Hacker News new | past | comments | ask | show | jobs | submit login
I tried creating a web browser, and Google blocked me (samuelmaddock.com)
1920 points by smaddock 21 days ago | hide | past | web | favorite | 605 comments



Let's add the US Congress and the EU to the long list of parties to blame for the DRM situation. "Reverse engineering" software for the purposes of "circumventing" copyright is illegal.

"Circumventing" is much more broadly defined than it should be.

It's not just illegal to redistribute copyrighted material. That's the point of copyright and has been the case for a long time. It's also illegal to watch/consume content yourself in any way that the copyright-holder didn't explicitly enable, even if you have a general right to watch/consume that content. You're not allowed to create a browser that can watch DRM-protected Netflix content. And if someone does create such a browser, it's illegal for you to use it, even if you pay for a Netflix subscription.

That's pretty new (circa 1996 or so).

In 2002 I went to see Lawrence Lessig argue the Supreme Court challenge of the Digital Millennium Copyright Act, which introduced these anti-circumvention concepts. Here are my notes: https://allafrica.com/staff/kwindla/eldred.txt


It's a dangerous precedent. Think about adblock. You're just choosing to render the data websites give to you differently.

What if you design a web browser that just ignores most blobs of CSS/Javascript and renders content in a very different way. Are you now breaking copyright? Because you're rendering the data differently than the W3C standard or blocking certain elements?

I realize this is specifically about DRM content, but I feel like it won't be a stretch to try to apply these laws to common content.

Lets all start running Gopher servers again... Fuck the modern web.


Pretty soon web traffic will be decrypted and rendered via site specific web assembly blobs that will do everything in their power to defeat custom rendering. The modern web has just begun, and the powers that be are still grappling with its control. So we're still living in a comparative wild-west, but you can see the writing on the wall in every direction you look online right now.


We ahould be doing exactly this in opposite:

Anti ad exit node proxies.

Basically an ecryoted proxy connection to a powerful ad stripping instance that will randomize and pipe all that shit to dev null, and reply to trackers with addesses of their competing ad systems.

So that every ad for “microsoft” appears as though its being used by apple users...


Ah yes, but then who controls those servers? A lot of people think that US Government agents own enough TOR nodes to de-anonymize.


To be fair, in my experience there seem to be a lot more people frustrated with ads than scared of the government.

Someone who wants privacy/anonymity is likely to not want ads, but I think those who don't want ads is actually a larger group.


Why would a browser or extension client side not be better? Adding an intermediary would add latency needlessly...


It's not always possible to even modify the client, think of the embedded browsers in "smart" devices as well as the increasingly-locked-down mobile platforms. But as long as installing your own certificates still works, you can continue to MITM your traffic and modify it before it gets to the client(s).


Because blocking at the cloent edge node already has had the bandwidth consumed from the carriers end provided, no?


This is why we need to build a JavaScript-free web. Just plain old HTML and CSS. With no cookies either. And a search engine that only indexes pages that conform to these rules.


This is what pisses me off aboit ads and data consumption pay rates: if i am paying for “1GB” of data, then i should have full control over how that data gets consumed by the content i am accessing over that paid pipe. Period.


That's why I use Brave Browser, it blocks everything by default. Doesn't even download them.


Doesn't uBlock Origin in Firefox do the same by intercepting network requests? I really don't know...


uBlock Origin supports[0] both network filtering where requests to an ad cdn or domain are blocked before the network connection is ever made, and it also supports cosmetic filtering where elements can be hidden after the fact - but this is mostly for blocking intrusive popups or dialogue boxes and the like rather than for blocking ads. The vast majority of filter lists that come with uBlock Origin are network filters where ad domains are blocked outright. As uBlock Origin uses the Adblock Plus filter syntax it's not difficult to use ABP filters or to port hostfile filters over.

[0] https://github.com/gorhill/uBlock/wiki/Does-uBlock-block-ads...


I have the same thing in my Safari with 1Blocker. Also built-in on system level and doesn't even download blocked stuff.


No, you don't suddenly own that film you are streaming. What a ridiculous idea.


but you do have full control... if you don't want to see ads, don't visit sites that use ads to support their business model.


I'll bite. How do you propose I know which sites not to visit without visiting them?


good question. I don't have an answer.

though at this point it is kinda predictable - all news sites, except the ones with paywalls (and if you haven't bought the subscription, then its pointless visiting them). All information sources, except a few notable exceptions (usually aggregators like HN/Reddit, but also Medium).

Everything else divides into SaaS products, personal blogs and random shit. Random shit is usually ad-supported, the rest are usually fine.

it's all sort of moot anyway - the ads model is crap and getting worse, and businesses are going to have to move to something else soon. I don't think we'll have this problem long.


How do you know a site will have content you want? Surely there's room for a bit of uncertainty.


> How do you know a site will have content you want?

I'm often told in advance, by virtue of it coming up in a search result, promoted link, friends post, etc.

"This site contains adverts that perform obtrusive tracking" is seldom mentioned before or during the visit, the only way to know is by trying to block all such things and seeing the site fail if it tries to block the blocking.

Sometimes the advance information of content relevance is deceptive of course, and this often coincides with darkest patterns in the advertising/tracking.


when a site identifies my ad blocker and specifically asks that i disable it, then i have to decide either to momentarily disable my ad blocker and view the content, or leave the site. the Big Media people don't want to be so upfront about their restrictions. "if they don't know about the restrictions, they won't get angry."


It is not the ads I/we dislike. It is the tracking. If we go to <insert name of IT news website> and we would see a laptop as on a laptop related article, that would be ok. But if we then to to Winter-ski.xyz and still see the same laptop as, then we no like!


You don't know if the website has ads in the first place so your argument is invalid.


You make me want to reach through my screen...

Ajit pai.


> What if you design a web browser that just ignores most blobs of CSS/Javascript and renders content in a very different way.

that describes every command line / terminal web browser.


Ignoring what you don't understand is arguably valid, dark mode would be illegal..


Completely agree. Those government believe that protecting intellectual property is necessary to further human and societal progress. I won't take a position on whether I agree with that or not.

However, based on that premise they've instituted rules to "protect" intellectual property, but unfortunately they're so weighted toward the "owner" of the IP that they do (IMHO serious) harm to regular users and consumers. It seems to me that regardless of which political side you fall under, we should agree that governments exist to protect the rights and interests of everyone, not just a select few.

Something is really wrong here, and getting mad at Google or Widevine or some other company is a red herring. The real problem is what we've allowed our government(s) to do. We need to fight back there. Once the government isn't propping up the companies anymore, their abuse will disappear.


> ...but unfortunately they're so weighted toward the "owner" of the IP that they do (IMHO serious) harm to regular users and consumers.

To the established owners of IP. If you're not an established creator, you're going to be on the side that gets hurt by the IP. Some IP claims are gonna hit you sooner or later, and even if they're complete bullshit, you won't be able to do anything about them.

Established owners can generate enough of a fuss that they could cause an outrage big enough for some actual human to look into your issues, but if you're not big enough for that... tough luck. Try again from scratch once Google cuts you out. This happens regularly across their products, be it Google Play, YouTube, or Chrome's extensions store.


Absolutely. I have work floating around out there and I know it's being used without permission. Not that I'd sue someone if I could, but I can't while corporations can. And while for me I could maybe make a living off my work if it were being paid for rather than stolen, for the corporation it's just more profit.

Systems fucked. The little guy should have the advantage, not the already rich one.


s/established/rich


The government is propping up the companies because that's what the companies made happen. Your framing suggests that government did this on its own. It did not. The outsized ability of companies to influence the government is the core problem that must first be solved. It is the root of most people's gripes with the government.


The outsized ability of companies to influence the government is the core problem that must first be solved.

Replace companies with nobility or aristocracy and you're talking about a problem as old as civilization itself. The fact is, small groups with control over a lot of resource (elites) will always work to consolidate and secure their power. Barring some radical, unforeseen technology, the masses of people will always have a more difficult time coordinating their actions to prevent this. This is the class struggle narrative of history.


I don’t disagree. We need to get money out of politics. It’s been done before. It can be done again.


> It's been done before.

When was that?


https://en.wikipedia.org/wiki/Campaign_finance_reform_in_the...

Some of it has been overturned recently but limits have existed for periods of time.


I don't want to downplay the importance of campaign finance reform but that's just a drop in the bucket. Look at all the wealthy donors that endow the Ivy League. Look at all the charity speaking engagements, yacht clubs, Davos junkets, private island parties.

Meanwhile, mainstream television is waning in influence for political advertising. Now it's all about Facebook. Think of the micro-targeting turnout power they have. It's obscene!


The introduction to State and Power by V. I. Lenin says exactly this - the state will always become a proxy for the rich owners of production (GDP generation.) And not in a nefarious way but in an inevitable "forces" way. Democracy is the best government for large/rich entities in a capitalistic environment. It presents the appearance of fairness and legitimacy, yet delegates most of its power and direction to the heads of production via influence, lobbyists, etc.


why was this flagged? I'm no fan of communism, but it appears to be a valid response to the parent.


I have no idea - I'm not usually one to espouse political ideas unless wholly relevant to a topic at hand. It seems that a band of HN users are politically adverse - which is sad, since capital rules our lives and society, and merely ignoring its flaws does nothing to abate them.


[flagged]


I didn't write anything in support of communism, just that the critiques of capitalism are still valid and need to be addressed.

I have no interest in a fallacious debate.


[flagged]


I'm just paraphrasing Lenin. Even if you are emotionally repelled by the horrors committed in the name of communism, The Communist Manifesto and State and Power are worth a read. Lenin was the best writer of the bunch, direct and explanatory. Marx is wordy and almost writes in an obfuscated fashion.

The problems with democracy that were described _still_ exist today. One can dislike communism and still acknowledge the criticisms of capitalism as valid and in need of address.

Communism was never actually executed true to the image. The state of the proleteriat was supposed to wither away - instead it became a dictatorship with secret police.

See https://en.wikipedia.org/wiki/Withering_away_of_the_state


The above is most probably for US based clients. E.g. in Poland it is perfectly legal to watch copyrighted material as long as you don't redistribute it.

It is also legal to do a reverse engineering of software to allow it to run on your system, software, hardware (so I think a browser also applies).

(I'm not a lawyer, just reading some of the more technical law articles)


Poland is an EU member, so your government must have some implementation of the EU Copyright directive, which includes somewhat similar anti-circumvention clauses as the DMCA[0].

There are lots of differences in the details, but I wouldn't make a blanket statement that it's completely legal without actually checking the corresponding laws.

[0] https://en.wikipedia.org/wiki/Copyright_Directive#Technologi...


I read during earlier attempts to pass the Copyright directive that it is not implementable in Poland because it would be unconstitutional. I understood that was why Poland was voting against it, but that was in the summer, and I’m not sure if the version that passed is different.


You need to realize that the EU "directives" are not actually the law (aka the thing that will get you prosecuted).

The directives are "transposed" into national law, country by country - and each country can (and does) add a local "flavor" to it. So if the Poles have watered down the anti-circumvention clause (it is very vague in the directive, giving a ton of maneuvering space to the national parliaments), the situation he is describing is very possible. On the opposite side of the spectrum is traditionally France, with its (fortunately incredibly ineffective) three strike system. Very different approaches to things even though both countries are implementing the same copyright directive.

The other type of texts coming from Brussels are "regulations" - those go into effect immediately, without having to be rewritten into national laws. GDPR is an example of such regulation.


You're absolutely correct. However,in the event that directives are not transposed (or not transposed correctly) courts can find that the directive is (vertically) directly effective.


I am aware, that's why I wrote "some implementation of", which needs to be checked. I am skeptical about the blanket statement made, it's usually more nuanced.


> in Poland it is perfectly legal to watch copyrighted material as long as you don't redistribute it.

Be careful with that one. The Netherlands had that too until some European court decided that our laws were foolish and went "that's all wrong, it's obviously illegal" after which there was case law about it being illegal and now it's illegal. The ministry immediately went "oh, well, we s'ppose it's illegal then from roundabout last week!"

In case you were wondering who's behind this expensive lawsuit that lasted from 2008 to 2014: we had "home copy tax" (thuiskopieheffing), so you pay a few bucks extra for storage devices (hard drives, usb sticks, smartphones) and that was redistributed to rights holders as compensation for "home copies" (copies for personal use in your household, backups, that sort of thing). Shops did not like that they had to pay extra taxes that they did not have to pay in other countries, so they went to court and got us where we are now.

Dutch news about it: https://tweakers.net/nieuws/95332/nederland-mag-illegaal-dow...

> Nederland stelt dat het downloaden van dergelijk materiaal hetzelfde is als het kopiëren van een cd of dvd, maar daar gaat het Europese Hof niet in mee. Volgens het Hof kan een wet die 'geen enkel onderscheid maakt tussen kopieën uit geoorloofde bronnen en kopieën uit vervalste bronnen' niet worden gedoogd, omdat dergelijke wetgeving auteursrechtinbreuk kan bevorderen.

Translated:

~ The Netherlands claims that downloading of such material is the same as copying a cd or dvd, but the EU court does not agree. According to the EU court, a law that makes 'no distinction can be made between copied from allowed sources and from forged sources' can be allowed, because such laws promote copyright infringement.

