Hacker Newsnew | comments | show | ask | jobs | submit login
The W3C's plan for DRM in HTML5 is a betrayal for all web users (freeculture.org)
222 points by riordan 764 days ago | 153 comments



TL;DR:

# Myths

1. that DRM doesn’t work; that it exists to protect creators, but since it is easily cracked and can be worked around, it is largely ineffective and irrelevant

2. that DRM in HTML5 is a necessary compromise to finally bring an end to the proliferation of proprietary browser plugins such as Adobe Flash Player and Micrisoft Silverlight

3. that the web needs DRM in HTML5 in order for Hollywood and other media giants to finally start giving the Web priority over delivering media over traditional means

# Reality

1. DRM is not about protecting copyright. That is a straw man. DRM is about limiting the functionality of devices and selling features back in the form of services. (https://plus.google.com/107429617152575897589/posts/iPmatxBY...)

2. DRM in HTML5 doesn’t obviate proprietary browser plug-ins, it encourages them. (https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-d...)

3. The Web doesn’t need big media; big media needs the Web. (http://blogs.computerworlduk.com/open-enterprise/2013/02/bbc...)

# So sign the petition

http://www.defectivebydesign.org/no-drm-in-html5

-----


Honest question - why is having a framework that allows for others to provide some form of DRM different from any other plugin system that exists currently?

-----


Different, how? It's different in several ways. For one it's not a plugin framework, it's a DRM plugin framework; meaning it's designed specifically with 1 use case in mind. Secondly its expressed intent is to take away functionality; I'm not aware of any other instance where a web API is created to disable features of a user's computer. I'm sure we can rattle off more ways that it is different, but I'm not sure what you're looking for here.

-----


>> For one it's not a plugin framework, it's a DRM plugin framework;

A DRM plugin framework is by definition a plugin framework. I relly don't want DRM in html either, but I have a hard time finding logical arguments against it, and I don't see how this is a good one. If you could further your point, I would love to hear it.

>> Secondly its expressed intent is to take away functionality

Take away what functionality? The ability to download audio/video? Again, playing the devil's advocate, I would imagine a vast majority of the content that would be streamed using the DRM encodes would not be streamed using the video element currently - it would be streamed over flash/silverlight, etc (think netflix, hulu). If that is the case, what is it we are losing?

>> I'm not aware of any other instance where a web API is created to disable features of a user's computer

To be fair, this isn't. EME is just a way for people to create addons that leverage native encryption. The same is true of the current plugin system.

>>I'm sure we can rattle off more ways that it is different, but I'm not sure what you're looking for here. I am looking for logical reasons to say why adding EME hurts the open web so when I get into arguments I have better reasons other than 'I hate it'

-----


A DRM API in HTML5 harms users by legitimizing and enabling restrictive technology under the banner of the free and open web, with all the practical harm (lack of control, reduced bargaining power, security issues) that loss of freedom entails.

If the framework is no different from existing frameworks, why do we need it?

-----


>>A DRM API in HTML5 harms users by legitimizing and enabling restrictive technology under the banner of the free and open web, with all the practical harm (lack of control, reduced bargaining power, security issues) that loss of freedom entails.

In whose eyes does it legitimize it? Are you saying someone will be convinced that DRM is ok because it is in a web browser?

>>If the framework is no different from existing frameworks, why do we need it?

Because it is different. Native solutions are more likely to be faster and more secure than external plugins.

-----


> Take away what functionality? The ability to download audio/video?

The ability to download audio/video already exists in computers. DRM prevents you from doing what you want with the bits that are sent to you; hence it restricts native computer functionality.

> To be fair, this isn't. EME is just a way for people to create addons that leverage native encryption. The same is true of the current plugin system.

This is a red herring; EME only exists to facilitate DRM. EME was designed specifically with DRM in mind. There is no other use case. It's a convenient way for EME supporters to ignore the real issues, but it's valid to talk about a technology's real world uses when discussing its validity.

-----


>>The ability to download audio/video already exists in computers.

Thank you for clarifying. I wasn't sure what you meant.

>> It's a convenient way for EME supporters to ignore the real issues, but it's valid to talk about a technology's real world uses when discussing its validity.

To be clear, I am not a supporter. I don't want it in the browser either. However, I don't understand how it is a red herring. Everything that is being proposed in EME is already possible in Flash and Silverlight, and those features only exist in those plugins for the same reason. Neither of them need file encryption in order to work as a platform - it is a feature so that people that want to have encrypted/licensed material on the internet can do so. You can write applications without them. But yet no one seems to care about it. I am wondering why that is

-----


"A DRM plugin framework is by definition a plugin framework. I relly don't want DRM in html either, but I have a hard time finding logical arguments against it"

I'm Australian so this probably won't translate, but if I go into someone's house, and they have a brand new gun rack on the wall, with no gun in it, a few thoughts go through my head:

1. They have a gun but have secreted it somewhere while I'm around. 2. They are going to get a gun. 3. They bought the house with a new gun rack, and don't object enough to guns to remove it immediately.

Now, as was stated earlier, DRM (like a lot of guns) was invented with only one purpose. If I see the governing body of an open web standard starting to stick in frameworks for DRM, I think 3 very similar thoughts to those above.

In short, not being able to find an argument against something, doesn't mean it won't leave you wondering what the actual use case of this will be, and start thinking if it really needs an argument against it. I personally think it needs a whole bunch of better arguments for the proposal than those that have been raised til now.

-----


The gun rack that is EME is absolutely falling under category 2. There is no native encryption, but there will be soon. The W3C doesn't want to create an encryption scheme, but it wants to allow other people to supply it.

In my mind, having a way to stream hulu/netflix (sorry, I'm not sure if there is an aussie version of either service...) that doesn't require a plugin that gives the computer access to my harddrive is a pretty good thing. Not as good as plain old mp4/ogvs, but better than a plugin player.

-----


In theory perhaps it's no different. But I think EME would work out very poorly in practice. Some browsers either allow no plugins or only a few grandfathered plugins. What EME systems will they support? Imagine a future where Mobile Safari only supports FairPlay, IE only supports WMDRM, Chrome OS only supports Widevine, Android gets fragmented into a half-dozen different DRM schemes depending on vendor, desktop Linux has nothing, etc. This scenario is much worse than Flash.

-----


Once someone supports EME, they would support anything written for EME. I don't believe there will be a way to 'grandfather' any old systems. That would require either a complete rewrite of the plugin in the browser, or a rewrite in an EME compatible code, in which case it will run anywhere EME exists.

secondly, isn't the situation you describe exactly the situation we have now with flash/silverlight? I can't play WMAs on my Mac, Flash on my Droid, or any other number of combinations.

-----


Well, one difference is that currently existing plug-in frameworks have well-defined APIs that are used to talk to the plug-in. This is why the same plug-in binary blob can be used in Firefox and Safari and Opera and Chrome, for example: they all implement NPAPI.

One issue with the current EME spec is that it doesn't actually define an API for the browser to interact with the CDM. It defines an API for in-page JS to ask the browser to interact with the CDM, which is the web-facing bit, but how browsers and CDMs interact is entirely undefined.

What that means in practice is that it would be perfectly spec-compliant for Google to ship a CDM that only works with Chrome, for Microsoft to ship one that only works with IE, and for Apple to ship one that only works with Safari. Should you then have the misfortune of not using one of those browsers, you wouldn't be able to view the video in question.

Oddly enough, Google, Apple, and Microsoft are all in favor of this part of the spec last I checked.

-----


It isn't, that's why plugins are being killed off too.

-----


>>It isn't, that's why plugins are being killed off too. Could you explain? Also, what is the 'too' referring to? What is the original thing being killed off?

-----


I don't think I phrased that quite right.

Modern web standards are attempting to render plugins like java, flash, and silverlight obsolete, because they're fragile, not universally available, single-sourced, proprietary, insecure and generally inconsistent with how the rest of the web works. There is an effort from various direction to kill off content viewer plugins like them, and the APIs that allow them to exist, and it appears it's going to succeed.

