"Circumventing" is much more broadly defined than it should be.
It's not just illegal to redistribute copyrighted material. That's the point of copyright and has been the case for a long time. It's also illegal to watch/consume content yourself in any way that the copyright-holder didn't explicitly enable, even if you have a general right to watch/consume that content. You're not allowed to create a browser that can watch DRM-protected Netflix content. And if someone does create such a browser, it's illegal for you to use it, even if you pay for a Netflix subscription.
That's pretty new (circa 1996 or so).
In 2002 I went to see Lawrence Lessig argue the Supreme Court challenge of the Digital Millennium Copyright Act, which introduced these anti-circumvention concepts. Here are my notes: https://allafrica.com/staff/kwindla/eldred.txt
I realize this is specifically about DRM content, but I feel like it won't be a stretch to try to apply these laws to common content.
Lets all start running Gopher servers again... Fuck the modern web.
Anti ad exit node proxies.
Basically an ecryoted proxy connection to a powerful ad stripping instance that will randomize and pipe all that shit to dev null, and reply to trackers with addesses of their competing ad systems.
So that every ad for “microsoft” appears as though its being used by apple users...
Someone who wants privacy/anonymity is likely to not want ads, but I think those who don't want ads is actually a larger group.
though at this point it is kinda predictable - all news sites, except the ones with paywalls (and if you haven't bought the subscription, then its pointless visiting them). All information sources, except a few notable exceptions (usually aggregators like HN/Reddit, but also Medium).
Everything else divides into SaaS products, personal blogs and random shit. Random shit is usually ad-supported, the rest are usually fine.
it's all sort of moot anyway - the ads model is crap and getting worse, and businesses are going to have to move to something else soon. I don't think we'll have this problem long.
I'm often told in advance, by virtue of it coming up in a search result, promoted link, friends post, etc.
"This site contains adverts that perform obtrusive tracking" is seldom mentioned before or during the visit, the only way to know is by trying to block all such things and seeing the site fail if it tries to block the blocking.
Sometimes the advance information of content relevance is deceptive of course, and this often coincides with darkest patterns in the advertising/tracking.
that describes every command line / terminal web browser.
However, based on that premise they've instituted rules to "protect" intellectual property, but unfortunately they're so weighted toward the "owner" of the IP that they do (IMHO serious) harm to regular users and consumers. It seems to me that regardless of which political side you fall under, we should agree that governments exist to protect the rights and interests of everyone, not just a select few.
Something is really wrong here, and getting mad at Google or Widevine or some other company is a red herring. The real problem is what we've allowed our government(s) to do. We need to fight back there. Once the government isn't propping up the companies anymore, their abuse will disappear.
To the established owners of IP. If you're not an established creator, you're going to be on the side that gets hurt by the IP. Some IP claims are gonna hit you sooner or later, and even if they're complete bullshit, you won't be able to do anything about them.
Established owners can generate enough of a fuss that they could cause an outrage big enough for some actual human to look into your issues, but if you're not big enough for that... tough luck. Try again from scratch once Google cuts you out. This happens regularly across their products, be it Google Play, YouTube, or Chrome's extensions store.
Systems fucked. The little guy should have the advantage, not the already rich one.
Replace companies with nobility or aristocracy and you're talking about a problem as old as civilization itself. The fact is, small groups with control over a lot of resource (elites) will always work to consolidate and secure their power. Barring some radical, unforeseen technology, the masses of people will always have a more difficult time coordinating their actions to prevent this. This is the class struggle narrative of history.
When was that?
Some of it has been overturned recently but limits have existed for periods of time.
Meanwhile, mainstream television is waning in influence for political advertising. Now it's all about Facebook. Think of the micro-targeting turnout power they have. It's obscene!
I have no interest in a fallacious debate.
The problems with democracy that were described _still_ exist today. One can dislike communism and still acknowledge the criticisms of capitalism as valid and in need of address.
Communism was never actually executed true to the image. The state of the proleteriat was supposed to wither away - instead it became a dictatorship with secret police.
It is also legal to do a reverse engineering of software to allow it to run on your system, software, hardware (so I think a browser also applies).
(I'm not a lawyer, just reading some of the more technical law articles)
There are lots of differences in the details, but I wouldn't make a blanket statement that it's completely legal without actually checking the corresponding laws.
The directives are "transposed" into national law, country by country - and each country can (and does) add a local "flavor" to it. So if the Poles have watered down the anti-circumvention clause (it is very vague in the directive, giving a ton of maneuvering space to the national parliaments), the situation he is describing is very possible. On the opposite side of the spectrum is traditionally France, with its (fortunately incredibly ineffective) three strike system. Very different approaches to things even though both countries are implementing the same copyright directive.
The other type of texts coming from Brussels are "regulations" - those go into effect immediately, without having to be rewritten into national laws. GDPR is an example of such regulation.
Be careful with that one. The Netherlands had that too until some European court decided that our laws were foolish and went "that's all wrong, it's obviously illegal" after which there was case law about it being illegal and now it's illegal. The ministry immediately went "oh, well, we s'ppose it's illegal then from roundabout last week!"
In case you were wondering who's behind this expensive lawsuit that lasted from 2008 to 2014: we had "home copy tax" (thuiskopieheffing), so you pay a few bucks extra for storage devices (hard drives, usb sticks, smartphones) and that was redistributed to rights holders as compensation for "home copies" (copies for personal use in your household, backups, that sort of thing). Shops did not like that they had to pay extra taxes that they did not have to pay in other countries, so they went to court and got us where we are now.
Dutch news about it: https://tweakers.net/nieuws/95332/nederland-mag-illegaal-dow...
> Nederland stelt dat het downloaden van dergelijk materiaal hetzelfde is als het kopiëren van een cd of dvd, maar daar gaat het Europese Hof niet in mee. Volgens het Hof kan een wet die 'geen enkel onderscheid maakt tussen kopieën uit geoorloofde bronnen en kopieën uit vervalste bronnen' niet worden gedoogd, omdat dergelijke wetgeving auteursrechtinbreuk kan bevorderen.
~ The Netherlands claims that downloading of such material is the same as copying a cd or dvd, but the EU court does not agree. According to the EU court, a law that makes 'no distinction can be made between copied from allowed sources and from forged sources' can be allowed, because such laws promote copyright infringement.
Dutch news about the government's response: https://tweakers.net/nieuws/95335/kabinet-nederland-heeft-pe...
> Het is in Nederland per direct verboden om auteursrechtelijk beschermd materiaal te downloaden uit illegale bron, bijvoorbeeld via torrentsites en nieuwsgroepen. Dat stelt het kabinet in een reactie op een uitspraak van het EU-hof.
~ It is in the Netherlands henceforth prohibited to download copyrighted material from an illegal source, for example through torrent sites and newsgroups. This is the ministry's response to the ruling of the EU court.
So we didn't need any law change, parliamentary debate, nothing. It was in effect right away.
We have kind of the same in Germany, and our overview on Wikipedia looks even more complicated and expensive than yours. You're still not allowed to circumvent effective copyright protections to make your private copy. But I'd be surprised if e.g. music only available with DRM would be excluded from earning a share of that fee.
Interestingly, before the recent EU copyright reform, this fee benefited only authors directly, instead of the rights holder.
As per https://en.wikisource.org/wiki/Polish_Copyright_Law
Article 23, paragraph 1:
> It shall be permitted to use free of charge the work, which has been already disseminated for purposes of private use without the permission of the author.
Article 6, point 3:
> the disseminated work shall mean a work which, with a permission of its author, has been made available to the public by any means whatsoever
So, it is legal to access the work without permission, if author gave prior permission to make it available to the public. However I'm not sure if selling a book in a store or showing a movie in a cinema would automatically mean that such work can be downloaded freely from the Internet - technically the work is available to the public, but I'm sure the author did not give permission for the work to be available on the Internet.
I'd advise not giving out bad advice then stating absolutes about the legal situation that are wrong.
Try not to help them by paying for entertainment.
That does depend on the countries, at least on my case in France there's an accessibility exception which makes it okay in his case to break the DRM legally because he does not have any other choice.
HTML DRM is antithetical to the Open Web itself. It was built on a sham of "plugin-free" media playback, but all we did was change Flash and Silverlight for a whole range of closed black boxes, which in turn are effectively all controlled by Big Media (to make it crystal clear: EME was built with third-party decryption modules in mind, and Big Media was obviously never going to support any sort of decryption modules that they couldn't control, so even if your custom browser supports EME it's completely useless without a Big Media-approved decryption module). And make no mistake: Requiring permission from Big Media to essentially build a fully-fledged browser is a 100% intended and expected outcome of HTML DRM as conceived. Big Media would love nothing more than to turn the entirety of the Open Web into Closed Web that they control, and with HTML DRM they've certainly achieved a great step toward doing so, to the detriment of public at wide. I'm sure they're positively salivating about the thought of eventually reaching The Right to Read!
It's _always_ been about control on the creation and manufacture of playback platforms and/or devices.
content is no longer the only draw. the business goal is now monetizing the group experience. consider Fortnite. Companies won't care if a few people watch pirated content alone. They want to control the experience of group content consumption. This does require content, but managing the group experience is the new frontier. consider http://rabb.it Pirates can get ppl in groups to watch premium content, but at some size, authorities will show up to protect their property.
What counts is whether adding DRM increases revenues enough to warrant the effort needed to add DRM.
there's no getting around it. if you want it you have to play by their rules.
It's just what big media has happened to get away with.
If they found themselves without a way for their paying customers to access their content via DRM, they'd drop the requirement on the spot, with little to no financial impact except for DRM scheme licensing fees.
Most studios really wouldn't find blocking all PC access to their content to materially affect them.
But with the introduction of DRM into the standard, this is no longer possible.
You just want the DRM users content but you want it without DRM.
So what really happened is the content producers enticed the users into DRM with their content. It's the other way around, and the consumers voted with their wallet (and clicks)
And why would anyone follow this standard?
Much less guff to download.
As interesting to read as the first twelve times.
Hell, I'm fairly certain he had a deal with Barnes and Noble to publish his book without DRM which was nonstandard at the time.
He used(still does?) publish his books free of DRM and free to download under CC license.
It would be strange for an author of Printcrime (fantastic short read from 20 years ago) to support DRM.
This requires the use of the widevine library which then downloads things behind the scenes upon use (I believe). https://forum.kodi.tv/showthread.php?tid=329767
I can't imagine Google gave the OK to Kodi to use widevine so maybe you can see what they did?
Edit: Forgot link https://aur.archlinux.org/packages/chromium-widevine/
And... they are using chromium. Can I be sympathetic to Google because they have to pay people money to support this?
Could you explain what you mean by that? Kodi seems to be GPL 2 licensed: https://github.com/xbmc/xbmc/blob/master/LICENSE.md
> The docs on how to do simple things seem to be nonexistant because they don't want to be sued and shutdown entirely.
What docs are you looking for? They have a very extensive wiki as well as an active community on their own forum.
I’ve ran it on all kinds of hardware from laptops, Android phones and tablets, Raspberry Pis (version 1 through to 3), Intel NUCs, etc. And obviously not forgetting the Xbox. Until very recently it was my go to media center.
I even went as far as to write some plugins for it. But they were for version 8 or something. It was probably 10 years ago and hasn’t been maintained.
I’ve never used a media center - free or non-free - that was as easy to set up nor ran as flawlessly as XBMC / Kodi did
Besides, non-technical users wouldn't be ripping DVDs to a NFS / SMB share in the first place (or using a home server / NAS for bittorrent / usenet / etc if that's how one prefers to accumulate their video archive). So why would they want a Media Centre that's designed for playing local or networked content?
Maybe what you're referring to is the stuff that has been in press a lot in recent years; the stuff incorrectly named (imo) as "Kodi-boxes" (or similar). I say "incorrectly named" because they used 3rd party plugins for illegal streams but those really have naff all to do with the Kodi media centre itself. It's like calling illegal downloading "Windows-boxes" because someone uses a bittorrent client on Windows 10.
I guess you could argue that Kodi now fills a niche that is dying out - that's certainly the case for me as I tend to use Netflix et al on my smart TV. But for playing local / mountable files, Kodi still leads the pack in terms of ease. Which is hardly surprising when you consider that's what the media centre was built to do.
iPhone (running MrMC) Apple TV (MrMC) but MrMC hasn't been updated to the latest Kodi yet so I can't use those in a shared env.
Kodi uses the OS native implementation of the DRM, or Chromium with Widevine.
- When I want to watch movies on Amazon Prime Video, there are some movies I can't watch in HD, even if I paid for HD (so the movie obviously exists in HD; probably dependent on the rights holder). The problem is that I can't see if I can watch the HD version before I buy the movie.
- On Netflix, I don't get 1080 at all with my browser, even if I pay for 4k.
- Every few weeks, Spotify pushes a broken version of their web player to the website and from one moment to the other, I can't listen to 'my' music anymore until they fix it. The good news is that it seems to happen less frequently lately. Nevertheless, that would not be a problem if I could listen to 'my' music with a normal mp3 player.
- A few hours ago, I wanted to play a game, but guess what... Steam had a network problem  and didn't even let me enter the offline mode.
I think Steam is a really good (not shitty) DRM enforcer. A very occasional lapse in service is acceptable for entertainment platforms. I use steam because it is actually easier to use their DRM systems than it is to, for example, buy CDs or download individual game installers.
I would generally agree that this is acceptable, but it's still a step backwards from Itch and GOG, where my library literally never has a lapse in service. Steam is arguably one of the best DRM solutions out there, but even the best solution on the market still has worse uptime and reliability than a store that just provides users with a bunch of DRM free downloads that they can launch offline whenever they want.
Of course, platforms like Itch don't have cloud saves. But Steam's DRM isn't essential for cloud saves, or for the community workshop, or for the storefront, or for the library management tools. The DRM part of it doesn't add any value to the consumer. So while Steam is an excellent product, Steam without DRM would still be a better product than it is right now.
That's what people mean when they complain about DRM. You can take a great product and add DRM in a way that doesn't completely break it, but it's still pretty much always a strict downgrade in user experience. People look at services like Steam and think, "yeah, this is acceptable. But it could so easily be really great."
To this point, GOG supports cloud saves.
It may be a good DRM enforcer, but as a UI it's terrible and intrusive. There's no way to turn off all those popup messages and game related alerts.
I had to give up on steam once they started doing that.
And to be fair, not every game on Steam comes with DRM attached to it. I have many games I can play without launching Steam itself.
I don't have good examples in mind right now, and I would need to double check, but I am pretty sure I was able to launch Supreme Commander 2 trough wine directly with the game executable, without launching Steam some time ago. I also recall "Tyranny" doing a free week-end, after which I could still launch the game trough the executable (although steam refused to launch it). That was a Linux game, though, and could be slightly different.
I would roughly estimate that more than 20% of my Steam library does not have DRM attached to it. There are a couple lists out there that help find DRM-free games on Steam , etc.
Some game developers advertise this as a feature of their game on Steam. For others, it could be an oversight. I find it pretty convenient in any case (example: copy FTL on a USB stick for playing on the go, even without internet connection on an underpowered computer). It also helps with wine.
I guess it’s still me to blame because I pay for it for friends and family who use my account.
Anyway check your cable if your monitor states that it’s compatible.
And if you have the right combination of browser, os, Intel CPU, GPU and monitor to have intact DRM of the required level, Netflix will stream you the 1080p or 4k stream
Consumers are not going to put up with all sorts of shenanigans regarding browsers, monitor support etc. etc. - it's an ugly mess.
If it 'just works' - then I think most people will accept 'paying for content' as a premise.
But when the pieces don't fit together because industry players don't see the 'big picture' ... it will just be bad for everyone and ironically encourage piracy.
Bluntly I expect Netflix could stop supporting PCs and browsers entirely and feel very few negative effects.
There are just tons of people who watch netflix on their laptops and mobile, it's part of the promise I think.
It'd be bad.
That is what DRM is about preventing.
If some knowledgeable people can copy it and put it low-fi on some competitor of Youtube and Google doesn't show in in search results. That isn't that bad. That means the general public won't easily find it.
The link mentions that to produce a HDCP-compatible device (eg one that has an HDMI port) it needs to be licensed, pay an annual fee, and make promises to frustrate DRM-mitigation efforts.
If I wanted to make my own monitor with a VGA input (or, more practically, pipe the signals coming from VGA into a program that does something with the feed) I would just have to find a suitable adapter and receive the serial data.
Does this mean that doing so with HDMI (either the real-world DIY monitor, or the in-software feed-ingestion program) would be:
A) Difficult/time-consuming to write due to a lack of open drivers
B) Run afoul of IP laws pertaining to the HDMI standard and get me sued
C) Prevented by the cryptographic handshake that happens between an approved display and the output drivers
D) All of the above?
For HDMI, specifically:
A is true, as HDMI requires a pretty ugly IP core on an fpga or an asic to process or produce the phy.
B is also true, as to sell a device with an HDMI port you have to join the group and pay fees. If you're just hacking stuff together for personal use I think you're A-okay here.
C is true ONLY in the case of HDCP protected content, as that handshake does not occur for unprotected content or HDMI 1.0
Also, side note, VGA uses analog R/G/B channels so if you want to pipe signals into the program you'd need an ADC to get useful values from it, and a pretty fast one depending on your resolution.
And government is even more straight forward. Media companies/individuals donate lots of money to campaigns, and there's a typical unspoken quid quo pro. They donate getting politicians into office and hire some lobbyists who know how to get those politicians what they want. In turn, those politicians then pass the media company's legislation. Like much of what the government does, the motivation is not a holistic effort to create a better country but an individual effort to get elected or reelected.
Hahah, come to think of it - it emphasizes that governments and capitalism suffer from the exact same problem. Capitalism works great when people put out good products and look to get rewarded for doing so. And similarly governments work great when politicians do good stuff and look to get rewarded for it. Things only get really messed up when companies start with the goal of making money instead of making a good product. And similarly, politics gets messed up when politicians start with the goal of getting [re]elected instead of creating good legislation. Because in both cases what makes the most money is not necessarily the best product, and what gets you reelected is not necessarily the most beneficial legislation.
You better believe some "HDCP-certified 2.0" badge or whatever is on every hdtv and gpu you find at best buy. I wonder if the engineers on hdcp 1.0 knew how fast it would get cracked, but they knew that would just let them sell another round of hardware for the 2nd version.
Inputting any pulse-based high-frequency signal is more difficult, be it VGA or Ethernet or HDMI.
Also, old keys are frequently phased out, with new media requiring newer keys for playback.
Yes. It will require a soft/firmware update, which won't be available if the device has widely known vulnerabilities which cannot be software patched that would allow for key extraction. HDPC is not limited to physical sources.
Probably won't be available full stop. Very few devices ever get manufacturer updates - they're all focussed on just making a new version of the device.
If it's still in warranty, sometimes they'll take it back for a refund.
(I wonder if the same people who are up in arms about China's lax IP laws and massive product counterfeiting realise that it's the same country, the same culture, the same mentality which allows them to easily produce these devices that actually fight for your freedom to consume content.)
If an ISP fully embraced the Net Neutrality repeal and started blocking video content, and someone posted on HN that ISPs were "blocking them from building a streaming service", no one would be complaining that, "technically you can build it, you just can't reach any of your customers." Everyone on HN would understand that part of building a service is the having the ability to reach customers.
In the same way, part of building a web browser is having the ability to render web content. If Google can block your custom browser from rendering content, then for all practical purposes they are blocking your ability to build a browser.
Break them up. They are no different from a competing government at this point.
Because those third party sites choose to utilise closed software from that company. And Netflix doesn't only utilise Widevine as a DRM, it uses several different DRM systems, so Google don't have control over anything.
We may all think (know) DRM is dumb, but DRM is more than just about how hard it is to hack. Sure, everyone could in theory reverse engineer this stuff. But the point is that it's only legally protected as long as it's at least not trivial. Open sourcing would probably invalidate their legal defences against people downloading Netflix movies.
I highly doubt that. A ToS violation is still a ToS violation (in the case of Netflix, which is expressly a streaming service), and copyright infringement is still copyright infringement. The legal protection that's afforded to DRM itself is something that's literally only useful to you as a content holder if you're looking to abuse copyright and go far beyond what copyright law actually grants you! That's what makes the whole notion so problematic in the first place.
Further, Google's own browser, Chrome, will not stream above 720p Netflix(and maybe Amazon now). So at most Google is a lesser DRM god.
The issue is more complex than that, and generally relates to some hardware APIs for securing the video path not being available to Win32 applications in Windows.
It at least used to stream 1080p for Amazon, and it may for CBS but I'm not 100%.
It honestly seems like a decision made by the streaming providers.
That's just a sensationalistic as the headline. There isn't a single company controlling and selling these modules. There is a several of them, in open competition. The OP chose Widevine because they are easiest, but with sufficient perseverance he could probably use any of them, or at least any that distribute x86 binaries. It's damned near impossible to prevent someone from running a binary if they really want to.
I also found the original article difficult to swallow. It gave very little detail - so little we have no idea what Widevine said no to. For example, was it "could you provide Widevine and loan me an engineer to help me integrate it with my browser - but I can't pay you because it's all open source". Or was it "I've got it all going, I'm willing to pay you commercial rates per licence - how can I buy licences?" It if is the former hats off to Widevine for replying at all.
As it is, we only get a small part of his side of the story, no insight at all into why Widevine reacted they way they did, and a headline that's guaranteed to get clicks.
Call me paranoid, but I get the feeling I'm being manipulated.
Eh.. in a way, but not really. It can still work as a web browser but a web site can still render however they'd like based on your user agent.
If I made a site today, I could add the same functionality if I wanted to. Since I own the site, that's my choice.
I completely agree that Google should _not_ block their content based on your custom web browser. That is evil.
First, any browser can report any user agent they want. There are a number of examples of browsers faking or changing user agents to get around sites that try to differentiate based on those strings.
Second, while any individual web site can implement logic based on the user agent, that's the sole choice of the web operator. By restricting Widevine access, Google is blocking rendering of content on other people's domains.
The non-ISP, in-browser analogy I would use would be if Google decided that in order to render an AMP page in your new browser, you first needed to get their permission. They're not just blocking their own content, they're blocking an entire category of technology.
It's also worth mentioning that even under the user agent analogy, if this headline was, "Google uses user agents to block Firefox from accessing Youtube", pretty much every person on HN would call that anti-competitive behavior worthy of regulation.
To be fair, the 2013 ecosystem was a lot more Google friendly than the 2019 ecosystem is. I'm sure the average non-HN reader still wouldn't care today, but I would at least hope HN itself would have a different reaction.
This isn't good, but it's not arbitrary control. These companies chose to implement widevine, so they chose to allow Google to dictate who gets to legally use WV.
(Sure some "special purpose" browsers get away without, but they also only Target a very limited audience)
I completely agree that this is unacceptable... but I think the blame really rests on the content owners who forced this DRM in the first place. Every damn thing on Netflix is widely available on torrents in hours, so it's totally useless and just makes things worse for everyday consumers.
OP sounds like he feels entitled to others' work and efforts. If he wants to play videos in his browser, he can make them. Or find people who will make videos for free for him.
All OPs browser does is syncronse playback across users legitimate Netflix (or other) accounts.
OPs broswer will pass the encrypted video through to the DRM plug-in, which will authenticate from Netflix through to the to the screen. It will decrypt the video, decode it, re-encrypt with hdcp and send it to the monitor.
The DRM chain is intact. OPs browser can't be used to pirate the videos, or steal Netflix.
All he needs is permission to ship the closed source DRM plug-in.
Widevine is only one of several implementations of a Content Decryption Module; it just so happens to be by far the easiest to license (though that doesn't mean that's easy!).
Noope. Netflix has explicitly stated, at W3C, that they absolutely won't use any open EME implementation.
In practice any open CDM that you implement yourself will be totally useless. The "open" parts of EME have no real utility, and exist only to be able derail criticism by making rhetorical arguments about hypothetical open implementation, even though it's by definition exactly the opposite what Netflix and Google designed EME for.
But EME includes a fully freely implementable Clearkey spec. Ultimately sites generally don't want to generate keys for it, but it can be done.
2. To create market barriers for anyone who wants to compete with existing streaming services like Netflix, Spotify, and Youtube Premium
3. To create market barriers for anyone who wants to compete with Chrome, Safari and Firefox
4. To replace old proprietary plug-ins from Adobe and Microsoft with new proprietary plug-ins from Google et al.
To be fair, you can make a similar argument about what's the point of a standard for the video element: in reality, you need to support H.264 encoded video, so just supporting Ogg/Theora/Vorbis (as some early implementations did) doesn't suffice, so what's the point of that standard? (Also the img element, the object element, etc.)
But yes, EME is different because it fails to fulfil its use-cases in a fully free implementation (one can imagine, potentially in the future, a free software implementation that passes encrypted content to a hardware module that implements the decoding, but that seems like little gain and unlikely to happen).
I would think that Amazon would lead the charge for an open standard for distributing video which handles DRM, subscription, pay per view, etc. and then all the non-Netflixes would publish to that standard, and let player applications thrive. Even when using a Roku it feels like each app is completely different. And most of them suck. Imagine if in 1985 Prism, HBO, and Showtime all manufactured their own TVs and required you to use them, but they all had wildly different layouts and remotes.
The idea of syncing up two video streams is awesome, I can see people enjoying that, and it would encourage people to pay for whatever services their friends have. Though it does sound a bit similar to rabb.it
I would prefer to have NO DRM of course don't get me wrong. But still in this case, it is not your decision and apparently most people really don't care for that at all. They wanna see netflix in there browser. Thats why google and co did it. Thats why no one cares that there might be a electorn based browser somewhere which is unable to implement its core feature of sync viewing.
And while i like the idea, just because is just not good enough. Noone will cancel there netflix subscription over this.
I would want someone to correct me on a fundamental grammar mistake in Spanish, so I felt it would be useful to correct you here.
Really appreciate it as a non native english writer! :)
I sometimes think it would be nice to have a community correct feature which allows anyone to make simple corrections in a way you, as the author, also become aware of it.
Firefox compatibility is valuable because Firefox extensions don't have to be distributed through the Mozilla add-on store (they do need to be signed by AMO, but provided your extension isn't doing anything illegal, that should not be an issue).
Finally, you could try redistributing unbranded Firefox or Chromium with your extension pre-installed. Waterfox (a Firefox fork) can have DRM — it's disabled by default, but it can be switched on — and I don't think they put a great deal of effort into it, so I think that your "version" of Firefox could also easily have DRM. (I have no idea whether the same holds for Chromium.)
I would much rather have a webapp than have to download a whole new browser just to watch videos with a friend. Most of the stuff listed on the github (WebRTC, WebSocket) are just normal web technologies. The only other thing I see is "Discord Rich Presence".
One of the main requirements I wanted was the ability to use the app with as little centralized dependencies as possible. P2P is the primary way to connect to users with the app, but even that requires a centralized signaling solution which is prone to downtime. To mitigate this, users can also directly connect to an IP address with the appropriate ports forwarded. Listening on a socket is not supported by a web extension at this time.
Additionally, some actions on the web require a "user gesture" to be performed such as fullscreening a video. I created an auto-fullscreen feature by simulating a user gestured mouse click. It also only fullscreens within the frame of the window instead of the entire screen. 
Other features not possible with a web extension/app include local file reading (potential future feature) and Discord Rich Presence (currently implemented).
That makes sense and it's interesting to see the limitations of the "web extension" framework.
The following isn't meant to try to convince you to use any particular solution (I don't have any skin in the game), just some ideas in case you get fed up even more by the problems with implementing DRM in your own browser.
Listening to a socket and reading local files is possible with "Native messaging". In brief you have a small application running in the background, outside the browser, which can listen to sockets or read local files, and your browser extension communicates with it. This does bring added complexity and might (haven't tested) bring additional latency, possibly making it unacceptable.
If they had held fast, we could have forced the companies to do their key management in something like WebAssembly and avoided this gatekeeping mess.
We have DRM, we hate it but it's there, and it serves a purpose. If it is your intellectual property, you get to decide how it is used. And if you don't want to make copying too easy because you think that it will get you more money, that's your right.
The goal of the W3C is not to make to make a political statement about the rightness or wrongness of DRM. They are here to create standards that respond to use cases. And unfortunately, copyrighted content diffusion is one use case, and content owners want DRM.
And if you read the standard they came up with, it is not that bad. They managed to isolate the "evil DRM" part well enough without completely destroying its effectiveness. They also didn't require any proprietary component, though services can require them (that's what happened in the article).
Using WebAssembly (which is essentially optimized JS) for DRM is a terrible idea IMHO. DRM, to be effective, usually requires access to protected system components. It means that to make an effective enough DRM to be accepted by content providers (which is the entire point of the standard), we would need to give WebAssembly way to much power.
>And if you don't want to make copying too easy because you think that it will get you more money, that's your right.
They seem to think that but is there any truth to it? I do pirate some series/movies from time to time (mostly out of convenience) and you can get high quality rips of pretty much anything mere hours after it's available on streaming sites anyway.
So what is this DRM supposed to achieve? Prevent the average non-technical user from saving the stream? I mean I'm sure they wouldn't even know where to start, there's no "Save As" button on Netflix for instance. Simple client-side limitations would do the trick for 99.9% of the population. On the other hand the few technically-savvy stream rippers seem to have no issue bypassing these protections.
DRM works better for interactive content like games because it's not just about ripping the output.
How many decades do we have to suffer through this broken scheme and this technical debt until the right owners realize that they're wasting their time and their resources to push a system that only serves to make it harder for legit clients to consume their contents?
When iTunes got rid of DRM on music files I thought it would be the tipping point where right owners would realize that this scheme was ineffective and counter-productive, but apparently it's still an industry standard for some reason. Have legit users on unsupported systems stream low-res video while the pirates can watch it in 4k for free. Ridiculous.
It's a good point, but I believe DRM isn't just about piracy. It's also about control. I read a good article about this once, but I can't find it anywhere right now so I'll summarize what I remember.
As long as DRM exists, if you want to make a Blu-ray player you have to go and ask the Advanced Access Content System Licensing Administrator for their blessing, so that you can decrypt and play (for example) AACS-protected media. It doesn't really matter that AACS has been broken since early 2007 and that pirates can easily circumvent it - as long as you want to sell a player above-board and not risk potential lawsuits, you still have to go and license it.
(This might not be true for AACS in particular, but AFAIK it is generally true of more recent content protection systems.)
That's when the control part kicks in. Good luck getting that Blu-ray player approved for content decryption if it allows the user to skip commercials, or make small clips of movies and send them to your friends, or other such features. I do believe there would be some amount of demand for those features - well, mostly the first one. However, I don't see the AACS LA ever approving such features while having Disney and Warner Bros as founding members.
I'll try to find the original article I got those ideas from. I'll reply again if I ever find it.
Where did you get the impression that this isn't what they actually want? The goal is control over users, not acquiring non-users (pirates).
I think DRM in general was never really designed to completely thwart piracy.
The goal is actually to delay the pirated version as much as possible and to raise the barrier to entry when pirated versions are eventually released into the wild.
Oh I dunno... have you tried asking one of Netflix's 140M subscribers? Or the 26M people who use Amazon prime video?
The point of DRM isn't to make it impossible to pirate things -- it's to make it difficult enough to get pirated content that most people would prefer to pay a few bucks a month to watch things via a channel where rights holders are compensated. And by that measure, it seems to be working pretty well.
When it comes to music, I can most of the time listen to it legally via Spotify or Google Play Music/YouTube Music. When it comes to movies (and especially for older movies), the rights holders give me no choice but to pirate because they simply don't make it available for me to obtain in a legal way.
As an extreme example: I was looking up an old childhood movie "Hugo: Djungeldjuret". The rights holder have stopped distributing the movie and they no longer sell it, but they do issue copyright claims and take-down requests towards anyone who hosts it. How am I supposed to watch a movie like that in a legal way when the only distributor has stopped distributing it?
Furthermore I assume that most of that latency is not due to the time required for pirates to break the DRM but rather the time for the original riper to encode the file and share it through the pirate food chain until it reaches the public trackers that I use. You'd still have to wait a little while to get your pirate file if you don't have a subscription to the official streaming service.
I think you underestimate how many people prefer to watch the latest episode as it airs.
> not due to the time required for pirates to break the DRM
Even if the DRM is already broken, you can't just ignore the initial time spent to break it.
> until it reaches the public trackers that I use
Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means? And of those who do, how many do you think would actually be able to download a movie through a public tracker?
This is why Popcorn Time was such a huge hit: it provided effortless access to movie torrents for the masses. Obviously, this also explains the rapid response by content publishers to crush the project.
I don't, but even without any DRM you still have the delay between the moment the ripper manages to get the file and the moment it's available for download. DRM doesn't really change anything here. It's not like for games where DRM can delay the release of cracked version by days or even sometimes weeks.
>Even if the DRM is already broken, you can't just ignore the initial time spent to break it.
For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack. I have yet to see the release of a good quality movie or TV show because they couldn't crack the DRM.
>Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means?
I honestly don't know, but I do know that streaming solutions and direct download websites are pretty mainstream in my experience. Megaupload was huge for instance.
But even if you're right and it's obscure, doesn't that make DRM even more pointless? If people don't pirate because they don't know how why would they start ripping Netflix streams? Technically speaking it's even more involved.
You're missing the streaming option. But alas, watermarking + ContentID + DRM have essentially conquered that realm. Acestream and IPTV are two surviving options, but the barrier to entry is not low for these.
> For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack.
I don't know enough about current media DRM solutions to comment here. What I do know is that will likely change once TEEs/enclaves become more widespread on consumer devices.
> If people don't pirate because they don't know how why would they start ripping Netflix streams?
"Right-click > Download" versus, at the very least:
1. Finding a reliable torrent tracker
2. Downloading and installing a torrent client (viruses galore!)
3. Finding a torrent with enough seeders
4. Figuring out which version of the movie/show to download (what's a "nuke"? what's up with the quality (cam)? why is this movie split into 37 .rar files? where are the subtitles? why is the audio out of sync? etc. etc.)
You and I have already gone through all of this the hard way, but it's important to realize that it's not intuitive at all.
Another poster here made an interesting point, that this wasn't true until the 90s. Deciding "how it is used" is different from (and broader than) deciding "who gets to distribute it".
This was always true. Most copyright traditions recognise Droit Moral, and the right for the author to determine the integrity and treatment of the work, and have for, in some cases, literally hundreds of years.
But of course they didn't say that, because most of them got some direct or indirect interest in DRM, enough so that the few remaining players did have no choice than to hop on board, too.
Having worked with various DRM teams I know that they have to treat their code as if its the most secret code in the world, if they don't the media companies can swoop in and ban them and then no Netflix for your users. This is why Widevine code isn't open source (other than the glue EME code) and is almost certainly the reason for the refusal to work with a small open-source form of Chromium. If for example the project was used to "steal" content the media companies would be mad at Widevine, with lasting repercussions for all Chrome users.
It's worth noting that typically all DRM teams work as if the hosting environment is an adversary. For example Widevine don't trust anything Chrome says as someone could recompile it and lie about the security. The only times this is relaxed is where the platform is deemed secure, such as CrOS or iOS.
Let's say Google, Microsoft and Apple announce that they will be removing any DRM from their browsers on 2020-01-01. They will also remove any DRM playback app from their App Stores. So no Netflix on PCs, Macs, iPhones, iPads or any Android device (including stuff like Android TV).
What do you think would happen?
A lot of smaller companies would die, and a lot of users would suffer - but none of the parties involved actually cares about the users; we're just a natural resource to be stripmined.
Even elderly people were using and watching pirated stuff installed by their kids as they just couldn’t bother.
No DRM support in major browsers would mean pirating becomes the #1 way to see anything again.
Then again, the way media companies are balkanizing the streaming space, this could become (again) a reality soon anyway.
Users follow use cases and would not be averse to spending 30 seconds installing something in order to watch their favorite content.
There's also sort of a game theory situation with the removal of DRM, as it would be a competitive advantage being the only one that supports it.
People paying for Netflix are paying for convenience. That wouldn’t change in absence of DRM.
But back to the point, if Netflix wouldn’t use DRM, it would change absolutely nothing since copyright infringement is still illegal and those DRM protections are completely useless.
If the latter, torrenting is plenty cumbersome enough that if the studios are pushing movie-viewing to "Pay us money or you have to torrent it," they're winning.
Yes, and this functionality has been built into many of the largest torrenting programs out-of-the-box for quite some time now. In the case of µTorrent, it was added in version 3.0 all the way back in 2010.
Obviously, how quickly the stream will buffer depends entirely on the state of the swarm. Popular items will work almost immediately, while particularly unpopular items won't be streamable at all.
Anecdotally, I have personally witnessed my (very nontechnical) friends streaming 4+ GB 1080p ...popular cat videos... that weren't available from Netflix. They did not struggle with the process in the slightest.
Last I checked, the BitTorrent protocol didn't provide packet sorting that would allow for this behavior (by forcing the beginning of the movie's bytestream to be the first data downloaded), so my mistake if the protocol has improved and I was unaware it provided this service.
How is that different from the current state of EME plugins? Other than that proprietary browsers ship with the most popular plugins installed.
DRM is not illegitimate. It just sucks and operates in a way that is immune to free market competition - the reasons for that immunity are the true thing to fix. Users should have alternatives as there is a clear market there. If DRM is so bad, then that's what should kill it.
Of course, content producers could run back to the state for more protection (as they always do) and get legislation forcing browser makers to comply. And around and around it goes.
Implementations of such forced-by-court features tend to be buggy. ;-) The implementation bugs might differ in subtle ways in each new browser release. ;-)
Then Apple and Google would get deluged with complaints from their customers and Jailbreaks would once again become popular.
Consumers will have to purchase or rent horrible and overpriced hardware supplied by broadcasters. Like they were doing for decades with satellites, and early IPTV.
Piracy will raise a lot. Many users don’t want to pay, or can’t pay for that custom hardware. I was using Netflix service for some time without major issues, but they don’t have anything in my country, too small one, they won’t be selling and supporting their set top boxes any time soon. Unlike accepting credit cards and broadcasting videos, physical retail doesn’t scale that easily.
If they would only remove it from the browsers, they would start pushing their native applications like Netflix for Linux, Netflix for Windows, Netflix for Mac. And browsers would be free of their DRM which causes all this.
I wonder if more protocols like this will get invented and become mainstream. Or those glorious days are already behind us? Since every big corporation is just trying to grab market share by creating walled gardens for everything.
And your house also belongs to them. According to your analogy.
The only thing it could even arguably be doing is preventing users from uploading videos to pirate sites, but that is empirically a massive failure given that all of the videos are already on the pirate sites.
So all you're doing is battling the honest people who have paid and then want to make a copy for format shifting or some other fair use. And the legitimate value of battling that is a negative number.
The former is about the same effort as torrenting and about as obviously dishonest. The latter is mostly possible using Netflix as intended as long as I don't mind sharing my password with them.
We were sold DRM as "the evil legacy studios are evil and make us use DRM". Well, now that Netflix produces their own content and it's still DRM'd... I guess that isn't really the reasoning.
In the rare case of content that is actually made by Netflix, it’s easier to just put DRM on it, because otherwise every system dedicated to encoding and playback would have to have a code branch that was special for non-DRM content. It would be a maintenance nightmare. It’s a lot easier to push all content through the same pipelines.
DRM benefits Netflix just as much, if not even more than it does traditional media companies.
DRM does not benefit Netflix. It’s complicated and takes a lot of resources to run. They’d much rather not have to deal with it at all. Having DRM does not gain them any customers — in fact it loses them some. But it’s the only way they can get content.
(The closest I can get to an explanation is that the "exclusivity" deal might be limited to online streaming platforms only, and whoever is selling the content still worries about everything else. But streaming is a significant and growing portion of all media consumption (and could be even more so, were it not for that pesky DRM), so I'm extremely skeptical that this would be a real issue.)
This is where your narrative is strategically short-sighted. It would be a very significant leverage point for their own proprietary content over the traditional media companies' - the kind of thing that 'disruption' is built on!
You can't tell me with a straight face that somehow they don't have this power.
DRM absolutely benefits them because it ensures that only parties they permit are allowed to access content, for the same reason it benefits other media companies.
The fact that every pi8ece of Netflix content is on the pirate sites within hours of release would prove otherwise. Netflix is well aware of the uselessness of DRM.
And you're right, they probably did negotiate DRM free licenses. But you missed the other part of my post -- the cost for implementing a separate DRM free pipeline was very high, and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any. How many people would say "man I would totally sign up for Netflix if only their own content was DRM free, even though I'd need a DRM enabled player to play everything else, and oh yeah this only applies to web streaming anyway."
Whether or not they have a 4k display... that is probably the blocker. I have a 4k display but it's not my primary display (instead opting for a 165Hz 1440p panel) and I never bothered to buy a 4k TV, given how dirt-cheap high-end 1080p TVs are. Would much rather have the black blacks of a $500 1080p OLED TV than a $3000 washed-out 4k LCD.
Rather, focus on concrete steps you yourself can take:
1. Make sure the hostile black box is not available / disabled in your browser. So when you end up at a page that wants to use DRM and it doesn't work, you simply attribute the problem to the website being broken (which it is), and move on. If you do need to keep using the DRM crutch for now, then only use it on a separate dedicated browser or device.
2. Base your media setup around a DRM-free pipeline (eg Kodi). Make torrenting content your default. If you want to pay indie creators for DRM free downloads, feel free. But don't fund any studios that generally push DRM.
3. Share downloaded content with friends (eg USB drives), encouraging them to not fund Netflix et al developing and promulgating more DRM. This is especially relevant for "exclusive" releases that are meant to push people into signing up for yet another subscription.
More specifically, those associated with the MPAA and the RIAA.
Google/Microsoft/Apple/Adobe want to support
media content, but to do so requires towing
the line with the media companies
If it weren't for Google Play Movies and iTunes Movies they could have just told the MPAA companies to take a hike.
Does Netflix DRM even "work"? I've never personally seriously looked around for how to break it, but I note there are still plenty of people who seem to manage to review Netflix-based shows on YouTube with video clips of sufficient quality , and at least some of the reviewers in question I am fairly confident aren't getting any sort of privileged backdoor access or anything.
Is it "anyone can crack with a smidge of effort" or "it's really hard but it spreads once cracked"? I'm not asking for a lot of details of the crack per se, just general details of how successful it can be said to be in practice.
 I'm not claiming they aren't necessarily re-re-encoded by the time they get to me, but if they are, I can't tell for sure, so I'm going with "sufficient quality" as a description.
Actually they should be byte-for-byte copies, but generally aren't, since Netflix makes you jump through half a dozen hoops to get the highest quality streams, so pirated copies are actually much better quality than what you can get on Netflix.
I have had the 1080p one for 5 years.
The browser has to decrypt it somewhere along the line to play. Always was interested in tinkering around with it.
For a starting point I'd be going through chromium and checking out how they implement widevine.
For a while now there's been rumors in the torrent scene that a few people have broken it, but keep coy in case it gets patched. Then again it's trivial to screenrecord at the cost of time. Who knows?
Level 3 requires a secure path all the way to the display (so the decryption happens in a Trusted Execution Environment, the keys are stored in a Trusted Platform Module, and HDCP or similar to the display). Level 3 practically only exists on mobile currently, as Intel's SGX (their TEE) is typically disabled by default on what processors do support it.
And they did it for the worst reasons. Vanity and pride. The corporations pushing DRM are merely motivated by greed.
But the players in the OSS community that opened the door for DRM were TERRIFIED of being labeled as "obsolete" or losing pretend "market share". They refused to take a stand against DRM, if it meant losing any users. Just look at the discussion thread where Mozilla decided to support DRM.
The arguments in favor of DRM by the OSS community are always the same:
- We need to support terrible DRM because it is popular (and being numerically popular is super important).
- We need to compromise against our users because if we don't then we won't have any leverage (which we are conceding we don't have anyway)
- "integrated branding"(?)
None of this makes sense, because Google, Apple, and Microsoft have completely different goals with building for-profit forms.
People who speak in slimey business sales marketing speak are making decisions about the direction of OSS software. And these people are obsessed with cargo-culting the big commercial platforms.
My guess is that, if browser vendors wouldn’t have played ball, the DRM vendors would have worked with one of the JRE vendors to optimize the Java applet runtime, and contributed to performance improvements on the browser side for all the open browsers, such that “Java applet” would no longer be a scary heavy-weight thing nobody wants their browser to launch. That would be (one of) the implicit threats hanging over browser vendors: if you don’t cooperate, we’ll take your control over innovation on the web away by refocusing it on an improved Java experience.
And if the browser vendors really didn't like it for unknown reasons then they could have just stopped supporting Java in the browser, as has largely already happened for various other reasons.
This is one of those "we all must hang together or we shall all hang separately" situations, and they apparently decided they'd prefer to hang separately.
It's sub-optimal, but I don't think an optimal solution actually existed. A standards board divorced from reality is no better than no standard at all.
That's fine. It's better that the burden for maintaining non-standard plugins be put on the sites and browsers that choose to do that, rather than be placed on everyone else.
If W3C chose not to help write the DRM standard, the browser vendors could easily create a new organization and write a standard anyway (as happened with WHATWG).
Browser vendors and website authors could then read that document just as easily as anything published on the W3C website, so there is no "burden" for them. There would be no difference to the end user. The only burden we're talking about is the inconvenience of setting up an organization to do the writing. It's a minor speedbump at best.
The upshot is that there is no way to prevent browser vendors from standardizing anything they want. It only gets blocked if they disagree.
The reason to keep it out of W3C is because it violates their core mission: https://www.w3.org/Consortium/mission#principles . Other organizations with a different mission are free to do as they wish, obviously.
The argument that platforms have to do this for competitive reasons is doublethink. If the experience is worse and that will cause customers to flee, how is it that they would only flee from the platforms that don't have DRM but not the content providers that require it? Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?
I mean, yes, but why would they do that?
> Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?
You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.
Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.
So that they're not beholden to adversarial corporations.
> You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.
Except that it is fungible, it's just not universally fungible.
The reason Winter Dragon isn't fungible with Game of Thrones is that you don't like it as much. You'd rather watch Game of Thrones. But there are thousands of shows, and out of those there are hundreds you might want to watch, yet there is only time to watch dozens or fewer.
Nobody can actually watch all of the shows they might want to watch. Letting "lack of DRM" be the thing that chooses between the ones of equal desirability to you is as good a way of pruning the list as any.
> Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.
Who says it has to be someone without connections to the existing industry? New independent studios form all the time as existing talent strikes out on their own. All it takes is for one of them to prove the market before everybody is doing it.
What is so adversarial about these corporations to the browser makers? What benefit, concretely, do Microsoft or Google or Apple get from being free of the shackles of Disney or CBS?
One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.
Plugins like Flash, which are the historic answer for DRM on the web, have a huge surface space and can interact in the browser in all kinds of odd ways. These EME modules are much smaller, they are much less powerful (AFAIK they either return a frame to the browser to composite or directly to the OS compositor, so you don't need to worry about how they change layout and then change layout again as you reflow), and as a result of that can be put in stricter sandboxes. That's a clear win from a browser security and stability point-of-view, which is a concrete benefit for browser vendors in making it viable to drop Flash (and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash).
They still sandbox it because from the user's perspective it's still an unauditable black box, so at least the user can verify the sandbox. But that doesn't actually solve the problem, because the black box code is interacting with black box hardware. If there is a bug, you've done the opposite of sandboxing it -- you've prevented it from being traced and given it direct access to hardware.
> and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash
The solution to Flash should have been to have someone reverse engineer it and publish a 100% open source implementation, including the DRM. Then let them keep publishing using Flash format as long as they like, but no more black box.
These companies make Xbox, Chromecast/Stadia, Apple TV, etc. Things that could plausibly be a media center, given some latitude and open standards. You could upload your movie collection onto it, give it your streaming account credentials and it gives you a single interface to all your media.
DRM kills that. You can't make an interface that allows the user to watch a Disney movie they've paid for and then have it show the YouTube commentary on it. You can't have something that recommends Orange Is The New Black after you watch The Wire because one is Netflix and the other is HBO.
Because DRM allows the studios to assert rights that copyright doesn't give them. That's all it does -- that's why they want it. It clearly doesn't prevent piracy.
> One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.
The problem with this is that it can't simultaneously have such low privileges that it can't do anything harmful even if totally compromised by malicious actors, while also having such high privileges that it's immune to interference by even the owner of the system with physical access to it. They're diametrically opposed objectives. And the second one systematically fails regardless, but having to pretend that that isn't the case compromises the ability to do the first.
The DRM module would still ship with Chrome and Edge (and likely Safari too, given Apple became involved pretty quickly), you'd still need multiple different streaming formats (in the form of different DRM formats) as you do today, and maybe you'd need slightly different JS codepath per-browser too (but that's not a big difference to today with the different DRM formats).
It's very unclear to me that the W3C refusing to be involved from day one would've led to any outcome very more than subtly different than the one we ended at. At the point that the specification went to Recommendation, there were already multiple interoperable implementations, so objecting at that point was purely a matter of principle, it literally wouldn't have affected the outcome in any way.
Moreover, such organizations are made up of their members, and it's up to the members to do the right thing as well. Nobody had to volunteer to be the first to add this gunk to their browser. It can't be a competitive disadvantage if nobody else has it either, and it can't be a competitive advantage if everybody else has it, and those are the two options so why not choose the first?
As much as some people like to say one is better than the other, I think the answer is always "it depends". Unfortunately, it depends not only on the relative power and momentum behind the current problem when deciding, but also on unknowns such as what will happen in the future.
It's hard for me to find too much fault in them deciding that they would rather stay somewhat relevant to the process than become obviously irrelevant (if that was indeed the thought process), as there's still a lot they can affect in the future. Armchair quarterbacking about what they should have done isn't too useful in my eyes.
The downside is as you say that the browsers can point to the standard as for why they implemented it, but that's why it's a trade off, and not cut and dry (IMO)
The majority of the membership was in favour, definitely, but it wasn't unanimous. Some members I think it's predictable how they voted (MPAA may have voted in favour, EFF may have voted against); others less so.
Without W3C DRM they would have kept those plugins alive instead of deprecating them. I see no reason why they'd have migrated to webasm, webasm wouldn't provide the know-thy-customer aspect the DRM people want.
It really isn't. The W3C at the very least permits a solution whereby content companies liberally distribute binary blobs for every platform under the sun. Hell, it even permits an open source solution that e.g. speaks directly to the DRM hardware in graphics chips (don't know if that would be technically feasible, don't shoot me).
It doesn't have to be this way.
In this context it's really specifically Google being assholes about this. They can choose to not be assholes about this. The fact that the W3C allows them to be assholes about this doesn't change the fact that Google is choosing to be this way about it.
Besides, any kind of large-scale user revolt that isn't basically just a mob-like reaction is usually the result of a top-down, coordinated campaign. See the protests against SOPA/PIPA for an example - big websites had to throw their weight behind the idea for it to take hold. The web is simply too diverse and quick moving of a place to expect some kind of people's revolution when it comes to DRM.
To me, the mystery is not that the people don't know about these details (these details are indeed somewhat complicated - I agree), but how much they don't care.
If there's nothing but coal powered electricity generation then vote to change it.
If the company you buy electric from uses more coal than others, then change company.
IMO ordinary members of the public take more responsibility in that because it's relatively straightforward to understand: buy your electric from renewable generation and get less negative environmental impact.
Understanding the best sources of power is hard however, so consumers have to trust published government research for that.
>If there's nothing but coal powered electricity generation then vote to change it.
Most people are struggling just to get by. Expecting their votes to be driven by large, complex issues which on their surface do not seem to impact their lives directly or immediately (or actually don't at all) is wishful thinking. The vast majority of people don't understand these issues to begin with.
>If the company you buy electric from uses more coal than others, then change company
Where do you live where you have competing electrical companies? Of you're proposing that they spend money on e.g. solar or electric cars, well... I think you're a bit out of touch with the general populace. We don't live in a world where paycheck to paycheck workers can afford such things. It has to be cheap and easy or you're just not going to get anywhere. Same goes for something like DRM; until it causes huge problems with the way most people consume content, well, they won't care, and complaining about that is a waste of energy.
Problems like these require smaller groups of dedicated and informed individuals to help make change and educate others. It does actually work. The US has much better environmental policy than it did 50 years ago and people are more informed now then they we're then. It's just slow, and tech related issues are relatively new.
If you started cooking meth tomorrow, and sold it on the market, do you blame the users who bought it? No, the origin of the problem is the industry built around pushing the product.
Meth isn't really a comparable need. However, suppose dodgy crack (cut with crap), or paracetamol, was available for treating headaches: you can choose the paracetamol which makes you partially responsible for keeping the dodgy crack producers/dealers in business if you choose their product.
I live in a representative democracy with extremely limited and polarized choice of politicians, ALL of whom are taking money from big oil. Unfortunate, indeed -- my lack of choice harms the entire world.
And no, meth is a great analogy: sure increases productivity, damn the consequences
Software is arcane, so thinking about how it affects society probably seems irrelevant to them. Even if they do care, power dynamics make defeatism a logical and realistic mindset.
But, hey I hear the money is good.
Who does care about DRM is pirates and content creators whose content is shown without them earning off of it.
Yes I am aware of fair use exceptions, but fair use should exempt a user from getting sued over using a fragment of copyrighted content; it does NOT force a content creator from offering their content open for downloading and republishing, even if it's for fair use.
Yeah, until it isn't.
I can't start GTA V for days since the "Rockstar Social Club" won't connect and glibly informs me that "I need to be on-line"
I would have agreed with you until then. But not being able to play a game for which I paid full price and not being able to get meaningful support to resolve the issue rapidly changed my stance on DRM.
It fucking sucks!
You never truly own anything that has DRM, you're just licensing it.
The thing that I hate is that the marketing either explicitly says "you own it", or does it implicitly or indirectly, or in a way to make you think that you do.
They never, ever put in big bold letters "License this game for $69.95, today!"; not even when you actually "purchase" does it say "license". In fact, you see the words "purchase" or "buy" or similar; words that have always connotated "ownership".
Now granted, all software, and media in general, has always been a "license" - but there was always something physical around; that if the company or entity that licensed it to you disappeared tomorrow, you could still - theoretically - continue to use the license you had and enjoy the media as intended.
That all really changed with license keys. One would think that the whole DIVX debacle would have made this abundantly clear, but I guess it didn't (makes me wonder if the DivX media format or whatever it was actually wasn't created purposefully to muddy the waters; but that's just conspiracy theory on my part).
I don't even think people will "get it" if tomorrow everybody who "bought music" from iTunes or whatnot lost their licenses with no recourse. I really don't think there'd be anything done, except for some bawling at most.
If everything we have seen over the years, including the various massive data breaches that have occurred recently, hasn't woken anybody up to force reforms and changes that benefit the citizens and consumers, well - nothing will.
Society has basically said "we don't care if we or our children get slaughtered" - where that last word takes on a wide variety of meanings - up to and including its literal meaning.
Those of us out here being force down the chute screaming about the injustice, the wrongness, the reasons why, etc - we are all just so much noise that nobody cares about anymore.
Sucks that it's $60+ to do so, but that's how it is.
A judge says that everyone has a right to take a single photo of this field for their collection - no more than that. The land owner disagrees.
We're not saying that the land owner should be forced to provide small organza bags for the visitors to carry their cameras around with them; but posting armed guards at all the entrances with metal detectors, automatedly initiating legal action on anything that looks like a camera and then trying to tell the user it's for their own good... well, this should at the very least be discouraged by the community, no?
But being able to use the fair use rights means that you must not be sued for breaking the DRM on your own.
Then there's no such thing as good DRM, since many users will want to make use of the content they've paid for (either monetarily, or perhaps indirectly via ads) in flexible and open ways that a proprietary DRM system will not allow. Fair use is part of this, but not the only issue.
To be clear, I'm definitely happy to support gog.com and thankful that they exist and are successful.
But look how many HNers will bring up Kindles and buying books for them on Amazon where you can only "lend" a book from kindle to kindle (forget drag and drop) through their proprietary system.
Every day 90%+ of people are happy with systems that use DRM and don't even notice it exists. Most people just don't ever go off the rails.
It's one of the worse things about DRM: trying to position your product as DRM-free and people just go "wtf is that? it never bothered me before."