Dutch news about the government's response: https://tweakers.net/nieuws/95335/kabinet-nederland-heeft-pe...

> Het is in Nederland per direct verboden om auteursrechtelijk beschermd materiaal te downloaden uit illegale bron, bijvoorbeeld via torrentsites en nieuwsgroepen. Dat stelt het kabinet in een reactie op een uitspraak van het EU-hof.

Translated

~ It is in the Netherlands henceforth prohibited to download copyrighted material from an illegal source, for example through torrent sites and newsgroups. This is the ministry's response to the ruling of the EU court.

So we didn't need any law change, parliamentary debate, nothing. It was in effect right away.


> so you pay a few bucks extra for storage devices (hard drives, usb sticks, smartphones) and that was redistributed to rights holders as compensation for "home copies" (copies for personal use in your household, backups, that sort of thing)

We have kind of the same in Germany, and our overview on Wikipedia[1] looks even more complicated and expensive than yours[1]. You're still not allowed to circumvent effective copyright protections to make your private copy. But I'd be surprised if e.g. music only available with DRM would be excluded from earning a share of that fee.

Interestingly, before the recent EU copyright reform, this fee benefited only authors directly, instead of the rights holder.

[0] https://de.wikipedia.org/wiki/Pauschalabgabe [1] https://nl.wikipedia.org/wiki/Thuiskopieheffing


I also read many articles claiming that it is legal to watch copyrighted material, as long as it is not redistributed. However I'm not sure that's actually true.

As per https://en.wikisource.org/wiki/Polish_Copyright_Law

Article 23, paragraph 1:

> It shall be permitted to use free of charge the work, which has been already disseminated for purposes of private use without the permission of the author.

Article 6, point 3:

> the disseminated work shall mean a work which, with a permission of its author, has been made available to the public by any means whatsoever

So, it is legal to access the work without permission, if author gave prior permission to make it available to the public. However I'm not sure if selling a book in a store or showing a movie in a cinema would automatically mean that such work can be downloaded freely from the Internet - technically the work is available to the public, but I'm sure the author did not give permission for the work to be available on the Internet.


or Cambodia, which has some interesting laws on copyright that effectively mean foreign copyrights are not enforceable there.


> (I'm not a lawyer, just reading some of the more technical law articles)

I'd advise not giving out bad advice then stating absolutes about the legal situation that are wrong.


Fun fact: due to the situation of CS in late USSR, Russia still has a law preserving the right to reverse engineer any software over any agreement or license.


It's thanks to the obscene profits of the entertainment industry that they're able to lobby to rob us of our rights.

Try not to help them by paying for entertainment.


> Let's add the US Congress and the EU to the long list of parties to blame for the DRM situation. "Reverse engineering" software for the purposes of "circumventing" copyright is illegal.

That does depend on the countries, at least on my case in France there's an accessibility exception which makes it okay in his case to break the DRM legally because he does not have any other choice.


Boy howdy, this is one subject where I loathe saying "I told you so", but... I sure told you so.[1]

HTML DRM is antithetical to the Open Web itself. It was built on a sham of "plugin-free" media playback, but all we did was change Flash and Silverlight for a whole range of closed black boxes, which in turn are effectively all controlled by Big Media (to make it crystal clear: EME was built with third-party decryption modules in mind, and Big Media was obviously never going to support any sort of decryption modules that they couldn't control, so even if your custom browser supports EME it's completely useless without a Big Media-approved decryption module). And make no mistake: Requiring permission from Big Media to essentially build a fully-fledged browser is a 100% intended and expected outcome of HTML DRM as conceived. Big Media would love nothing more than to turn the entirety of the Open Web into Closed Web that they control, and with HTML DRM they've certainly achieved a great step toward doing so, to the detriment of public at wide. I'm sure they're positively salivating about the thought of eventually reaching The Right to Read![2]

[1] https://news.ycombinator.com/item?id=7747142

[2] https://www.gnu.org/philosophy/right-to-read.html


The saddest part is it doesn't even seem to accomplish anything. What would-be pirates are actually being foiled by this? Netflix, Hulu, and Amazon Prime use EME, but all their exclusive content is still readily available on torrent sites. Does it raise the difficulty bar? It's hard to imagine anyone who knows how to rip video from their browser doesn't know how to torrent something.


DRM technologies are often sold to the public & content providers as an anti-piracy measure but that has never been the intent.

It's _always_ been about control on the creation and manufacture of playback platforms and/or devices.


Yes! DRM is not about piracy, it is about CONTROLLING HOW YOU WATCH. Exclusive deals, upsells, ads and devices.


You don't need DRM for that. That is achieved by contracts.


Contracts can't be enforced just because you want to, DRM gives you the means to do it.


It almost seams entirely to please management. The local TV stations use eme and yet youtube-dl still works fine on them.


Can you provide examples? Some local stations in Australia have switched on DRM and I can't save anything. Over the air is still unencrypted though.


Iview is the one I'm talking about. YouTube DL basically downloads the unencrypted video direct from the server but the website doesn't work until you enable drm


Ah, whereas Seven, Nine and Ten are all encrypting (some) streams.


>exclusive content

content is no longer the only draw. the business goal is now monetizing the group experience. consider Fortnite. Companies won't care if a few people watch pirated content alone. They want to control the experience of group content consumption. This does require content, but managing the group experience is the new frontier. consider http://rabb.it Pirates can get ppl in groups to watch premium content, but at some size, authorities will show up to protect their property.


DRM can be successful even if piracy remains rampant.

What counts is whether adding DRM increases revenues enough to warrant the effort needed to add DRM.


It accomplished building a market around drm. Which the drm market is happy about.


To be fair, even if there wasn't a DRM-standard, he still wouldn't be able to build his application, because there would still be DRM.


Hear hear. The parent commenter's I-told-you-so attitude frustrates me because it completely misses the point: Google de-facto controls the web, and the W3C is essentially irrelevant. Trying to suggest that the W3C's opposition would have stopped any of this is completely naive, and only serves to shift the blame.


Yeah, LET'S GIVE UP.


that's the important point. DRM is the price one must pay to consume BIG MEDIA content.

there's no getting around it. if you want it you have to play by their rules.


> DRM is the price one must pay to consume BIG MEDIA content.

It's just what big media has happened to get away with.

If they found themselves without a way for their paying customers to access their content via DRM, they'd drop the requirement on the spot, with little to no financial impact except for DRM scheme licensing fees.


They really wouldn't. They'd just move into proprietary hardware. Several of them already have.

Most studios really wouldn't find blocking all PC access to their content to materially affect them.


While that's true at the moment, I had hoped that the web being such a big market, it would entice content producers to deploy without DRM for fear of losing market share to other content providers who do.

But with the introduction of DRM into the standard, this is no longer possible.


There are still plenty of providers who don't use DRM.

You just want the DRM users content but you want it without DRM.

So what really happened is the content producers enticed the users into DRM with their content. It's the other way around, and the consumers voted with their wallet (and clicks)


How did it make it into the standard?

And why would anyone follow this standard?


The whole discussion revolves around video. You can't imagine a browser today that is "just a reader" (Mosaic? hahaha), no one would use a browser without video support.


I would. I love a browser that renders everything to plain text (go Lynx!).

Much less guff to download.


> The Right to Read

As interesting to read as the first twelve times.


Surprisingly to me the author of "down and out in the magic kingdom" and the maintainer of BOINGBOING supports web DRM and he's part of the W3C committee. he's a great author and a good person with an anti-authoritarian bent I don't understand his position on this.


That is exactly backwards. Doctorow was the EFF representative on the committee, and the EFF resigned from the W3C as a result of them approving DRM. https://www.zdnet.com/article/eff-resigns-from-w3c-in-wake-o...


That doesn't sound right to me. Do you have a link where he comes out as pro-DRM? That doesn't fit with my knowledge of Cory Doctorow's position.

https://www.wired.co.uk/article/cory-doctorow-walkaway-scien...


Yeah, I believe Doctorow has multiple characters (from multiple books) say something along the lines of "no lock is there for your protection", and I'm certain I've read his opinions on DRM to be negative multiple times.

Hell, I'm fairly certain he had a deal with Barnes and Noble to publish his book without DRM which was nonstandard at the time.


That would greatly surprise me. He is very explicitly against DRM. https://boingboing.net/2012/01/10/lockdown.html


That seems uncharacteristic of Doctorow.

He used(still does?) publish his books free of DRM and free to download under CC license.

https://craphound.com/overclocked/download/

It would be strange for an author of Printcrime (fantastic short read from 20 years ago) to support DRM.


I don't know if this will be helpful to you but an open source media player, Kodi, recently added support for Netflix in the latest version of the app (by implementing a DRM engine for people to use).

This requires the use of the widevine library which then downloads things behind the scenes upon use (I believe). https://forum.kodi.tv/showthread.php?tid=329767

I can't imagine Google gave the OK to Kodi to use widevine so maybe you can see what they did?


On a related note here's an arch linux package that rips Widewvine out of chrome and adds it to chromium - download the source files by clicking the "Download snapshot" button on the right, or just view the main script by clicking "View PKGBUILD" also on the right.

Edit: Forgot link https://aur.archlinux.org/packages/chromium-widevine/


There are a few solutions to this.

And... they are using chromium. Can I be sympathetic to Google because they have to pay people money to support this?


Sure, but bear in mind that they are paying that price so that they can control the internet.


Yeah they didn't make Chrome in order to "build a better world" or whatever. They saw what Microsoft did with IE, and how it enabled the pushing of products, data collection, platform tie-in, etc. And Google thought they could do even better and make people feel good during the process, unlike how they felt using IE.


I hope Kodi makes some decent progress. I installed it a few weeks back and it is a rough experience. The docs on how to do simple things seem to be nonexistant because they don't want to be sued and shutdown entirely.


Kodi's been around for like 15 years now so if you're hoping for it to become something else, I would stop holding your breath. I'm not thrilled that it's non-free nor about some of the changes they're making, but I've found Plex to be pretty pleasant to set up.


> I'm not thrilled that it's non-free

Could you explain what you mean by that? Kodi seems to be GPL 2 licensed: https://github.com/xbmc/xbmc/blob/master/LICENSE.md


I think he was referring to Plex being non-free


I think Kodi has made amazing progress. I've not had issues getting it installed on different devices since the 15.x days. Currently run it on 4 different dedicated devices in my apartment as well as some mobile and media devices.

> The docs on how to do simple things seem to be nonexistant because they don't want to be sued and shutdown entirely.

What docs are you looking for? They have a very extensive wiki as well as an active community on their own forum.


I’ve been running it since the earliest beta versions when it was literally Xbox Media Center - a media center for modded Xboxes (original).

I’ve ran it on all kinds of hardware from laptops, Android phones and tablets, Raspberry Pis (version 1 through to 3), Intel NUCs, etc. And obviously not forgetting the Xbox. Until very recently it was my go to media center.

I even went as far as to write some plugins for it. But they were for version 8 or something. It was probably 10 years ago and hasn’t been maintained.

I’ve never used a media center - free or non-free - that was as easy to set up nor ran as flawlessly as XBMC / Kodi did


As a (former) plugin developer and long-time user and community member, I don't think you're exactly the best person to evaluate today's install usability for a non- or even somewhat-technical new-ish user.


I'm really not sure what the point of your post is but what I can tell is you've completely misunderstood my post (and possibly Kodi too?) because several of the conditions you highlighted (eg "todays", "non-technical") wasn't even in the scope of my monologue.

Besides, non-technical users wouldn't be ripping DVDs to a NFS / SMB share in the first place (or using a home server / NAS for bittorrent / usenet / etc if that's how one prefers to accumulate their video archive). So why would they want a Media Centre that's designed for playing local or networked content?

Maybe what you're referring to is the stuff that has been in press a lot in recent years; the stuff incorrectly named (imo) as "Kodi-boxes" (or similar). I say "incorrectly named" because they used 3rd party plugins for illegal streams but those really have naff all to do with the Kodi media centre itself. It's like calling illegal downloading "Windows-boxes" because someone uses a bittorrent client on Windows 10.

I guess you could argue that Kodi now fills a niche that is dying out - that's certainly the case for me as I tend to use Netflix et al on my smart TV. But for playing local / mountable files, Kodi still leads the pack in terms of ease. Which is hardly surprising when you consider that's what the media centre was built to do.


I didn't know it existed and it wasn't for lack of trying. I landed in the forum a few times which didn't help. Bing or Google a simple query where you would expect the official Kodi website or Wiki to show in the results. For example: "How to stream Netflix on Kodi".


Up until a few months ago, natively playing netflix was not possible with a released version of Kodi. Now it is using the link I posted!


what kind of device do you use?


I have: 3x raspberry pis 1x intel compute stick

iPhone (running MrMC) Apple TV (MrMC) but MrMC hasn't been updated to the latest Kodi yet so I can't use those in a shared env.


As a long time Kodi user, I'll just say that the combination of Kodi on my PC hooked up to a big screen and the Yatse app on my phone was a total game changer. A WiFi remote control on the device I basically already had in my hands anyway changed the way I interact with media at home.


> I can't imagine Google gave the OK to Kodi to use widevine so maybe you can see what they did?