You're right that EME is meaningless one way or another so long as plugins exist--That's why EME exists at all, it's essentially a new plugin architecture that solves none of the problems of the previous ones. It's a bad idea for the same reason plugins are.

-----


I still don't really understand what you are trying to say

>> There is an effort from various direction to kill off content viewer plugins like them, and the APIs that allow them to exist, and it appears it's going to succeed.

While I agree that there are people trying to kill off the need for plugins, I don't think anyone is killing off the APIs that allow for plugins - can you provide any example of this happening? (Outside of phones)

>>You're right that EME is meaningless one way or another so long as plugins exist

I never said that. Nor do I think that. My point is that EME is doing the same thing as other - long ago implemented - plugins, but with a lot less of a surface area of attack and more likely to be made up of better code.

>> it's essentially a new plugin architecture

agreed.

>>that solves none of the problems of the previous ones.

I don't believe that most people would list DRM-ablility as an issue with previous plugins. Could you elaborate what issues you are referring to?

>>It's a bad idea for the same reason plugins are.

I think that those plugins are bad because it gives flash/silverlight/java/anythingElse access to a lot of native APIs that most users are completely oblivious to. If anything, it removes most of the security issues shown in those plugin systems.

-----


If one unethical junk already exists, why another needs to be created and specifically in HTML? Let's keep the Web clean.

-----


To play to devils advocate - because that other unethical junk requires additional downloads and poses multiple security vulnerabilities. Right? Why wouldn't a sort of 'native plugin' be better in every sense of the word for the end user?

-----


See below: https://news.ycombinator.com/item?id=5599601

DRM by definition implies security and privacy risk. Focusing on minor issue (native plugin) while ignoring the major one (DRM) sounds strange. And in reality this whole EME thing won't even remove native DRM code. It just will hook it into JavaScript. The risk caused by DRM won't get any less than it is already.

-----


>>Focusing on minor issue (native plugin) while ignoring the major one (DRM) sounds strange.

I don't think it is a minor issue at all. My biggest complaint with flash has been the security vulnerabilities, and I trust Google/Mozilla with web encryption WAY more than I do Adobe. Can you explain why you consider it to be such a minor issue?

>>And in reality this whole EME thing won't even remove native DRM code. It just will hook it into JavaScript.

I'm not sure what you mean by 'in reality'. Thats it's entire purpose.

>>The risk caused by DRM won't get any less than it is already. I know? Who is arguing the opposite?

-----


>I don't think it is a minor issue at all. My biggest complaint with flash has been the security vulnerabilities, and I trust Google/Mozilla with web encryption WAY more than I do Adobe.

Why do you think Google or Mozilla would be the ones to implement the black box in the DRM? Firefox is developed by a community. The process is public and anyone can identify or patch vulnerabilities -- that's why the security is good. You expect Mozilla to devise and implement some DRM scheme? The actual DRM would end up being created by someone like Adobe again and have all the same security vulnerabilities, because the wider developer community couldn't be allowed to be privy to how it does what it does or it wouldn't be DRM anymore.

One of the problems with DRM is that pretty much anyone who understands security will laugh at you for thinking you can implement effective DRM, so it ends up being built by snake oil salesmen who don't know what they're doing. I don't see how putting it into HTML would change any of that -- all it would do is pollute HTML and encourage the proliferation of more bad code.

-----


It's a minor issue comparing to the issue of DRM. You say - let's worry about plugins, while users will agree to use DRM anyway. I say - if user agrees to use DRM, user can as well use native plugins - such user doesn't care about security or privacy already and there is no point to drag that issue into HTML at all.

I don't think it is a minor issue at all. My biggest complaint with flash has been the security vulnerabilities, and I trust Google/Mozilla with web encryption WAY more than I do Adobe. Can you explain why you consider it to be such a minor issue?

I don't really understand why you at the same time ready to trust some balck box DRM code from Netflix or whoever. Which can do anything of this sort: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...

-----


Their code won't have all of the power of flash and silverlight (ie my full user account on the computer). The worst case scenario is their algo's suck and I can decrypt their videos easier.

-----


> DRM by definition implies security and privacy risk

Source please

-----


Simple logic. DRM requires secret (from the user) code to run on user's machine. DRM doesn't trust the user (user is treated as potential criminal) for the sake of content owner interests. Such kind of predisposition makes it very reasonable for the user not to trust the content owner in return and to treat DRM by default as a privacy breaching malware and security risk (until proven otherwise - which isn't possible, since it's a black box). Trust is always mutual. How else can you view this?

-----


because a drm plugin is a plugin,like flash or java applet. You'll have to download plugin DRM A,B or C to make it work.The only difference is that it will use the video tag.

-----


Just to nitpick, the post you linked to by Ian Hickson does illustrate how DRM has been used to limit functionality, but both your post and his doesn't explain why "copyright protection" is a straw-man? I don't believe it is a fair argument to say that copyright protection and whatever functionality they enforce or prevent by use of DRM are mutually exclusive.

Although, I do see the point that some parties could hide behind the "We need DRM to protect our copyright\prevent piracy" flag and instead use it to lock-in consumers and build a walled-garden.

-----


Calling "copyright protection" a straw-man is in itself a straw-man.

-----


Consumers don't care about implementation, they only care about the content, and until they do, suppliers of content hold all the cards.

There is nothing to be won by resisting hooks for DRM in the browser however appealing it seems to take a principled stand. The content suppliers will gleefully go with native apps, flash, silverlight, even Emscripten-cross-compiled codecs. With content consumption going mobile, the push for native apps is even stronger.

Really, all you'll do by resisting this, is teach the majority of consumers who don't know any better that the Web sucks, and all of the enjoyable things they want are to be found on iOS or other proprietary locked down distribution platforms. That if you want apps that deliver the stuff you are interested in, you have to look outside the web.

Back when Chrome proposed dropping H264 support, I was infuriated, even though I fully support WebM as the mandatory to implement codec. I don't think "purity" really serves the platform, flexibility does, and the best way to register you don't like DRM is to simply stop consuming any and all media which uses it. Not just Web media, but all media that's DRMed.

A DRM free HTML5 spec is not going to force Hollywood to allow you to play Games of Thrones on your open source Linux browser.

-----


No, but at least it won't be polluted by technically ineffective and poorly justified nonsense put there to assuage the fears of a handful of ignorant content executives.

It's just dumb. DRM is just dumb. It doesn't work for anything but the most naive case. It won't prevent distribution of "pirated" content, ever.

I'm not asking for a DRM-free world, but I still hold out hope that if we continue to push back forcefully enough we might at least get rid of some of the abject nonsense being inflicted on us. Seriously (and without getting into any details), look at the middleware layers of a consumer OS some day to see all the spots where DRM has its greasy fingers. Must it be in HTML too?

-----


It's just dumb. DRM is just dumb. It doesn't work for anything but the most naive case. It won't prevent distribution of "pirated" content, ever.

Steam's DRM is why I've bought more games than I've pirated. iTunes DRM was why I've bought more songs than I would've pirated.

They were both more convenient than pirating the content.

Is a distribution channel a form of DRM?

-----


Steam and iTunes are what are convenient. DRM certainly doesn't make them so (and in fact the latter has mostly abandoned it).

And in any case both of those implement a very "weak" form of DRM in the app itself. What we're talking about here are hooks for "platform DRM" which is much, much more invasive. Nothing in Steam prevents you from copying files once installed, or even attaching a debugger and reading out game code and content. This will.

-----


> iTunes DRM was why I've bought more songs than I would've pirated.

Which DRM are you talking about? iTunes hasn't had DRM on music for years. Like you said, iTunes being convenient is what makes it good. But iTunes is even better now that the DRM is gone (I can now play the songs I bought on non-Apple devices). I fail to see how you can argue that DRM doesn't make things worse.

-----


I fail to see how you can argue that DRM doesn't make things worse.

My observation is that iTunes wouldn't have happened had they refused to implement DRM, not that DRM has merit.

