use Flash?
You have to expect that somebody is going to produce a low dollar cost DRM system (which is correspondingly even more buggy and ineffective) and market it to managers who don't know any better.
> And none of that will actually satisfy the free software people regardless, because it's a binary blob either way.
That's kinda my point. Browser vendors had a no-win which-is-the-lesser evil choice: accept an in-browser binary blob but keep the linkability, etc, of the web, or concede the rest of the already-vastly-shrunken ground of the premium video playback market to off-web blobs.
Thing is, in ten years, it's not going to matter, because long-form premium video on web will be such a vanishingly small niche.
> How many sites used to use Flash?
For DRM instead of for ease of development and portability? Not many, I'd wager.
> That's kinda my point. Browser vendors had a no-win which-is-the-lesser evil choice: accept an in-browser binary blob but keep the linkability, etc, of the web, or concede the rest of the already-vastly-shrunken ground of the premium video playback market to off-web blobs.
> Thing is, in ten years, it's not going to matter, because long-form premium video on web will be such a vanishingly small niche.
But that is the point. Why permanently infect the web and destroy trust in our institutions for the sake of something that it would barely hurt anything to just let go?
Because the number of people who believe this will "permanently infect the web and destroy trust in our institutions" is miniscule and limited to certain tech-savvy internet community bubbles, and browser vendors are also looking at the millions more people who would see Netflix et al ceasing to function on the internet as just another reason to ignore the web as a whole?
My claim is that the alternative isn't "more open" the alternative is "more closed, because the open web has yet another (this time self-inflicted) nail driven through it."
But I do think they're both lost causes, long-term. The open web will likely be increasingly relegated, for most users, to a dangerous place of viruses, malware, and shitty ads compared to their happy little walled gardens.
Not to play more-paranoid-than-you, but if you want to save the web, I think you've got to fix the web, first. DRM is a sideshow.
> Because the number of people who believe this will "permanently infect the web and destroy trust in our institutions" is miniscule and limited to certain tech-savvy internet community bubbles
The "tech-savvy internet community" is the only place the W3C has any relevance. Nobody else has even heard of it. And destroying trust in something important among the only people who actually know what it is, that's a problem.
> and browser vendors are also looking at the millions more people who would see Netflix et al ceasing to function on the internet as just another reason to ignore the web as a whole?
The web isn't the internet and Netflix isn't the web -- it is an app, just like Windows Media Player is an app. The fact that you can also write that app in javascript doesn't change that.
Netflix doesn't work like the web. You can't create a hyperlink to a specific title on Netflix and send it to your friends or post it on Twitter. You can't embed a Netflix video in your own webpage. Just rendering an app in a browser isn't what makes it the web.
> My claim is that the alternative isn't "more open" the alternative is "more closed, because the open web has yet another (this time self-inflicted) nail driven through it."
You can't get more openness by making the open thing more closed. Even if more things then use it, then they're using the closed thing and you've gained nothing -- or lost something because previously-open things on the open web become more closed.
> The open web will likely be increasingly relegated, for most users, to a dangerous place of viruses, malware, and shitty ads compared to their happy little walled gardens.
The web is already a sandbox. Browsers are specifically designed to run potentially malicious code, and are very good at it -- the large majority of vulnerabilities (and super-spammy ads) come from terrible plugins like Flash, or soon the EME black boxes. It seems rather odd to argue that having those things makes the web better.
"Walled garden" means excluding native apps that haven't been sanctioned by the gatekeeper. It's a terrible system that gives too much control to the gatekeepers, but it only makes the web more competitive by comparison because you can still put whatever you want on your own webpage and not have to get it approved by anyone.
What rise of the Mac App Store? The only reason anybody even uses the iOS App Store is that there is no other way to distribute iOS apps.
If it was easy to install mobile apps direct from the author's website as on a desktop, who would voluntarily be paying app stores 30% of their revenue?
> If it was easy to install mobile apps direct from the author's website as on a desktop, who would voluntarily be paying app stores 30% of their revenue?
The developers (unfortunately) don't matter in this scenario. If the users want to install apps from the app store, that's what they'll do. Developers who don't list their app in the app store will increasingly find fewer downloads because their app isn't as discoverable as other, similar apps. I'd be surprised if this isn't already happening.
For your average user, only installing apps through an Apple-vetted install location is actually really great for security, especially considering the sandboxing that goes on. It just sucks that the developer loses out.
Ultimately, as long as the big content companies have content that people want to consume, they will have leverage. They want DRM, they will get DRM, or else they will take their content elsewhere, to alternative platforms that people will then flock to, making the web less relevant.
By my memory the web BECAME relevant before DRM, before streaming video sites, before media companies started pushing their DRM on us. Remember how in the late 90s media companies were ignoring the web? Remember how webmail, web search, and social networking websites were the killer apps that people flocked toward?
Media companies tried to ignore the web because it is the antithesis of their business model. The result was that the media companies became less relevant, because the web is better than cable TV, better than movie theaters, better than physical discs. We could and should have ignored EME and forced media companies to adapt or die, just like all those other outdated industries.
Media companies are not special cupcakes, they are just businesses and like any other business they have to contend with disruptive new technologies. Nobody shed a tear when the film processing industry faded away; nobody suggested that digital cameras should be restricted for Kodak's benefit. Why are we acting like Hollywood deserves such special treatment?
> DRM is also how you get media companies to publish on the web.
Forgive me not really giving a hoot.
> Media companies couldn't give any less fucks about the web. They can go 100 years without
> publishing on the web, since they have other revenue paths that they're perfectly happy with.
Thus explaining their interest in the web, up to and including their push to lock it all down to prop up their outdated business model. If they are happy to stick with other sources of revenue they should do so.
> The web needs these media companies more than the media companies need the web.
Is that so? Funny how the web was already popular before media companies tried to get in on the action.
> You are limiting the web because you are saying you don't want media companies to publish on the web.
That's a strawman. Nobody is saying media companies should not publish on the web. We are saying that the thing that made the web valuable in the first place is openness, to which DRM is antithetical. Media companies are welcome to use the open system that is the web if they want to, and like the rest of us they will have to put up with certain trade-offs -- or at least that was the situation prior to EME.
> Everyone wants to use rights-managed content online.
I seriously doubt that the majority of web users -- billions of people -- care about rights management. The evidence seems to suggest that the overwhelming majority of users could not care less about copyrights, let alone the expansive "rights" that DRM is enforcing. People seem to ignore those "rights" at their convenience; in fact, people seem to seek the entertainment they want without regard to any "rights."
In fact, your beloved media companies also seem to not care terribly much about rights. The rights that copyright confers do not apply solely to copyright owners; included in copyright is the notion of the public domain and of fair use. Those rights are routinely ignored by media companies, through their lawsuits, their takedown notices (dancing baby), and their DRM systems which never include provisions for copyrights expiring and works entering the public domain. So other than yourself I am not sure ANYONE wants "rights-management."
Moreover, people have learned to love an entirely new kind of video entertainment: homemade, amateur videos of cats and other pets; of random people expressing their views; of dashcams in Russia; of idiots doing stupid things; etc. etc. In other words, while media companies were working hard to break the openness of the web, people were embracing that openness to create new forms of entertainment that the media companies could never have created on their own. Oh, yeah, it turns out the websites where those sort of videos are shared are the most popular video streaming services in the world and that more people (in the world generally) are watching videos on those sites than there are people watching cable TV.
So much for the all-important media companies.
> Just acknowledgement of the fact that artists own their works
We have evidence of artists dating back hundreds of thousands of years. Copyright and the notion that ideas and artistic expression can be owned only dates back to the 18th century and was just the final stage of European society adapting to a new communication technology (printing presses). We now have a new communication technology (computer networks) and society is adapting to the new rules and realities of that technology. Some ideas about art and artists rights are going to die, but in their place we will have new ideas and new rights. It is already happening, although in all likelihood none of us will be alive to see what society ultimately settles on.
So basically, the "fact" you are acknowledging barely rises to the level of a footnote in the history of artistic expression, one that is already fading into history as the Internet eats the remaining legacy communication systems. Sorry if that is a hard pill to swallow.
>Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
LOL. With what? Their paper? Their DVDs? Their CDs? Their cable channel subscribers?
There are multiple open source web browsers. You are free to install one without DRM and free to visit websites that don't need that feature. What changes for you just because there is a standard?
> If you can point to one example of a website that implements DRM that otherwise wouldn't have, I'll buy this argument.
The argument that some companies will avoid things their customers hate seems illogical, but you'll believe me if I provide an anecdote?
> On the other side, I can point to many websites that removed Flash/Silverlight/other security nightmare plugins after implementing EME.
Which is irrelevant because it has had a long known solution: Only install terrible plugins in a virtual machine, or if you're paranoid on a separate physical machine (a used PC capable of playing HD video is <$50), and only use that machine for that purpose.
And yes, that is an inconvenience, which is a feature, because DRM should be as inconvenient as possible. So that fewer people will use it.
The argument is that nobody will go out of their way to implement DRM unless they are contractually obliged. As preposterous as your scenario sounds to me, I will grant you the argument if you can find a website that goes through the trouble to do it even though they don't have to. Note that this isn't an "anecdote" but a counterexample that disproves my proposition.
> Which is irrelevant because it has had a long known solution
Your "solution" is not a solution for 99.99% of web users, and it isn't a solution for the remaining .01% who have to deal with botnets created from the other 99.99%.
exactly. which is how it should be: a pain in the ass for your customers if you want them to install drm.
the cost should be born by the company who wants it, not the public.
why is this a bad thing for anybody but a content producer? and if it's not anybody else, then... why do we care? we have already legislated away the right to copy something in return for promoting creation. but the creation is going to happen one way or the other, so we need to go much further than the EFF advocates: we need to scale back copyright drastically.
it would have virtually zero cost to the public, and would not meaningfully affect creative output.
The web browsers already support this API. Where are the ad networks serving DRM ads claiming that blocking ads is illegal? On what basis does blocking ads constitute copyright infringement in order to justify prosecution under DMCA?
The security holes that the standard introduces into my browser.
If I can compile it out, or get a version that someone I trust has compiled with it removed, that only leaves the rest of the web as a botnet attack surface.
That's what changes. Or doesn't improve, depending on how one views the timeline.
> that only leaves the rest of the web as a botnet attack surface.
1. Every new feature added to the web platform increases the attack surface of the browser, so this concern is not unique to EME. In this case, it removed a reason somebody would otherwise install Flash, which has a significantly larger attack surface.
2. All the major web browsers implemented EME before it became a standard, so the standardization of EME does not change anything here.
> DRM will destroy the web, and the web will fight back. We don't like your spyware, your binary blobs, your control, and we will resist.
Your average web user has no idea what those words mean, and all they care about is being able to consume content unimpeded. They can't tell how it's implemented. Your decentralized web is not user friendly, and it will not gain mainstream adoption until it is.
The parent comment is not the first line of argument, it's the continuation of a years-long argument. Even if you completely ignore the history, the first line of argument is found in the article, not the comments. If you would like to understand the fundamentals of this debate, this comment section is not the right place to start. It's very easy to find arguments and proposals from all sides of the issue elsewhere.
No, it's probably not intentional corruption and malice. Just a belief that users are getting more of what they want as passive consumers paying large companies for services, rather than as creators in a peer to peer web. Realistically, they're likely to be right.
I agree that this style of debate is not terribly useful, but I will grant that this issue does stir significant emotion in people who are seeing their baby suffocated to death. However, I am uncertain what you believe is meant by 'actual corruption'? How could abandoning consensus, the normal functioning of the body for decades, and refusing to continue discussion in order to reach a compromise, not be a de-facto corruption of the organization?
Frankly I'm far more interested in which developing or first-world locales, if any, exist where net freedoms like these are protected by the majority, rather than having to be fought for by the minority against a wave of complacency and apathy.
I'm pretty much done with trying to fight the american capitalist ideology which empowers these companies to steamroll over the average consumer happy to give up their own rights and freedoms then left to complain with the extortionist environments that leads to.
I don't think the world can continue on the way it's going without some serious ideological fragmentations in the near future, and the moment some country embraces its "Pirate Party" or creates an "Internet Bill of Rights" establishing the core tenets the EFF and others fight for as the basis of their internet-related litigation - is the moment I know where the sane people all probably went (or would go as time goes on).
Media delivery in 2017 is hardly an extortionary environment. Practically speaking, Americans spend very little of their income on the Audible/Netflix/HBO Gos of the world. Netflix costs $120 a year? Against a median household income of $55,000, that is next to nothing.
If anything, it's the opposite: there's a glut of content available to consume, in nearly every possible genre, at very low price points. There is far, far more good television than any person could reasonably watch, all for a couple thousandths of the typical person's annual wages.
"Extortion" typically refers to using force to unjustly extract money from someone. Without unjust extraction of money, there can be no extortion. I understand that others have concerns about control, and that's totally legitimate, but it's also not what I was responding to.
> average consumer ... complain with the extortionist environments that leads to.
I suppose so, but I wasn't really talking about entities that might be able to control a distribution channel. I was talking about average consumers.
Realistically, the limiting factor in (legally) distributing movies is not the technology, but getting the rights-holders to sell you those rights. This DRM tech does not really change the landscape on that, because a small new entrant already had no shot at making a deal.
That's the wrong question. W3C itself is relatively tiny, and has fairly ordinary (albeit well tuned) software/server infrastructure. Reproducing the legal framework would be more of a pain, but even that could probably be done. But W3C is mostly its member companies, and the're not switching, since the majority of them, including all browsers, were in favor of this. So if all existing specifications continue to reside on W3C's web site, and all new specifications continue to be produced (by member companies) in the same place, there's not meaningful forking possible.
If members are disgruntled, you can fork. That's happened before when there was disagreement about what to do with HTML, and it led to the creation of the WHATWG.
By and large, members this time are supportive. Not all, mind you, but all the large players.
The only party with the capability of "forking" Internet standards as we know them is Google. Because as the majority share of web browser traffic an extremely dominant percentage of web server traffic, Google can define the Internet as it wishes, and everyone else has to follow along or fall behind. This is the same with EME. Standards organizations stay relevant by accepting what Google gives them, they would simply be left behind if they didn't.
(For those who don't know, Widevine, the DRM scheme that is currently best known as compatible with EME, and which taints my Firefox browser so I can watch movies, is owned by Google.) http://www.widevine.com
(Sidebar to the sidebar: Widevine has the least Googley website you've ever seen. Stock photos of a physical padlock, HTML code entirely based on table tags for layout. It's so strange.)
I doubt it. Specifically, I doubt they will, or even want to. That's not really what they do, they are mostly advocates.
As advocates,I'm sad to see them do this. I will still donate to them, but it's unfortunate to see them quit. This means they will no longer have a seat at the table for future discussions.
They still do enough good to be worth donating to, but this was not a very good choice on their part.
"We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM."
which is an active protection of the user against malware.
You should look at how Mozilla implemented EME then. The CDM is sandboxed, in a much stricter sandbox than the rest of the browser even. So no, the CDM potentially being dangerous (for privacy or security) isn't actually that much of an issue.
Of course, someone might at some point claim that the privacy features harm the copyrights protection, at which point choices will have to be made.
History provide ample evidence that Mozilla will make the choice their users ask for (which is, by the way, not necessarily the choice some users will voice the most loudly).
To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
I'm not saying this is a good thing, but "people should just not watch DRMed video" is not an actual answer to the problem at hand.
that's the whole point: if your product is so amazing that your users will do that, then it's great! but those of us who are NOT your customers will be able to exist without the attack surface on our machine.
So you claim that Firefox (and other browsers) should implement malware or a malware interface into their browser so that users don't have a reason to download and install some other malware?
I don't know about the GP. I claim that a form of DRM that Mozilla begrudgingly accepts into Firefox has better odds of not turning out to to be "Sony Rootkit" literal malware than if everybody else is rolling their own.
This battle is lost, let's not lose the war to have our little Alamo moment.
No, I am saying that browser manufacturers should slightly increase their vulnerability surface area (and maybe not at all - I don't know the internals of EME) in order to provide a locked-down feature to users that they would only otherwise get by downloading a native app that has access to their local file system, amongst other valuable things.
It's the same logic that leads to them to support JavaScript.
Assuming the motivating reasoning here is that the overarching goal of the browser vendor should be to protect the user, the question still is what timeframe it is appropriate to consider. If the browser does not implement DRM, the user may download an infected native app to watch Netflix or porn from some far shadier website or whatever, sustaining more harm in the short run; however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root. This will maybe chip away at the addictive convenience of Netflix and co, and so they won't be able to dictate terms to the computing ecosystem as they evidently can right now, benefiting the user in the long run.
The "garbage-piled-up-on-grandpa's-computer bad" isn't an isolated incident, and is a relatable category, as you imply in your usage, because it is a common problem. IE toolbar plugins and "special download managers" have never gone away and likely never will, those sorts of malware will continue to just change shapes. Your grandpa probably just wants to play poker with his buddies and his buddies are on Joe's Terrible Malware-Infested Poker Site. Convenience, pragmatism, and social network effect immediacy beats theory, logic, and "long term thinking".
Replace "play poker with his buddies" with "watch movies his buddies are talking about" and "Joe's Terrible Malware-Infested Poker Site" with "Netflix's DRM-Infested Site" and the results are the same every time. Your grandpa isn't likely to care if Netflix has DRM or not so long as it doesn't stop him watching movies. If Netflix, because it's the brand he and his buddies trust, tells him to install a thing to keep watching movies, he installs the thing.
Maybe, maybe you might be able to convince your grandpa to stop watching videos using that thing he installed because it's bad for his computer's health... but there are a lot of "grandpas" out there, it's a huge category of people that "I just want to do the thing and I don't care how so long as it works and is convenient".
I don't think this a question of timeframe, it's a question of do the right thing for the most users. There are a lot more "grandpas" than there are DRM-fighting or at least DRM-wary concerned citizens like you or me.
> however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root
This is clearly written from the perspective of somebody who never did help desk work or helped family or friends with computer problems.
Your point being... that I underestimate how people will keep downloading them anyway? I haven't done help desk work, but have been asked to do plenty of the latter; over the years, at least in my vicinity, skepticism about downloadable plugins had certainly developed to a level where I would only ever see the "half of the window is toolbars" IE screenshots in 4chan /g/ snark threads anymore.
Yeah, that was my point... unless things have like drastically changed in the last few years I think you're overestimating the level of user education.
If Firefox doesn't support DRM Video Mozilla dies. Users will not use a browser where they can't watch the videos they want to watch and those videos are under DRM.
You can't solve this problem at the standard level or the browser level. You can only solve by education users enough that they see no DRM as a feature and at the legal level by enshrining user protections in law.
> To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
False dichotomy.
Instead of exposing a small percentage of users to large attack vector (native app), you are exposing a very large percentage of users (close to 100%) with a lower attach vector. THe potential for damage is much, much higher, since it would affect about everyone using the Internet with major browsers.
For all the DRM Netflix has pushed down our throats, they still serve many titles (mainly movies and not their own productions) in piss-poor quality with those browsers whose users' freedom they have crippled. And I do mean absolutely awful quality as some titles clock in at less than 1000 kbps which isn't even nowhere near DVD quality.
What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place. Firefox staying relevant in the browser market is a better strategy in the long run than a hard line stance against DRM.
I can't tell if this is satire. Does anyone seriously believe that surrendering the war when you've lost one battle is an intelligent strategy? Mozilla contributes a whole lot to OSS, including providing a browser that can be trivially used without any black-box DRM-enforcement code hitting your system.
I didn't mean to suggest I categorically disagreed with the decision, in this case. I simply note that you can't extend that logic indefinitely, or you lose the thing you're fighting for.
> What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place.
This was rather the point of Fall of Men ("Zeitpunkt des Sündenfalls") in Firefox' history to me. It was also the point in time where I stopped donating to them.
Firefox is, AFAIK, the only browser vendor that decouples the EME module from the browser, allowing the browser to be downloaded without any DRM support at all. See the various "EME-free" directories here: http://download.cdn.mozilla.net/pub/firefox/releases/55.0/
The normal (not the "EME-free" ones) builds download the Widevine CDM from Google shortly after being run. The EME-free builds have a boolean pref pre-flipped, so that it doesn't download the Widevine CDM unless you manually flip the pref the other way. If you download a non-"EME-free" build and flip the pref, Firefox deletes the Widevine CDM if it already downloaded it.
In summary, if you already have Firefox, you don't need to go download a separate build to opt out of DRM. You can just uncheck the "Play DRM-controlled content" checkbox in the prefs to get to the same configuration.
Interesting, I didn't realize they did this. I guess they've been doing it since EME support landed[0] in 2015, but it sounds like they opted to not really publicize it. I always just set media.eme.enabled to false when I configure a new profile, but I hadn't really considered that this does not prevent the DRM libraries from being automatically downloaded.
That design decision makes sense, to decouple the EME module, and great that Mozilla offers a prebuilt binary without it, as an opt-out. I wonder if Chromium (or a fork) can also be built without this feature?
I'm not sure what decoupling means, and whether it's of any technical significance beyond bragging rights, but chromium won't support drm out of the box either because widevine is obviously not a part of chromium. You can take the widevine library from chrome and make it work with chromium if you jump through some hoops.
Not sure how it works on other OSs, but in my experience on Linux, Chromium is installed without Widevine DRM, Flash, or any proprietary stuff, and if you want that you have to install it separately.
Mozilla opposed EME very strongly. But when it was clear that Google, Microsoft and Apple all supported it and were shipping it, Mozilla was forced to ship it as well (with a flag that makes it easy to disable for users that want to).
Mozilla is playing a double game of pretending to be on the users side while completely being in Google's pocket. For Google this ensures they cannot be accused of being a monopoly.
And those working for Google attempting to divert attention to Hollywood are symptomatic of the reality distortion field and self deception of SV. Google is a spyware company engaged in mass surveillance and creepily following everyone on the planet for profit. There are no redeeming values here. SV is basically a gold rush with greed and money being the primary driver glossed over with dollops of pretension.
The world just has to step up to take control and diminish the ideology that drives SV. So far be it open source, web services, standards or regulations there is no contribution. Why are there no alternatives to Firefox, Google, Facebook and others? You can't be completely dependent on these companies and then claim victimhood.
That deal may be over but Mozilla still gets money from Google for search. Why is user advocacy so low key and half hearted, this being just one of them. What do they have to lose?
They have consistently thrown in the towel while diluting the very things that users would choose them over Chrome for.
There are many ways to exert influence in this world. Mozilla is in SV and is very much part of the culture and ecosystem. We need genuine alternatives and activism against entrenched interests.
This was basically wanted by Firefox, Apple, Microsoft and Google. They are the modern web. Trying to go against them is how we ended up with XHTML, a standard no-one really wanted, or implemented.
Firefox opposed it very strongly, and only gave in and implemented it when it was clear that all other browsers were behind it - at that point the battle was already lost.
When the EFF says
> The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.
It is safe to assume the companies the EFF refers to are Google and Microsoft.
Mozilla's users outvoted Mozilla staff, and Mozilla staff gracefully conceded that users are best served when they have the OPTION to consume DRM-controlled content or free content.
And they implemented it as strictly opt in (they ask before installing it), and fully user controlled:
"Firefox downloads and enables the Google Widevine CDM on demand, with user permission, to give users a smooth experience on sites that require DRM. The CDM runs in a separate container called a sandbox and you will be notified when a CDM is in use. You can also disable a CDM and opt out of future updates by following the steps below. Once you disable a CDM, however, sites using this type of DRM may not operate properly."
So what was their option? Refusing to implement DRM (as opt-in) would mean that the ignorant user wouldn't be able to see Youtube videos anymore. The result would be that these users would move over to Chrome, Safari or Edge. There was no alternative.
Mozilla is very upfront about the fact that it goes against their principles. https://hacks.mozilla.org/2014/05/reconciling-mozillas-missi... Anyway it's opt-in, it's easy to uninstall the one CDM it comes with, and it's fairly easy to stop it from even asking about downloading CDMs. The EME-free build just does all of that for you up front.
Yes, there is an option, and it has been linked repeatedly in these threads. The irony being, of course, that if Firefox didn't yield to the other browser vendors in implementing EME they wouldn't have the marketshare to keep development going, which means there would be zero browsers rather than one that make it trivial to forgo DRM.
That's a gross oversimplification: Flash and Silverlight were rich platforms with complexity on the same order as the entire browser. EME has a much narrower interface which provides stream decryption – it doesn't even have the video codec, whereas Flash/Silverlight had complex video, audio, image, PDF, font, etc. implementations with a long history of exploits.
This really matters because so many of those exploits relied on other features to actually run the payload. Not having any of those in the first place is a big attack surface reduction, even if the politics are legitimately debatable.
>This was absolutely NOT wanted by Firefox.
They were the only browser to represent the users in this fight.
Don't put Mozilla in the same group as those other traitors.
But they ended up including DRM in their browser. So they're traitors and hypocrites, right?
You can still get the EME-free browser. They released both because ultimately, giving those who care a choice is easier than surviving once you alienate the legions of those who demand it for Netflix or the like.
The W3C is not the web. Look no further than the good work the WHATWG did to move the web forward while the W3C & Microsoft were holding the web back in the early 2000's.
> Look no further than the good work the WHATWG did
And who was WHATWG? Oh right, exactly the same companies that now voted for DRM as W3C standard. And why could they do WHATWG? Because they are the vendors of the majority browsers.
The W3C has pretty much zero power to prescribe what happens on the web.
Look at the history of their standards, and the direction that the web has actually gone.
The power for where the web goes is in the hands of web developers and browser developers. The W3C documents some things, but they are not a major player.
Actually, no. The Web is more an API for browsers at this point than anything. The W3C is, well, secondary, if browser manufacturers get behind another body - it'll happen.
I applaud you and anyone else who does this but I fear too many people sit on the other side of caring more about having Neflix now than maintaining the open internet. I know I won't be able to persuade my partner that we shouldn't watch Netflix anymore because of an issue she doesn't care about.
I'm willing to bet there are quite a few zeroes between the decimal point and the other digits of the percentage of people who will actually practice what you're preaching here.
If you want a text-only web, with no major content producers on it, you already have that. Just disable your browser's multimedia plugins. Or use Lynx, or some other browser of the 90s. The open parts of the web will still work.
Anyways, Netflix, Google, Apple, and Microsoft (probably - they aren't making their votes public) support this, so this is a great time to cancel your subscriptions and stop using their products.
> If you want a text-only web, with no major content producers on it, you already have that.
And that (the web as it is) is exactly what I want. And I want that the media companies who cannot accept that the web is free of DRM to stay away from it.
I will gladly take DRMed netflix over ad-ridden crap that "free" web gives us.
It seams that people are using "walled garden", "free/not free", "user hostile" without giving any thought.
It sure cannot be user hostile when there are no users, can it?
That's not your decision to make. They own their sites and content. You are, of course, free to ignore it. If you don't like a site, use the back button.
You can complain, of course. What you can't do is control others. That's something the web is good at working around.
And you have the options to not use it. You don't get to decide what other people do with their property. That's pretty much against the reasons the web is here.
You can complain, if you want. That doesn't appear to be helping but you're free to do so.
My strategy is to avoid it where reasonably possible. I let other people do what they want with their stuff.
"Mainline web: 0-rated DRMed Netflix if you pay ever-more exorbitant prices for our increasingly tiered package deals that make you try and remember the joy of 'cutting the cord'"
"Alternative web: Some competition without DRM, zero-rating, or other nonneutrality bullshit"
You go ahead and stick with your Netflix, buddy, and best of luck to ya.
American ISPs and legal precedent are all of course bought up by the interests building the former, but luckily I'm not tied down here.
Your assertion that standardizing DRM forces everyone to use it makes about as much sense as the assertion that teaching teenagers about condoms will make them all have sex.
Technically "capitalism" would also mention the small long-tail of web consumers that refuse to use browsers that enable these new W3C specs.
That said, most of actual market transactions involve some sort of subtle coercion or manipulation of emotions, which means they violate the core assumptions of economics. {Marketing, sales, religion/cults, magicians, A/B testing} all involve some sort of cognitive / psychological manipulation -- the core incentives of the modern economy incentivize companies to optimize for attention capture and behavior exploitation.
Only while the consequences of "not giving a shit" aren't immediately affecting them.
Those same people are the ones who turn around and complain "what can we do" and organize social media armchair protests when consequences simple enough for them to understand come along.
the market allows the DRM because people keep buying the content even when DRM is included, standardizing it may just mean less clunky implementations of DRM
but if we were to ban DRM from the market would something else crop up to replace it? would content creators stop making content?
what about IP laws? if we got rid of them, there would probably be more content AND more DRM? or would it be more content and less DRM since it would only be a matter of time before someone legally reproduces your work so why bother with DRM?
That's a hell of an accusation. And you should present evidence if you're going to level it. It is dishonorable to make baseless attacks on people's character and integrity.
Whether or not there's actual corruption, it's inevitable (in my opinion) that this sort of thing would happen. It's the march of economics. The open web just doesn't allow suppliers to meet demand. One way or another they'll find a way to do it. DRM snuck in the door via Flash. We just about stamped it out, but wouldn't you know it somehow it came back in a more insidious (if innocuous looking) form. People on our side like to claim that DRM is a foolish business model, but I'm not convinced that they're not just deluding themselves.
Whatever the answer is, I don't think it's stopping DRM with brute force. I think it will need to involve either coming up with alternate business models that are anywhere near as viable, or a way to keep it in a box to use for the few applications that really benefit from it.
I don't think that's true. EME exists -because- we started getting rid of Flash, Java, Silverlight etc due to their security issues. There needed to be something to replace those proprietary plugins or else some of the largest websites on the internet would just break with no way to fix them.
EME is the standardized version of the needed functionality from those obsolete plugins.
I dont think that is true. EME exists because media companies have the strange desire to treat their customers like criminals and Technology companies have the desire to ensure the user can not control the devices they "buy" from them.
EME is about control and limiting freedom, not about replacing Flash
What I said is technically true. You are simply talking about conspiracy theories and politics.
TV/Movie producers have a legitimate reason to want to protect their media. The lower the bar is for viewing the content they spend lots of money and work producing for free the more people do it. If there were no barriers to viewing movies then there are zero ways in our current economy to get a positive return. You can't fund Wonder Woman on money from advertisements. There needs to be a system where people pay for content.
EME is a means to an end. It's not inherently evil. If someone takes it and uses it for an evil purpose then we might have something to discuss, but today there is no way for our modern media to exist in a fully open source world. If EME didn't exist then we would still be using plugins to view Netflix. There is no situation where Netflix can operate in a fully open source system. And that's not a bad thing.
>>TV/Movie producers have a legitimate reason to want to protect their media.
I disagree.
>>>The lower the bar is for viewing the content they spend lots of money and work producing for free the more people do it. If there were no barriers to viewing movies then there are zero ways in our current economy to get a positive return
umm they are the ones creating the Barriers, DRM is a Barrier. I can not tell you how many times I have wanted to buy a movie or some other content only to find out it is not on the Platform or service I have choose to use.
Instead they want to only use the Platforms or services they bless. This is where the monopoly power of copyright breaks down.
If I want to watch a movie using my rPi running kodi I should have an easy way to buy a movie that just plays via a standard codec, it should not only be on a netflix, or worse now that every studio is making their own streaming platform we are going to see more piracy because they are simply refusing to sell their content in the manner consumer wants to buy it.
Basicly if you do not use Windows/Mac/Andirod/iOS you are out of consuming media. Linux haha screw you
>>EME is a means to an end. It's not inherently evil
DRM is inherently evil..
>>but today there is no way for our modern media to exist in a fully open source world.
That is completely false there is thousand and thousands of hours of media that exist in a fully open source world.
Music is almost all DRM free today, there is a strong push for DRM Free books,
TV and Movies seem to be the last hold outs for Defective by Design DRM.
They already have the most advanced form of DRM possible. Unlike a DVD or BD they can always cancel your account, pull movies from their catalog and dictate from which country you can watch movies. What do they gain from adding clientside DRM? The only thing I can imagine is plugging the analog hole but that is fundamentally impossible. At some point the photons of the screen have to reach your eyes. Even in the worst case scenario you can just use a capture card or even make your own by modding a display with an FPGA. It's futile to try to stop "pirates" with DRM. The only thing you can achieve is imposing even more restraints on your users.
> What's going to happen without a standard? A bunch of proprietary plugins?
What is supposed to be happen is a zero-tolerance and active fightback against anything DRM-related in the web - be it in the browser or be it a plugin.
That's a big shift from historical standards. Where has the pushback been for plugins that permitted DRM? Or from allowing them in, say Firefox?
I'm wondering why this proposal gets so much more attention than all the past DRM that's been on the web. Did people just not realize that it was there?
Flash and Silverlight DRM (as an example of 2) weren't previously web standards, and even the 3rd party plugins that included them had significant non-DRM-related uses.
This is a different animal: Adding standardized interfaces to browsers specifically designed to talk to dedicated DRM modules.
That's what I'm asking about; where was the pushback on those two bits of DRM? The position advocated by the poster I was responding too would take a very harsh view on Flash and Silverlight, even with their other uses.
Right, and from what they posted, I'm sure they took a harsh view of DRM-supporting plugins at the time too. I was trying to answer your questions about why there wasn't historically pushback that matches what we're seeing over EME now.
There were people that complained about Netflix using Silverlight, and such (in my case, it meant I couldn't watch it on my PC, for example). People complained about Flash back in its heyday too.
EME isn't causing a general outcry though, outside of certain corners of the tech world.
> Where has the pushback been for plugins that permitted DRM?
I have never installed any plugin for DRM and don't know anybody who has.* I also warned people about the dangers of DRM all the time. In this sense the pushback was always there - but since browser plugins were hated anyway this was a rather easy fight.
* OK, to be 100% honest: I am aware that Flash allowed some kind of DRM - but I never seen or used any application which used it and I don't know anybody who used any application where Flash DRM was used. So the statement still holds.
Plus most of the users using Flash and Silverlight for things like watching movies aren't likely to recognize that they are plugins. The answer to "How do you watch movies online?" is probably "Hulu" or "Netflix". Flash and Silverlight were never brands that non-technical users paid much attention to, they were means to an end. If they install something to "watch movies on Netflix", they may not remember because it was a one-time ask by the site they visit, and whatever it asked them to install didn't matter to the user so long as they could "watch movies on Netflix".
It took the iPhone to kill Flash and even then not having it was one of the biggest complaints about the phone. And they killed it for reasons having nothing to do with DRM.
You can't really expect companies like Google, Microsoft, or Apple to take up that mantle -- why would they, when it's not in their interests? If you actually want to fix the problem you probably need to hit the regulatory levers.
Their interest is in letting people use their browsers to view content. The media companies have made it clear that’s not happening without DRM.
So the browser companies support it.
It’s not manditory, you can ship content without it. But if Chrome said ‘DRM free only’ all that would happen is people would abandon it to be able to watch video online.
If you don’t like DRM then get legislation made. But you’ll never do that because even without the giant lobbying budgets I don’t see why lawmakers would make it illegal.
> The media companies have made it clear that’s not happening without DRM.
If people were actively boycotting anything that uses DRM and were bawling out media companies that use DRM, there would soon appear media companies that provide a "no-DRM media package". As soon as these companies were making big money with DRM-free content, I am pretty sure the large media companies would in the long run give up their stupid idea that DRM is necessary.
DRM is only necessary because there exist (too many) people who don't have a zero-tolerance policy against DRM.
> DRM is only necessary because there exist (too many) people who don't have a zero-tolerance policy against DRM.
Really? I can see a pretty good argument for why it SHOULD be legal. If I want to post some content I make online why shouldn’t I be able to try to protect it?
And let’s not go through the ‘But Sony rootkit!’ stuff. You can make safe DRM. Rooting someone’s computer is already a crime, that’s why Sony in trouble.
> As soon as these companies were making big money with DRM-free content...
Far too many people see nothing wrong with piracy. It works on music because it’s so cheap. I don’t think you’ll get 99c TV shows or especially movies any time soon. It probably isn’t sustainable, especially for movies.
So people will pirate, out of cheapness or inability to pay or ‘righteousness’ or whatever.
It’s not going to happen.
> ... I am pretty sure the large media companies would in the long run give up their stupid idea that DRM is necessary.
Why should they, from a business perspective, give up control they have now with basically no downside? I don’t even see a moral argument they should give it up.
Now I agree we need better fair use laws, and security people should be able to poke at DRM to make sure it’s not doing evil things. But I don’t see why society, under moral or business obligations, could support outlawing DRM.
> Really? I can see a pretty good argument for why it SHOULD be legal. If I want to post some content I make online why shouldn’t I be able to try to protect it?
The current state of affairs is that it's not just legal to use DRM, it's illegal (DMCA) to try and break a DRM scheme, _even if you do so in order to exercise your legally guaranteed fair use rights_.
It seems to me that there should be some sort of sort of moral right to self-defense that applies here: just like society/the law recognises that it is morally acceptable to use deadly force to defend yourself from someone who is trying to murder you (even if it wouldn't be otherwise), we can recognise that it is morally acceptable to use the legal equivalent of deadly force (ban DRM, make it illegal for them to enforce their right to protect their content) in self-defense (against them using DRM to make it illegal for you to enforce your right to fair use).
More bluntly: Content creators, with their support of the DMCA, have proven that they have no concern for my rights or freedoms. What standing do they have to expect me to have any for theirs?
Like I said I support better fair use laws as I know that’s a real issue right now.
The comparison to deadly force.... seems hyperbolic. No one is in mortal peril. I would have voted you up without that. Those kind of statements make it impossible to have/take discussions like this seriously.
I wasn't meaning to say that the legal prohibition to do something in this case is comparable (similarly bad) to deadly force; rather, I believe the relation between "prohibit DRM" and "use DRM to prohibit exercise of rights" is similar to that between "kill (in self-defense)" and "murder", and it seems accepted that in the kill-murder case, the latter justifies the former even though it would not be justified on its own.
On the other point, I'm not convinced that supporting better fair use laws is enough on its own. An equitable compromise between two parties with fundamentally opposing interests can rarely be reached if there is a deep asymmetry in terms of their ability to just take what they want and run. Maybe, if comparison to anything involving murder is going too far for you, we can instead make one to (ironically enough) stealing: if the local group of school bullies keeps dragging you into dark alleyways and taking your lunch money, will you also support better rights to keep your lunch money but think it is going too far to demand that they be put in detention, because you see a pretty good argument why they should have a right to free movement?
The only reason I'm resorting to violent metaphors is that our moral intuitions are usually more clear around those than around fairly recent societal constructions. Given the choice, I would rather be beaten up than subjected to any of the potentially life-wrecking legal threats listed in section 3 of https://www.eff.org/files/2014/09/16/unintendedconsequences2..., and I would think that this preference ordering is neither uncommon nor irrational. Given that, in what sense are the violent metaphors "too strong"?
It goes against most people's notions of fairness to pay for a product and still have it encumbered with a lot of limitations. I think the case is stronger if we're talking about streams or rentals, but of course DRM is hardly limited to those.
But we’ve always had that. I mean every video tape I ever watched as a child had FBI warnings explaining that there were limits on what you could do with it.
The only difference is that the videotapes can now try and enforce it themselves.
That doesn't really answer the question, does it? If someone wants to lock up their bike with an ineffective lock, it might be a bad idea, but they're not outside of their moral rights to do so.
> If you don’t like DRM then get legislation made. But you’ll never do that because even without the giant lobbying budgets I don’t see why lawmakers would make it illegal.
Well, a broad-based pressure group making them think they'd lose office if they didn't support such a thing is the only way anything like that ever gets passed. A lot of folks in Congress didn't want to see JASTA passed but felt they had no choice but to vote for it, so there's a model.
But yeah, this conversation, talking about how maybe if we ask Google nicely they'll act against their financial interests, strikes me as pretty naive.
Honestly I’m not sure it’s possible to make DRM illegal. On what grounds with that be constitutional? Artists have had rights to control how their work is performed in the US forever. How is this any different? Why would one form get protection and not the other?
I mean legally I don’t know if this counts as a free speech argument or not I just don’t see how such a long would end up passing muster.
What part of the US Constitution would make it illegal?
Companies should not have this kind of power. Internet is a basic need now, it's where we (as a race) create and share knowledge.
If it is immoral to put restrictions on book consumptions, why should be moral to put restrictions on media consumption?
And I'm not referring to access. You can buy a book on a store, and after that that book is yours you can lend to anyone else, and everyone can read the same pages on this same physical book.
It the right to use the information after that you paid for it.
They're likely to just lose users to people jumping ship to browsers that let them watch Netflix and they're all involved in distributing DRM-encumbered content themselves.
We have lost it: P2P should have been the future of internet. Instead it devolved into the "connect to a server for everything" cloud system.
Internet should be like ZeroNet: a serverless system where content of interest is shared by its millions of viewers and where servers only use a small amount of bandwidth as backups and initial seeders.
That the wikipedia still needs servers and asks donations yearly to keep them online is a testament to how stalled progress in internet infrastructure is today.
I think it's time to start contemplating alternatives to the Web.
The interests of users are no longer front and center. The past several years of the Web platform's evolution have been characterized by privacy invasions, out of control Javascript, spammy push notifications, AMP... and now this.
This is not what many of us signed up for. I don't know if there even are alternatives to the Web at this time but when you can't trust even the standards bodies to act in your best interest, it's time to start talking about how we could walk away from the whole thing.
"The interests of users are no longer front and center. "
Netflix is a 'user' of the internet, as any other.
The web is open - those who want to share their content freely can do that - those who want to DRM, they can do that.
The 'march of economics' is usually just the 'march of reality'. Game of Thrones is expensive to make - ultimately, people have to get paid for it somehow.
Most creative/entertainment projects are a dud. Only a few even make money.
BBS on HAM Radio? I've been toying with the idea for a while. The exact stack is not clear yet, but it has to 'liberate' me from the current web/internet insanity. It could be slow and imperfect, but dammit it would be ours again.
Not exactly a corruption, it is just world doesnt belong to national governments - only to corporations. That wont change any time soon and will only worsen.
The EFF is right for resigning. There's no reason for EFF to be part of a supposed standardization group that is ignoring complaints, especially for a recommendation for a technology that puts freedoms at risk.
And to put salt on injury, the W3C is claiming that they couldn't reach consensus on a covenant regarding anti-circumvention regulations, however they are now making this recommendation without consensus, which seems to me to be disingenuous.
The W3C is clearly and has always been a charade.
And people won't forget that easily, just like we haven't forgotten the days when they were holding the web back. So if they were worried about becoming irrelevant by not adopting DRM, well, they just became irrelevant regardless. Might as well admit that the standards are made by two or three companies which control the market and stop this circus.
We are allowing large corporations to dictate and push the web toward a closed system. A future where there has to be an App for that, and if you don't keep your head down you will be censored and cutoff from the rest of the online world.
If you want the masses to care, the masses will have to lose first. They (not hackers) don't get it, and it's inconceivable that they ever will... Until they notice the closed system.
Is there even a war taking place? Battles are often forgotten.
Yes, we (the hackers) allowed this to happen. We need to think about it now. I feel like the YOU in your comment is slightly misaddressed. What can WE do about it?
Once a system becomes closed it is very difficult to become open again. It's like personal liberty & freedoms, if you/we give them up they are almost impossible to get them back.
What's important is not what software exists somewhere where somebody could theoretically download and use it, but what software actually gets used. Most users don't even know what open source software is, much less where to find any; they use what comes with either Windows or OS X or their smartphone.
Also, your software can be as open source as you like, but if it can't interoperate with the rest of the Internet, it's useless. Personally, I don't watch TV or movies on my computer so I don't particularly care whether my browser lets me do that or not. But I would care very much if, for example, my bank's website started requiring a DRM-capable browser. Open source doesn't address that problem.
> What's important is not what software exists somewhere where somebody could theoretically download and use it, but what software actually gets used. Most users don't even know what open source software is, much less where to find any; they use what comes with either Windows or OS X or their smartphone.
The people who care about the "Open Web" and DRM know about open source software and the people who don't care, don't know about Open Source software precisely because they don't care.
> if, for example, my bank's website started requiring a DRM-capable browser. Open source doesn't address that problem.
That's the banks property (website, servers, etc) you have no say in how they run it, if they go and do something stupid like require DRM to visit their site and you don't want DRM you have to switch banks. You made the choice to not use DRM, so you have to face the consequences of your choice. The bank made the choice of requiring DRM and they have to live with the consequences of customers switching banks. Open Source software was never meant to control others property.
> if they go and do something stupid like require DRM to visit their site and you don't want DRM you have to switch banks.
But if every bank--or at least every bank I would possibly consider entrusting my money to--requires DRM, because DRM is the standard and all the major browsers use it and the bank doesn't want to go to the trouble of inventing all their own infrastructure just to avoid using DRM, then what bank do I switch to?
> Open Source software was never meant to control others property.
Exactly. So Open Source software does not address the problem I said it does not address. So we are in agreement on that point. Good.
But you were saying, in the post I originally responded to, that Open Source software will somehow prevent the web from becoming effectively a closed system. That would only be the case if Open Source software did address the problem that you and I both agree it does not address.
Its always been this way. I can't remember a time that open source software was front of mind even for those who Ould have had a vested interest in knowing about beyond computer scientists/engineers or their academic counterparts. There are exceptions, no doubt. I think generally though, this has always been the case. End users in particular usually don't know the difference nor do they care to (though as the allegory goes, sometimes they do when its too late. )
> Most users don't even know what open source software is, much less where to find any; they use what comes with either Windows or OS X or their smartphone.
This is an educational issue at the social level. The technology is still available.
Exactly, I don't want a password for my online banking, I actually despise the fact that my bank would ever even ask for one. I want a bank where I can deliver an SSH key.
Developers are using open source. End users not so much, except open source bundled into their apps as libraries to actually power them.
Getting an app into users hands nowadays is becoming gatekeeped more and more. Either through fearmongering (buy those certs for your apps approved by Gatekeeper X) or literal gatekeeping on app stores.
You can argue that people don't have to use locked down app stores, but then you're just missing the point.
Yet users are less free now than ever before. The open source methodology leads to free libraries for devs, free labor for companies, but proprietary applications for users.
Do you use any Google/Apple/Facebook products? You are choosing with your wallet or personal data if you are. They only have power because we give them power either by using their products or giving them more data points.
It was their only chance for continued relevance. Ever since the formation of WHATWG in 2004, it has been increasingly clear that the only standards that matter are the de facto standards set by the browser vendors.
> I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant.
I think that pretty much sums it up. The only thing that could've gone better for the corporations is if everyone else just shut the fuck up.
I don't know why he bothered to post that. What a joke.
It's time to abandon the major web standards and start devising our own infrastructure. Better stateless protocol, end-to-end encryption on every connection -- no exceptions! -- decentralized encrypted vaults of cached assets (where every user donates a few or few hundred gigabytes of disk space to participiate -- effectively becoming a node in a decentralized CDN).
We've left the corporations run wild for far too long. They've been stupid, slow and it took them A LONG TIME to catch up. And eventually they did. All the while all of us did absolutely nothing. At least myself.
^ All of that is an idealistic revolutionist talk, I am aware. Had I had the free time and reserve capital however, I'd be dead-serious about starting such an effort.
ZeroNet.io is one of the neatest proofs of concept I've seen in a while. A P2P decentralized web, accessible via standard browser, Tor network optional. It's small and there isn't much content, but as a demo it seems to work great.
Unfortunately there are only three ways to implement decentralised webapps. Either you have trustless consensus by giving users power proportional to their physical resources where every user only has a small fraction of power. This is called blockchain with proof of work. It's extremely inefficient and therefore many usecases are not possible but it doesn't require trusting in any individual, only in the entire network. It should used for DNS, usernames or other readable identifiers that require global consensus.
The second is federation like email. Everyone has the option to become a provider or trust an existing provider. Of course the problem is that you need to trust your provider and the providers have to trust other providers. Spammers can just set up their own provider to attack other providers, so providers need the ability to block providers they disagree with. Providers don't live forever or they can become untrustworthy, there needs to be a way to export the data and import it into a new provider. You will need digitally sign all your data to prove that it came from you. There also needs to be a mechanism to confirm that user10@oldprovider is the same user as user5@newprovider and redirect from the old identifier to the new one.
The third is the least likely. A full P2P architecture where every peer is equal. Every peer will be forced to store the entire database of the application and run all computation locally. Spam will be an even bigger problem than with federation because you will have to store the spam for eternity too. The dataset will eventually become large enough that a single computer cannot store it.
I'm betting on federation. It's the middle ground between full centralisation and full decentralisation.
Agreed with everything. I'd bet on scenario #3 though (namely IPFS and IPNS for now). You're sadly correct about the spam though. Still, a solution must exist.
I for one am sick of trusting corps only because they can implement software that protects their own servers. We can't be held hostages by spam forever.
(I would even wager spam is partially funded by corps so as to scare the users back to their walled gardens but that's uncertain and not especially likely.)
It could be combination of #1 and #2, use blockchain for names and federation for actual content, then it will be easy to switch providers, just add new name to blockchain and remove old one.
Having dynamic user-hosted CDNs in almost real-time a la IPFS (which are sadly far from real-time) has been proven to work. However, the latency is too big so yeah, so far we've got practically nothing.
The saddest part of this story is that Netflix/Amazon/younameit will continue to ignore and block Linux users as the niche market they are -- even if a future Firefox or Chrome version comes with the new standardized DRM everyone asked for. Lose/lose situation.
Netflix works with EME on Chrome and Firefox. Netflix doesn't block Linux users. They just don't provide customer support for troubleshooting on Linux.
I think we're splitting hairs here. The point cpeterso was trying to make is that while Netflix is a large company that advocated for EME, Netflix is also trying to cater to all audiences. And with their track record of open-sourceing lot she of their internal systems, I feel it's safe to say Netflix as a company isn't nearly as corrupt as some of the other advocates for EME.
I wouldn't be so sure. As Netflix becomes a media giant (it's already bigger than many), they'll adopt their policy for DRM. If not, why don't you have less restrictions on "pure" Netflix Originals content ?
We'll see in the coming months if the Originals mean higher quality on Linux or not. I wouldn't bet on it.
Correct me if I'm wrong, but the new "standardized DRM" is just EME which all major browsers, including Firefox and Chrome, already implement, and which has been used by e.g. Netflix for several years now.
And Netflix works on Linux on Chrome and Firefox already, using those APIs.
The actual Content Decryption Modules are not part of the standard, though. Firefox and Chrome use Google Widevine.
For "simple economic reasons" you believe companies will go out of their way to block Linux users for some reason? If the browser supports it, that's all that really matters.
A company called Microsoft builds a software which is able to render html. This company makes money and talks to another company called google which also is making money by selling movies and stuff and which builds a software which is able to render html. And those two companies are talking to a third huge company, who makes a shit ton of money and also makes a software which is able to render html.
All those _companies_ decided together, that they still are using some form of drm and want to standardize it, to make it easier for there consumers.
Now a few people, who are using the software from those companies thought this code is written for free and without strings attached?
I mean i do understand the risk but still i'm surfing around and use my software, written by companies, to surf primarily on company sites and not for surfing on other private pages.
Even linux and other free software is written, primarly by people who get there money from companies right?
I don't think that DRM would be gone if no EME exists.
What happened was that Apple banned alternative browsers and plugins like Flash on iOS which meant there was a sizable platform of - importantly - semi-rich people that did not have a usable DRM solution outside being told to install an app.
The user dropoff from demanding you install an app is huge.
They were losing money, plain and simple, on people who didn't A. download a plugin or B. install an app to push DRM on them.
This battle was over years ago. Safari adopted EME, all the corporate powers that be that wanted to have their cake and eat it too on the buffet of consumer ignorance to how dicked over they are when companies shovel proprietary code down their throats. No major browser wanted to even try fighting this. New browsers that turn up will never gain traction if they don't "support Netflix".
Those of us who care about ethics go on using Firefox without the DRM bullshit plugin / Chromium / etc and the rest keep being ignorant as they always have been.
Really, DRM isn't even helping anyone. It is a lawyer requirement for legal contracts between media producers and distributors. "We require you fuck over your customers to give our old rich men investors who have no clue what technology is a false idea that nobody can copy our floppy". Pirates will continue to circumvent and distribute better quality versions of everything than any company is willing to stream you anyway, and people who were using the streaming services in the first place weren't pirating to begin with.
What this does mean is what should be straightforward user experiences for online video are going to start becoming a clusterfuck of broken, insecure proprietary blob DRM drivers every video site "automagically" downloads and runs on users computers that either don't work cross platform or breaks all the time. Web video will have peaked in 2016, when ubiquitous mp4 support meant almost any site can just host videos and have them work, and 2018 and on will be the era of everyone trying to use shitty DRM plugins that will fail and break everywhere just like Flash and Silverlight did years ago. But having the option available is going to inspire companies like newspapers that have no business trying to DRM lock their newscasts to try to use DRM anyway because fuck ethics.
Those companies made it easier for the consumers because those companies would have never accepted non DRM Video (period).
You still can watch h264 on all modern webbrowser.
And still it is there choice how they wanna offer there content.
Don't get me wrong, i don't like DRM but it is still there choice and they are big enough to do it and the just did because it is and was there standard for there internet to reach there consumers.
any consumer should have the option of using it, if they want.
the problem here is the codification as a standard, and the implicit endorsement that the W3C creates in providing the standard.
DRM is expensive to your freedom, and it should be as expensive as possible for media companies to implement. by making it opt-in rathen than can't-even-opt-out-if-you-want-to, the W3C are really giving the public interest the middle finger.
I'm a bit uneducated when it comes to the cryptography involved, but I'm wondering why people here are so determined DRM can't ever work?
Is it because someone will somehow get a copy and upload to torrents/streaming sites which of course won't have DRM. Thus only potentially annoying legitimate (eg. Netflix) users? Or are there other concerns?
In practical terms, DRM obviously can be made to work.
People ideologically opposed to DRM tend to have two blind spots about the DRM service model.
First, they assume that DRM users demand that DRM prevent any copies being made. But that's not true: obviously, any video you show a user in the privacy of their home can be cam-copied. It has even been the case (though it will be less and less the case moving forward) that you could obtain a high-fidelity digital copy. DRM users have always understood that to be the case; what's important is not that copies be impossible, but that they be difficult for ordinary users and, ideally, incur a quality hit. If copies are inconvenient and/or of lower-quality, most of the market will pay for legitimate copies.
Second, and more importantly, DRM opponents assume that the restriction DRM users are seeking is indefinite. But for the most part, content owners are much less concerned about long-term restrictions than they are about the new-release window when their content is most in demand. A DRM scheme only has to survive for a couple weeks to generate immense value for content owners.
From a security and cryptography perspective, a scheme that can be resilient against expert adversaries for a few weeks, or even a framework for minting such schemes on demand, is a commercially reasonable proposition.
People who are not fooled by the ideology of DRM are fully aware that DRM is a legal strategy, not a technology.
That doesn't change the technological harm of DRM. Putting a DRM-shaped hole in web standards makes browsers less secure, less stable, and less maintainable.
iTunes copy protection used to be broken in a few hours, Blu Ray is long since cracked. DRM is neither secure nor cryptographically sound ( http://craphound.com/msftdrm.txt ). The business models that work online keep on being built without DRM.
But DRM remains an irresistible fantasy for corporations who haven't worked out the economics of getting Apple, Amazon or Netflix to add locks to their content.
I don't know a lot of software security people who work on browser security that agree with this. The prevailing sentiment is the opposite: that standardize DRM reduces the attack surface of proprietary DRM down to that of a CDM, rather than full-featured browser plugins. By doing so, EME is improving security, not damaging it.
By what, banning plugins? Now you're asking the anti-DRM people to do exactly what they're angry at the pro-DRM people for doing: preventing people from running a particular kind of program on their computer. It's an incoherent position.
I think the most untenable part of the DRM model is the trust required. All user hardware behind the visual part has to be secure. That is, the manufacturer has to correctly implement any protocols.
This goes (if I'm not mistaken) for the Screen, HDMI cable, GPU and OS. It's a hard balance between keeping consumer happy with their choice and only accepting compliant and capable producers.
The downfall of the DRM is either going to be stripping the legal protections, or competitors without DRM being able to offer a better experience. Sadly, whilst cutting DRM gives a massively better experience, it comes at the cost of control over the customer. I think Netflix really doesn't mind that I can't watch Netflix on Plex. Heck, they might even prefer that.
This is what really scares me about DRM, it enables the building of walled gardens for much more than just media content.
>or even a framework for minting such schemes on demand
This is what video DRM will need. For games, where each game has a somewhat customized version of DRM, taking a few weeks to break is good enough. For video, this will give you a few episodes; but once it is broken it is broken for everything until you roll out a new scheme. Overtime, I would expect the breakers to get more efficient and automated at breaking schemes, while the DRM makers get increasingly lazy and complacent.
Cryptogtaphically speaking, what is DRM. We want to give an untrusted user access to content, so that they can see it, without giving them access to the content, so they cannot copy it. This is simply impossible in theory. In practice, we can make copying it difficult, possibly resorting to hardware support (so decryption happens in the monitor) and rely on the DMCA to make any attempts to break DRM illegal. Of course non of these solutions actually work in theory; and the farther down the arms race we go, the more annoying it gets to legitimate users.
I'm not sure if that's correct or not, but either way, that's in complete agreement with what I just said: they are not speaking in terms of cryptography.
Even if everyone were to replace their hardware for DRM-friendly monitors, you can bet that in a week the market will be flooded by chinese made hardware dongles that allows you to bypass it.
> I know content creators. There is a large group that hate their content being copied.
And yet, most content creators I know recognize that the "old ways" are dying, and community involvement and other value adds are the way of the future.
Look at youtube (pre ad-pocolypse), twitch, and patreon. DRM isn't where the money is at with content-creation. Spotify, apple-music, et. al. don't pay their artists nearly enough. The future of content is in direct distribution - not billionaire funded recording companies.
I thought most pushback against easier access to content was from publishers / curators / distributers. They are being made obsolete by digital distribution and are using 'but the poor artists' as an smoke-screen to delay their obsolescence.
DRM doesn't work. Every form of DRM has historically been broken in one way or another. There are a couple of current systems that haven't been broken yet but it doesn't matter; content will be available from unauthorized sources the day they are released for streaming and no technical means is going to stop that.
Even Denuvo, the darling of the major games publishers, is broken on a regular basis. The company acknowledges that their software doesn't last forever (they tout '300 days' on their website as the longest any of their DRM schemes has held up, it usually is broken in a couple of weeks) and that the value is protecting the profits during that period.
DRM does work. Whether Denuvo is successful depends on how it is implemented. Implementations of Denuvo have survived a year+ without being cracked. As you said, DRM often isn't intended to be secure forever, just for long enough that the major sales buzz is over anyway.
You can also think of DRM as branching into online services. DRM commonly required some form of interaction with an online service to validate a key or whatever else. As a result, some DRM is in fact built into the foundation of the software and this is the most successful. Think of World of Warcraft or Everquest. To essentially crack that DRM, you have to recreate the server backend which is a serious undertaking. This has been done, but it took a long time, only applies to older versions and doesn't connect you to the legitimate service.
Steam is an online service and games which use SteamWorks are coupling at least some of their features with the online service, but this is not as complicated as something like World of Warcraft so it is easily cracked. Denuvo attempts to fill that gap by more strongly coupling the software with Steam. As a result, Steam is technically the DRM while Denuvo is helping to enforce it and thus is not labeled as "3rd party DRM" on the Steam Store pages.
There is a balance between the popularity of your software and the difficulty of breaking the DRM. If your software isn't extremely popular, then a crack is not in high demand. If the software is easy to crack, then even if it isn't in high demand it may get drive-by cracked. If it's difficult enough, many people will decide that their time is better spent elsewhere even if it is possible to crack.
As we enter the age of encrypted processing where both the code and data are encrypted during execution on the processor, cracking will be time consuming enough and have enough prerequisites that it simply won't be able to keep up with even the most popular software. It will be a while before this can become mainstream, because unless governments start requiring it, there will always be devices without encrypted processing that companies can't ignore in order to maximize profit. It won't surprise me if we see both governments that require encrypted processing and governments that ban encrypted processing.
Obviously for static media like audio or video this is harder to deal with, but there have been a number of novel solutions to this that just haven't been widely adopted. There are also still a lot of consumers with older hardware that publishers want to target, because not targeting them is worse than the concern of piracy. These are more about mitigation rather than outright making it impossible for a time period.
DRM works! It's very effective at giving control of the playback environment to the copyright cartels.
Unfortunately, a lot of people mistakenly believe the purpose of DRM is to prevent copying. That is the justification, not the goal, which has always been about maintaining control over playback device.
By its very nature DRM of media content makes no sense. How can audio and video be delivered to the user without also allowing the user to save and distribute that content later? At some point, the content must be available in unencrypted form, even if that point is when the content is sent to the display, it can just be captured there.
Not really. If it's available to view, it's available. Full stop.
There's no way around that. You can't magically change the universe so that content that's viewed can't be captured. It HAS to be converted to analog somewhere. That signal can always be captured and converted back to a digital form that's no longer embedded with DRM.
Best case: you make it marginally more difficult for a mom&pop computer user to copy your content. Anyone with a lick of understanding and 100 dollars to buy some hardware will be able to get it without any problem.
Worst case: you introduce all sorts of unnecessary security holes with poorly written software, that can't be audited (legally speaking), and does absolutely nothing to slow the availability of the content online and for free.
>> It could be easy to view but hard to save and distribute. Why can't it?
> Not really. If it's available to view, it's available. Full stop. Best case: you make it marginally more difficult for a mom&pop computer user to copy your content. Anyone with a lick of understanding and 100 dollars to buy some hardware will be able to get it without any problem.
The issue you are ignoring is that only one person needs to "save and distribute" it, then the pirated version becomes easier to view than the DRMed version.
The proof in the pudding is that every TV show and film is instantly available online to anyone who can work a BitTorrent client.
No. Netflix is way easier for me than torrenting. I've never pirated music, but I watched a few of torrented movies. However since the ITMS, Netflix and Amazon video become available in my country I never bothered with torrents. I don't even have torrent client on my computer.
You are missing my point - I agree entirely. Streaming services offer a (mostly) better experience than BitTorrent - but only when they are supported by the device you want, and the DRM doesn't get in the way.
My point was that DRM doesn't stop anyone torrenting the content - it only takes one person to break it, which will happen. It does mean some people won't be able to watch the content legally, which will push them away from the legal option.
The only thing DRM really stops is the "let me give you a copy" friend-to-friend copying, which is the equivalent of sharing a VHS copy back in the day. Is stopping that really worth pushing people away from your legal option?
Your first link, there is truth to it, the most obscure and small stuff won't be pirated. Does that matter? I don't think anyone is only looking to defend things that are that obscure. Anything with even a middling number of people interested has it's DRM blasted through very quickly as far as I see.
Your second point, Denouvo is for video games and is a very different ballpark - it turns out storing code to lock things down is a lot easier in an executable vs in a video. DRM is certainly more effective in games (although the evidence is it causes way more problems for legitimate users, and Humble Bundle et al have proven that users prefer legitimate options when they are easy and affordable).
Hard to save and distribute only lasts until one party figures out how to get the content in an unencumbered format. Even if it was hard/expensive for them to do so, they can distribute it to the world easily.
I recall reading another comment [1] on this submission about some DRM technology being claimed to protect content for some 300 days in practice. To me that sounds like it's working pretty darn well.
Consider Intel ME, which has the full control over your device independently on the operating system. If it somehow works together with the DRM module, the DRM will work.
The problem is that being "hard to save and distribute" means it doesn't work. It has to be more than hard. Piracy release groups enjoy "hard", and you only have to do the hard part once for a given title (or usually, for a given DRM technology). Once you strip it of its protection, you throw it online and anyone can download it. And now that you've broken that particular DRM technology, your results are repeatable and can be automated, making future releases available even more quickly.
Fundamentally, I can read or write to any byte in my computer's memory. That includes whatever is coming out of the piece of code that reads in the protected file and then passes it to the video decoder or the display.
Until we have computers that can read and write bytes in such a way that not even a user with full privileges on their own machine can access them (keeping in mind, this user can control the kernel and even the hypervisor), this can't be made to work.
The people pushing for DRM, in my experience, really do have no idea what they are talking about. They tend to be industry lawyer types. People who do understand DRM are usually aware that what they are implementing can be broken, but their VP told them to do it anyway so they can make a deal with content distributors.
Also, the DMCA forbids circumventing copyright measures, so they like to have that as a legal tool as well. As long as they tried something, they can go after anyone disabling it, using the legal system.
This is where technologies like TrustZone, Intel ME, Intel SGX, SecureBoot comes - you will have isolated environment, while DRM will be run in another chip or execution level. So you will need either elevate your privilegies via vulnerability, or via hardware reversing techniques. And it is already happening. Computers arent that open anymore, they became walled gardens already.
Yeah, it is creepy that ME/PSP has full control over modern x86 computers. But that's not about DRM — blame enterprise IT management stuff (Intel AMT).
Apparently ME is somehow used on the DRM path but really it's kinda irrelevant — the whole point of modern movie DRM is that the video frames get decrypted on your display.
Sure. Search for a recent videogame on pirate bay, download a youtube-to-mp3 browser extension, get the calibre DeDRM plugin. Or, if you really want to understand my point, download and learn how to use a disassembler.
For the casual law-abiding user, it succeeds in making it harder to save/distribute. For everyone else, it's only a matter of time before the DRM is broken.
First and foremost that depends on the content being popular. For example there's a ~30-minute video I paid for on Amazon Videos that I would love to have a copy of so that I don't need an Amazon account and internet access just to play the video, but I can't. Why? Because of their DRM and the fact that I can't find it anywhere else. (Admittedly I haven't directly searched on piracy sites since I'm not into that sort of thing, but Googling didn't pop anything up even on piracy sites, and I would be surprised if it's actually out there somewhere.) Sad reality is it's not even because I wouldn't pay for it; I already paid for it once and I'd even pay for it again if someone sold a copy. But the DRM is "working" in terms of making it too hard to get a copy.
But even if some content is popular, DRM certainly prevents people like me from saving a copy, since I'm not one to go on piracy sites and the only reason I want a copy is so I don't have to get authorization from someone every time I want to play something I already paid for. It might be a dumb business decision since I'd already pay for it before getting a copy anyway, but maybe they think that still makes business sense even if I'd pay for it. Regardless of that it still seems to be working as intended.
Yeah, but that doesn't give me a "copy". It will lose quality (and I expect frames as well), and it requires letting the computer run through the entire movie at normal playback speed, which I haven't gotten around to doing. Again, it's been enough of a deterrent for me to do this, which is my bigger point. I never said it's 100% foolproof, just hard enough to be a deterrent.
The argument is essentially that in order for you to enjoy the content, the content must be present unencrypted at some point before it hits your eyes and ears. Because of this, it should always be theoretically possible to extract the unencrypted content at that point.
DRM can't work because the math doesn't distinguish between receiving and decrypting content for a legal purpose like viewing it, and doing the same for an illegal purpose like copying and distributing it. If nothing else, there's the analog hole of recording the screen (which could be done in software).
If it did work, that would be a legitimate reason to include these potentially dangerous, un-inspectable DRM features. But it fundamentally can't, so foisting this security risk on everyone seems misguided.
A chain of hardware, all with private keys in a 'secure enclave' / 'TPM' can deliver DRM that is as unbreakable as the private keys are hidden and tampering detection is functioning. Really, the only hole that can't be patched is analogue recording. Realistically, tampering with the screen or cable is probably the easiest target. Though, compromising the TPM would have more widespread effects.
Mainly that. There's no way to show me a video in my own home wherein I can't simply videotape the screen. So even if it's perfectly locked down digitally, it has to be converted to analog at some point for human consumption, and you can always capture that.
But I also disagree that DRM should be baked into "the web" as a standard, especially when most users seem to disagree, the EFF disagrees, and almost half of the committee disagrees.
It's inherently ineffective because for content to be viewable, information about the DRM is widely spread. Consider Blu-ray. HDCP is a huge hassle for anyone trying to do anything with their video content, and it offers next to no security: Every Blu-ray player, TV, and disc producer has to hold the decryption keys, which means it's trivial for the keys to leak out to the public.
And consider the number of hands a piece of media goes through during the various stages of content production. Movies get stolen from anywhere from postproduction studios to the factories that produce the discs.
Adding a layer of DRM on top of the consumer-facing product does almost nothing to prevent the content from reaching pirate sites. And once they're there, the rest of the distribution problem is easy.
> why people here are so determined DRM can't ever work
It is just that you can not have a video for watching it, and not having the video for distributing it. Computers don't work that way, you either have the video or don't.
That said, things are more insidious than what is on the above paragraph. It's computers that don't work that way, so the solution that many people thought about was making computers illegal, and replacing them with closed controlled machines that resemble them in many ways but aren't as powerful.
If you're capable of actually consuming it (by seeing it with your eyes and/or hearing it with your ears), then it is possible to pirate it. Exactly zero DRM technologies today actually prevent piracy, and exactly zero DRM technologies ever will.
Meanwhile, user-hostile DRM can and will (and already does) push users to simply pirate the media in question instead of putting up with the DRM. Users lose, publishers lose, browser vendors lose, and pirates are entirely unaffected.
I think the most simple reasons to tell that DRM can't ever work, are that:
First DRM proponents have gone very far to protect their content. It costs them a lot of money and from a economical point of view it is difficult to see how DRM help them making more money.
Second: The guys who use pirated stuff would anyway not pay if DRM was working, so why the media industry would bother to struggle with them?
To me the more interesting question is why this particular issue is so important that W3C felt compelled to break consensus. I think the answer to that question is a lot more revealing than another "DRM is evil vs you're an unrealistic hippie" fight. Even if we take it for granted that DRM is good... why?
Given that apparently, google (Chrome), Microsoft (IE and edge) and Apple (Safari) supported the proposal, one could defend the decision as necessary to prevent obsolescence. That is, if they did not pass this, they'd just be ignored by 3 out of the 4 most popular browser producers.
My guess is they claim it can't work because they don't want it to work, and figure with enough agreement someone somewhere will be convinced. (Saying this independently of my own views on the matter.)
Now is the time to make it possible for individuals to use DRM when they publish videos online. How often do media companies show peoples stuff on TV and such without permission? Of course youtube ToS allow that, but this should all be changed ASAP. When large amounts of content actually come from individuals, it's the individuals rights that need to be protected. When will we see DRM for the masses?
It won't be for the masses. For a physical-media model, look at SACD. You can't burn your own SACD recordings, even if you have a DSD-capable recorder; the players will only play signed discs, and the signing keys are only available to pressing plants.
That seems about as viable as allowing anyone to be a certificate authority. This system relies on a list of trusted keys, that chain of trust needs to be anchored somewhere. Notably, easy implementations depend on controlling all trust anchors.
As far as I understand it, not really. You only grant them a license to use your video in the Service or for promoting it. Plus you cancel any rights by deleting the video.
Some cases fall under Fair Use, but it's my belief that unless they request permission from the video author(s), those media companies are infringing their copyright. But we all know these laws are just for the rich - who can afford to sue them anyway?
I sort of hate the way things are turning out and also am not surprised. When I was 10 years old in the late 80s, everything was open to you if you wanted it.
My next door neighbor has a 10 year old son who wants to learn programming. I gave him an older laptop of mine and offered to do some coaching with him about learning to program on the condition that he always has to do his homework first before we do any programming work. And if he hasn't got his homework done or is having problems with it, I'll help with the homework first.
I had a pretty cool person in my life that did that for me when I was a kid. So I want to pay it back.
But when I think about things, man . . . it was wild as a kid. You could do anything on the internet in the 80s and 90s. It was the wild west.
Now days, I'm in the back yard teaching this next door neighbor's kid, and I'm like, "Yeah, maybe don't do that. That could get you in trouble."
When I was a kid, it was always, "Do it! Can't hurt that much!"
It's different now, I think. People are less free to explore for its own sake.
I could be wrong, but I think there was a golden moment of freedom on the internet that is past. And I'm glad I got to live in that.
That will only be slightly more difficult than blocking today, technically.
What would be worse is that there's a plausible text-DRM coming up next, which would make altering contents of webpage illegal, hence making ad-blocking unlawful.
"This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the Clear Key system is required to be implemented as a common baseline."
Does not define DRM .. I am seeing a conflict with the title
"This device is not part of A Bomb. Rather, it implements a common wiring and chemical mixture function that may be used to ignite, and rapidly interact with the surrounding environment. Implementation of A Bomb is not required for use of this device: only the Joke Bang Sign is required to be implemented as a common baseline."
It's weird to see Netflix there, as their service might be one of the premier reasons lots of people can't be bothered to copy movies as much as used to be the case.
The only reasons I can see is that studios/rights owners are either requiring DRM for newest titles, or that they offer rebates on DRM'd material. They rights owners also probably prefer other people to run their errand, as some of them aren't too popular, and others have simply made themselves to a laughing stock in at least some parts of the internet.
Weird? Netflix is one of the only users of EME. Movie rights owners require DRM, Netflix distributes their content, Netflix wants a more standardized way than Silverlight.
> 58.4% of the group voted to go on with publication, and the W3C did so today, an unprecedented move in a body that has always operated on consensus and compromise.
What exactly is the EFF saying should have happened? More than 50% voted to go ahead with it. The majority voted for it. I don't see how the W3C going with the majority vote is a dick move. Consensus and compromise is obviously very important, but when one side is strictly anti-DRM, it's pretty hard to compromise. This just seems like the EFF being bitter that they lost and trying to disparage the W3C.
Part of the EFFs frustration is that the anti-DRM side were willing to compromise, by passing the standard with the addition of agreements to, for example, not sue security researchers who might try to fuzz a CDM or figure out how it worked.
It was the pro-DRM side that were unwilling to make even such a minimal good-faith compromise.
How many people of the anti-DRM side were willing to pass it anyway? Because judging by all of the HN commentary I've seen in the past there are plenty of people who are hard-line no DRM under any circumstances.
> Consensus and compromise is obviously very important, but when one side is strictly anti-DRM, it's pretty hard to compromise.
When it's the first time they've broken with consensus, and the decision is very much not in the best interests of the common user - it's kind of a big deal.
DRM may be a necessity for corporations to feel they can make money safely - it's not consumer friendly, and it certainly doesn't need to be a part of the open standard.
But it is in the interests of the common user. It's absolutely beneficial for browsers to have a standardized API for this stuff instead of non-standard plugin hell. People like you seem to think that if the W3C rejected DRM then sites would stop using it (and hence this being for the benefit of the user). But that belief is hopelessly naive. Sites like Netflix are never going to stop using DRM. They're contractually obligated to use it. Without EME, Netflix has to rely on plugins like Silverlight. With EME, Netflix can ship an HTML5 experience that works everywhere. That's good for users.
The EFF wasn't pushing for "don't standardize EME". It was pushing for "add a clause to the EME standard that prevents it being abused in certain specific user-hostile ways". In particular, it would prevent it being abused to prevent actions by users that are perfectly legal under existing copyright law.
This is a complex topic with a lot of nuance to discuss, but I don't see how misrepresenting the EFF's position helps the discussion in any way.
> People like you seem to think that if the W3C rejected DRM then sites would stop using it (and hence this being for the benefit of the user).
When did I say that? Specifically? Why did you assume I'm ignorant of the way corporations operate?
That's on you. Not me.
> It's absolutely beneficial for browsers to have a standardized API for this stuff instead of non-standard plugin hell.
Except the standard that they adopted is not friendly to the end-user. So "Non standard plugin hell" becomes "standard DRM hell."
A while back Widevine stopped working for me after an update. Uninstalling and reinstalling didn't work. End result? Almost no video played in my browser. You know what still would have worked? Pirate Bay.
You can spin it however you want. DRM is good for content providers. It's not good for users.
If Netflix requires DRM - so be it. They've got good engineers, they can provide a DRM plugin that you have to use. Or a standalone player. If a service doesn't have good engineering, their service will suffer.
It doesn't need to be a part of the open web standard.
> A while back Widevine stopped working for me after an update. Uninstalling and reinstalling didn't work. End result? Almost no video played in my browser.
You were doing something wrong perhaps. I have never installed widevine, yet all videos online worked for me. Try uninstalling it completely.
On one hand, this is terrible for freedom in our software; on the other, this isn't the "death of the open Web" that some are proclaiming.
The media groups want DRM and they will get it. This doesn't mean that we are going to lose all freedom on the Web. It's a step in that direction, certainly, but we're sure as heck not there yet.
I feel you've brought the Browsers (Software, layer 5+) to an ISP fight (Layer 1-4). One that the 99% lost a long time ago. This has been snowballing for a very long time, I feel that momentum is minimal. This snowball is being pushed by pure force.
But I think it's still a possibility. Never underestimate companies that want to "innovate".
I mean, standardizing a DRM API on browsers is probably going to bring us a lot of new "tools" which people will try to use for a lot of different things, and I can very easily imagine they will explore the possibility of paywalls and such.
Not saying you are wrong, just saying that sometimes layers don't seem to be as separate as we engineers would like them to be.
It is already very difficult to distribute your own content without subjecting it to some other entity's distribution system, and soon it will be impossible. Chrome and friends will refuse to load unsigned content, and then the death of the free web will be complete.
> Chrome and friends will refuse to load unsigned content, and then the death of the free web will be complete.
I'm going to need some citations that this is even remotely in the plan (and requiring HTTPS isn't the same as refusing to load unsigned content, since that's on the transport level).
I don't think he ever said HTTPS. By "unsigned content" he meant that video files for example can't be played unless a Hollywood rightowner has granted playback access for the file.
However in the future this DRM will be an freedom-of-speech issue. The goverment could use it as means to silence people. North-Korea is currently ahead of us. Any videos you take could be automatically signed and later on pulled by the gov. by revoking the signature. Now extending this to basic text, images, VR?, and whatever new mediaformats there will be in the future.
I highly recommend watching video where a tablet from North-Korea gets inspected. It explains how NK keeps control of its citizens.
I'm not knowledgeable enough to fully disagree. However, I do not feel it is the browsers job to ignore a potentially useful technology (albeit for some evil media companies) because you have a distribution/marketing problem with your own content.
I think they will instead include this tech and make it usable for those who want it and continue supporting non-DRM media for those who don't want it. They're not going to block your ability to share your content without DRM.
I would love to see how that's working out for them, but even to wonder about the experiment borders on paedophilia. This is a tough nut to crack. (punintended...)
this is just the first step down a slippery slope.
and it _is_ a slippery slope.
are you really going to _not_ use gmail and google maps because you can't see the source code? of course you're not. but is it beneficial for google to lock their code up behind a DRM blob? of course it is.
so there is every incentive in the world for web pages to be made proprietary, and no incentive at all for users to put up a fight (which is why this first step is so important: because it's being made at the level of technologists, who supposably have the insight to know why it's important).
but after this, the progression will be slow, but relentless, toward a closed web. Even if a subset of ideological wackos decide to fight... they're just ideological wackos.
Stallman was right, and this is the exact same thing playing out again on a distributed medium.
> is it beneficial for google to lock their code up behind a DRM blob? of course it is.
No, it's not. Their code is locked behind… uh… A SERVER. You could never see the server side code, and it's always been that way.
They do not give a flying fuck about people looking at their JavaScript UI code! That code is really, really NOT where the value is. The value is in the service — the databases full of data, the user accounts.
Did Apple actually support this proposal? Seems like their own self-interest would want them to reject this. The lack of a standardized web DRM would push developers to native apps which benefits Apple. And web DRM doesn't benefit the iTunes eco-system.
What benefit is there in the EFF resigning? I'm not educated on the issue as well as those on the committee, but it feels like not having the EFF on the committee at all is going to do more harm than good.
Not everyone thinks in utilitarian terms. And, maybe the EFF thinks the W3C is now an organization focused on legitimizing whatever big tech companies say. If so, they'd probably not want to be considered a part of that process.
Oh, but maybe they do think in utilitarian terms (and it's not bad, either). Them staying would legitimize W3C's decision. As it is, many (myself included) look at EFF for early warnings, and them leaving W3C is an important signal (hell, that's why we have this thread in the first place), and made me personally seriously lose trust in W3C.
> but it feels like not having the EFF on the committee at all is going to do more harm than good.
Well, having them on the committee did no good. I fully support the EFF's decision to jump out of that septic ship, and have shown my support by making a donation this afternoon to thank them.
Doesn't Firefox block DRM content by default? If they continue to do so, and if Chrome does so, then this shouldn't have much effect. If most peoples browsers block it, apps shouldn't use it.
No, I mean Play DRM content, not Flash plugin. I'm on developer edition though, and it's been a while since I installed it, so I might be wrong. Thanks for your info!
The default in Firefox depends on which build, which operating system, which distributor. It's a boolean pref that you can flip the other way if you don't like the default you got.
> In their public statements about the standard, the W3C executive repeatedly said that they didn't think the DRM advocates would be willing to compromise, and in the absence of such willingness, the exec have given them everything they demanded.
This sentence in particular fills me with rage. These are people and groups who have refused to innovate in the face of the web and have used their clout and momentum to ensure that they never have to again.
So much for the democratization of media the web was supposed to bring. Money still speaks louder than anything else.
Good! Let them do that, and let us keep working on things like ipfs, blockchain naming systems, matrix and host identity protocols. The more they try to corrupt the web, the more energy goes into fixing the broken architectures. Then one day, nobody will use the broken DRM net. Politics is a programmer's most wasteful use of his time. Code them out of business.
Unfortunately network effect is HUGE when it comes to the internet. Just because you can code a superior internet, doesn't mean people will move to it en masse.
All networks have a lifespan. Some of those lifespans are longer than ours. But there will come a day when another user-facing network supersedes the internet.
Many "superior internets" will have lived and died before then, so your statement holds. But progress depends on someone who doesn't resign themselves to failure.
I'm afraid of this becoming the status quo. Everything is going to be a binary blob that you either download and run or you don't. It's really shortsighted to say "if Hollywood doesn't get DRM, you won't get Netflix". The market is there, it just wouldn't have been as easy for Hollywood to do so.
Now we have made it easy (and even standardized it!).
Tim Berners-Lee isn't dead. And if you read the article, you'll see that he was actually the one who originally overrode the EFF's objections to publishing a DRM standard in the first place.
I read that as the poster being sarcastic-- the logic being that if the W3C made this decision, it must mean that the spirit in which Tim Berners-Lee created the web died some time ago.
So Tim Berners-Lee "must be rolling in his grave," quite aside from the fact that he is still physically alive and doing fine.
Perhaps people are simply projecting what they think "the spirit in which Tim Berners-Lee created the web" is on the man?
Even if he put words to them early on, it's easy for someone to claim lofty ideals when creating something and later realize that's not true to what they believe in.
This whole fanboy-heroism is probably a big part of why people don't act for themselves and are left to cry when their 'glorious leaders' "betray" their interests.
Can somebody explain what exactly is happening here? What were the pros/cons of the move? e.g., it is possible that browsers are in a tight spot: If they fail to provide certain functionality, then content providers just move to native apps. Was that the tradeoff here?
W3C decided to publish a final version of the EME specification. W3C is the place where member companies come to write and negotiate the specification for how many web technologies should work. EME is an API for talking to a audio/video DRM module. EME (and the corresponding DRM modules) have been shipping in all browsers for years.
A large minority of W3C members, led by EFF, were trying to tie the publication of this specification with a legal contract (called a covenant) between members preventing them to sue people (under laws like the DMCA) if they did nothing more than break the DRM. This would leave copyright infringers liable to law suits, but not security researchers, developers of accessibility add-ons, and so on.
This proposal gather a large minority, but a minority nonetheless.
The W3C process doesn't let the majority win automatically. Normally, it goes by consensus, and keeps negotiations going until all find something they can agree on. If that fails to happen, and someone objects to the decision being proposed, the director of the W3C (who is incidentally the person who invented the web), gets to call the shot.
If a majority of members thinks he called the shot wrong, he can be overturned in appeal.
This decision to publish the final version of the EME specification without a covenant was appealed, and the appeal failed.
Instead of creating the right tools for making web apps a lot more native, feature rich and consistent, they just make the favours of a couple media companies like Spotify, Netflix and Google. I hope the W3C dissolves after that._
I'm hoping that WebAssembly might be a route towards allowing something like this to happen. If an alternative to HTML/CSS/JS could be developed in WebAssembly, then we could have a situation where HTML has competition, rather than being the only way to build a website. And browsers can become simpler as the rendering duties are moved out of the browser and to the website itself.
Well, the W3C only matters to the extent they have credibility.
Not that one thing will break that. But there will be future efforts where a positive outcome hinges on the credibility of the W3C's process. Those may not go as well.
I am so mixed about this. In principle, this is a terrible idea, and I share many of the concerns in this thread -- I am not a fan of DRM. But as a consumer/end-user, I'd much prefer a standard DRM over Flash/Silverlight any day of the week.
The real question is how we get rid of DRM in the long term. Piracy isn't going away. Hopefully content owners will one day realize the economic cost of implementing DRM isn't worth its return, and only serves to alienate paying customers. I imagine it might take some years for them to realize this however.
I don't disagree with you, but the average consumer just doesn't know enough to care. We don't have the power to not 'give them an inch' until the consumer is educated, and pretending we do isn't getting us anywhere. Simply put, we have no leverage, the W3C has no leverage. Consumer education is the most powerful tool we have here, which is why the EFF etc. is so important, but this is necessarily a long term strategy.
> "Maybe if we wish on marshmallows and rainbows, this statement will come true this time!"
Well it worked with music... You can now buy DRM-free music in lots of places.
The music industry realized it just wasn't worth the investment to insist on DRM, and it was actually harming them (consumers were becoming confused, didn't want to buy music not knowing if it'd work on their next device, etc.)
Maybe now's the time to abandon the W3C - Maybe we can encourage the EFF to create a "Free Web Consortium." Sort of like "let's encrypt." I think this would better server a free and open web for the 21st Century and beyond. It appears, based on this information from the EFF & their exit from W3c, the W3C has become corrupted at some level.
Battery life and data minimization should take precedence over extras. It is time to standardize on precisely the bare minimum necessary to render content, and that certainly excludes DRM and auto-play video ads and other endless cruft.
Simply put, I don't want my battery burning through unnecessary restrictions-addition software (both downloading and running).
Would someone mind helping me understand the debate? I don't watch TV or even movies very often (when I do I use Amazon prime). I never watch movies more than once. I do listen to music multiple times. But AFAIK all the MP3s for sale on major sites are DRM-free nowadays. What are the main specific scenarios involving DRM that people are talking about here?
Have you tried watching Amazon Prime on Opera browser? Most premium content will not play on any browser other than Chrome, Edge and Firefox. If they play, it will be only SD version. This is not because Opera has not implemented some web standards. It is because the major three browsers have all implemented a proprietary system of content protection.
There is another side of this story. Let's say you have to publish content on your website. You do not have any way to publish it as securely as "Amazon Prime" without signing an agreement with Google and Microsoft.
Thirdly, there comes DRM protection rules thanks to team MPAA. In most countries, you can not try to reverse-engineer the proprietary decryption module that comes with browsers without breaking laws.
Because of the above restriction, security professionals cannot break into the proprietary module to detect security vulnerabilities.
The likely fallout of this decision is that web pages will cease to exist and will be replaced by tiny DRM protected proprietary binaries for which the web is simply the delivery mechanism.
It's not just about movies or music, but also about text pages.
Big content has now managed to co-opt the open web. It is no longer a network of peers (some bigger, some smaller) but introduces two tiers, owners and users, and all the power disparity that comes with that.
W3C is not an organization focused on morals. It is an organization which exists to advocate for and codify open web standards (note, not an open web, but open standards).
Again, they're not charged with "the common good." Their goal is, "if there is going to be DRM content served via HTTP + web browsers, we should provide a standard API for it so browsers can implement it natively without plugins."
Their place is to be pragmatic and technical, not political.
We should simply start doing new standards through other organizations. There's no fundamental reason to float new standards through W3C rather than some other organization.
I'm completely confused why the W3C is relevant at all. This already did happen, the browsers created the WHATWG. Since the browser vendors' opinions are the only ones that matter, why do we care what W3C thinks?
I disagree that browser vendors are the only ones to matter. The web is used for many things, like legal documents between private parties, by the government(s), for education, personal notes, literature/cultural heritage, the entire way we consume and perceive written information in this age. Do you want to leave all that to an ad company? Because that's what you're effectively doing when you give WHATWG this role.
You are of course right that browser developers/vendors get to decide what they're implementing. But web authors, OTOH, can decide which format their works are published in. Browser vendors and WHATWG have shown no interest in simplifying the web. Rather, they're piling up monstrosities of unnecessary complexity, with the effect that, willingly or not, it is becoming infeasible to develop a new browser from scratch.
Most of all, WHATWG seem uncapable to come up with any privacy protection mechanism; instead, we're getting DRM. Honi soit qui mal y pense
I think that W3C is what makes us believe we're sitting at the table when it comes to decide where the web is heading, when in reality we're not. So while I think W3C has good intentions and is acting in good faith (I'm somewhat undecided on DRM, please convince me of your opinion), I hope for a push to bring the lack of stewardship of the web to public attention, and another standards body (ISO/IEC, IETF, whatever), or W3C under a new statue to emerge and take the role of W3C-as-it-is.
(Re-posting this from the other thread [1] which didn't make it)
DRM was coming to browsers with or without the W3C’s blessing. In fact, it was already there via plugins and wasn’t going away. This has changed nothing except where the implementation is documented.
DRM doesn't and will never work. It only serves to annoy people that pay for the movie/game/whatever legitimately. It's against everything the W3C stands for.
You dont' have to support something just because it's happening. You fight it, you don't give into it.
> DRM doesn't and will never work. It only serves to annoy people that pay for the movie/game/whatever legitimately.
I never said otherwise, and in fact I totally agree. A big part of my annoyance at the outrage over EME is the automatic assumption that you must be pro-DRM if you're not joining the furor.
> It's against everything the W3C stands for.
No, that's you (and everyone on this thread) projecting. The W3C is, and has always been, an engineering interoperability organization developing a data interchange format. It's right in their mission statement: "The W3C mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web". Notice what isn't in that sentence. Everything about "freedom", "openness", etc. is other people projecting onto them.
Before EME, web DRM is documented in the various plugin architectures. After EME, web DRM is documented in the HTML5 spec. From an engineering perspective, the difference is practically nil. The emotional overreaction here is just because of a perceived betrayal that isn't even real.
> No, that's you (and everyone on this thread) projecting.
"The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability."
I don't know mate, that seems pretty clear to me.
> ensure the long-term growth of the Web
Without DRM the web will die? It seems to have been fine so far, would you not agree?
"Pretty secure" needs to be qualified though. Yes: there are DRM implementations without known holes. There is, however, no DRM protected content I'm aware of anywhere that doesn't exist in a high quality unprotected form somewhere indexed by TPB or wherever.
I mean: yes, average users can't crack their Netflix app. Everyone can still grab Stranger Things via torrent as soon as it drops. So does that count as "working?"
- Makes archiving unnecessarily difficult/impossible.
- Micromanages legitimate use, including limiting legal
usages.
- Reduces or eliminates goodwill towards platforms, content distributors and content producers, e.g., it ain't cool.
- Reduces sales through introducing artificial barriers to social network effects, i.e., torrenting often increases sales and popularity through lower-barrier social network effects.
DRM-free fails if people don't pay for it, but this is rarely the case as the majority of people seek to be honest and support their favorite content producers to keep creating more.
However, if like the RIAA and MPAA going after every single dime like corporate justice warriors, people can and will crack the DRM and share content or simply look elsewhere.
Yes, absolutely. What's confusing about that? If the DRM benefactors have to keep developing shitty, expensive, unsupported plugins that need to use unofficial APIs and therefore be updated all the time, it's going to cost a lot more to use DRM.
Although I share your enthusiasm, I don't think closing the barn door after the horse left is going to help. Customers have to organize and demand an end to DRM by force of withholding money, clicks and eyeballs ...
"Power concedes nothing without a demand. It never did and it never will." - Frederick Douglass
I'm not sure what your analogy is supposed to express, but this isn't some ideological stand; it's a simple matter of increasing maintenance costs for DRM software.
Will it matter? Any organization created to manage web standards is going to be dependent on browser vendors. Google/Microsoft/Apple want DRM so we get DRM.
DRM can't work in theory, but it is working in practice.
If someone writes a piece of software that allows downloading of DRM-ed content (without losing quality, and playable anytime) from the big names (Netflix, Amazon, etc), then this battle would be won.
That piece of software already exists, and no it doesn't win any battles. It's not public of course, for the hole would be patched. There's nothing new about this cat and mouse game. It is becoming increasingly difficult though due to increasing involvement of hardware companies. Breaking processor based schemes is a lot harder if not impossible.
Not by a long shot. Where would you put this solution once you found it? Github? Npm? Of course corporations will sue these organizations out of existence for hosting a DRM work around, so they won't be able to host it. So at the end unless you can find some cool Russian hosting (a la sci-hub) you are straight out of luck.
The real problem is not creating a solution, but finding somewhere to put it that people can actually get to.
In practice, you'd have techies with the bit between their teeth passing magnet links around, and media companies playing whack-a-mole with anyone who hosts it too visibly. Meanwhile, anyone who makes a modest effort can get a DRM-free pirated copy without trouble, and the 95% of people who don't bother will continue paying for their Netflix subscription.
Although many don't use it (yet, still, and maybe never will), the "place to put it" problem is already solved, isn't it? Worst case, put it in a "dark" corner of the web :)
What are you talking about? Every popular TV show or movie is hosted on a free platform (free meaning both no cost and allowing freedom). How is that "working in practice"?
We are taking about DRM here. How do you know they are being stolen by breaking DRM? Maybe they copy DVD's or screeners or hacking a content provider. Not necessarily bypassing DRM. Some that do that I've seen are very low quality, hence my statement about lossless.
Either way, DRM isn't "working in practice" if all the information it purports to protect is publicly available.
DVD's have (broken) DRM, so ripping a DVD counts as breaking DRM. Screeners are also a work around for DRM. Hacking a content provider wouldn't provide the constant stream of content that is available from various separate companies.
I think that denying that DRM is broken requires some pretty serious ignorance of the reality of the situation.
This means I now have an excuse to avoid paying for content eve further.
You didn't want to play nice, so never will I, I will continue to torrent stuff from majors while continuing to participate in crowdfunding and supporting indies.
That would suck, but EME has existed for several years (and Silverlight/Flash DRM before that) and I don't think the educational course providers ever embraced DRM??
It's directly tied to video, it's not possible to use for news articles. And, uh, it's been available for several years. It's only used by Netflix and the like.
I understand them both to be based on Chromium at this point. Chrome already has support, so if the Brave/Opera browsers want it it's pretty much just a flip of the switch (Opera may already have it, I think).
Basically if your browser lists any kind of Content Decryption Module (usually something called Widevine) among its plugins, you have EME support.
I understand the point the EFF is making, but I'm not sure if leaving the body that influences web standards is the right way to get your voice heard on web standards.
Whenever compromise fails, both sides blame the other for refusing to give any ground. Obviously browser vendors have a lot more power than the EFF does, and don't necessarily need to compromise as much to get what they want. But I'm curious, for their part, did the EFF actually offer any compromises in defense of consensus?
Edit: You guys are totally right, I missed it in the original article. Shame on me.
We offered to open a discussion about a covenant, modelled on the W3C's own patent covenant, that would mean that W3C members would agree to only prosecute those who had broken the DRM within a W3C standard, if they had another cause of action. That's to say, those companies could prosecute you if you broke the DRM and used it infringe copyright, but not if you only broke the DRM for lawful purposes -- such as security research, for accessibility, to protect privacy, and so on.
There was a sizeable component within the W3C (I am still unsure as to what degree I can reveal how much, given that the W3C holds members to a confidentiality agreement.) who felt this was an important step to take before making EME a standard. In the end, the W3C executive team overrode those objections, and decided to go ahead without any such covenant.
You can now for the first time be prosecuted for revealing a flaw in a W3C standard, overriding a browser "feature" on behalf of its user, or making a HTML video accessible without first asking permission of the DRM vendor who obfuscated it.
The covenant would have been a nice step forward and it's unfortunate to see that it didn't happen, but I think you overstate the consequences here.
> You can now for the first time be prosecuted for revealing a flaw in a W3C standard, overriding a browser "feature" on behalf of its user, or making a HTML video accessible without first asking permission of the DRM vendor who obfuscated it.
Presumably you're referring to the DMCA anti-circumvention provisions? Your second two examples are just as illegal now as they were yesterday: EME was already a browser "feature," already being used for HTML video. The only thing that's changed is the "W3C standard" part.
The vendors presumably would have been fine to take EME, already a de facto standard and just leave it as-is, or "standardize" it in another body. Forcing that would have been nice for W3C's purity and image in some circles, and maybe even a good move, but it doesn't seem that it would have made any practical difference.
Ideally all content publishers start to really depend on this "feature" and then one or two of the major browser vendors a few years down the line suddenly stop enforcing any restriction the DRM had. Now the publishers have to spend a bunch of money to move back to the plugin style DRM.
Our democracy has a problem. Crony capitalists will sell out to corporations. They will reject the democratic process in order to sell out to corporations to have power to monetize those citizens. They don't care about protecting citizens.
The DMCA is one of the greatest threats to modern democracy, as it is used to remove specific content from the primary global communications medium (Internet), which makes it a very handy tool for censoring.
And the W3C just standardized a tool to support the DCMA...
Maybe this is terrible. Maybe this is the beginning of something totally new. There is nothing about WWW that prevents us from using totally different technologies, other than being really pretty good.
58.4% is more than half, but the title says it can't really be considered a consensus. Lots of commitees try to avoid passing things by simple majority and instead refine and/or compromise ideas until they get more buy-in.
Grassroots populist opinions of the people only prevail when the wealthy and corporate interests already coincidentally happened to be lobbying for it. And by coincidence, I mean overlap, so it isn't just a matter of convincing the wealthy interest groups either because they don't care.
This study was regarding laws passed and regulations changed, but it would apply to non-state consensus garnering organizations.
> Multivariate analysis indicates that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence.
Same study, in article form with graphs, responding to critics of the study
What's the point, if this is another one of those "industry groups" they could at least have the decency to make it a great corporate junket with a meeting in Las Vegas or something.
My graphics processor supports this encryption. My monitor supports this encryption. My kernel supports this encryption. And we're going to draw the line at EME-- the glue that sits between my web browser and all of this infrastructure? That's the line that we just can't afford to cross?
It's not the fault of the consumer for purchasing hardware that supports this stuff? It's not the fault of the OS developers for supporting it? It's squarely on the W3C and browser vendors for making it accessible?
Seems to me like the EFF is going full Stallman for no actual purpose, and to the detriment of their reputation and role in future W3C discussions.