Kodi uses the OS native implementation of the DRM, or Chromium with Widevine.


Interesting... I mostly use Kodi for NAS media and run it under NVidia Shield TV because running it on an HTPC was so limiting of an experience for Netflix, etc. Almost ironically also have a Fire stick, because Hulu won't port the updated interface (for live tv) to the Android TV version despite working on Fire devices.


DRM is just a huge pile of shit. I mean, if it would actually work I would say okay, at least we have a solution that everyone is somehow happy with. But instead we consumers just loose. To give a few examples:

- When I want to watch movies on Amazon Prime Video, there are some movies I can't watch in HD, even if I paid for HD (so the movie obviously exists in HD; probably dependent on the rights holder). The problem is that I can't see if I can watch the HD version before I buy the movie.

- On Netflix, I don't get 1080 at all with my browser, even if I pay for 4k.

- Every few weeks, Spotify pushes a broken version of their web player to the website and from one moment to the other, I can't listen to 'my' music anymore until they fix it. The good news is that it seems to happen less frequently lately. Nevertheless, that would not be a problem if I could listen to 'my' music with a normal mp3 player.

- A few hours ago, I wanted to play a game, but guess what... Steam had a network problem [1] and didn't even let me enter the offline mode.

[1] https://store.steampowered.com/stats/


>- A few hours ago, I wanted to play a game, but guess what... Steam had a network problem [1] and didn't even let me enter the offline mode.

I think Steam is a really good (not shitty) DRM enforcer. A very occasional lapse in service is acceptable for entertainment platforms. I use steam because it is actually easier to use their DRM systems than it is to, for example, buy CDs or download individual game installers.


> A very occasional lapse in service is acceptable for entertainment platforms.

I would generally agree that this is acceptable, but it's still a step backwards from Itch and GOG, where my library literally never has a lapse in service. Steam is arguably one of the best DRM solutions out there, but even the best solution on the market still has worse uptime and reliability than a store that just provides users with a bunch of DRM free downloads that they can launch offline whenever they want.

Of course, platforms like Itch don't have cloud saves. But Steam's DRM isn't essential for cloud saves, or for the community workshop, or for the storefront, or for the library management tools. The DRM part of it doesn't add any value to the consumer. So while Steam is an excellent product, Steam without DRM would still be a better product than it is right now.

That's what people mean when they complain about DRM. You can take a great product and add DRM in a way that doesn't completely break it, but it's still pretty much always a strict downgrade in user experience. People look at services like Steam and think, "yeah, this is acceptable. But it could so easily be really great."


> "Of course, platforms like Itch don't have cloud saves. But Steam's DRM isn't essential for cloud saves,"

To this point, GOG supports cloud saves.


>I think Steam is a really good (not shitty) DRM enforcer.

It may be a good DRM enforcer, but as a UI it's terrible and intrusive. There's no way to turn off all those popup messages and game related alerts.

I had to give up on steam once they started doing that.


Well, actually, there is in the steam settings.

And to be fair, not every game on Steam comes with DRM attached to it. I have many games I can play without launching Steam itself.


I'm surprised to hear that there are non-DRMed games on Steam. Do you have an example? I thought it was standard that every game released on Steam that doesn't have some awful third-party DRM like Uplay has the Steam launcher code patched into the executable. Valve has some tooling for doing this even to existing legacy exes that can't be rebuilt from source.


Valve has their DRM solution ([1], "CEG"), but the DRM is fully optional, as it needs to be applied by the game developer to their executable before they upload their game.

I don't have good examples in mind right now, and I would need to double check, but I am pretty sure I was able to launch Supreme Commander 2 trough wine directly with the game executable, without launching Steam some time ago. I also recall "Tyranny" doing a free week-end, after which I could still launch the game trough the executable (although steam refused to launch it). That was a Linux game, though, and could be slightly different.

I would roughly estimate that more than 20% of my Steam library does not have DRM attached to it. There are a couple lists out there that help find DRM-free games on Steam [2][3][4], etc.

Some game developers advertise this as a feature of their game on Steam. For others, it could be an oversight. I find it pretty convenient in any case (example: copy FTL on a USB stick for playing on the go, even without internet connection on an underpowered computer). It also helps with wine.

[1]: https://partner.steamgames.com/doc/features/drm

[2]: https://steam.fandom.com/wiki/List_of_DRM-free_games

[3]: https://pcgamingwiki.com/wiki/The_Big_List_of_DRM-Free_Games...

[4]: https://store.steampowered.com/curator/7540156-DRM-Free-Game...


Kerbal Space Program on Steam is not DRM-ed. I can launch it without Steam running, and it doesn't automatically launch Steam client or anything, the game just starts up.


The Netflix issue isn't really DRM, it's just a way to minimize bandwidth[1]; they found HQ 720 encodes to be sufficient quality for most consumers. I personally find it lacking.

[1]: https://medium.com/netflix-techblog/per-title-encode-optimiz...


I pay for 4k netflix but can't watch it on my computer because of drm. On Chrome it only streams up to 720p, and I have to use Edge for 1080p. To stream 4k you need to use their microsoft store app, a specific high-end processor or graphics card, and on top of that you also need a monitor that supports hdcp 2.2. I have all of the above (1080ti and hdcp 2.2 compliant monitor) but still can't stream 4k because my second monitor is not hdcp 2.2 compliant. The monitor states that it is but I couldn't get it to work even after extensive research. All of my setup is pretty modern and high-end and I still can't stream 4k netflix because drm hardware keeps evolving. If this is supposed to make me pirate less, it's not very effective.


I have a 1080ti too, 2x HDCP2.2 (over DP) compatible monitors and a 1 gbps connection and yet I can’t even stream 1080p content on Linux, much less 4K.

I guess it’s still me to blame because I pay for it for friends and family who use my account.

Anyway check your cable if your monitor states that it’s compatible.


Ah this actually explains something I have been wondering about. My new computer with firefox sometimes hitches and blacks out all the screens when I start/stop watching certain netflix content. I just realized this must be a DRM thing.


Nah, it's a DRM thing. You get 4k if you open it in edge with their PlayReady DRM.


There are (or at least were) some titles which even Edge didn't show in HD, but the Windows Store application does (did). But even then, certain drivers like virtual audio devices might restrict all available methods to lousy SD quality that requires a full reinstall of Windows to reset.


The blog post you link explicitly mentions that they have 1080p streams (and since then they have added 4k). That post makes no claims about 720p being sufficient for consumers.

And if you have the right combination of browser, os, Intel CPU, GPU and monitor to have intact DRM of the required level, Netflix will stream you the 1080p or 4k stream


It states it depends on bandwidth, sometimes 720 is served. I certainly receive 720p in aus.


I think this is the most important point.

Consumers are not going to put up with all sorts of shenanigans regarding browsers, monitor support etc. etc. - it's an ugly mess.

If it 'just works' - then I think most people will accept 'paying for content' as a premise.

But when the pieces don't fit together because industry players don't see the 'big picture' ... it will just be bad for everyone and ironically encourage piracy.


Looking at Netflix's numbers, they are.

Bluntly I expect Netflix could stop supporting PCs and browsers entirely and feel very few negative effects.


Actually I think it would be painful. They could get away with it, but not without remorse.

There are just tons of people who watch netflix on their laptops and mobile, it's part of the promise I think.

It'd be bad.


Makes one wonder why you're still bothering to pay money for something you're not getting...


Nobody cares about pirating, it's when the masses are able to do the pirating easily and get the content easily that is when things break down.

That is what DRM is about preventing.

If some knowledgeable people can copy it and put it low-fi on some competitor of Youtube and Google doesn't show in in search results. That isn't that bad. That means the general public won't easily find it.


DRM often results in a whitelist of media clients, killing standards in favor of a centralized authority. HDCP does the same for video feeds (HDMI, etc.). DRM-protected boxes can only output to DRM-protected displays, giving a central authority the ability to effectively deny new client devices from being made: https://en.m.wikipedia.org/wiki/High-bandwidth_Digital_Conte...


Mind helping me understand this a bit better?

The link mentions that to produce a HDCP-compatible device (eg one that has an HDMI port) it needs to be licensed, pay an annual fee, and make promises to frustrate DRM-mitigation efforts.

If I wanted to make my own monitor with a VGA input (or, more practically, pipe the signals coming from VGA into a program that does something with the feed) I would just have to find a suitable adapter and receive the serial data.

Does this mean that doing so with HDMI (either the real-world DIY monitor, or the in-software feed-ingestion program) would be:

A) Difficult/time-consuming to write due to a lack of open drivers B) Run afoul of IP laws pertaining to the HDMI standard and get me sued C) Prevented by the cryptographic handshake that happens between an approved display and the output drivers D) All of the above?


Most of the above, with a couple caveats.

For HDMI, specifically:

A is true, as HDMI requires a pretty ugly IP core on an fpga or an asic to process or produce the phy.

B is also true, as to sell a device with an HDMI port you have to join the group and pay fees. If you're just hacking stuff together for personal use I think you're A-okay here.

C is true ONLY in the case of HDCP protected content, as that handshake does not occur for unprotected content or HDMI 1.0

Also, side note, VGA uses analog R/G/B channels so if you want to pipe signals into the program you'd need an ADC to get useful values from it, and a pretty fast one depending on your resolution.


Also I'm pretty sure the hdcp private keys have been factored, so anyone can now make unauthorized but compatible devices.


All DRM solutions eventually fail. It's an endless race. Companies pour millions and millions into media DRM, and yet all of the content is cracked and uploaded on pirate sites, without fail. They don't seem to understand how much of a waste their efforts are, and the government doesn't seem to realize how pointless, and stifling of innovation and competition laws like DMCA are.


I imagine their argument looks something like: We earn billions of dollars a year and want to earn more. We see people are downloading our stuff without paying us. This technology/company/etc promises to make copyright infringement more difficult and it'd only cost us $y million. If we see even a 0.01% increase in sales, it'll pay for itself in x years. Do it!

And government is even more straight forward. Media companies/individuals donate lots of money to campaigns, and there's a typical unspoken quid quo pro. They donate getting politicians into office and hire some lobbyists who know how to get those politicians what they want. In turn, those politicians then pass the media company's legislation. Like much of what the government does, the motivation is not a holistic effort to create a better country but an individual effort to get elected or reelected.

Hahah, come to think of it - it emphasizes that governments and capitalism suffer from the exact same problem. Capitalism works great when people put out good products and look to get rewarded for doing so. And similarly governments work great when politicians do good stuff and look to get rewarded for it. Things only get really messed up when companies start with the goal of making money instead of making a good product. And similarly, politics gets messed up when politicians start with the goal of getting [re]elected instead of creating good legislation. Because in both cases what makes the most money is not necessarily the best product, and what gets you reelected is not necessarily the most beneficial legislation.


it's really a pitch that starts with the hardware companies and the media companies buy into it because more DRM has no downside for them.

You better believe some "HDCP-certified 2.0" badge or whatever is on every hdtv and gpu you find at best buy. I wonder if the engineers on hdcp 1.0 knew how fast it would get cracked, but they knew that would just let them sell another round of hardware for the 2nd version.


Pretty sure the latest version of HRCP (required for 4k Netflix) replaces the factored keys and the entire key scheme.


Outputting an image via HDMI using an FPGA is relatively straightforward, almost as easy as VGA. I don't know about HDCP but expect it to be next to impossible.

Inputting any pulse-based high-frequency signal is more difficult, be it VGA or Ethernet or HDMI.


A little bit of A and all of B/C/D. Not all of HDMI is encrypted, but for the part that is the protocol is known, but you also need the keys which are meant to be stored in secure hardware and difficult to extract.

Also, old keys are frequently phased out, with new media requiring newer keys for playback.


How does that work? If I have an old player that is perfectly technically capable of playing new media, will it fail to play requires new keys? If so, that's atrocious, and I'm glad I jumped off the physical media train post-DVD.


>If I have an old player that is perfectly technically capable of playing new media, will it fail to play requires new keys?

Yes. It will require a soft/firmware update, which won't be available if the device has widely known vulnerabilities which cannot be software patched that would allow for key extraction. HDPC is not limited to physical sources.


I'm not an expert on HDCP but I don't think this is exactly correct. The standard doesn't rotate through new generations of keys; instead, revoked hardware keys are burned into all Blu-Ray disks burned after the time of revocation, and compliant HDCP implementations are required to check their own hardware key against that list before allowing playback. I don't know whether a hardware manufacturer could remediate the vulnerability that caused their key to get revoked and distribute a new key via a firmware update, but that sounds reasonable.


> which won't be available if the device has widely known vulnerabilities

Probably won't be available full stop. Very few devices ever get manufacturer updates - they're all focussed on just making a new version of the device.

If it's still in warranty, sometimes they'll take it back for a refund.


HDCP is of course completely broken, and has been ever since the master key was leaked years ago. You can find all sorts of "video stabilisers" and such sold online, which will strip HDCP completely (they do not obviously advertise this ability, so read between the lines...)

(I wonder if the same people who are up in arms about China's lax IP laws and massive product counterfeiting realise that it's the same country, the same culture, the same mentality which allows them to easily produce these devices that actually fight for your freedom to consume content.)