Nobody wants DRM except those who hold power over content. In order to subvert them, we need to outmaneuver them, not refuse to play. In this light, iTunes is an excellent example of a DRM success story: fewer people with power over music content care to insist on music DRM.

Providers of content in other domains (e.g. books) will stop insisting on DRM when we demonstrate to them that systems without it are fundamentally more profitable in their domain than systems with it. I think this is doable, but not if we refuse to demonstrate it. They'll simply force people to switch platforms.

-----


> Steam's DRM is why I've bought more games than I've pirated.

Steam's DRM has nothing to do with why individuals buy games on Steam. Steam offsets the net negative of DRM by bundling in a number of very attractive value-adds, like the ability to reinstall your games on any system without media, keeping all your games up to date for you, syncs settings and such (for Steamworks games) and provides an attractive platform for communicating between friends/arranging games and such. Not to mention that they have great sales. (For me, the first one is the killer feature. I hate playing the install + patch game.)

Now, they could easily provide all of those things without adding any DRM at all, but they don't, presumably because neither they nor their customers (which, make no mistake, are primarily the companies who distribute games through their platform) want it enough to cause it to come to pass.

I mean, I love Steam, it's incredibly handy and has singlehandedly transformed the way I consume games. But let's not pretend it's something it's not.

-----


There is at least one game I would have pirated, but could not find a functional pirated copy of, so I bought it on steam.

If steam had no DRM I am confident it would have been much easier for me to pirate it (I would have copied it from the friend who suggested it to me).

-----


IMO DRM has nothing to do with piracy in a lot of people (at least who I've spoken to.) It's more about convenience.

I went to pirate a film last year. Mind you, it was a film I had purchased but I didn't have it on holiday with me so I thought about just downloading it on a torrent site. But then I noticed YouTube offered the same movie for £2.50 rental, streamed on a fast connection in HD 1080p. That is what stopped me pirating it. Not because I couldn't find it, but because I found an option that was more convenient than waiting 8 hours for a download.

That's what Steam does really well. Why would I bother pirating that game, when I can pay a pretty small fee and have it ready to play within half an hour tops?

-----


Is it possible that you (and people you have spoken to) have more disposable income to buy entertainment than they have time to consume that entertainment? People above that line are happy to spend more money to save even small amounts of time.

People below that line often want to pirate, to allow them to spend their money on other things.

-----


Possibly, although I wouldn't say it mattered. £2.50 can hardly be classed as a huge amount of money. The benefit of paying that amount vs waiting a few days and getting a version that's below in terms of quality is pretty obvious.

-----


Steam is still DRMed, in regards to the installers and for major part of the games even requiring Steam client to run them. GOG in contrast isn't, that's why I use GOG and other DRM free distributors, but not Steam.

-----


I've spent literally about 20 times more money on GOG than Steam, for this very same reason. And although I haven't actually found myself in that situation, I'm willing to pay a little more if that grants me absence of DRM.

-----


Steam has changed my habits too, but it's due to the convenience, not the DRM.

-----


Consumers don't care about implementation, they only care about the content, and until they do, suppliers of content hold all the cards.

In this case, forget consumers. Once in a while, something is more important than appeasing the masses.

A DRM free HTML5 spec is not going to force Hollywood to allow you to play Games of Thrones on your open source Linux browser.

Neither is a DRM-infested spec. Instead, you have uninformed consumers Googling for "how can I watch Game of Thrones Season 2 Episode 3 online for free", getting infested with malware, but still watching the show for free.

-----


So if the vast majority of people end up using native apps, and more and more information gets siloed behind these native app clouds on DRM'ed mobile devices, because that's where the money is, and the Web becomes a ghost town, that would be better for everyone?

The perfect is the enemy of the good.

-----


>So if the vast majority of people end up using native apps, and more and more information gets siloed behind these native app clouds on DRM'ed mobile devices, because that's where the money is, and the Web becomes a ghost town, that would be better for everyone?

You're talking nonsense. The web is just the dominant way of accessing "app clouds" on today's internet. Users don't care whether the code running on their device is Java vs. Javascript if the end result is the same. All you're promoting with "put DRM in HTML" is for all the horrific things you dislike about native apps to be allowed to infect the web.

You're fighting the wrong battle. It's not "make sure the web wins over native apps" -- it's "make sure open wins over corporate oligarchy." DRM is the opposite of open. We should not allow DRM to be in HTML. We should not allow it to be in operating systems. We should not allow it to be anywhere -- content providers who claim they won't sell their content without DRM are just lying. Make their choice "no DRM or no distribution method" and they'll pick no DRM.

-----


'The perfect is the enemy of the good' is the enemy of the good.

-----


The type of content that would be siloed behind DRM does not fit in a free peer to peer network of equitable peers anyway. TV is probably a better medium for that.

The Web is not a one way irrigation medium. It is about freedom. DRM is the opposite of that. Freedom is more important than money.

-----


>A DRM free HTML5 spec is not going to force Hollywood to allow you to play Games of Thrones on your open source Linux browser.

A DRM laden HTML5 spec will mean "my open source Linux browser" will not be able to support the entire HTML5 spec. This is far more unacceptable to me.

-----


Consumers don't even care about content. They care about convienence. It trumps everything. Video on the web is convenient enough that you will be able to watch the TV show du jour through it, and if there is no DRM support in browsers it won't be DRMed.

Pirates are becoming increasingly professional and Hollywood gets to decide if they will spend their legal advantage on defending incompatibility schemes or making money, unless the browsers help them out with the former.

A DRM free HTML5 spec won't have any effect on you being able to watch Game of Thrones on your open source Linux browser aside from maybe giving you an opportunity to pay HBO for it.

-----


> The content suppliers will gleefully go with native apps, flash, silverlight, even Emscripten-cross-compiled codecs.

At least a compiled-to-JS codec or encryption module would be JS, so it would run on the web everywhere. Unlike Flash, Silverlight, and also the EME stuff as mentioned in the article, all of which require proprietary code, and so will only run in some browsers and some platforms.

-----


The web doesn't need DRM any more than broadcast TV needed the broadcast flag. Content producers said that the broadcast flag was necessary, and that without it they wouldn't allow their content to be broadcast.

In that case, there was a bunch of push-back against the broadcast flag, the proposal died, and now all kinds of stuff gets broadcast in the clear. When push came to shove, the content producers didn't actually need the broadcast flag, and their business models still work without it just as well as they did before.

The same needs to happen with the EME proposal; people who care about this kind of thing need to push back and kill it just like with the broadcast flag.

-----


And then the content producers will just demand Flash or Silverlight to stream their content, which is the status-quo. It's not really a similar situation.

-----


Both flash and silverlight are deprecated by their makers. The question is whether they'll go away, it's what will replace them and what specifically it will do.

Flash and silverlight lost to an open, interoperably-implementable standard (html). This EME proposal just standardizes an interface to something that's not standard or open (the CDMs).

Some people like to say that content producers will never let up on their demands for DRM. But that's happened already in music and with the broadcast flag, and it's starting to happen in book publishing as well. We should keep fighting for it to happen in web video.

Everything is available pirated already, but people still pay for netflix & friends because they're convenient and most people are honest. If DRM doesn't make it into HTML, there will still be a viable business model streaming video to paying customers without DRM.

-----


Then they shouldn't be surprised when their content gets pirated. They themselves are to blame for making access to their content more difficult. I bet netflix would make double if they weren't platform limited by DRM implementations.

Most Internet users don't care where their browser vendor leads them. Like you said, consumers are sheep.

-----


>The content suppliers will gleefully go with native apps, flash, silverlight, even Emscripten-cross-compiled codecs. With content consumption going mobile, the push for native apps is even stronger.

What's wrong with that? Keep the junk out of the browser!

-----


What's wrong with it is it drives people out of the browser and onto insecure plugins which end up hosting botnets, or it drives people off the browser entirely and into a tablet app.

I don't think getting people in the cultural habit of going to the App Store for all of their needs is beneficial in the long term for the Web. The more you keep people in the browser, the better for the Web.

-----


>What's wrong with it is it drives people out of the browser and onto insecure plugins which end up hosting botnets, or it drives people off the browser entirely and into a tablet app.

Again, what's wrong with that? DRM shouldn't even belong anywhere to begin with. Now suddenly one needs to worry that DRM mechanisms imply security risks because of some native plugins? DRM is insecure and malware/spyware prone by its own definition! You can't have a "healthy" DRM. So there is completely no point to worry about a minor sickness (native plugins), while there is a major one in place (DRM).

-----


If people are set on doing bad risky stuff, having a safer way of doing it is a social good. I don't do heroin, but if people are going to do it anyway, I support giving out clean needles for them.

-----


It is not social good to support unethical things in any way. And needles analogy isn't even proper, since DRM won't become magically more "secure" with EME. EME doesn't remove native DRM code - it just makes the interface with the browser JavaScript based and standard. Black box native DRM code will still be present and will still remain the same security and privacy risk.

-----


(reply to below). Only if you consider DRM unethical. I don't consider non-free software, or DRM software unethical. I consider it shitty, and I am free to ignore it if I want.

You don't have any "right" to non-DRMed content. I say this as a person who hates DRM and who spent most of my youth cracking copyright disk protection on 8 and 16-bit software. I don't have a single atom of love for it, but software producers are perfectly within their rights to do it and you are perfectly within your rights not to buy or consume their content.

-----


I consider DRM unethical, but even besides that, it by definition implies privacy and security risk. You can't have safe DRM. I'd say producers aren't within their moral rights to push preemptive policing on people. That's where the unethical aspect comes in.

-----


You can't have safe DRM. I'd say producers aren't within their moral rights to push preemptive policing on people.

It's hardly preemptive. People have been illegally ripping off content since forever, and they've been doing it on a potentially business-destroying scale since the Internet became popular. The official law enforcement bodies conveniently sidestep the whole issue by making copyright infringement a civil rather than criminal offence in most places, which also transfers the burden of enforcement onto the copyright holder in most cases, and then the costs of actually bringing a case to court over someone ripping off a $10 movie are prohibitive. The normal mechanisms that are supposed to protect someone who has been wronged under the law have failed.

The content producers are now saying that if you want their content, you have to let them include technical measures to protect their rights because the legal system mostly doesn't. What other choice has society left them? You are still free not to consume their content and the accompanying DRM by buying something else... assuming, of course, that there is a viable business model to produce that "something else" instead.

-----


It's preemptive in a sense of saying "you are criminal (possibly), that's why we put spyware on your computer, lest you try copying our stuff". It is unethical and overreaching. Yes, piracy is a problem for content owners. Preemptive policing though is not a solution.

What other choice has society left them?

Treat customers with respect. That's the only sensible choice they have. It means no DRM. They don't do it, so they shouldn't be surprised that not many customers respect them.

-----


I don't think associating DRM in general with terms like "spyware" is particularly helpful. There is some overlap, of course, but fundamentally most DRM schemes don't install the kinds of keyloggers and such that are usually associated with spyware. That said, I have no problem with regulating what DRM schemes can do by law, so that it's clear that doing actual spyware-like things is illegal, or perhaps requiring that all negative effects of DRM schemes must be prominently disclosed before purchasing, with a mandatory security warning that will discourage consumers from buying.

More generally, if you consider DRM to be preemptive policing and not a solution to content piracy, what do you propose instead? If you've got a better idea that would actually work, I'm sure the content industry would love to know about it. Right now, there aren't a lot of those around.

Edit in response to your extra comment, "Treat customers with respect. That's the only sensible choice they have.":

As with most things in life, respect is earned. Sadly, society as a whole has proven beyond much doubt that it can't collectively be trusted in this respect and a large proportion of people will pirate content if given a chance. People do that for a lot of different reasons, and understanding those reasons is probably key to finding a happier balance for all concerned. However, a significant number of people just see that they can rip off something they want without paying for it and without a high probability of being punished for it, and they do. It's odd, because most of those people wouldn't steal from a store or try to con their neighbour out of their savings. It's just become socially acceptable to a lot of people to pirate content, and I'm not sure that's a good thing at all.

-----


> it can't collectively be trusted in this respect

You are missing an important point - pirates will pirate. That's it. DRM or not - they will. Respect was referring those who are decent people and are willing to support the creators. By not treating these people who are potential customers with respect (by the mere fact of using DRM), content industry hurts itself. But in my view, their inner desire for control outweighs any reason and logic. Otherwise they'd drop all this DRM idiocy already.

-----


By not treating these people who are potential customers with respect (by the mere fact of using DRM), content industry hurts itself.

Yes, it does. I don't think anyone is seriously disputing that. The question isn't whether DRM causes harm, it's whether it also causes a greater benefit for a net win.

But in my view, their inner desire for control outweighs any reason and logic.

You might also want to consider the possibility that the executives running these Big Media giants are well aware of the balancing act we're talking about, have access to much more information about the real costs and benefits of DRM schemes than you or I do, and have made a sound business decision based on the empirical data in front of them.

It's certainly possible that some businesses or executives are naive about this or have made a bad call on a close decision. However, the idea that entire industries operating on the level we're talking about have basically come to the same conclusion, and maintained that view for quite a long time now, despite the significant costs in both cash and reputation of employing DRM techniques... Even with all the nepotism and short-term thinking at the top of big business, that just doesn't fit with your implication that DRM doesn't really make any difference.

-----


You might also want to consider the possibility that the executives running these Big Media giants are well aware of the balancing act we're talking about, have access to much more information about the real costs and benefits of DRM schemes than you or I do, and have made a sound business decision based on the empirical data in front of them.

The logic they use to justify DRM (to the public) is so flawed and based on such bogus numbers of "lost sales", that I have no trust whatsoever in their sincerity or even ability to use common sense. The fact that DRM doesn't stop piracy is well known, yet these content producers pretend that they don't know it.

However if we assume they aren't morons, then it looks like they indeed have some real interest and reason behind DRM, which however has nothing to do with piracy. It can very possibly be related to their desire to control distribution technologies, prevent innovation and protect their business models threatened by the digital world. It drives them to be paranoidally obsessed with DRM (preemptive policing of the first order) and its derivatives like DMCA (preemptive policing of higher orders, which are aimed to stop violating the preemptive policing of the first order - i.e. breaking the DRM). It's easier to see it in DMCA, that it has already completely nothing to do with piracy, but has to do with desire for control, and in retrospect DMCA reveals the real reasoning behind DRM and its unethical nature.

Either way (whether they are just foolish, or they are evil), the public should strongly oppose DRM and DMCA on the ethical grounds.

-----


You're still assuming that the extreme, one-sided positions they present in propaganda, whether in press releases or making a case in court, have anything to do with how they make decisions internally. Assuming that what their marketers say and what their managers actually believe are anything like the same thing seems... unsound.

You're also stating repeatedly that it's a fact that DRM doesn't work but without any sort of evidence or argument to support that position. I'd love to see your hard evidence, because I've been following the industry for years and have yet to see much conclusive proof of anything. The people who have serious empirical data typically keep their cards very close to their chest.

-----


You're also stating repeatedly that it's a fact that DRM doesn't work but without any sort of evidence or argument to support that position.

The proof is available all around - i.e. movies, games, ebooks and etc. released with DRM start getting pirated almost right after the moment they are being released. What kind of other proof you need to see to admit that DRM doesn't affect piracy? If you think otherwise, bring at least one example where DRM prevented illegal copying. Some even bring examples where DRM promoted pirating, creating an incentive to break it. (I.e. when content is offered without DRM there is less incentive to show off by pirating it, than to show off by breaking the DRM and pirating it. CDPR found it out by seeing that the pirated copy of their Witcher game was the cracked DRMed copy of their early retail version, and not their DRM free copy which they sell through GOG. They don't use any DRM since then).

* http://www.pcgamer.com/2011/11/29/interview-cd-projekts-ceo-...

* http://www.forbes.com/sites/erikkain/2013/04/24/talking-the-...

* http://truepcgaming.com/2011/09/20/relive-the-classics-drm-f...

I honestly don't care what DRM proponents in the industry internally believe or base their push for DRM on, since none of those reasons make DRM any more acceptable or ethical. But if you yourself propose to assume they are doing it in bad faith, hiding their real reasons, it should be even a stronger reason to oppose it according to your logic.

-----


The proof is available all around - i.e. movies, games, ebooks and etc. released with DRM start getting pirated almost right after the moment they are being released.

That would only prove that people can pirate the game. It doesn't tell us whether the same number of people actually do or whether any casual copying is deterred because not everyone knows where to look to get a safe pirate version.

What kind of other proof you need to see to admit that DRM doesn't affect piracy?

Something involving hard data on sales and piracy trends with and without DRM. It's obviously impossible to compare like-for-like since you can't launch an identical game to an identical market with and without DRM and see what happens unless you have two versions available at once, which itself distorts the situation. However, you can look for indications of trends. For example, for games where the creator can detect a ratio of legal to cracked copies hitting their servers during on-line play, do titles with DRM significantly improve that ratio or not?

If you think otherwise, bring at least one example where DRM prevented illegal copying.

Assassin's Creed II from Ubisoft was infamous for its always-on DRM and the problems associated with it. The DRM was not cracked for several weeks after launch.

Interestingly, although you say the executives don't listen to anyone, Ubisoft did change their stance on the DRM after the PR disaster associated with the AC2 launch, and toned down the always-online requirement later and in the sequel. The AC2 launch might also be an example where the negative PR was so bad that legitimate sales were hit hard and the excessive DRM was not cost-effective.

-----


> That would only prove that people can pirate the game.

You said it. It means that DRM doesn't do anything useful about pirating. The moment "you can pirate the game", it will be pirated. Or you can put it this way - the moment someone puts a DRM stripped version to bittorrent - it becomes available for anyone who wants to pirate it. And it happens all the time. So, again, what other proof do you need, to admit that DRM doesn't affect piracy?

> It doesn't tell us whether the same number of people actually do or whether any casual copying is deterred

Forget about casual copying. The bulk of pirating happens through the networks like bittorent and the like. If you claim that DRM is needed to stop "casual copying" - it's very silly, since any "pirate" who is determined to copy something won't go to ask friends for casual copies. They'll go to torrent networks. So what good did DRM achieve?

> Something involving hard data on sales and piracy trends with and without DRM

You'll never get hard data, since it's not possible. You can only use heuristics, and they all point in the same direction - DRM does not hurt pirates in the least. It hurts legitimate users.

> Ubisoft did change their stance on the DRM after the PR disaster associated with the AC2 launch

Will, major DRM fiascos happen. SimCity fiasco demonstrated that. Sometimes it's enough to clear their brains, but often not. I meant that in most cases execs don't care at all. As CDPR said in the interview I linked above:

Fortunately and unfortunately at the same time, games are becoming huge business. And as with every growing business, there are a lot of people coming in who… have no clue about games and could work in any other industry. They are not asking themselves the question “What is the experience of a gamer?” Or “Is this proposition fair?” But rather, they just look to see if the column in Excel adds up well or not, and if they can have a good explanation for their bosses. As funny as this might sound, DRM is the best explanation, the best “I will cover my ass” thing. I strongly believe that this is the main reason the industry has not abandoned it until today, and to be frank this annoys me a hell of a lot. You are asking, “So why is it taking so long for them to listen?” The answer is very simple: They do not listen, as most of them do not care. As long as the numbers in Excel will add up they will not change anything.

I agree with that 100%. Because if those execs would care about user experience, DRM wouldn't exist.

And what he said about using piracy/DRM as an excuse for incompetence - that was very well spotted. I.e. imagine someone makes a film, game etc. and gets poor sales. They can admit the product was really not so good, so people don't care to buy it, or these execs can point to others and say - Look, so many sales were lost due to pirates! But with DRM - we did all we could to stop them, so it's not our fault.... I.e. DRM can easily be used as a fake excuse to avoid being blamed for the poor quality of the stuff they produce.

-----


"That would only prove that people can pirate the game."

"It means that DRM doesn't do anything useful about pirating."

I'm sorry, I've tried to be reasonable in this discussion, but if you really can't see why those are completely different statements and the second does not follow from the first then there is little point in continuing this conversation.

-----


I was reasonable. If it's easy to demonstrate that DRM still means people can copy it (the moment DRM is broken, which usually happens pretty fast), it means DRM has no effect on preventing piracy. That's a solid logic and you can put nothing against it.

In essence though it's simply irrelevant, since even if DRM slightly hinders some casual copying as you assumed, it doesn't make its existence justified in the least, and it can't serve as a reason behind pushing such horrible preemptive policing practices on consumers. The bottom line and the practical lesson that we can take out of this discussion was already expressed above. Those who push for DRM must be doing it for other reasons than piracy. And it should be strongly opposed, since DRM has no justification and it's an unethical practice.

-----


I think content industry doesn't want to hear anything - since all was already said. DRM gives them the taste of control, and that matters to them more than piracy (since DRM does nothing to stop piracy, it only irritates legitimate users). But for those who are willing to hear - I already said above. Treat customers with respect, and some of those who pirate now can start buying to show their respect in return.

-----


I don't have a single atom of love for it, but software producers are perfectly within their rights to do it and you are perfectly within your rights not to buy or consume their content.

I think as a commercial reality that is true, but I also think that to counter abuse there needs to be some form of regulation for content providers who "sell" something with DRM and then mess up the DRM implementation so their customers can't enjoy that purchase fully. There have been far too many cases recently, particularly with software, where someone's DRM has gone way over the line and undermined the basic product.

A consumer doesn't have to buy a DRM'd product, but if they do, they have a right that if they do buy it then they get what they paid for. A regulatory framework that guaranteed an automatic refund of a significant part of the purchase price for every incident/day that use was adversely affected, combined with compensation for both time/distress caused and any actual consequential losses, doesn't seem unreasonable.

If that means that suppliers who insist on installing DRM along with their product and then break someone's computer by getting it wrong wind up paying out far more than they ever charged in the first place, well, perhaps they should consider themselves lucky that they aren't being criminally prosecuted for causing the same harm instead as any other malware distributor would be.

-----


Emscripten cross-compiled codecs are better than black-box, closed source DRM codecs built into partially or fully proprietary browsers like Chrome and Internet Explorer. Do you really think a DRM plugin would ever work in Firefox or Chromium?

If they really want to ship DRM, they can do it using the same tools everyone else uses, without special monopoly-preserving treatment or 'protected media paths' or kernel hooks or tailor-made plugin APIs. Big Media is no more deserving of special treatment or protection than any of the other industries that want to build apps on the web, and the idea of dedicating time and resources to babysitting a dying industry when there are REAL PROBLEMS that could be solved instead is ridiculous.

The problem is that they know as well as we do that DRM doesn't work, and DRM especially doesn't work without the aid of special kernel/software hooks like the Windows PMP and OS X's anti-debugging protections. This is why they're so desperate to get DRM baked into the HTML5 spec and baked into browsers. The reality is though, adding DRM to browsers produces no value for anyone other than the lazy big media companies that can't adapt to the modern world. It doesn't produce value for consumers, it doesn't produce value for developers outside of big media, and it doesn't produce value for the people who actually produce video and audio content. All it does is enrich IP lawyers and executives.

Furthermore, the idea that lacking DRM somehow makes the web 'suck' is preposterous. Do you know anything about the web? If the web sucks that's entirely separate from whether or not it can play encrypted video. If it sucks, it's because browsers are full of security problems, websites are poorly designed and poorly engineered, web accessibility for the disabled is poor, web performance is miserable in many markets, and ISPs like Comcast continually abuse their monopoly status to overcharge and under-deliver. Encrypted video is so far from a real-world concern or priority for ordinary people that suggesting it's somehow NECESSARY for the web to not suck makes you look absolutely raving insane.

-----


I didn't say the Web sucks, I said consumers will perceive that the Web sucks if they can't find the experiences they want there. I've been on the Web since Tim Berners-Lee announced the first web page, I'm rpetty sure I know stuff about it.

-----


Consumers will have to install an extra plugin to get the same experience as native apps. This is better than having DRM built into html5 which will make unreasonable demands from the browser and the OS. With DRM in html5, it might be possible that Linux based systems may not be able to support html5. If you can have completely open source code, go ahead and add DRM support to html5.

-----


How can the "lazy big media companies" adapt? What's the DRM-free business model that would allow them to produce the blockbuster movies that are apparently still quite popular with the public?

-----


> What's the DRM-free business model that would allow them to produce the blockbuster movies that are apparently still quite popular with the public?

That's something they have to care about, not I. I have the right to say "fuck you" and not give a shit about their business model. They had ample time to at least make a feeble try to start adapting, but so far this has not happened. I see a "blockbuster" movie about twice a year and could not care less if the typical Hollywood drivel completely stops.

-----


Not to mention the dross is gumming up the tubes!

Having said that, this is more a question of content delivery than the actual content.

-----


"What's the DRM-free business model that would allow them to produce the blockbuster movies"

It's the same as the DRM-encumbered business model: make movies and charge people to watch them. DRM doesn't make that model any more or less effective.

-----


This. They already have legal options to protect their IP. If they still want to use DRM, continue using plugins.

Why include DRM in html5 and potentially alienate open source operating systems?

Why use html5 to help sell more windows/osx copies?

Why use html5 to promote vendor lock-in?

Are copyright laws not enough protection?

-----


This. While I don't like DRM, I feel like this boxing out of DRM-using media companies is pointless. Consumers continue to subscribe to media sources they find convenient and many use DRM. This may not last forever, but I'm inclined to vote bring all these people into the fold on the modern web so it's a place for everyone. Nobody's forcing anybody to use DRM.

-----


I think the point is more nuanced than that. It's not that DRM doesn't belong on the web, but it doesn't belong as an integral part of the web and web components. There are already well-specified mechanisms like <object> and NPAPI/ActiveX plugins that you can use right now to ship encrypted video if you want.

The cost of every single feature added to the Standard Web is tremendous and we pay that cost forever. By that standard alone, adding a feature like DRM video to serve the demands of an enormous, incredibly powerful, incredibly rich lobby is ridiculous. There are simply much better problems to be solved with less downsides.

So, to try and rephrase it: The question here isn't whether these people should be 'brought into the fold' on the modern web; DRM is intrinsically at odds with the modern web (and the web we've had before), both in concrete purpose and in the more nebulous philosophical ways. A major strength of the web has always been its ability to open doors and put powerful tools in the hands of everyone, and encrypted/protected video limited to certain platforms/devices just fundamentally runs counter to all of that.

-----


You're assuming that blockbuster movies are a business model that will continue to work in the future. That's highly questionable - in the game industry developers and publishers are being forced to accept the possibility that the blockbuster model is no longer going to be a reliable source of revenue or the right way to develop things. I won't claim to know enough to say whether this is true for film or television, but it is at least reasonable to ask 'maybe the reason these products require fragile, overcomplicated DRM solutions is because we're building the wrong products'.

I hate to use this analogy, but this really seems like a potential buggy-whip situation: It's quite possible that the content Big Media is producing is simply no longer relevant, even if the lack of relevance is due to changes in how people consume media and not because people are somehow no longer interested in explosions or big-name actors.

-----


Possible, I'll buy that. Maybe YouTube will one day kill off the major networks and studios, and production will get cheap, just like startups have gotten a lot cheaper to run with EC2.

But I'm still going to go see Iron Man 3 and Star Trek Into Darkness and I'm not holding my breath that a non-DRM version will be cooked up outside the blockbuster system anytime soon. :)

-----


Is there any doubt that Star Trek Into Darkness could raise an unspeakably large amount of money on a crowdfunding platform?

It looked very much like fans of Firefly would have been able to raise enough to continue making the series but they were given not very subtle hints than getting involved in a crowdfunded production would have been bad for the showbiz careers of those involved.

-----


The problem is that they know as well as we do that DRM doesn't work

Unfortunately, as much as some of us would like that to be true, it seems very unlikely. DRM isn't some binary thing where either it prevents copying 100% or it doesn't; it's a deterrent. It works as long as it stops/delays anyone from copying the product illegally so they get it through a legitimate channel instead. It works and is cost-effective if it does that to enough people that it saves more money than it costs in implementation expenses and any loss of good will. On the evidence to date, that loss of good will doesn't seem to translate into much actual loss of custom once the bitching dies down, presumably because most of the people doing the bitching were never going to pay for the material anyway, so it's a relatively low bar for DRM to be economically viable.

The reality is though, adding DRM to browsers produces no value for anyone other than the lazy big media companies that can't adapt to the modern world.

Of course they can't. The law in most places is set up so the content producer's side of the bargain is clear, but that law is not enforced to make sure that everyone else keeps up their side of the bargain too.

Lots of people post on forums about how these companies need to "adapt their business models". Approximately 100% of those people also enjoy content made by the "lazy big media companies" in question under their current business model, which is becoming less effective. Wanting cheap/free access to that content by making sure that the legal/economic framework under which is was produced continues to be circumvented is a Faustian bargain. It's not sustainable. But no-one seems to be having much success with ideas for alternative business models so far.

Of course there will probably always be mass market films or pop music or sports games that will reliably make a profit even under these conditions. However, the same conditions are toxic to smaller, independent content producers who might have done something innovative or catered to a niche market. Next week the same consumers who object to DRM and dying business models will be complaining that modern AAA games are all derivative titles in long-running series, the SyFy channel doesn't show much good sci-fi any more, the latest Hollywood blockbusters are mostly SFX, action scenes, and attractive young stars whose acting abilities are debatable, and it's getting harder and harder to buy a general purpose computer and run your own software on it instead of buying a device that is already locked-up to some degree the moment you take it out of the box.

-----


Lots of people post on forums about how these companies need to "adapt their business models". Approximately 100% of those people also enjoy content made by the "lazy big media companies" in question under their current business model, which is becoming less effective. Wanting cheap/free access to that content by making sure that the legal/economic framework under which is was produced continues to be circumvented is a Faustian bargain. It's not sustainable. But no-one seems to be having much success with ideas for alternative business models so far.

The fact that such people consume big media content now does not mean they wouldn't rather dispense with such content in exchange for the elimination of such laws.

In fact, an argument could be made that the production of such content smothers other, less capital intensive content made with lower expectations of large returns (for example, theater was much more successful around here before the big Hollywood blockbusters came to the scene).

However, the same conditions are toxic to smaller, independent content producers who might have done something innovative or catered to a niche market.

I don't doubt that the current conditions are toxic, but I don't think "those people" argue that the status quo is OK. Whether the conditions they argue for are toxic or not remains to be seen.

-----


The fact that such people consume big media content now does not mean they wouldn't rather dispense with such content in exchange for the elimination of such laws.

That is true.

In fact, an argument could be made that the production of such content smothers other, less capital intensive content made with lower expectations of large returns

That is also true, I agree.

However, the overwhelming majority of commentary I see on all sides of the debate doesn't particularly support either of those premises. As far as I can tell, I am fairly unusual myself, simply because I actively avoid most DRM'd products even though I would probably enjoy the material and would consider the asking price fair if not for the downsides of DRM.

The only exceptions I make regularly are low-end copy protection on things like DVDs that I'm quite sure I could crack if anyone ever abused it, and high-end systems that come with expensive software I have little (legal) choice but to buy for work. The former have never caused me any problems. The latter have stung me on several occasions, and are one of the main reasons I think DRM should be regulated so if suppliers want to use it, they also have to accept the consequences if they get it wrong.

It seems most people I come across will simply buy DRM'd content anyway, even if they later whinge that it doesn't work properly. Just look at all the people buying AAA games even though the companies running them mess up time after time so the games often don't even work properly on launch day. EA has been voted "worst company in America" more than once, but just look at all the kids still preordering the latest titles for their game collection! People complain about DRM on their favourite forum, but then they still buy whatever it was they apparently couldn't live without anyway.

-----


Frankly, I don't get your argument. You said that there was a problem because the critics of DRM and current business models were consuming the content while circumventing the economic framework, so the situation is unsustainable; now you said that the people who complain about DRM still buy the products anyway. That doesn't sound unsustainable to me.

-----


I was talking specifically about paying customers, and how DRM probably doesn't reduce the revenue from that market very much even though it's clearly hostile towards those people.

Obviously the point of DRM is to try to reduce the number of people who are consuming the content without becoming paying customers, and given the assumption I'm making above, it doesn't need a very high success rate to be economically worthwhile.

If people still buy EA games like lemmings even after things like the SimCity fiasco, how many pirates do they really need to deter using DRM, and for how long, before it becomes an absolutely guaranteed revenue booster? Most games or major movies make an extremely disproportionate chunk of their revenue in the first few days after launch. If the suppliers can hold off piracy for even a week or two before a crack is out and get even a few percent of would-be pirates who are desperate to play the game or see the film to do it through a legitimate channel instead, that's potentially millions in extra profits on a AAA game or Hollywood blockbuster.

-----


>Consumers don't care about implementation, they only care about the content

Therefore, it is the moral duty of those behind html5 to make sure that interests of consumers are not compromised.

-----


Problem is that EMA (aka DRM in browser) will discriminate between open source and proprietary browsers, giving latter a bigger edge (propietary plugins, could in theory be bypassed).

-----


One should never deal with the bad guys.

-----


Then consumers should revolt, because all this really does is limit on how many devices they can play the content on. And I think everyone hates that.

-----


Only when they experience the problem first hand!

My brother is a novice computer user, he ripped all his CDs into his music library through windows media player as WMA files. I tried explaining that he'd be better off with a 'free' format, but he didn't care, or rather hadn't the need to care.

Later he acquired an iPod. Then he was totally baffled as to why he couldn't play his WMA files on his iPod. Anyway he went on to transcode using iTunes all his WMA files to probably M4a files. And has no idea that he has potentially thrown some data down the drain in the process.

I'd like to see his face if he then bought a device that couldn't play M4a, but WMA files!

Oh for the glory days of picking up a CD and your ghetto blaster and moving it from room to room.

-----


I can't believe that DRM is even on the table. It's ONLY purpose is to prevent third parties from accessing content, which is pretty much the antithesis of the web and open standards.

For me, what it all comes down to is this: HTML5 is supposed to have open standards, so if I implement those standards' specifications in my own web browser, I expect to be able to view and use websites that are HTML5-conformant.

If DRM goes through, this is what will probably happen: Internet Explorer and Google Chrome (two closed source browsers) will definitely implement it. Opera might implement it (who really knows what they'll do?). Chromium and Firefox probably won't implement it. DRM content will likely only be viewable on those two browsers, and only on a supported platform. If you use Firefox on Linux Mint, you're SOL. If you developed your own web browser, you're SOL. Even if you use Firefox on some closed source operating system like OS X, you're SOL.

-----


Back in the real world, the web is not inevitable. The alternative to HTML5 DRM is for vendors to turn away from the web and HTML5 altogether.

The web is still open by default, versus other platforms being closed by default. The best architecture is to support fine-grained plugins with well-defined semantics than just some big black box <object> element that could be running anything.

-----


Indeed. Vendors won't be forced to make a HTML5 version - on the desktop the formula that's allowed them to provide browser plugins hasn't changed, and on mobile they're already making an iOS app and an Android app because today, apps provide a better experience than websites anyway. Sure, your niche mobile platform will be left without any way to experience the content, whereas if not for DRM they could provide an HTML5 player as a least common denominator, but it probably doesn't have enough users for them to terribly mind.

That's not to say that HTML5 EME addresses this, just that nobody is going to be forced to use HTML5 in any case. (It's possible that a proprietary but common CDM standard could be created to allow the least common denominator on mobile, since the regular route of browser plugins won't work there, but that would be its own can of worms.)

-----


What is the complaint. It isn't clearly summed up here.

Noone will force you to use DRM on your website. Noone will force you to browse websites that use DRM.

What do you care what others choose to do with their sites and content, unless you believe you have the right to access everything everyone creates, in an unrestricted fashion, for free, in perpetuity.

-----


The primary complaint is that, for the first time since the <embed> tag, W3C is creating an API that by design won't work on some systems.

If that isn't automatically bad to you on the face of it (it is to me, I want to be able to use random-OS-of-the-month as long as it has a good browser), you create a scenario where those on top stay on top by the grace of already being on top.

-----


> Noone will force you to browse websites that use DRM.

If you want to stay legal and watch their content, you bet they will. Major networks will require their distributors to use this DRM. Sure, you don't have to use their content, but the point of fighting it is that we want to use their content and are trying to prevent them from this step.

-----


Excellent point. We take away the previous held concept of possessing media, making money by renting it to you repeatedly, then lobbying Washington with the profits to make it illegal to not play by our rules, and you're addicted so you can't break the habit.

-----


What? Addicted? Really?

-----


Then don't watch their content, if you're morally opposed to how they're distributing it.

-----


One complaint is that as the spec stands it's impossible to interoperably implement in browsers just by implementing the spec. You also have to go and do some out-of-band agreements which may or may not happen.

In other words, it's a "standard" that deliberately sets up a situation where behavior across browsers will differ.

Suggestions that the interface between the CDM and the browser actually be standardized have been made ... and ignored.

-----


This is because all you dummies were too busy lauding Google's services and nobody notices how "evil" they are.

This came as a proposal from Google. It was tested in Chromium first. The DRM is essential for their "World-saving" ChromeOS that nobody really cares about.

-----


Yep, if Google implements DRM, no one can stop it. The web is a platform for big software vendors after all, because no other player can virtually implement and maintain this enlarged platform and browser runtimes. Evil browser vendors will take over the role of evil plug-in vendors. Game over.

I predicted this catastrophe when everyone was attacking Flash.

-----


DRM is based on obfuscation at the core. How would this ever work with open source browsers?

-----


It wouldn't. The explicitly stated plan from the people who originated this proposal involves proprietary browser plugins.

-----


Not necessarily browser plugins. Could be browser or OS or hardware.. Each website has control over what DRM it accepts, which leads to a world where hardware eventually becomes the requirement.

-----


Regardless if it's technically a plugin or part of the OS accessed through a bridge, or anything else, EME fundamentally depends on proprietary code (and that code will not be part of any open source browser).

-----


Then it would only be a matter of hacking one browser to claim to support drm scheme x and then not to get it to work. Since we have to distribute the run time in at least one browser, this shouldn't be a problem.

-----


What's the solution? Forking html?

-----


Short term, the solution is to convince W3C that moving forward will be an embarrassing disaster, nevermind what some of its for-profit members want. This has been accomplished before, in particular ~2001 when many wanted W3C to have a RAND (ie fee required OK) patent policy, but they were embarrassed into finally doing the right thing, ie mandating RF (royalty free) patent licensing by participants in W3C standards.

Long term, help free culture become dominant. The post says "The Web doesn’t need big media; big media needs the Web" which is true, but web companies do fear and/or hope for an advantage over competitors by doing deals with big media, including deals selling out The Web writ large.

-----


I wonder which ones sold out already?

http://www.microsoft.com/playready/

https://tools.google.com/dlpage/widevine

Bitches.

-----


The solution is waiting it out. They caved on music; they will cave here too. All that is required is patience: something that is admittedly rare in the tech world, but it works.

-----


Not at all clear to me that waiting it out is a winning strategy. There is no deterministic path for other media to follow music away from DRM, and indeed there is a threat that a faux-standard as proposed will mean that DRM becomes the expectation and demand of/by record companies, again.

-----


I wouldn't call it "caving" in on music. In a large part Apple effectively blind sided them, I'm sure if given another chance, the RIAA would never let iTunes exist.

-----


FWIW, I'd chip in my time for this.

-----


As we well know from web history, the standards aren't mandatory - if a part of the W3C standard is broken by design, then the next step is to lobby the major browser makers to ensure that in practice the implemented de-facto standard does not include these DRM terms.

-----


Wait, so the W3C is actually letting this happen? How the mighty have fallen.

-----


It's still a proposal at this point. It should be opposed, obviously.

-----


It appears that the spec for EME doesn't provide a mechanism to reliably detect decryption failure, this will be inconvenient to end users. This could be alleviated by adding a mandatory tag that includes a hash of the decrypted video for verification purposes, to be tested by the client while streaming the content. If the hash is missing or incorrect the media must not play.

The Tiger Tree Hash system is already being deployed for this purpose in other systems.

-----


NetFlix is one of the companies pushing this.

-----


Also, note that Google is one of those companies as well. They forgot about "not being evil" with this one.

-----


Silverlight was great at keeping DRM from HTML5 till Microsoft decided to be 'cool'.

-----


Consumers don't care about DRM or No-DRM they care about convenience. Large players do not care about technology either they just want control over their market. Under this circumstances the question is what stand should W3C take ?

Should they try to keep web as open as possible or should they play to the tunes of Google and Microsoft and introduce features that benefit them.

As I see it, web standards should be as open as possible.

-----


The W3C must ultimately do what it thinks is in the web's best interest. Not the interest of big media companies, or the interest of those against DRM. If they implement a system by which DRM can be reasonably added to the spec to bring those users and companies into the fold, I don't think I'd have much to call them out on, even though I don't like DRM. That bone is to be picked with the media companies themselves.

-----


The W3C will ultimately do what is in its members' best interests: it's an industry consortium.

Its members are whoever paid the membership fee.

There are plenty of instances of the W3C doing things that its members asked for that were either irrelevant to the web or detrimental to it, because there is no "W3C" per se when it comes to getting stuff done, just the set of members.

-----


Why are optional WebIDL bindings really any different than NPAPI bindings? foo.getDRMStream() is bad, but document.getElementById("drmpluginelement").getDRMStream() is somehow fundamentally better?

Seems like mostly a distinction without a practical difference. Some browser platforms won't be able to ship with the bindings for this, likely the same browser platforms that can't ship the NPAPI plugin.

-----


Well, we can at least not make the situation worse. We already have NPAPI, let's not add another proprietary plugin API.

-----


Whether or not Encrypted Media Extensions(EME) is included in HTML5 SHOULD NOT be construed as a referendum on DRM. The HTML5 standard is not the place to determine if something is ethically/morally good, advancing humankind, or will even work.

If some orgs or people want a means to retrict the playing of media in HTML5 by downloading keys from a license server then so be it. The HTML5 standard should be as inclusive as it needs to be to represent the needs of all parties. If enough parties desire this functionality then who are we to say they cannot or should not have it.

-----


I can't read the article, probably a HN DOS.

However, I really can't see the point of doing DRM in html5, it will just result in browsers becoming the equivalent of the evil plugin everyone hates(only certain browsers/platforms will be able to run the content).

Why not just leave html5 video open, and let those who wish to distribute DRM'd content build their own client-side players for the OS's they wish to support. Or let them build apps on top of Adobe AIR or Silverlight out of browser.

-----


My take is that Google in particular likes this development (though are probably trying to stay away from it publicly for political reasons) because it allows them to easily (ie. with studio blessing) pilot monetizing their vast YouTube-watching userbase by offering paid content services and user profiling far beyond what is available on cable networks (eg. by selling 'anonymized' matches of consumer viewing behaviour in conjunction with email, location, sleeping-schedule as determined by a cross-section of Google services, etc.). Existing Google projects and their recent significant investment in video (patents, new LA offices, Android 'Smart TVs', ChromeOS Google Fiber) all look like they will benefit from this type of development. With all due respect to people who work at Google, please consider protesting internally in parallel to this public effort, or leaving.

-----


I think Google has a checklist of Chromebook deficiencies and they are just checking Netflix off by doing this. That it will ultimately make it a little easier to do things like you suggest is just an added bonus.

-----


I don't see the big deal.

Right now DRM depends on proprietary plug-ins. If this is allowed in HTML5, DRM will still depend on proprietary plug-ins.

What is different?

edit: also, browser vendors don't have to implement it if they don't want to. Really, I don't like this DRM thing that much, but I am kind of indifferent to this.

-----


>What is different?

That's kind of the point. The people promoting this seem to be misunderstanding what the result would be. It would in no way reduce the amount of poorly written proprietary code full of security vulnerabilities. It would just move it around a little.

But in the meantime it breaks the web. Even if you support the new HTML5 spec, you can't actually support it without having the proprietary black box necessary to make it work. You break the ability of the web to be platform agnostic. For the web to work at all you'll soon end up needing the black box, because once it's there sites will use it. So if the black box doesn't exist for your platform or you want to create a new platform then you'll be locked out of most of the web. How can that be acceptable?

-----


But it is NOT platform agnostic anyway.

That is my point. Right now, you have to have certain plugins to see certain sites. At this very moment.

So according to the new specification, there won't be <embed> with a specified plugin in TYPE attribute (or something similar in <object>), but probably something else and similar with EME. Why does it matter so much?

If this is not passed, evil corporations will use <embed> and <object> again. If this is and browsers will support it, they will use EME instead.

Again, I can't see any big change.

-----


We should oppose the old plug-ins just like we do the new ones. The big change is that the old plug-ins have been starting to die out. People originally used Flash because it was the best way to play video in a web browser, not because it had DRM. As improvements to HTML eliminate the non-DRM need for such plug-ins, the plug-ins start to go away. Apple got away with prohibiting Flash on iOS because it became possible to use Youtube et al without it. We ought to be encouraging the legacy plug-ins to finish going away, not reintroducing new ones.

-----


I think it's good.

Once it's implemented, you can just patch Firefox or Chromium to dump the unencrypted video stream before sending it to the H.264/WebM codec, and you get an universal method to trivially liberate all "DRM"-encumbered web content.

-----


Site is incredibly slow (I see Wordpress is doing its job again). If it goes down, here is a copy of the html: http://pastebin.com/raw.php?i=fnutc6A3

-----


Here's a mirror (I think) of the post:

http://permalink.gmane.org/gmane.org.freeculture.discuss/681...

-----


Forgive my lack of knowledge, but does this mean that in future motherboards or CPUs could be sold that lock out non DRM files, or something in our hardware like that?

-----


Alas, article does not explain where the betrayal is. Or even what the author considers "web". Someone is too self-centric and has no idea what an average web user is and what he wants.

Honestly, rants like this sound a lot like "allowing same-sex marriages will destroy the sanctity of marriage" and alike. How exactly?

Will the ability to have DRM'ed content in HTML suddenly shut down "the open web"? No.

-----


DRM is bad.

-----


Just wondering, is there any provision in any OSS license (or scope to add one) that prevents the code being used in any DRM software or firmware?

I know it wouldn't act retrospectively, and I'm not sure if any OSS libraries are actually in use in any DRM software, but it may at least set a trend. I'd love to see the next open source game changer be open to all except those who oppose openness :-)

-----


No, by definition, since that would no longer be Open Source.

http://opensource.org/osd

-----


EME =/= DRM.

-----


Technically speaking, you're right. EME is not DRM, it's a facilitator. From the spec "facilitating the development of robust playback applications supporting a range of content decryption and protection technologies [read DRM]." I may have inserted that last part. Using a new acronym affords Hollywood more time to get implementations in major browsers while we try to raise awareness. Most consumers don't know about DRM, fewer still about EME!

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: