which is an active protection of the user against malware.
You should look at how Mozilla implemented EME then. The CDM is sandboxed, in a much stricter sandbox than the rest of the browser even. So no, the CDM potentially being dangerous (for privacy or security) isn't actually that much of an issue.
Of course, someone might at some point claim that the privacy features harm the copyrights protection, at which point choices will have to be made.
History provide ample evidence that Mozilla will make the choice their users ask for (which is, by the way, not necessarily the choice some users will voice the most loudly).
To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
I'm not saying this is a good thing, but "people should just not watch DRMed video" is not an actual answer to the problem at hand.
that's the whole point: if your product is so amazing that your users will do that, then it's great! but those of us who are NOT your customers will be able to exist without the attack surface on our machine.
So you claim that Firefox (and other browsers) should implement malware or a malware interface into their browser so that users don't have a reason to download and install some other malware?
I don't know about the GP. I claim that a form of DRM that Mozilla begrudgingly accepts into Firefox has better odds of not turning out to to be "Sony Rootkit" literal malware than if everybody else is rolling their own.
This battle is lost, let's not lose the war to have our little Alamo moment.
No, I am saying that browser manufacturers should slightly increase their vulnerability surface area (and maybe not at all - I don't know the internals of EME) in order to provide a locked-down feature to users that they would only otherwise get by downloading a native app that has access to their local file system, amongst other valuable things.
It's the same logic that leads to them to support JavaScript.
Assuming the motivating reasoning here is that the overarching goal of the browser vendor should be to protect the user, the question still is what timeframe it is appropriate to consider. If the browser does not implement DRM, the user may download an infected native app to watch Netflix or porn from some far shadier website or whatever, sustaining more harm in the short run; however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root. This will maybe chip away at the addictive convenience of Netflix and co, and so they won't be able to dictate terms to the computing ecosystem as they evidently can right now, benefiting the user in the long run.
The "garbage-piled-up-on-grandpa's-computer bad" isn't an isolated incident, and is a relatable category, as you imply in your usage, because it is a common problem. IE toolbar plugins and "special download managers" have never gone away and likely never will, those sorts of malware will continue to just change shapes. Your grandpa probably just wants to play poker with his buddies and his buddies are on Joe's Terrible Malware-Infested Poker Site. Convenience, pragmatism, and social network effect immediacy beats theory, logic, and "long term thinking".
Replace "play poker with his buddies" with "watch movies his buddies are talking about" and "Joe's Terrible Malware-Infested Poker Site" with "Netflix's DRM-Infested Site" and the results are the same every time. Your grandpa isn't likely to care if Netflix has DRM or not so long as it doesn't stop him watching movies. If Netflix, because it's the brand he and his buddies trust, tells him to install a thing to keep watching movies, he installs the thing.
Maybe, maybe you might be able to convince your grandpa to stop watching videos using that thing he installed because it's bad for his computer's health... but there are a lot of "grandpas" out there, it's a huge category of people that "I just want to do the thing and I don't care how so long as it works and is convenient".
I don't think this a question of timeframe, it's a question of do the right thing for the most users. There are a lot more "grandpas" than there are DRM-fighting or at least DRM-wary concerned citizens like you or me.
> however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root
This is clearly written from the perspective of somebody who never did help desk work or helped family or friends with computer problems.
Your point being... that I underestimate how people will keep downloading them anyway? I haven't done help desk work, but have been asked to do plenty of the latter; over the years, at least in my vicinity, skepticism about downloadable plugins had certainly developed to a level where I would only ever see the "half of the window is toolbars" IE screenshots in 4chan /g/ snark threads anymore.
Yeah, that was my point... unless things have like drastically changed in the last few years I think you're overestimating the level of user education.
If Firefox doesn't support DRM Video Mozilla dies. Users will not use a browser where they can't watch the videos they want to watch and those videos are under DRM.
You can't solve this problem at the standard level or the browser level. You can only solve by education users enough that they see no DRM as a feature and at the legal level by enshrining user protections in law.
> To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
False dichotomy.
Instead of exposing a small percentage of users to large attack vector (native app), you are exposing a very large percentage of users (close to 100%) with a lower attach vector. THe potential for damage is much, much higher, since it would affect about everyone using the Internet with major browsers.
For all the DRM Netflix has pushed down our throats, they still serve many titles (mainly movies and not their own productions) in piss-poor quality with those browsers whose users' freedom they have crippled. And I do mean absolutely awful quality as some titles clock in at less than 1000 kbps which isn't even nowhere near DVD quality.
Rather: "the browser where you cannot see DRM-infected video" - which is an active protection of the user against malware.