I also find the title to be rather sensational.. "I tried creating a web browser" ^ "Google blocked me" implies that Google blocked them from creating a web browser.. which is not the case.


If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different? Google is effectively deciding that anyone other than pre-approved browsers can't play Netflix content.

If an ISP fully embraced the Net Neutrality repeal and started blocking video content, and someone posted on HN that ISPs were "blocking them from building a streaming service", no one would be complaining that, "technically you can build it, you just can't reach any of your customers." Everyone on HN would understand that part of building a service is the having the ability to reach customers.

In the same way, part of building a web browser is having the ability to render web content. If Google can block your custom browser from rendering content, then for all practical purposes they are blocking your ability to build a browser.


I never meant to suggest that this wasn't a big deal, just that the title was intentionally dramatic to get more views.


Which has proved, time and again, to be the only way a lowly user can appeal or seek redress for grievances with Google. If you don't -- or can't -- raise a shitstorm on social media, you have no voice in their decisionmaking process.

Break them up. They are no different from a competing government at this point.


I suppose you make a good point.


> If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different?

Because those third party sites choose to utilise closed software from that company. And Netflix doesn't only utilise Widevine as a DRM, it uses several different DRM systems, so Google don't have control over anything.


This. Netflix is buying security for their product by doing this.

We may all think (know) DRM is dumb, but DRM is more than just about how hard it is to hack. Sure, everyone could in theory reverse engineer this stuff. But the point is that it's only legally protected as long as it's at least not trivial. Open sourcing would probably invalidate their legal defences against people downloading Netflix movies.


> invalidate their legal defences against people downloading Netflix movies.

I highly doubt that. A ToS violation is still a ToS violation (in the case of Netflix, which is expressly a streaming service), and copyright infringement is still copyright infringement. The legal protection that's afforded to DRM itself is something that's literally only useful to you as a content holder if you're looking to abuse copyright and go far beyond what copyright law actually grants you! That's what makes the whole notion so problematic in the first place.


Well, they are granting you a license to download the copyrighted content. That's the consideration you get in exchange for paying subscription fees. IANAL but it seems doubtful to me that copyright law on its own (without the anti-circumvention parts of the DMCA) could be twisted to produce criminal penalties for downloading licensed content in a non-streaming way given that it's legal to download it in a streaming way. And ToS violations are not criminal acts.


Agreed; most of the blame is on those third party sites.

Further, Google's own browser, Chrome, will not stream above 720p Netflix(and maybe Amazon now). So at most Google is a lesser DRM god.


Chrome receives 1080p content on ChromeOS.

The issue is more complex than that, and generally relates to some hardware APIs for securing the video path not being available to Win32 applications in Windows.


Chrome on Windows and OSX will not stream 1080p Netflix. You have to use IE or Safari.

It at least used to stream 1080p for Amazon, and it may for CBS but I'm not 100%.

It honestly seems like a decision made by the streaming providers.


> If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different?

That's just a sensationalistic as the headline. There isn't a single company controlling and selling these modules. There is a several of them, in open competition. The OP chose Widevine because they are easiest, but with sufficient perseverance he could probably use any of them, or at least any that distribute x86 binaries. It's damned near impossible to prevent someone from running a binary if they really want to.

I also found the original article difficult to swallow. It gave very little detail - so little we have no idea what Widevine said no to. For example, was it "could you provide Widevine and loan me an engineer to help me integrate it with my browser - but I can't pay you because it's all open source". Or was it "I've got it all going, I'm willing to pay you commercial rates per licence - how can I buy licences?" It if is the former hats off to Widevine for replying at all.

As it is, we only get a small part of his side of the story, no insight at all into why Widevine reacted they way they did, and a headline that's guaranteed to get clicks.

Call me paranoid, but I get the feeling I'm being manipulated.


I've updated the article to include the email exchange, check the edit at the bottom.


> In the same way, part of building a web browser is having the ability to render web content. If Google can block your custom browser from rendering content, then for all practical purposes they are blocking your ability to build a browser.

Eh.. in a way, but not really. It can still work as a web browser but a web site can still render however they'd like based on your user agent.

If I made a site today, I could add the same functionality if I wanted to. Since I own the site, that's my choice.

I completely agree that Google should _not_ block their content based on your custom web browser. That is evil.


I would still claim two differences on the user agent side of things:

First, any browser can report any user agent they want. There are a number of examples of browsers faking or changing user agents to get around sites that try to differentiate based on those strings.

Second, while any individual web site can implement logic based on the user agent, that's the sole choice of the web operator. By restricting Widevine access, Google is blocking rendering of content on other people's domains.

The non-ISP, in-browser analogy I would use would be if Google decided that in order to render an AMP page in your new browser, you first needed to get their permission. They're not just blocking their own content, they're blocking an entire category of technology.

It's also worth mentioning that even under the user agent analogy, if this headline was, "Google uses user agents to block Firefox from accessing Youtube", pretty much every person on HN would call that anti-competitive behavior worthy of regulation.


Right! And when the headline was Google uses user agents to block Windows Phone from accessing Google Maps (along with reports that changing the user agent made the software work fine), we all agreed on swift and decisive action against Google /s.

https://mashable.com/2013/01/05/google-maps-windows-phone/


Oof, rereading this article in the present just hurts.

To be fair, the 2013 ecosystem was a lot more Google friendly than the 2019 ecosystem is. I'm sure the average non-HN reader still wouldn't care today, but I would at least hope HN itself would have a different reaction.


> By restricting Widevine access, Google is blocking rendering of content on other people's domains.

This isn't good, but it's not arbitrary control. These companies chose to implement widevine, so they chose to allow Google to dictate who gets to legally use WV.


The point isn't that the control was granted arbitrarily - as you note, the granting was explicit. The point is that as a result of that, we have arrived at a situation where Google is now capable of arbitrarily exercising control over this subset. This wouldn't be a problem if that subset was small, but it's not - it's huge, and ever growing.


But times change and today playing videos (including DRM protected ones) is no longer a feature but a required part of a browser. A requirement which likely will get stronger with time.

(Sure some "special purpose" browsers get away without, but they also only Target a very limited audience)


To be fair, I think that it's primarily the content owners pushing this ridiculousness. OP's project is not a general purpose browser, and it will not compete substantially with any Google products, so I don't think this is a case of Google trying to knock out OP.

I completely agree that this is unacceptable... but I think the blame really rests on the content owners who forced this DRM in the first place. Every damn thing on Netflix is widely available on torrents in hours, so it's totally useless and just makes things worse for everyday consumers.


Absolutely. The title isn't just sensational, it's misleading. OP's browser is opensource and uses a P2P-like architecture. It sounds incompatible with current rights management.

OP sounds like he feels entitled to others' work and efforts. If he wants to play videos in his browser, he can make them. Or find people who will make videos for free for him.


It's compatible.

All OPs browser does is syncronse playback across users legitimate Netflix (or other) accounts.

OPs broswer will pass the encrypted video through to the DRM plug-in, which will authenticate from Netflix through to the to the screen. It will decrypt the video, decode it, re-encrypt with hdcp and send it to the monitor.

The DRM chain is intact. OPs browser can't be used to pirate the videos, or steal Netflix.

All he needs is permission to ship the closed source DRM plug-in.


EME is part of web standards. So for some value of standards compliant web browser google can block you from implementing it.

https://www.w3.org/TR/2017/REC-encrypted-media-20170918/


EME does not require Widevine; you can implement EME in its entirety yourself, in open code.

Widevine is only one of several implementations of a Content Decryption Module; it just so happens to be by far the easiest to license (though that doesn't mean that's easy!).


> you can implement EME in its entirety yourself, in open code

Noope. Netflix has explicitly stated, at W3C, that they absolutely won't use any open EME implementation.

In practice any open CDM that you implement yourself will be totally useless. The "open" parts of EME have no real utility, and exist only to be able derail criticism by making rhetorical arguments about hypothetical open implementation, even though it's by definition exactly the opposite what Netflix and Google designed EME for.


That's Netflix blocking you then, not Google.


An EME implementation is not complete without a decryption module. And getting one is the problem here.


So could I write a custom Content Decryption Module that would be able to decrypt Netflix content? Or would the content providers have to support my custom Content Decryption Module?


A website can decide which Content Decryption Modules it would like to support, because ultimately the site runs the keyservers and can decide which CDM's keys it would like to generate.

But EME includes a fully freely implementable Clearkey spec. Ultimately sites generally don't want to generate keys for it, but it can be done.


So... I can technically implement my own EME standards compliant web browser, but that browser won't actually be able to interoperate with the existing set of websites that make use of EME. What's the point of the standard again?


1. To serve Hollywood's delusion that DRM is useful

2. To create market barriers for anyone who wants to compete with existing streaming services like Netflix, Spotify, and Youtube Premium

3. To create market barriers for anyone who wants to compete with Chrome, Safari and Firefox

4. To replace old proprietary plug-ins from Adobe and Microsoft with new proprietary plug-ins from Google et al.


Certainly complying with EME isn't enough for web compatibility, but EME plus any given CDM isn't in reality interoperable either: sure, Firefox and Chrome both use a Widevine CDM, but Safari and Edge do their own things. As such, in principle a website could easily not support Safari and Edge (given you get the two larger browsers with one CDM).

To be fair, you can make a similar argument about what's the point of a standard for the video element: in reality, you need to support H.264 encoded video, so just supporting Ogg/Theora/Vorbis (as some early implementations did) doesn't suffice, so what's the point of that standard? (Also the img element, the object element, etc.)

But yes, EME is different because it fails to fulfil its use-cases in a fully free implementation (one can imagine, potentially in the future, a free software implementation that passes encrypted content to a hardware module that implements the decoding, but that seems like little gain and unlikely to happen).


I mean, it's a web browser aimed at media consumption. Not supporting DRM will sadly seriously restrict its usage.


It made the top of HN with 945 votes (2x the votes of anything else right now). As much as we hear criticism of it on this site and elsewhere, clickbait headlines work.


Is front page HN real?


It absolutely is blocking. You know as well as I do that this is a conversation that's likely been had behind closed doors at Alphabet.


Yep I thought it was a legit new browser as well, but turned out we got another Webkit/chromium-based thing. Meh.


Right, thats the whole thing that sucks about DRM and these video providers in general. Not only do they want to protect their content from unauthorized viewers, they want to control how it is consumed. Which to me is especially outrageous because netflix and youtube are the only two with a good user experience. (I used to count Hulu, but at some point they really fell off)

I would think that Amazon would lead the charge for an open standard for distributing video which handles DRM, subscription, pay per view, etc. and then all the non-Netflixes would publish to that standard, and let player applications thrive. Even when using a Roku it feels like each app is completely different. And most of them suck. Imagine if in 1985 Prism, HBO, and Showtime all manufactured their own TVs and required you to use them, but they all had wildly different layouts and remotes.

The idea of syncing up two video streams is awesome, I can see people enjoying that, and it would encourage people to pay for whatever services their friends have. Though it does sound a bit similar to rabb.it


The world doesn't rotate around netflix and co. You do not need to consume them if you don't want to. There is also no right from yourside to how you wish you like to consume it.

I would prefer to have NO DRM of course don't get me wrong. But still in this case, it is not your decision and apparently most people really don't care for that at all. They wanna see netflix in there browser. Thats why google and co did it. Thats why no one cares that there might be a electorn based browser somewhere which is unable to implement its core feature of sync viewing.

And while i like the idea, just because is just not good enough. Noone will cancel there netflix subscription over this.


I wanted to be sure that there were multiple instance of this in your posting history (there are) before I commented, but you regularly use "there" in place of possessive "their".

I would want someone to correct me on a fundamental grammar mistake in Spanish, so I felt it would be useful to correct you here.


Thank you for the effort on checking my previous comments as well :-).

Really appreciate it as a non native english writer! :)

I sometimes think it would be nice to have a community correct feature which allows anyone to make simple corrections in a way you, as the author, also become aware of it.


The entire idea behind DRM is to gain control over the user experience of legitimate users. Pirates will always break whatever DRM scheme you use. Wasting energy on them will always be futile. Controlling the user experience? That's where you can make a lot of money by pushing out competitors.


I think this is an incomplete picture. Guessing at their motivations, DRM also serves to reduce opportunities for casual copyright violation when you have to jump through illegal (which is part of the scheme) hoops to circumvent it.


But by and large people don't make mix tapes, or bootleg videos anymore. They torrent it from the one person with the time to break the DRM. They would likely still do this even if the content was DRM free since its easier.


exactly, but my point is that most of the players don't have a good product, so why would they force people to use it? In the last few months I've used Prime Video, Crackle, FXNOW, WWE Network, NJPWWorld, and HonorClub. All of them are awwwwful, and it would only benefit them if they could come up with an api standard for content, and let other vendors take care of the front end.


Regarding browser extensions, the Firefox "webextensions" API is (mostly) compatible with Chromium's, so with relatively little effort you could target both the Firefox and Chromium families of browsers.

Firefox compatibility is valuable because Firefox extensions don't have to be distributed through the Mozilla add-on store (they do need to be signed by AMO, but provided your extension isn't doing anything illegal, that should not be an issue).

Finally, you could try redistributing unbranded Firefox or Chromium with your extension pre-installed. Waterfox (a Firefox fork) can have DRM — it's disabled by default, but it can be switched on — and I don't think they put a great deal of effort into it, so I think that your "version" of Firefox could also easily have DRM. (I have no idea whether the same holds for Chromium.)


I was curious about this too, and I wonder if OP can clarify what they mean by "reduced features". What exactly is it that they want to do, which requires them to create a whole new browser, vs just creating a website/extension.

I would much rather have a webapp than have to download a whole new browser just to watch videos with a friend. Most of the stuff listed on the github (WebRTC, WebSocket) are just normal web technologies. The only other thing I see is "Discord Rich Presence".


Sorry for the late reply. Building Metastream as a web browser instead of a web extension was a complexity burden created solely by myself.

One of the main requirements I wanted was the ability to use the app with as little centralized dependencies as possible. P2P is the primary way to connect to users with the app, but even that requires a centralized signaling solution which is prone to downtime. To mitigate this, users can also directly connect to an IP address with the appropriate ports forwarded. Listening on a socket is not supported by a web extension at this time.

Additionally, some actions on the web require a "user gesture" to be performed such as fullscreening a video. I created an auto-fullscreen feature by simulating a user gestured mouse click. It also only fullscreens within the frame of the window instead of the entire screen. [1]

Other features not possible with a web extension/app include local file reading (potential future feature) and Discord Rich Presence (currently implemented).

[1] https://github.com/electron/electron/pull/17203


Thanks for the reply!

That makes sense and it's interesting to see the limitations of the "web extension" framework.

The following isn't meant to try to convince you to use any particular solution (I don't have any skin in the game), just some ideas in case you get fed up even more by the problems with implementing DRM in your own browser.

Listening to a socket and reading local files is possible with "Native messaging"[1]. In brief you have a small application running in the background, outside the browser, which can listen to sockets or read local files, and your browser extension communicates with it. This does bring added complexity and might (haven't tested) bring additional latency, possibly making it unacceptable.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...


This. I’m currently working on a project to do what OP is doing, and this is almost certainly the most painful route to go down. All of this could be done with WebRTC, and you get the bonus that it’s even p2p so you don’t even have to handle video content yourself if you don’t want to (if you do, you can mix in media servers like Kurento or Janus if you want). To further sell this approach, I built v1 of the streaming pipeline in like 2 weeks.


The blame for this sits squarely on the w3c for their efforts in trying to replace flash by letting the content companies dictate standards for encrypted playback.

If they had held fast, we could have forced the companies to do their key management in something like WebAssembly and avoided this gatekeeping mess.


The W3C isn't to blame. No one is to blame, really.

We have DRM, we hate it but it's there, and it serves a purpose. If it is your intellectual property, you get to decide how it is used. And if you don't want to make copying too easy because you think that it will get you more money, that's your right.

The goal of the W3C is not to make to make a political statement about the rightness or wrongness of DRM. They are here to create standards that respond to use cases. And unfortunately, copyrighted content diffusion is one use case, and content owners want DRM.

And if you read the standard they came up with, it is not that bad. They managed to isolate the "evil DRM" part well enough without completely destroying its effectiveness. They also didn't require any proprietary component, though services can require them (that's what happened in the article).

Using WebAssembly (which is essentially optimized JS) for DRM is a terrible idea IMHO. DRM, to be effective, usually requires access to protected system components. It means that to make an effective enough DRM to be accepted by content providers (which is the entire point of the standard), we would need to give WebAssembly way to much power.


You make good points but:

>And if you don't want to make copying too easy because you think that it will get you more money, that's your right.

They seem to think that but is there any truth to it? I do pirate some series/movies from time to time (mostly out of convenience) and you can get high quality rips of pretty much anything mere hours after it's available on streaming sites anyway.

So what is this DRM supposed to achieve? Prevent the average non-technical user from saving the stream? I mean I'm sure they wouldn't even know where to start, there's no "Save As" button on Netflix for instance. Simple client-side limitations would do the trick for 99.9% of the population. On the other hand the few technically-savvy stream rippers seem to have no issue bypassing these protections.

DRM works better for interactive content like games because it's not just about ripping the output.

How many decades do we have to suffer through this broken scheme and this technical debt until the right owners realize that they're wasting their time and their resources to push a system that only serves to make it harder for legit clients to consume their contents?

When iTunes got rid of DRM on music files I thought it would be the tipping point where right owners would realize that this scheme was ineffective and counter-productive, but apparently it's still an industry standard for some reason. Have legit users on unsupported systems stream low-res video while the pirates can watch it in 4k for free. Ridiculous.


> So what is this DRM supposed to achieve?

It's a good point, but I believe DRM isn't just about piracy. It's also about control. I read a good article about this once, but I can't find it anywhere right now so I'll summarize what I remember.

As long as DRM exists, if you want to make a Blu-ray player you have to go and ask the Advanced Access Content System Licensing Administrator for their blessing, so that you can decrypt and play (for example) AACS-protected media. It doesn't really matter that AACS has been broken since early 2007 and that pirates can easily circumvent it - as long as you want to sell a player above-board and not risk potential lawsuits, you still have to go and license it.

(This might not be true for AACS in particular, but AFAIK it is generally true of more recent content protection systems.)

That's when the control part kicks in. Good luck getting that Blu-ray player approved for content decryption if it allows the user to skip commercials, or make small clips of movies and send them to your friends, or other such features. I do believe there would be some amount of demand for those features - well, mostly the first one. However, I don't see the AACS LA ever approving such features while having Disney and Warner Bros as founding members[0].

I'll try to find the original article I got those ideas from. I'll reply again if I ever find it.

[0]: https://web.archive.org/web/20120218192257/https://www.aacsl...


That makes a lot of sense actually, I guess my take was a bit naive. I hadn't considered that it wasn't just about preventing piracy, it's about controlling how the content is consumed. Thank you for this insight.


I think you were probably trying to find this article:

https://web.archive.org/web/20190119000840/https://plus.goog...


That's exactly it! I've bookmarked it for future reference, thank you so much! =)


>How many decades do we have to suffer through this broken scheme and this technical debt until the right owners realize that they're wasting their time and their resources to push a system that only serves to make it harder for legit clients to consume their contents?

Where did you get the impression that this isn't what they actually want? The goal is control over users, not acquiring non-users (pirates).


> So what is this DRM supposed to achieve?

I think DRM in general was never really designed to completely thwart piracy.

The goal is actually to delay the pirated version as much as possible and to raise the barrier to entry when pirated versions are eventually released into the wild.


Instead of that, it's turned pirates into heroes of the common person. After all, why pay and be limited in the way you can watch the thing you paid for when unlimited access exists for free?


> why pay and be limited in the way you can watch the thing you paid for when unlimited access exists for free?

Oh I dunno... have you tried asking one of Netflix's 140M subscribers? Or the 26M people who use Amazon prime video?

The point of DRM isn't to make it impossible to pirate things -- it's to make it difficult enough to get pirated content that most people would prefer to pay a few bucks a month to watch things via a channel where rights holders are compensated. And by that measure, it seems to be working pretty well.


I'm not sure for how much longer it will keep working though. With the increased fragmentation of streaming services (and geoblocking), pirating content is starting to feel more convenient yet again.

When it comes to music, I can most of the time listen to it legally via Spotify or Google Play Music/YouTube Music. When it comes to movies (and especially for older movies), the rights holders give me no choice but to pirate because they simply don't make it available for me to obtain in a legal way.

As an extreme example: I was looking up an old childhood movie "Hugo: Djungeldjuret". The rights holder have stopped distributing the movie and they no longer sell it, but they do issue copyright claims and take-down requests towards anyone who hosts it. How am I supposed to watch a movie like that in a legal way when the only distributor has stopped distributing it?


My point was that, for movies and TV shows at least, this simply doesn't work. The delay is small enough that it's usually negligible (a few hours in my experience). For live events (especially sporting events) of course that's enough to make pirating impractical, but for the new episode of Game of Thrones it's really not much.

Furthermore I assume that most of that latency is not due to the time required for pirates to break the DRM but rather the time for the original riper to encode the file and share it through the pirate food chain until it reaches the public trackers that I use. You'd still have to wait a little while to get your pirate file if you don't have a subscription to the official streaming service.


> For live events (especially sporting events) of course that's enough to make pirating impractical, but for the new episode of Game of Thrones it's really not much.

I think you underestimate how many people prefer to watch the latest episode as it airs.

> not due to the time required for pirates to break the DRM

Even if the DRM is already broken, you can't just ignore the initial time spent to break it.

> until it reaches the public trackers that I use

Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means? And of those who do, how many do you think would actually be able to download a movie through a public tracker?

This is why Popcorn Time was such a huge hit: it provided effortless access to movie torrents for the masses. Obviously, this also explains the rapid response by content publishers to crush the project.


>I think you underestimate how many people prefer to watch the latest episode as it airs.

I don't, but even without any DRM you still have the delay between the moment the ripper manages to get the file and the moment it's available for download. DRM doesn't really change anything here. It's not like for games where DRM can delay the release of cracked version by days or even sometimes weeks.

>Even if the DRM is already broken, you can't just ignore the initial time spent to break it.

For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack. I have yet to see the release of a good quality movie or TV show because they couldn't crack the DRM.

>Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means?

I honestly don't know, but I do know that streaming solutions and direct download websites are pretty mainstream in my experience. Megaupload was huge for instance.

But even if you're right and it's obscure, doesn't that make DRM even more pointless? If people don't pirate because they don't know how why would they start ripping Netflix streams? Technically speaking it's even more involved.


> I don't, but even without any DRM you still have the delay between the moment the ripper manages to get the file and the moment it's available for download.

You're missing the streaming option. But alas, watermarking + ContentID + DRM have essentially conquered that realm. Acestream and IPTV are two surviving options, but the barrier to entry is not low for these.

> For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack.

I don't know enough about current media DRM solutions to comment here. What I do know is that will likely change once TEEs/enclaves become more widespread on consumer devices.

> If people don't pirate because they don't know how why would they start ripping Netflix streams?

"Right-click > Download" versus, at the very least:

1. Finding a reliable torrent tracker

2. Downloading and installing a torrent client (viruses galore!)

3. Finding a torrent with enough seeders

4. Figuring out which version of the movie/show to download (what's a "nuke"? what's up with the quality (cam)? why is this movie split into 37 .rar files? where are the subtitles? why is the audio out of sync? etc. etc.)

You and I have already gone through all of this the hard way, but it's important to realize that it's not intuitive at all.


Isn't it still live and well?


The UHD Blu-ray protection held up for several years.


In reality as long as possible is a few hours. In exchange everyone who doesn't pirate has to jump through hoops and gets a worse experience.


If it is your intellectual property, you get to decide how it is used.

Another poster here made an interesting point, that this wasn't true until the 90s. Deciding "how it is used" is different from (and broader than) deciding "who gets to distribute it".


> Another poster here made an interesting point, that this wasn't true until the 90s.

This was always true. Most copyright traditions recognise Droit Moral, and the right for the author to determine the integrity and treatment of the work, and have for, in some cases, literally hundreds of years.


In the USA at the federal level I'm only aware of VARA which was passed in 1990.


The problem is that pretty much the only way to satisfy those obligations is to turn the internet into a huge walled garden (as is currently happening). So we'll either have to accept the consequences of that, decide that some of the rightsholders' claims described above are not in the public interest or find some kind of middle ground.


The W3C, Google, Apple and MS and the TV manufacturers could have said "OK then, keep your content to yourself, let's see how your business does without us providing ways to deliver your crippled content to the eyes and ears of your customers."

But of course they didn't say that, because most of them got some direct or indirect interest in DRM, enough so that the few remaining players did have no choice than to hop on board, too.


No, honestly then we would’ve just had more plugins like Silverlight/Flash. Widevine helped, in part, to get rid of all of that.


Blame Google and Microsoft. They were the people who created the specification, and pushed for it, when Netflix came begging for a solution to their DRM conundrum. Even if the W3C hadn't approved it, that's two of the big four browser vendors who are committing to implementing it anyways, which is enough to guarantee a de facto standard anyways.


No, blame the movie studios, record labels etc. They're the one which require asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe want to support media content, but to do so requires towing the line with the media companies otherwise they refuse to license the content (at least in HD+).

Having worked with various DRM teams I know that they have to treat their code as if its the most secret code in the world, if they don't the media companies can swoop in and ban them and then no Netflix for your users. This is why Widevine code isn't open source (other than the glue EME code) and is almost certainly the reason for the refusal to work with a small open-source form of Chromium. If for example the project was used to "steal" content the media companies would be mad at Widevine, with lasting repercussions for all Chrome users.

It's worth noting that typically all DRM teams work as if the hosting environment is an adversary. For example Widevine don't trust anything Chrome says as someone could recompile it and lie about the security. The only times this is relaxed is where the platform is deemed secure, such as CrOS or iOS.


> No, blame the movie studios, record labels etc. They're the one which require asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe want to support media content, but to do so requires towing the line with the media companies otherwise they refuse to license the content (at least in HD+).

Let's say Google, Microsoft and Apple announce that they will be removing any DRM from their browsers on 2020-01-01. They will also remove any DRM playback app from their App Stores. So no Netflix on PCs, Macs, iPhones, iPads or any Android device (including stuff like Android TV).

What do you think would happen?


Media companies would rejoice. Since such a coordinated move from Google, Microsoft and Apple would destroy streaming for everyone indiscriminately, it would re-level the playing field and enable everyone to start competing anew. Disney, HBO and others would fork Chromium and add DRM support back, then market the shit out of it. They'd start signing deals with phone and TV manufacturers to get their DRM back, each preferably in a way that excludes the others. There'd be a lot of churn as whole media space gets re-balkanized, but that's all good, since churn means they make money.

A lot of smaller companies would die, and a lot of users would suffer - but none of the parties involved actually cares about the users; we're just a natural resource to be stripmined.


The internet before streaming (when downloading postage stamp clips took 3 hours) was close to that described state, and people just exchanged burned CDRs right and left.

Even elderly people were using and watching pirated stuff installed by their kids as they just couldn’t bother.

No DRM support in major browsers would mean pirating becomes the #1 way to see anything again.


That is a realistic outcome.

Then again, the way media companies are balkanizing the streaming space, this could become (again) a reality soon anyway.


Just as the only browser with DRM would have a huge advantage in that scenario, the one streaming service without DRM would have, too. I honestly think Netflix would take that chance for their own content.


Simple: You'd have to install a plugin or a separate special app to watch video, like the bad old days of RealPlayer.


This is the most plausible outcome. Netflix wouldn't just leave that money on the table and the most obvious thing to do would be to provide the support they want from browsers themselves.

Users follow use cases and would not be averse to spending 30 seconds installing something in order to watch their favorite content.

There's also sort of a game theory situation with the removal of DRM, as it would be a competitive advantage being the only one that supports it.


All Netflix movies are on PirateBay already, in spite of their DRM. I’ve seen movies pop up on PirateBay the day they are released. They wouldn’t leave any money on the table.

People paying for Netflix are paying for convenience. That wouldn’t change in absence of DRM.


I think you're greatly underestimating how much more cumbersome torrenting is even compared to a plugin, especially for "normal" users who are not necessarily tech-savvy.


This argument is repeated ad nauseam but it’s false, all it takes is a torrenting app installed, that’s the only threshold.

But back to the point, if Netflix wouldn’t use DRM, it would change absolutely nothing since copyright infringement is still illegal and those DRM protections are completely useless.


Can my torrenting app stream my video, or do I have to wait for a full assembly of the pieces from torrent hosts and enough downloaded to watch it?

If the latter, torrenting is plenty cumbersome enough that if the studios are pushing movie-viewing to "Pay us money or you have to torrent it," they're winning.


> Can my torrenting app stream my video

Yes, and this functionality has been built into many of the largest torrenting programs out-of-the-box for quite some time now. In the case of µTorrent, it was added in version 3.0 all the way back in 2010.

Obviously, how quickly the stream will buffer depends entirely on the state of the swarm. Popular items will work almost immediately, while particularly unpopular items won't be streamable at all.

Anecdotally, I have personally witnessed my (very nontechnical) friends streaming 4+ GB 1080p ...popular cat videos... that weren't available from Netflix. They did not struggle with the process in the slightest.


Pop-Corn Time would like to have a word with you


I don't think it would, unless it begins playing within thirty seconds of the user choosing a video and provides an uninterrupted streaming experience?

Last I checked, the BitTorrent protocol didn't provide packet sorting that would allow for this behavior (by forcing the beginning of the movie's bytestream to be the first data downloaded), so my mistake if the protocol has improved and I was unaware it provided this service.


The downloading client is in charge of which parts of the file it gets first. It can easily go in order.


How easily, and how much setup is necessary? Remember, we're talking about competing with a service that doesn't even make the end-user consider whether that is a problem that needs to be solved (just plug in a credit card and off you go).


A coder spent an hour changing the code, once, and now it requires zero effort for users. They never know the difference. Open popcorn time and wait for it to quickly buffer.


> You'd have to install a plugin or a separate special app to watch video

How is that different from the current state of EME plugins? Other than that proprietary browsers ship with the most popular plugins installed.


Edge and Safari have the appropriate tools to deal with DRM, so significantly different. The built in browsers already just work.


They could block that, too. (It won't work on Android and iOS anyway)


This would be an authoritarian action, compared to just opting out of supporting something. There's a huge difference and I think these organizations' supposed interest in ethics precludes that sort of move.

DRM is not illegitimate. It just sucks and operates in a way that is immune to free market competition - the reasons for that immunity are the true thing to fix. Users should have alternatives as there is a clear market there. If DRM is so bad, then that's what should kill it.


This is the correct solution. The big tech companies control the distribution channels. Currently, they bend to the requirements of large content producers. If they leaned the other way, toward open source and DRM-free distribution, the producers would have no choice but to comply.

Of course, content producers could run back to the state for more protection (as they always do) and get legislation forcing browser makers to comply. And around and around it goes.


> Of course, content producers could run back to the state for more protection (as they always do) and get legislation forcing browser makers to comply.

Implementations of such forced-by-court features tend to be buggy. ;-) The implementation bugs might differ in subtle ways in each new browser release. ;-)


Mac and PC, Netflix would make their applications available outside the App stores. Apple would have to shut down its Apple TV operation.

Then Apple and Google would get deluged with complaints from their customers and Jailbreaks would once again become popular.


> What do you think would happen?

Consumers will have to purchase or rent horrible and overpriced hardware supplied by broadcasters. Like they were doing for decades with satellites, and early IPTV.

Piracy will raise a lot. Many users don’t want to pay, or can’t pay for that custom hardware. I was using Netflix service for some time without major issues, but they don’t have anything in my country, too small one, they won’t be selling and supporting their set top boxes any time soon. Unlike accepting credit cards and broadcasting videos, physical retail doesn’t scale that easily.


Why would they need to remove the DRM playback app in your scenario?

If they would only remove it from the browsers, they would start pushing their native applications like Netflix for Linux, Netflix for Windows, Netflix for Mac. And browsers would be free of their DRM which causes all this.


Because that would still prevent Metastream from working with Netflix ;)


Simple, which ever one switches first will lose all their users as they scramble to use a browser that still lets them watch the content.


Antitrust complaints / lawsuits?


Good point. I wonder if that would apply though.


The weird thing about this is I can find a high-quality torrent for anything on Netflix in under a minute.


Torrent is something that I have nothing to complain about. It's decentralised. No big corporation is trying to control it. It's truly by the people for the people.

I wonder if more protocols like this will get invented and become mainstream. Or those glorious days are already behind us? Since every big corporation is just trying to grab market share by creating walled gardens for everything.


I assume that policing of torrent networks by the authorities will continue to increase. As a result, I'm hopeful that darknet (ie social connection based) solutions might emerge at some point. Why use a VPN and a tracker (private or otherwise) if I could request things via (anonymized) friend-of-friend-of-friend in a straightforward manner? That way you only trust your immediate network.


DRM are like locks on a house, just keeps honest people out


DRM are like locks on a gated community, just creates economic moats to enable rent seeking and prolong the status quo.


Except the lock is remotely controlled by your adversary.

And your house also belongs to them. According to your analogy.


And if you bought something from them, they're permitted to come in and take it away from you whenever they want.


You never bought it in the first place. The Adversary doesn't sell things anymore, it only rents them out.



Ok? That’s a strong argument in favor, isn’t it?


You've missed the joke. In the DRM case the honest people are the ones who should be allowed in, but the DRM only allows the pirates in.


No, I think you’ve missed my point. A technology that prevents generally honest people from slipping casually into dishonesty sounds valuable. Battling people who are determined to be dishonest sounds much less valuable.


Making a personal copy of a video you've paid for is in no way dishonest, and the user downloading it from a pirate site without paying is in no way impeded by DRM.

The only thing it could even arguably be doing is preventing users from uploading videos to pirate sites, but that is empirically a massive failure given that all of the videos are already on the pirate sites.

So all you're doing is battling the honest people who have paid and then want to make a copy for format shifting or some other fair use. And the legitimate value of battling that is a negative number.


I suppose in the case of Netflix and the like, it stops me from getting some lossless downloader browser extension that would surely exist but for the DRM and... what? Getting stuff to watch after I let the subscription lapse? Giving copies to my friends?

The former is about the same effort as torrenting and about as obviously dishonest. The latter is mostly possible using Netflix as intended as long as I don't mind sharing my password with them.


More like locks on a motel room.


I'm pretty sure some method Netflix uses is broken anyway. People don't seem to have trouble uploading 4k rips to Usenet. (Though I haven't actually checked recently.)

We were sold DRM as "the evil legacy studios are evil and make us use DRM". Well, now that Netflix produces their own content and it's still DRM'd... I guess that isn't really the reasoning.


Netflix doesn’t make most of their content. They just have exclusive license to show it. The studio that makes it still demands DRM.

In the rare case of content that is actually made by Netflix, it’s easier to just put DRM on it, because otherwise every system dedicated to encoding and playback would have to have a code branch that was special for non-DRM content. It would be a maintenance nightmare. It’s a lot easier to push all content through the same pipelines.


Netflix only content isn't "rare" anymore, sorry if I don't purchase this particular red herring.

DRM benefits Netflix just as much, if not even more than it does traditional media companies.


It’s very rare. I’ll bet you can’t name a single show that Netflix produces. Remember all those big name shows are produced by other people and then sold exclusively to Netflix.

DRM does not benefit Netflix. It’s complicated and takes a lot of resources to run. They’d much rather not have to deal with it at all. Having DRM does not gain them any customers — in fact it loses them some. But it’s the only way they can get content.


Come on, that can't possibly be right. If they can get shows sold "exclusively" to them, why can't they get shows sold to them without DRM requirements?

(The closest I can get to an explanation is that the "exclusivity" deal might be limited to online streaming platforms only, and whoever is selling the content still worries about everything else. But streaming is a significant and growing portion of all media consumption (and could be even more so, were it not for that pesky DRM), so I'm extremely skeptical that this would be a real issue.)


They probably did negotiate DRM free licenses. But the cost for implementing a separate DRM free pipeline is very high, and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any, especially given that this whole argument only applies to web streaming anyway.


> ...and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any...

This is where your narrative is strategically short-sighted. It would be a very significant leverage point for their own proprietary content over the traditional media companies' - the kind of thing that 'disruption' is built on!


If Netflix is paying for shows that are produced, and they have exclusive rights, they can attach any distribution terms they want to them.

You can't tell me with a straight face that somehow they don't have this power.

DRM absolutely benefits them because it ensures that only parties they permit are allowed to access content, for the same reason it benefits other media companies.


> DRM absolutely benefits them because it ensures that only parties they permit are allowed to access content, for the same reason it benefits other media companies

The fact that every pi8ece of Netflix content is on the pirate sites within hours of release would prove otherwise. Netflix is well aware of the uselessness of DRM.

And you're right, they probably did negotiate DRM free licenses. But you missed the other part of my post -- the cost for implementing a separate DRM free pipeline was very high, and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any. How many people would say "man I would totally sign up for Netflix if only their own content was DRM free, even though I'd need a DRM enabled player to play everything else, and oh yeah this only applies to web streaming anyway."


I would argue the increased customer satisfaction from being able to stream 1080p/4K quality in more browsers with less esoteric hardware would be worth the extra implementation complexity (currently higher resolutions are disabled on browsers with weaker DRM or hardware without a pure HDCP path)


Most people don’t stream 4K on a computer. And most people don’t have the bandwidth to stream at 4K. Ie most customers would never notice.


Netflix 4k streams are like 25Mbps at best. The US average broadband speed in 2017 was around 50Mbps. There is no problem getting 4k to consumers.

Whether or not they have a 4k display... that is probably the blocker. I have a 4k display but it's not my primary display (instead opting for a 165Hz 1440p panel) and I never bothered to buy a 4k TV, given how dirt-cheap high-end 1080p TVs are. Would much rather have the black blacks of a $500 1080p OLED TV than a $3000 washed-out 4k LCD.


That average broadband speed is deceptive, because it includes people who have gigabit at home. The more interesting number is the median speed. But even using averages, not a lot of countries yet have the speed to support 4K streaming[0], and like you said, even if they have the bandwidth, they need the equipment.

[0] https://en.wikipedia.org/wiki/List_of_countries_by_Internet_...


Both Amazon and Netflix make the most money and are best known for their excellent original shows. Why did they bother to setup DRM for them? If they opposed it, they could have made it a selling point that you could watch them in 4K on any device without hassle.


Turns out Netflix is an evil legacy studio after all!


Then Google/Microsoft/Amazon and others who are being impacted by this issue should throw some non-trivial money at media creators who are willing to commit to DRM-free content. Like Creative Commons or the Blender Foundation, for starters. We had a comparable opportunity there when Netflix started offering streaming services, but they chose to go with DRM across the board. Fine, whatever. But unless the tech industry seriously gets behind this, Big Media will start to take their "content" hostage and mandate use of their own DRM 'solutions' to "protect it adequately" - with royalties for use set as high as the market will bear. Yeah, you can say that would be an antitrust violation, whatever. Legal processes take a long time, and Big Media have plenty of political support behind them. They don't have to care if they can make things crappy enough for everyone else.


We could just blame all of them, since they were all involved.


What is the point of this "blame", especially stating it as if it were exclusive? All of these companies are past the startup/responsive/customerserving stage. They're immune to public opinion when you just keep on patronizing them.

Rather, focus on concrete steps you yourself can take:

1. Make sure the hostile black box is not available / disabled in your browser. So when you end up at a page that wants to use DRM and it doesn't work, you simply attribute the problem to the website being broken (which it is), and move on. If you do need to keep using the DRM crutch for now, then only use it on a separate dedicated browser or device.

2. Base your media setup around a DRM-free pipeline (eg Kodi). Make torrenting content your default. If you want to pay indie creators for DRM free downloads, feel free. But don't fund any studios that generally push DRM.

3. Share downloaded content with friends (eg USB drives), encouraging them to not fund Netflix et al developing and promulgating more DRM. This is especially relevant for "exclusive" releases that are meant to push people into signing up for yet another subscription.


Why not blame everyone involved who let EME happen? Blame is not a limited resource.


As the OP explained in the backwards complaint, DRM support is NOT required for web browsers. You can make a web browser that does not render DRM content.


> No, blame the movie studios, record labels etc.

More specifically, those associated with the MPAA and the RIAA.


  Google/Microsoft/Apple/Adobe want to support
  media content, but to do so requires towing
  the line with the media companies
Sounds like the problem is the web browser companies also deciding to be movie streaming companies. Thus giving movie producing companies leverage over web browser tech.

If it weren't for Google Play Movies and iTunes Movies they could have just told the MPAA companies to take a hike.


"when Netflix came begging for a solution to their DRM conundrum"

Does Netflix DRM even "work"? I've never personally seriously looked around for how to break it, but I note there are still plenty of people who seem to manage to review Netflix-based shows on YouTube with video clips of sufficient quality [1], and at least some of the reviewers in question I am fairly confident aren't getting any sort of privileged backdoor access or anything.

Is it "anyone can crack with a smidge of effort" or "it's really hard but it spreads once cracked"? I'm not asking for a lot of details of the crack per se, just general details of how successful it can be said to be in practice.

[1] I'm not claiming they aren't necessarily re-re-encoded by the time they get to me, but if they are, I can't tell for sure, so I'm going with "sufficient quality" as a description.


HDCP is broken, so people just get their captures from there I think. The Widevine stuff is also clearly not as trusted by publishers, which is why they only publish 720p streams on it IIRC. I think this is because it gets less help from the platform to prevent copying the frames.


No, this used to be the case, but isn't any more. Captures using lossless capture cards are called Webrips and generally disliked because they have to be reencoded (losing quality) and can only be ripped in realtime. For a long time now the better p2p groups (and even some scene) have figured out how to extract the encryption keys directly from the EME modules. So most of the Netflix rips you find on torrents these days are actually byte-for-byte copies of what you would view on Netflix.

Actually they should be byte-for-byte copies, but generally aren't, since Netflix makes you jump through half a dozen hoops to get the highest quality streams, so pirated copies are actually much better quality than what you can get on Netflix.


There are gazillion of 1:2 and 1:4 Chinese video splitters that strip HDCP from up to 4K sources letting any capture card rip anything that can be played on up to 4K TV.

I have had the 1080p one for 5 years.


A researcher on twitter recently cracked widevine level 1 quite quickly according to himself. No proof of concept was offered but he seemed to be claiming it was fairly simple. Netflix uses level 3.

The browser has to decrypt it somewhere along the line to play. Always was interested in tinkering around with it.

For a starting point I'd be going through chromium and checking out how they implement widevine.

For a while now there's been rumors in the torrent scene that a few people have broken it, but keep coy in case it gets patched. Then again it's trivial to screenrecord at the cost of time. Who knows?


Netflix only requires level 2 for HD streams, IIRC. SD streams can be level 1, I think.

Level 3 requires a secure path all the way to the display (so the decryption happens in a Trusted Execution Environment, the keys are stored in a Trusted Platform Module, and HDCP or similar to the display). Level 3 practically only exists on mobile currently, as Intel's SGX (their TEE) is typically disabled by default on what processors do support it.


I blame the OSS community that rolled out the red carpet for DRM. They are the only ones who really had a choice to make. I frankly don't blame the corporations pushing this, because they have been trying the whole time.

And they did it for the worst reasons. Vanity and pride. The corporations pushing DRM are merely motivated by greed.

But the players in the OSS community that opened the door for DRM were TERRIFIED of being labeled as "obsolete" or losing pretend "market share". They refused to take a stand against DRM, if it meant losing any users. Just look at the discussion thread where Mozilla decided to support DRM.

The arguments in favor of DRM by the OSS community are always the same: - We need to support terrible DRM because it is popular (and being numerically popular is super important). - We need to compromise against our users because if we don't then we won't have any leverage (which we are conceding we don't have anyway) - "marketshare" - "integrated branding"(?)

None of this makes sense, because Google, Apple, and Microsoft have completely different goals with building for-profit forms.

People who speak in slimey business sales marketing speak are making decisions about the direction of OSS software. And these people are obsessed with cargo-culting the big commercial platforms.


I have no sympathy for Netflix; not too long ago, Linux users had to jump a series of hurdles just to be able to play Netflix videos (including installing 32-bit Mono and Silverlight (yuck) and faking the User Agent string). As an end-user I'm happier now that it just works; as a FOSS fan, I blame the "content-owners" onerous demands for DRM.


And Netflix.


It was never gonna happen; as soon as Intel introduced SGX, any DRM-producing company that wasn’t taking advantage of it would be seen as failing their shareholders. Even if Flash had died on schedule without browsers offering a native browser-DOM DRMed-content API, DRMed-content producers would just have jumped to another tech the DRM vendors sold them.

My guess is that, if browser vendors wouldn’t have played ball, the DRM vendors would have worked with one of the JRE vendors to optimize the Java applet runtime, and contributed to performance improvements on the browser side for all the open browsers, such that “Java applet” would no longer be a scary heavy-weight thing nobody wants their browser to launch. That would be (one of) the implicit threats hanging over browser vendors: if you don’t cooperate, we’ll take your control over innovation on the web away by refocusing it on an improved Java experience.


How is that "threat" a problem? That sounds like an Old Microsoft objection to cross-platform code, but the web is already cross-platform code, so that doesn't make any sense.

And if the browser vendors really didn't like it for unknown reasons then they could have just stopped supporting Java in the browser, as has largely already happened for various other reasons.

This is one of those "we all must hang together or we shall all hang separately" situations, and they apparently decided they'd prefer to hang separately.


No, if the Director had overridden the majority of the membership, the browser vendors would've shipped something anyway, and the YouTubes and Netflixes of the world would be using it anyway.


Essentially. The money gated behind a closed DRM solution is so large that the w3c ran the risk of becoming an irrelevant standards body for this space if they didn't comply with what their members wanted to do.

It's sub-optimal, but I don't think an optimal solution actually existed. A standards board divorced from reality is no better than no standard at all.


> No, if the Director had overridden the majority of the membership, the browser vendors would've shipped something anyway

That's fine. It's better that the burden for maintaining non-standard plugins be put on the sites and browsers that choose to do that, rather than be placed on everyone else.


It's funny how people try to make "standard" mean something magical when it's not. An Internet standard is just a document written by a committee of people who intend to do what it says. They then publicize it and try to get people to go along with it. You can't keep people from getting together to write a document or from doing what the document says. You can just choose whether to participate.

If W3C chose not to help write the DRM standard, the browser vendors could easily create a new organization and write a standard anyway (as happened with WHATWG).

Browser vendors and website authors could then read that document just as easily as anything published on the W3C website, so there is no "burden" for them. There would be no difference to the end user. The only burden we're talking about is the inconvenience of setting up an organization to do the writing. It's a minor speedbump at best.

The upshot is that there is no way to prevent browser vendors from standardizing anything they want. It only gets blocked if they disagree.


No one is implying that not infecting W3C with DRM is going to kill DRM. Of course anyone can agree to things in whatever organized way they want to.

The reason to keep it out of W3C is because it violates their core mission: https://www.w3.org/Consortium/mission#principles . Other organizations with a different mission are free to do as they wish, obviously.


How would that have improved the current situation? The videos that Metastream wants to play would still have been DRM'd and would still be playable in the mainstream browsers. What would the benefit have been? What burden is being placed on people now that wouldn't be placed on people in that scenario?


Making the user experience of DRM worse is better because then fewer people will use it. If the platforms all made it so that you have to solder a new chip into your phone before you can play DRM content, there would be a lot less DRM.

The argument that platforms have to do this for competitive reasons is doublethink. If the experience is worse and that will cause customers to flee, how is it that they would only flee from the platforms that don't have DRM but not the content providers that require it? Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?


> If the platforms all made it so that you have to solder a new chip into your phone before you can play DRM content, there would be a lot less DRM.

I mean, yes, but why would they do that?

> Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?

You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.

Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.


> I mean, yes, but why would they do that?

So that they're not beholden to adversarial corporations.

> You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.

Except that it is fungible, it's just not universally fungible.

The reason Winter Dragon isn't fungible with Game of Thrones is that you don't like it as much. You'd rather watch Game of Thrones. But there are thousands of shows, and out of those there are hundreds you might want to watch, yet there is only time to watch dozens or fewer.

Nobody can actually watch all of the shows they might want to watch. Letting "lack of DRM" be the thing that chooses between the ones of equal desirability to you is as good a way of pruning the list as any.

> Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.

Who says it has to be someone without connections to the existing industry? New independent studios form all the time as existing talent strikes out on their own. All it takes is for one of them to prove the market before everybody is doing it.


> So that they're not beholden to adversarial corporations.

What is so adversarial about these corporations to the browser makers? What benefit, concretely, do Microsoft or Google or Apple get from being free of the shackles of Disney or CBS?

One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.


Only in the case of Firefox is it really third-party code; both Chrome, Edge, and Safari ship with the EME modules developed by the respective companies, but they still sandbox it.

Plugins like Flash, which are the historic answer for DRM on the web, have a huge surface space and can interact in the browser in all kinds of odd ways. These EME modules are much smaller, they are much less powerful (AFAIK they either return a frame to the browser to composite or directly to the OS compositor, so you don't need to worry about how they change layout and then change layout again as you reflow), and as a result of that can be put in stricter sandboxes. That's a clear win from a browser security and stability point-of-view, which is a concrete benefit for browser vendors in making it viable to drop Flash (and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash).


> Only in the case of Firefox is it really third-party code; both Chrome, Edge, and Safari ship with the EME modules developed by the respective companies, but they still sandbox it.

They still sandbox it because from the user's perspective it's still an unauditable black box, so at least the user can verify the sandbox. But that doesn't actually solve the problem, because the black box code is interacting with black box hardware. If there is a bug, you've done the opposite of sandboxing it -- you've prevented it from being traced and given it direct access to hardware.

> and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash

The solution to Flash should have been to have someone reverse engineer it and publish a 100% open source implementation, including the DRM. Then let them keep publishing using Flash format as long as they like, but no more black box.


> What is so adversarial about these corporations to the browser makers? What benefit, concretely, do Microsoft or Google or Apple get from being free of the shackles of Disney or CBS?

These companies make Xbox, Chromecast/Stadia, Apple TV, etc. Things that could plausibly be a media center, given some latitude and open standards. You could upload your movie collection onto it, give it your streaming account credentials and it gives you a single interface to all your media.

DRM kills that. You can't make an interface that allows the user to watch a Disney movie they've paid for and then have it show the YouTube commentary on it. You can't have something that recommends Orange Is The New Black after you watch The Wire because one is Netflix and the other is HBO.

Because DRM allows the studios to assert rights that copyright doesn't give them. That's all it does -- that's why they want it. It clearly doesn't prevent piracy.

> One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.

The problem with this is that it can't simultaneously have such low privileges that it can't do anything harmful even if totally compromised by malicious actors, while also having such high privileges that it's immune to interference by even the owner of the system with physical access to it. They're diametrically opposed objectives. And the second one systematically fails regardless, but having to pretend that that isn't the case compromises the ability to do the first.


Is that a reference to the travesty of a wheel of time pilot episode? https://www.imdb.com/title/tt4450372/


Yeah, I was trying to think of the most awful thing that superficially seems like a substitute good for Game of Thrones :)


Would it have made the user experience of DRM any worse than it currently is, though?

The DRM module would still ship with Chrome and Edge (and likely Safari too, given Apple became involved pretty quickly), you'd still need multiple different streaming formats (in the form of different DRM formats) as you do today, and maybe you'd need slightly different JS codepath per-browser too (but that's not a big difference to today with the different DRM formats).

It's very unclear to me that the W3C refusing to be involved from day one would've led to any outcome very more than subtly different than the one we ended at. At the point that the specification went to Recommendation, there were already multiple interoperable implementations, so objecting at that point was purely a matter of principle, it literally wouldn't have affected the outcome in any way.


If the W3C making the right decision would make them irrelevant then what has actually happened is that they're already irrelevant, and becoming a rubber stamp on bad ideas only serves to prove that and erode their credibility.

Moreover, such organizations are made up of their members, and it's up to the members to do the right thing as well. Nobody had to volunteer to be the first to add this gunk to their browser. It can't be a competitive disadvantage if nobody else has it either, and it can't be a competitive advantage if everybody else has it, and those are the two options so why not choose the first?


This is just the age old discussion of whether it's better to capitulate in small ways so you can steer a group away from bad behavior/decisions later or to make a stand on principle to draw attention to the current bad decisions.

As much as some people like to say one is better than the other, I think the answer is always "it depends". Unfortunately, it depends not only on the relative power and momentum behind the current problem when deciding, but also on unknowns such as what will happen in the future.

It's hard for me to find too much fault in them deciding that they would rather stay somewhat relevant to the process than become obviously irrelevant (if that was indeed the thought process), as there's still a lot they can affect in the future. Armchair quarterbacking about what they should have done isn't too useful in my eyes.


Except that there was no such trade off here. If they refuse to approve DRM and then some browsers unwisely implement it anyway, having their approval makes it worse, not better. The browsers doing the wrong thing can claim to be following a standard, even though the standard is useless garbage because the entire point of having a standard is so that anyone can implement it, which in this case they still can't.


The trade off is in relevancy. If the standards body doesn't force a confrontation it knows it can't win, then it retains some power that it can throw behind or against future proposals. If the major browsers have already decided to completely ignore them and create their own consensus, there's that much less reason to listen to them next time. Not only has a precedent been set, but coordination on features outside the control may have already been somewhat standardized behind the scenes (beyond what they already do), making it easier next time.

The downside is as you say that the browsers can point to the standard as for why they implemented it, but that's why it's a trade off, and not cut and dry (IMO)


In some sense everything is always a trade off. But some things cost more than they're worth.


You seem to be mistaking the fact that the W3C for Web Standards is just the browsers. The last time it wasn't, the browsers formed WHATWG and the W3C became irrelevant.


The existence of features in any piece of software is a burden on further development of said software. Every time we go to add some other new feature to the spec we have to take into account how it will affect EME. That's just how software works.


Welcome to the 21st


The W3C exists partly to take the blame off of its members for the decisions that they agree to unanimously. Blame the W3C members for their decision to screw the user.


The W3C membership nowhere near unanimously approved the advancement of the EME specification to Recommendation; that much has been said publicly by various people over the course of the past few years.

The majority of the membership was in favour, definitely, but it wasn't unanimous. Some members I think it's predictable how they voted (MPAA may have voted in favour, EFF may have voted against); others less so.


I don't suppose you remember, but they did their key management in native code plugins 10-15 years ago. Silverlight and Flash both had DRM capability, IIRC. I've worked with that and it was no joy at all.

Without W3C DRM they would have kept those plugins alive instead of deprecating them. I see no reason why they'd have migrated to webasm, webasm wouldn't provide the know-thy-customer aspect the DRM people want.


> The blame for this sits squarely on the w3c for their efforts in trying to replace flash by letting the content companies dictate standards for encrypted playback.

It really isn't. The W3C at the very least permits a solution whereby content companies liberally distribute binary blobs for every platform under the sun. Hell, it even permits an open source solution that e.g. speaks directly to the DRM hardware in graphics chips (don't know if that would be technically feasible, don't shoot me).

It doesn't have to be this way.

In this context it's really specifically Google being assholes about this. They can choose to not be assholes about this. The fact that the W3C allows them to be assholes about this doesn't change the fact that Google is choosing to be this way about it.


Tim Berners-Lee's Google-funded $1M Turing award sure smelled like a payoff to me. If it wasn't, the timing sure was convenient.


How would have that worked? If you do not sign every single file per user, there is no real way to get something secure if you do not controle the whole processing pipeline.


[flagged]


This is a truly out-of-touch comment. People want their content first and foremost.

Besides, any kind of large-scale user revolt that isn't basically just a mob-like reaction is usually the result of a top-down, coordinated campaign. See the protests against SOPA/PIPA for an example - big websites had to throw their weight behind the idea for it to take hold. The web is simply too diverse and quick moving of a place to expect some kind of people's revolution when it comes to DRM.


I can't speak for the person you're responding to, but it doesn't seem like much of a mystery why non-techies don't know about the specific details of why they can't save a streamed movie to watch it offline, or in a non-approved open source video player. That glib attitude of captive audiences is exactly what DRM vendors prey upon. They know exactly how much they can get away with at this point.


> I can't speak for the person you're responding to, but it doesn't seem like much of a mystery why non-techies don't know about the specific details of why they can't save a streamed movie to watch it offline, or in a non-approved open source video player.

To me, the mystery is not that the people don't know about these details (these details are indeed somewhat complicated - I agree), but how much they don't care.


Non-tech users generally don't have the necessary knowledge and mental models to place technology the market is offering in context of what is possible. They think what's available, even if it's annoying, is the best that's possible. It always looks new and shiny, so it must be the limit of what could be. They don't realize that modern tech could be much more capable, and much more empowering, if not for constant shitty, greedy and people-hostile decisions made by those who make and sell it.


Of course they don't care, why would they be given a chance to? The anti-features, inconveniences and limitations are not advertised and are downplayed whenever anyone mentions them.


That's like saying the blame for pollution caused by burning coal lies squarely on the shoulders of anyone who uses electricity. Decisions are made, 99% of people have no clue what's going, and it's unreasonable to expect them to.


Consumers must take some of the blame surely?

If there's nothing but coal powered electricity generation then vote to change it.

If the company you buy electric from uses more coal than others, then change company.

IMO ordinary members of the public take more responsibility in that because it's relatively straightforward to understand: buy your electric from renewable generation and get less negative environmental impact.

Understanding the best sources of power is hard however, so consumers have to trust published government research for that.


The comment I responded to was quite clear about placing "all" of the blame on consumers, but sure; we all share some responsibility. The problem is that placing the blame on consumers will get you precisely nowhere.

>If there's nothing but coal powered electricity generation then vote to change it.

Most people are struggling just to get by. Expecting their votes to be driven by large, complex issues which on their surface do not seem to impact their lives directly or immediately (or actually don't at all) is wishful thinking. The vast majority of people don't understand these issues to begin with.

>If the company you buy electric from uses more coal than others, then change company

Where do you live where you have competing electrical companies? Of you're proposing that they spend money on e.g. solar or electric cars, well... I think you're a bit out of touch with the general populace. We don't live in a world where paycheck to paycheck workers can afford such things. It has to be cheap and easy or you're just not going to get anywhere. Same goes for something like DRM; until it causes huge problems with the way most people consume content, well, they won't care, and complaining about that is a waste of energy.

Problems like these require smaller groups of dedicated and informed individuals to help make change and educate others. It does actually work. The US has much better environmental policy than it did 50 years ago and people are more informed now then they we're then. It's just slow, and tech related issues are relatively new.


No. The owners of coal mines, and the owners of coal power plants, are to blame. That specific industry has come at a terrible cost of human life and the environment, which wasn't even news last century. The people with the money and power to get a coal plant built, are to blame. I don't have choice in where I get my power. Lobbyists pay politicians to decide where my electricity is generated.

If you started cooking meth tomorrow, and sold it on the market, do you blame the users who bought it? No, the origin of the problem is the industry built around pushing the product.


You're unfortunate if you don't have a choice of where you get your power - we do in the UK - and can readily take action, eg at the ballot box, to change that situation.

Meth isn't really a comparable need. However, suppose dodgy crack (cut with crap), or paracetamol, was available for treating headaches: you can choose the paracetamol which makes you partially responsible for keeping the dodgy crack producers/dealers in business if you choose their product.


> You're unfortunate if you don't have a choice of where you get your power - we do in the UK - and can readily take action, eg at the ballot box, to change that situation.

I live in a representative democracy with extremely limited and polarized choice of politicians, ALL of whom are taking money from big oil. Unfortunate, indeed -- my lack of choice harms the entire world.

And no, meth is a great analogy: sure increases productivity, damn the consequences


Do you think most users even know what drm is, or that it's being run?


I tell it to my acquaintances all the time. Nearly all of them are not interested in this information.


I wonder how much of this is simply cognitive overload. I mean, climate change, crispr, ocean acidification, asteroids... I would guess that most people prioritize dopamine first and foremost.

Software is arcane, so thinking about how it affects society probably seems irrelevant to them. Even if they do care, power dynamics make defeatism a logical and realistic mindset.


If you use Netflix as advertised, you don't need to know about DRM; it does its job without being noticeable. Netflix is a streaming service, not a movie store. There's no need for making backups. If you try to use Netflix outside the bounds of your agreement (like copying downloads to a different device), then the DRM becomes visible.


A blockbuster analogy seems adequate and explains why people are satisfied with the way Netflix and Spotify work. DRM isn't restricted to Netflix and Spotify though.


The user is to blame? Let's be realistic about how the average person handles technology in general, is aware of malware on their devices, or how many browser choices they have.


I blame the people that work at Google.

But, hey I hear the money is good.


I disagree; good DRM is transparent and unnoticeable, and if that is the case then users do not care.

Who does care about DRM is pirates and content creators whose content is shown without them earning off of it.

Yes I am aware of fair use exceptions, but fair use should exempt a user from getting sued over using a fragment of copyrighted content; it does NOT force a content creator from offering their content open for downloading and republishing, even if it's for fair use.


I disagree; good DRM is transparent and unnoticeable

Yeah, until it isn't.

I can't start GTA V for days since the "Rockstar Social Club" won't connect and glibly informs me that "I need to be on-line"

I would have agreed with you until then. But not being able to play a game for which I paid full price and not being able to get meaningful support to resolve the issue rapidly changed my stance on DRM.

It fucking sucks!


Plus the horror stories you hear of people losing thousands of dollars worth of games on a Steam account for one reason or another.

You never truly own anything that has DRM, you're just licensing it.


> You never truly own anything that has DRM, you're just licensing it.

The thing that I hate is that the marketing either explicitly says "you own it", or does it implicitly or indirectly, or in a way to make you think that you do.

They never, ever put in big bold letters "License this game for $69.95, today!"; not even when you actually "purchase" does it say "license". In fact, you see the words "purchase" or "buy" or similar; words that have always connotated "ownership".

Now granted, all software, and media in general, has always been a "license" - but there was always something physical around; that if the company or entity that licensed it to you disappeared tomorrow, you could still - theoretically - continue to use the license you had and enjoy the media as intended.

That all really changed with license keys. One would think that the whole DIVX debacle would have made this abundantly clear, but I guess it didn't (makes me wonder if the DivX media format or whatever it was actually wasn't created purposefully to muddy the waters; but that's just conspiracy theory on my part).

I don't even think people will "get it" if tomorrow everybody who "bought music" from iTunes or whatnot lost their licenses with no recourse. I really don't think there'd be anything done, except for some bawling at most.

If everything we have seen over the years, including the various massive data breaches that have occurred recently, hasn't woken anybody up to force reforms and changes that benefit the citizens and consumers, well - nothing will.

Society has basically said "we don't care if we or our children get slaughtered" - where that last word takes on a wide variety of meanings - up to and including its literal meaning.

Those of us out here being force down the chute screaming about the injustice, the wrongness, the reasons why, etc - we are all just so much noise that nobody cares about anymore.


Children getting slaughtered? Oh come on. The simple fact is that movies, music and video games are just not that important. That's why people don't get up in arms about restricted access.


Nowadays you only really "license" the games, rather than own them.

Sucks that it's $60+ to do so, but that's how it is.


Yet I have a whole shelf full of 30 year old console games that I can just stick into the relevant console and be playing within seconds.

Progress!


There is an exception: https://www.gog.com/


Let's imagine a field. A holy place. People flock for miles, pay the land owner handsomely to visit the field.

A judge says that everyone has a right to take a single photo of this field for their collection - no more than that. The land owner disagrees.

We're not saying that the land owner should be forced to provide small organza bags for the visitors to carry their cameras around with them; but posting armed guards at all the entrances with metal detectors, automatedly initiating legal action on anything that looks like a camera and then trying to tell the user it's for their own good... well, this should at the very least be discouraged by the community, no?


> it does NOT force a content creator from offering their content open for downloading and republishing, even if it's for fair use.

But being able to use the fair use rights means that you must not be sued for breaking the DRM on your own.


> good DRM is transparent and unnoticeable, and if that is the case then users do not care.

Then there's no such thing as good DRM, since many users will want to make use of the content they've paid for (either monetarily, or perhaps indirectly via ads) in flexible and open ways that a proprietary DRM system will not allow. Fair use is part of this, but not the only issue.


Meanwhile I bet everyone here and /r/gaming uses Steam without thinking about it where you can't even click and drag an .exe to your buddy on a long flight and you need to log into it every X days for it to let you play offline.

To be clear, I'm definitely happy to support gog.com and thankful that they exist and are successful.

But look how many HNers will bring up Kindles and buying books for them on Amazon where you can only "lend" a book from kindle to kindle (forget drag and drop) through their proprietary system.

Every day 90%+ of people are happy with systems that use DRM and don't even notice it exists. Most people just don't ever go off the rails.

It's one of the worse things about DRM: trying to position your product as DRM-free and people just go "wtf is that? it never bothered me before."


No such thing as good DRM. All DRM is broken by design, and exists to take your rights away. Never make excuses for this garbage software. DRM must die.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: