Hacker News new | comments | show | ask | jobs | submit login
Requirements for DRM in HTML are confidential (w3.org)
597 points by duncan_bayne 1467 days ago | hide | past | web | favorite | 404 comments

Great. DRM. The best example of shooting yourself in the foot ever.

Give customers encrypted content and the keys, try to prevent them from freely using the two together, undermine copyright fair use and first sale doctrines as you go along.

Intended effect - No Piracy

Actual effect - Paying customers get crippled products, pirates carry on regardless

It's crazy. And the more they try to lock it down the worse their products become and the better piracy looks in comparison. Pirates don't only beat the legit industry on price, they beat them on quality and availability. How can the industry allow this to stand? Let alone continue down the same path with their fingers in their ears shouting LALALALALALA I CAN'T HEAR YOU!?!

Let me tell you how things work in the real world.

When the people with money say "we want this", you don't argue. It doesn't matter if it's technically infeasible. It doesn't matter if it won't have the intended effect. When the people with money want something, YOU GIVE IT TO THEM. And let them deal with the consequences. Otherwise, you won't get the business, and life can otherwise be made very, very difficult for you.

The people who run Hollywood have lots of money to play with. The people who run the Web companies want a piece of that action. Hollywood says "no can do unless we have reasonable assurance that due diligence has been done to prevent piracy -- that means DRM." DRM isn't really about being effective -- it's about providing a nominal barrier to piracy that will dissuade casual pirates outright, and in the case of serious pirates, provides something that can be "broken" so the studios can go after the person who broke it with civil and criminal copyright infringement claims. Now you know why the DMCA anticircumvention provisions exist: so the copyright industry can do with the law what DRM alone couldn't do.

So the Web either gets DRM, or Hollywood makes content available on proprietary platforms that provide it.

Money shapes reality in this world.

Let me tell you something about the state of the real world: The content Hollywood produces is already fully available on the Web. They try to fight that, but they lose. So the w3c is in no position where it is necessary to accommodate them to get their content. Besides, for the w3c, where is the business incentive, where is the money involved?

> The content Hollywood produces is already fully available on the Web.

For people willing to pirate, it, yes. However, it's far less convenient to pirate movies and get them to your big screen TV than it was to use napster and listen to songs on your mp3 player. On the flip side, Netflix (i.e. content with DRM) accounts for roughly 1/3 of nightly internet traffic in the US. DRM facilitates consumer access to restricted content.

> Besides, for the w3c, where is the business incentive, where is the money involved?

The w3c is primarily an industry group. The players pushing DRM in HTML5 are Google, Netflix and Microsoft, all of whom have a business interest in being able to stream content via browsers.

> For people willing to pirate, it, yes.

What good is protection against piracy from people not willing to pirate?

And no, pirated content is far more convenient than DRMed content. DRM can only reduce the conveninence, not increase.

> What good is protection against piracy from people not willing to pirate?

It's about business. Protection that works for 99.5% of the population is good enough for the old content industries. Netflix couldn't exist in its current form without DRM -- Netflix does not succeed because of novel technologies, but rather because of successful content licensing.

To be clear I'm not a fan of DRM, especially not when it's baked into the HTML standard.

> And no, pirated content is far more convenient than DRMed content.

I didn't say that - you're arguing against a position I didn't state.

I don't think it's the DRM that facilitate anything. DRM is a tradeoff between pirated stuff and going to the theater. Netflix is a legal Napster while Hollywood are content with DRM as good enough protection.

It does, in that it allows business agreements to be signed. Without DRM, old content industries aren't interested in playing.

and we aren't interested in the old content industries. they are "considered harmful" at best

If you're interested in their content, then you are interested in the old content industries. If you aren't interested in their content, then what they do will have little effect on you personally.

I require a definition of how they are "considered harmful" because I seriously doubt that.

EME is a good example of harm.

But how is it harmful to you personally exactly? How is it harmful to anyone?

It corrupts the Open Web, meaning that one cannot simply decide to write a web client that will be able to display any standards-compliant content. It corrupts the W3C, in that it weakens their position in maintaining the Open Web, and lessens their value in the eyes of everyone except for the MPAA and its ilk. It harms culture, in that valuable cultural artifacts will be locked up in a way that will render them inaccessible to future generations, or people on non-blessed hardware.

I'm still waiting for the explanation of how it actually causes harm. Most of what you describe is not exactly harmful and is easily dealt with.

What's to stop someone from creating their own web client that doesn't implement that part of the standard? Where's it written that we have to follow every bit of the standard as it is written? Who gave this select group of people that much power over the open web?

Personally, I think the W3C was approaching being corrupted long before this issue. Maybe not in the terms you are describing right now but I've had issues with the behavior of various standard bodies and browser providers that happen to be a part of these bodies for a while now.

As for artifacts of culture being locked away from future generations, that is a potential problem. But we all know a silly DRM scheme isn't going to stop that. But that kind of thing has been in practice for a long time, way before we had electronics and the human race seems to be moving along in despite.

To me, a better solution is to show that people are willing to move on from these aspects of culture that everyone is so hung up on. If enough people show that these schemes don't work in the long run the content providers are more apt to change their ways. Look at the music industry, it's vastly different than it was just a few years ago and continues to change. Let these people attempt their schemes, in the long run it will matter little.

So, to paraphrase, you think there will be no harm because the W3C isn't doing anything useful as things stand?

Doing nothing useful doesn't necessarily result in harm.

I keep pointing out that people are claiming that this is harmful in some personal way. I keep asking how. The best I've seen is that it creates harm to the standards, which is more about causing harm to the people who control the standards. This decision directly harms the standards body itself, it does not harm the open web. Corrupting the standards with bad decisions hurts the reputation of the standards body, which will eventually importance in the scheme of things. The open web will just move on to something else. The reason I say that is because if the web is truly open, it is free to ignore the "standards" it doesn't like. Meaning, the people who use it can choose to not participate. It's a standard because everyone agrees to use it together. If the people using the open web decide they don't like a browser that implements DRM they don't agree with, then they have the option to choose a browser that doesn't implement the DRM. If there isn't such a browser, the open web allows someone to create and share it with the masses.

If this decision actually causes harm to the open web, then it's not truly open because that implies no one can get around the decisions made by this select group of people. If that's the case, then the web doesn't sound very open as it stands today.

This entire thread was about hollywood. To say that we aren't interested in what hollywood produces is a strange assertion, or a rather narrow definition of "we".

The problem here it does not dissuade anybody. All TV content is available on torrents within hours of the release. All movies appear on torrents sometimes before, sometimes within days of theatrical release. Technical knowledge that is needed to obtain this content is pretty much downloading one piece of software and clicking one link.

>>> or Hollywood makes content available on proprietary platforms that provide it.

Let them. They will spend tons of money on it and all those money will go down the drain once somebody wakes up and understands that treating customers as customers is better than treating them as enemies.

>> When the people with money say "we want this", you don't argue. It doesn't matter if it's technically infeasible. It doesn't matter if it won't have the intended effect. When the people with money want something, YOU GIVE IT TO THEM.

Strange how the general public don't get DRM-free movies from hollywood...

Either way, my point was exactly about 'Hollywood', if you want to call them that, it's them that are delusional about their ability to protect content with DRM.

>> Money shapes reality in this world.

In this case it sems to propagate delusions.

The general public doesn't have an issue with DRM, they happily purchase the content as-is today. They may grumble when they have to purchase a movie for the second or third time but they continue to do so. Therefore the public, being people with money, have stated overwhelmingly that they want content without stipulating anything about DRM, free or otherwise. You are attempting to apply your viewpoint on the general public, which clearly does not agree with you.

As for your statement that Hollywood is being delusional about DRM being able to prevent piracy. They are not delusional about it at all. They know exactly what's going on. They want DRM that prevents casual copying so that Uncle Bob doesn't give a copy of the latest movie to his entire family which is not an attempt at monetary gain. That way they only have to spend money going after serious piracy efforts that exist for the purpose of making money. Your statement assumes that Hollywood is being run by stupid people and that's a serious mistake to make in this type of debate.

>> The general public doesn't have an issue with DRM, they happily purchase the content as-is today.

Do they?

>> They may grumble when they have to purchase a movie for the second or third time.

So not happily then. And not what they actually want.

>> but they continue to do so

Because the choice is that or piracy, and many choose piracy. 'Not participating in popular culture' is a choice, but it's never going to be a big one.

>> You are attempting to apply your viewpoint on the general public, which clearly does not agree with you.

The general public are dolts, but even you have admitted they grumble and don't get what they want.

>> They want DRM that prevents casual copying so that Uncle Bob doesn't give a copy of the latest movie to his entire family which is not an attempt at monetary gain.

Then they have failed, because cousin bill, Bob's kid, has that figured out on them innernets.

>> That way they only have to spend money going after serious piracy efforts that exist for the purpose of making money.

Serious piracy efforts like usenet, torrents, IRC etc? Nobody makes much money there. There are for profit piracy-streaming services that advertise I guess. Never seem to have much legal trouble.

>> Your statement assumes that Hollywood is being run by stupid people and that's a serious mistake to make in this type of debate.

It is. Powerful, litigious stupid people with a lot of vested, anti-consumer interests.

>> Do they?

Yes, yes they do. Take a look at the proceeds from those industries and tell me people are not handing over money for said content.

>> So not happily then...

Ah, I see the problem. When I said happily I meant this definition: "felicitously; aptly; appropriately". Meaning they pay because that's what they are supposed to do. My bad. What they want and what they do are two different things. You see, they don't want to pay for multiple copies but they do, not because of DRM. They do so because that's what they are "supposed" to do. This is more of a philosophical, economical, and/or legal issue they complain about, not technological. DRM is technology that most people are probably not even that much aware of in their day-to-day lives.

>> ... many choose piracy...

I didn't claim otherwise. But, as you say, they have the choice to not participate. That's my current answer to what I feel is outlandish cable subscription fees as compared to my perceived value of what they offer. It doesn't work for me, therefore I don't pay for cable. I use other means to access the media that I wish to consume.

>> The general public are dolts...

I think it's rude of you to apply your viewpoint on a large group of people that aren't even aware of your problem. Then when they don't go along with what you think they should be doing or what you think they should know, your method to convince them otherwise is to insult them? You're not going to win anyone over with your argument.

>> Then they have failed...

Due to record profits, I think the situation has worked out quite nicely for them. I think you are exaggerating in your own mind the number of kids who are sharing movies with their families and the impact this actually has.

>> Serious piracy efforts...

If you think trading torrents is serious piracy, then you need to read up on what true media piracy is. I'm not talking streaming or torrenting content. There are areas of the world where you can buy a perfect copy of a DVD or Blu-Ray for very little and the original content owners get nothing. It's a huge industry and I'm not talking just movies/music here. Plus in these areas this is practically endorsed by the local governments as legal. And I believe there's been a few cases of big-time streamers having legal troubles, Megaupload comes to mind. Before you say anything, that fell apart because of government incompetence, not because of the lack of anyone actually breaking the law.

>> It is...

Then you are naive. Stupid people don't make that kind of money and do the things they do. Just because you think they're stupid and you can cast opinions on things they do as stupid doesn't make it true. Their anti-customer interests, which is only a recent thing mind you, are possible due to carefully crafted legal systems that took years of planning and execution that you claim they are too stupid to have accomplished. If you're going to fight this battle then you need to understand what you're up against.

>> Stupid people don't make that kind of money and do the things they do.

Very few people are intelligent in all areas, these people are clearly shortsighted and stupid in many.

I'm not going to address the rest of your comment, needless to say I disagree with pretty much everything you have to say on the topic, and I think that you set up and knock down a variety of convenient straw men on your response there.

I didn't claim they are smart in all things. I claimed they are smart in their own industry that they control.

But if you want to skip the rest of the response by claiming straw men without defending your claim then that's fine. Especially since you did it yourself with your "very few people are intelligent in all areas" comment. I was directly responding to your statements so I fail to see how the straw man fallacy applies. I did not present a distorted version of your position, I directly responded to it. But, who cares, it's only a discussion between strangers on the Internet. We're not creating world peace here.

Hollywood is delusional, though. They are missing out on a huge potential revenue stream by having DRM-free distribution platforms. Why was Megaupload so popular if people really liked DRM?

So, you are saying that people went to Megaupload, not because it was free, but because it was DRM free?

What are the numbers for comparing the amount of people who used Megaupload versus people who just paid?

Except that the Web's getting DRM exactly so that Hollywood can restrict content to proprietary platforms that allow DRM. Right now, the main use for HTML5's DRM support is DRM on Chromebooks - hardware that's only available from a handful of approved suppliers and is locked down from the hardware up to stop the user running any non-manufacturer-approved code on it. If you enable the ability to run your own code, the DRM module refuses to decrypt anything, and so far as I know no-one has found a way to bypass this.

"When the people with money want something, YOU GIVE IT TO THEM."

Apparently this applies to everybody except consumers.

In reality, most of the pirate activity in this house is my 4 year old son watching full length pirated movies on YouTube.

There is no real barrier to piracy. There's a minimal barrier for the hottest Hollywood properties - meaning you have to go through the hassle of a torrent instead of just going to YouTube - but if you want the content for free bad enough, you'll get it. Usually before it is available through legal channels.

Actually, that wouldn't necessarily be considered piracy. Unless the laws have changed the last time I read up on it, this is legal on your part but illegal for the source of the stream.

Where your kid might be the factor in the piracy bit is in file-sharing, which makes you an uploader and not just a downloader.

> or Hollywood makes content available on proprietary platforms that provide it.

What's wrong with that scenario, exactly?

>> or Hollywood makes content available on proprietary platforms that provide it.

> What's wrong with that scenario, exactly?

Nothing. It's the current scenario. It can bother users, but overall it bothers big media, because piracy is active and well on those proprietary platforms. That's the complaint we hear from them.

There's a large part of W3C that want change so that people with disabilities (such as poor vision) can enjoy big media products. Of course, that assumes that big media cares about implementing the ARIA stuff. I personally believe that their not caring in the past, on proprietary platforms, is an indication of what they'll do in the future, on the Web.

> So the Web either gets DRM, or Hollywood makes content available on proprietary platforms that provide it.

DRM in the Web will be a proprietary platform! The EME proposal is a proposal to make the former open Web depend on proprietary platforms. The actual DRM is not specified (how could it be?) and it only proposes an API the browser should provide for the proprietary binary blob DRM.

This is a really horrible step and an attack on the open Web! I'd much rather have Netflix and Hollywood use a completely proprietary DRM platform for their streaming services than them ruining the Web.

> So the Web either gets DRM, or Hollywood makes content available on proprietary platforms that provide it.

so, let's turn the web into another proprietary platform?

Or maybe make a small part of the web, which already has proprietary elements to it, have a new proprietary element that you can freely decide to not participate in.

The DRM is becoming increasingly complex and elaborate, and taking longer and longer to fully crack. Compare PS2 to PS3 crack times, for instance.

The media executives are of the firm belief that unbreakable DRM is just around the corner, and that when they reach it, piracy will end and they can go back to charging whatever they want again. A return to the good old days of $25 CDs for one song you like and eight filler tracks.

But as far as music and movies go, the genie's already out of the bottle: even with unbreakable DRM, we can always fall back on old camcorders / capture cards and microphones to make lossy copies. I think most pirates will tolerate a bit of quality loss if it saves them heaps of cash.

I think they will ultimately succeed in game DRM that remains unbreakable for the entire duration of a game's market viability, though. Especially with required online connectivity components. But only time will tell.

The PS3 only went uncracked for so long because Sony offered the option to install Linux on the PS3. Once Sony removed that option the people with the smarts to crack the PS3 did so. Once a magnifying glass was put under the PS3 it turned out that the "DRM" was actually horribly implemented (like Rand() functions that were essentially returning constants).


> The PS3 only went uncracked for so long because Sony offered the option to install Linux on the PS3. Once Sony removed that option the people with the smarts to crack the PS3 did so.

It's funny how the facts change over time. Just to correct the facts here: the reveal of the PS3 hack occured on January 26, 2010 and then OtherOS support was removed on April 1, 2010 citing security concerns as the rationale. And to top it off: if you look at the hacker's reasons for hacking, Linux was nowhere in his motivations.

Off topic: This is why I hate history. If we can't even remember what happened 3 years ago even if we have all records available at our fingerprints then how can we be sure what happened like 100 years ago?

You've misunderstood the facts. The PS3 security was not fully compromised with the first hack, and locking down the console was a motivation to those who ended up cracking the security properly (news released December 2010). Watch this... http://www.youtube.com/watch?v=HEFMAP0mTvY#t=0

Doesn't change the fact that Hotz was working on the crack before otheros was removed. So, the removal of otheros was not the seminal moment that the op described. That is, the ps3 did not take so long to crack due to insufficient motivation. It took as long as it did, because it was a more difficult platform. There are similar trends in other areas as well like rooting/jailbreaking phones and installing Linux on UEFI machines.

Hotz's hacking may have been a contributing factor for getting OtherOS removed, but it's removal does appear to be a motivation to those behind the more complete hacks that followed (I believe it's mentioned in the video series I linked to). So with a timeline of April 2010 to December 2010, fully exploiting the PS3 security took less than 12 months.

Sure, but I think that's orthogonal. My comment is addressing the OPs original premise. I seriously doubt there were hackers sitting around saying "we'll leave the PS3 alone as long as OtherOS stays supported." While removing OtherOS certainly brought more attention to the platform and accelerated the hacking, I think the reason it took so long for the PS3 to be finally cracked mostly had to do with the complexity of the architecture or other things. I don't think OtherOS was a factor.

As a counterpoint, I offer the xbox 360, which to my knowledge has not been cracked except for DVD firmware hacks and physically altering the device (mod chips).

The conclusion of this is that hackers will not continue to win the DRM battle. Eventually, enough holes will be plugged, where cracking these products becomes so time or cost prohibitive that the product stays closed for it's lifetime.

i don't follow sony because i don't consume from companies with lock in tactics (betamax, laserdisc, md, memory stick, etc, etc) but thank you for that. it was awesomely entertaining.

So, your current living quarters has hardly any modern entertainment to speak of? Good thing libraries still exist.

I can garantee you i don't miss blueray as i did not miss laser disc.

Also it's much more convenient that my camera and phones use sd cards instead of memory sick..

You're point?

Oh, don't get me wrong, I have no point per se. I'm just amazed that someone has gone that route in this age of apathy. But I am assuming this extends beyond Sony products as many electronics are along the same lines in terms of locked environments.

Yes, they certainly made mistakes with the PS3 crypto. And those mistakes are now certainly fixed in the PS4.

Although it sounds poetic, I don't believe for a second that the PS3 was protected by offering a limited Linux install option with crippled software graphics. The timing of the break just coincided well with that. Of course this is all my opinion on the matter.

The PS4 lacks Linux install support completely, so if Linux was the protecting factor, then people should already be tearing it apart, right? I could certainly be wrong, and there could be a gaping flaw, but my hunch is that it's going to take longer than the PS3 to crack.

<quote>I think most pirates will tolerate a bit of quality loss if it saves them heaps of cash.</quote>

From the studies done, piracy is not about cash, it's about convenience, freedom, etc. If the studios released the content for free (as in beer) but DRM-encumbered then pirates would still be removing the DRM.

DRM was and always will be pointless and insulting, no matter how elaborate it will become. Because it's not the right way to treat customers.

DRM on a sealed hardware platform is entirely different than DRM on a consumer controlled device, which is what the HTML5 DRM plugin interface hopes to achieve.

Do consumers really control their devices anymore? Maybe they still can, but in the industry, there's no doubt that this is viewed as a problem that needs solving.

How much quality loss people are willing to accept if they are not really keen on the content is astonishing. If you go to the pirate bay and look at some of the comments on the tele-synced copies, R6 with hardcoded Chinese subs and all the other sub-par quality rips there still is a large amount of positive feedback. Sure, there is always someone who doesn't know what any of the cryptic abbreviations in the title mean and is upset about the quality, but those seem a minority to me.

I would really like to see more scientific results on how low the quality can be if the viewer doesn't exactly desire the content but uses it to just pass the time and how that compares to the price of going to the cinema.

For music, I can go as low as 128kbps MP3 without noticing much of a difference, and 192kbps without noticing any difference.

For movies, I've always been perfectly happy with DVD recodes into 700MB XviD. Could probably go much lower if they were recoding from a lossless master and using H.265. For most things, the Bluray/1080p quality jump reveals details I don't want to see, like how caked on actor makeup is, and all of their skin complexion issues. Great for nature shows, though.

The cutoff points for me are 64kbps Shoutcasts and telesyncs. At that point, the quality is so bad that it makes me dislike the music or movie I am watching.

Also, availability is a huge issue. For me in Germany it is nigh impossible to legally watch a recent episode of Game of Thrones. And Breaking Bad or Doctor Who has only recently become available via the new service watchever.de. And even there they are published far too late if you want to participate in the online discussion of an episode.

There is another party that you are ignoring. DRM is pushed by plataform sellers, and from the point ofview of the plataform sellers:

Intended effect - Lock people into your plataform, and externalize the cost into content distributors

Actual effect - Exactly as intended

I suppose that the title assertion is to be expected. DRM only works if you don't know how it works.


I'm not sure I see anything wrong with DRM per se (this could be my fever talking), there are probably good uses I'm too dim to think about, but I do think it's unnecessary as part of the HTML specification.

There's no industry or company that has switched to DRM-free content, that I know of, that has failed or suffered because of it:

* Music is largely available DRM-free now, thanks to Amazon's MP3 store (at the least, I'm sure there are others)

* For games, Steam makes it easy to avoid SecuROM Hell

* Despite DRM, all of Netflix's original series House of Cards was available on The Pirate Bay within hours of release. This doesn't seem to hurt Netflix's wish to create more content, or police it more heavy-handedly. (Maybe they would if they could)

For that matter, I think in the modern case every single time a business went DRM free it turned out OK. Isn't that right? In all modern cases, maybe after 2006-ish, DRM-free businesses were accompanied with an easy way to get the content online, and sales did not seem to suffer because at the end of the day piracy can appear (or be) shady and people (rightfully) don't trust shady websites, even The Pirate Bay with all of its popups.

I wish we had better numbers. I would like to see a real analysis on all the reasons people don't pirate and instead buy on Steam. I wish there was a good way to convince media businesses at large.

But I guess this is all water under the bridge, and I'm preaching to the choir.

> Music is largely available DRM-free now, thanks to Amazon's MP3 store (at the least, I'm sure there are others)

Apple should get significant credit here. It was Steve Jobs' open letter of 2007-02-06 to the big four labels calling for them to go DRM free that got the ball rolling. EMI agreed, and Apple started selling DRM-free tracks from them on 2007-05-27.

Amazon's public beta of their MP3 store launched on 2007-09-25, four months after Apple had started selling DRM-free music. Amazon was the first to get contracts in place with all four major labels for DRM-free music.

Actually I think you can also attribute it to (a) the iPod becoming massively popular and becoming synonmous with "portable music player", (b) Only Apple DRM and non-DRM-able MP3s supported on the iPod.

The iPod won the music player market, so if you tried to sell music with DRM you need to either (i) play by Apple's rules or (ii) have mundane tech users being confused when they can't play the music they bought on the what at become THE standard music player.

In 2006, during discusion of the Broadcast Flag DRM, an 82 year old senator was given an iPod and started to realise that lots of DRM wouldn't work with it. https://www.eff.org/deeplinks/2006/01/history-and-senator-st...

True, but the Apple music beast was really created by the music industry who insisted on them using DRM in the first place.

Yes, Apple did a bait-and-switch on the music industry. First they won by playing by the rules, then they used their dominance to change the rules.

I agree with this. When I was buying physical music CDs and play it on my laptop - different CDs had different DRM formats. After a while, I had 6-7 different DRM-enabled players. I stopped playing physical CDs on my laptop after that.

Steam can't be considered DRM free in many cases, for example because they don't let you backing up installers / packages, so if the service closes down you lose your collection. The only completely DRM-free gaming distributor is GOG. Humble Bundle and Desura are mixed.

You are right in general though. Going DRM free not only won't hurt any publisher, it will only gain respect from customers and will improve the quality of their products in a sense of improved usability, because any DRM means a crippled product (i.e. limited platforms availability, inability to make backups and etc. and etc.).

The problem is, that most legacy publishers are rarely customer focused and think that DRM helps their profits. And unprincipled distributors like Netflix are ready to oblige. But the irony is, those publishers only hurt themselves by continuing using DRM. It's mostly innovative publishers, or self published studios (and crowdfunded projects) that have common sense and avoid using DRM. Luckily some distributors are also principled enough to reject DRMed products from publishers. But such are a minority still.

Steam is a distributor. If a certain games has the Steam DRM included or not is (though sadly not mentioned on the product page) up to the publisher/developer. On the GOG forum there is a (probably outdated) list [1] of those games.

[1] http://www.gog.com/forum/general/list_of_drmfree_games_on_st...

DRM proliferation is conducted in three steps:

1. Publishers decide to treat all potential users as criminals, and insist on using DRM in their products.

2. Distributors accept that, and help these unethical publishers to sell those products.

3. Users accept being treated as criminals, and buy these products from distributors.

It starts from the publisher of course, but anywhere down the line, one can refuse to accept this. Distributor can refuse dealing with DRMed products from publishers. Users can refuse buying DRMed products from distributors. Any participation in that chain proliferates DRM, and one can't excuse this participation with the fact that it was initiated by the publisher.

2a. Distributors that don't accept that go out of business, because none of the publishers from 1. want anything to do with them.

For example GOG is a successful DRM free distributor - they only accept DRM free games from various publishers. There are others as well (for music, e-books and etc.). It's mostly video industry which lacks DRM-free distribution options (services like this are virtually non existent worldwide: https://www.headweb.com/en/ See their DRM-free terms of purchase: https://www.headweb.com/en/100237/purchase-terms).

Supporting unethical practice can't be excused with fear of going out of business by the way. Also, publishers need distributors and users not any less than distributors and users need publishers, if not even more. Therefore voting with your wallet (on either distributor or user level) is not senseless. Except that distributors have more leverage on publishers, because of their scale, in comparison with an individual who buys only DRM-free products. Therefore distributors can be blamed more for DRM proliferation.

Unless I'm mistaken (I may be) GOG is primarily in the business of selling old games, which is why the publishers are willing to forgo DRM on the titles.

Publishers of new games (especially expensively developed new games) are more likely to fear a loss of revenue, especially in the crucial early period after release, without DRM.

GOG sells new games from those who have common sense. As I said elsewhere in this thread, it's mostly innovative, forward thinking self published studios or crowdfunded projects. GOG isn't focused on old games exclusively anymore. They are focused on DRM free games though.

I'm not really sure why bigger size of the budget should reduce the common sense of the publisher. Legacy publishers are obsessed with DRM, but DRM has nothing to do with revenue whatsoever. It doesn't reduce any piracy, and only cripples the experience for legitimate users. It's stupid from common sense business perspective, and there is an increasing amount of big budget games which come out DRM free. I view it as simply mentality issue. Legacy publishers can't understand that they should start being customer focused. New ones have no issues understanding it, therefore they don't use any DRM.

I wasn't making a statement regarding DRM, I was just refuting that all steam games have DRM ;)

> I was just refuting that all steam games have DRM

Practically all do, I already explained above. Being unable to back up the installer is already DRM, and it's coming from Valve themselves, not from the publishers.

Always on-line DRM and such is another level of nastiness, but the above is DRM too.

You can still backup the game files after installation.

That may or may not work for reinstalling the game another time. And Steam doesn't help to make it easier, and doesn't let you find out these details before buying the game. therefore I don't consider it to be really DRM-free. The proper DRM free game is distributed as installer / archive package. Steam doesn't offer such option.

I purchase whatever I like on Steam and still hate DRM. They make it worth while with the sales and convenience.

My theory is that if Steam goes belly up, I can do a backup of my games, and use the same avenues pirates use to circumvent Steam. Hopefully they would release control of their games though if they went belly up.

As far as poor customer service, I suppose I have been lucky so far.

And GOG refuses to add GNU/Linux support. Considering that many GOG games run in DOSEmu anyway and some come with native Linux support this is not really understandable.

> And GOG refuses to add GNU/Linux support.

Yes, that's one of their downsides. Even their reasoning is becoming less and less sensible. They claimed they still can't figure out how to offer long term support on Linux. May be Docker can help them.

Shipping binary software for Linux is like playing a never-ending game of Space Invaders.

GOG's position is totally understandable.

No, it's not. Their position is (at least from their last status update): "we are trying to come up with a long term support methodology, and didn't find one yet". It takes them more than a year to design it. It doesn't sound reasonable to me.

Shipping binaries on Linux is nearly impossible on a long term support basis.

FatELF would of addressed at least some of these problems, but was largely rejected by the larger community of people not shipping proprietary products on Linux: https://icculus.org/fatelf/

Might Docker containers be a valid solution to this? Shipping old games is a sorta-kinda-similar problem to shipping frozen versions of web-apps.

That can work probably, since Docker claims that it doesn't impose big overhead, so it can be suitable for gaming.

You would probably find there are performance penalties in areas Docker don't really bother benchmarking or even talking about since they don't align to the design goals. I've only seen some fairly rudimentary demonstrations of VNC and X over the Network for isolating GUI apps in Docker.

Docker author here. I really doubt performance would be a problem. Namespaced linux processes access devices the same way every other process does: by getting a file descriptor to it and making syscalls against that. What we need to figure out is a portable way for a docker container to declare "I need access to the following devices". I would love to work with anyone interested to add that to the docker APIs for 1.0. I think long-term stable binary delivery is an important thing to do and I would like to help.

Ping me at solomon@docker.com about this anytime.

Can you explain the "no backups" part? I'm sure you know about the backups you can create in Steam itself, bundling the application. What is the missing detail? Being unable to extract the data again, without Steam? Is Steam unable to restore these bundles in offline mode?

Steam will require you to be connected to their servers once in a while at least. There's no pure offline mode.

steam is just like any other drm system for your games. it phone home and prevents you from playing without a connection to the mothership.

they just have saner fallback times than other ill talked solutions from EA. but besides its pretty eyes, its the same virus.

good luck running online games as root.

I once bought and downloaded SuperHexagon on Steam but didn't have the time to test it at home. Later on the train (I'm commuting for two hours a day) I wanted to test it. Sadly I wasn't allowed without a internet connection which was really annoying.

Sometimes the game executable doesn't actually require you to be online the first time you launch it, even though Steam does. If you launch the binary from Windows explorer, there's a chance it'll work.

Only for games that require Steam. A game bought through Steam does not necessarily require Steam. Europa Universalis III can be run without Steam running. Europa Universalis IV only requires Steam to be run once (and once for every DLC you buy, in order to activate it).

These settings are up to the game developer themselves. You are right about the offline mode, but it does not apply to all games.

Running the game and installing it aren't the same thing. Some Steam can can be probably trivially copied (the game directory), and are backup-able that way, but you never know which ones, and which require more steps for installation. Steam also doesn't mark any such details on the games before you buy them.

Correct. You can backup a game when offline, but steam wont allow you to restore one without being logged in.

> For games, Steam makes it easy to avoid SecuROM Hell

Steam is not DRM-free. It's just gamer-accepted DRM.

Which seems more rooted in the overall ease-of-use and lock-in Steam creates as well as goodwill towards Valve from their games. Steam's terrible - fight them on a transaction, and you could lose your entire library.

You don't even have to fight them on a transaction to lose access to your library. My Steam client (on Mac) is hanging on startup every time and as a result I can't play the games I've bought and paid for. And of course Valve's customer support is doing nothing but sending canned replies.

Steam's DRM is still DRM and has all the downsides that come with it. You're exactly right that it's accepted by gamers due to Valve's cult status (which I honestly don't understand given that I only have mediocre to terrible experiences with their games and services) and the fact that people have bought huge libraries through Steam and have to defend their decisions.

Hsve you tried creating a new clean OS X account? it could be that you have a corrupted preference file, or something similar.

If Steam works on the new account you can start deleting plists.

Had this happen recently. The error logs and console output ended up not being particularly informative, so I downloaded and installed the Steam client again. Sorted out whatever kink was hanging the client at start, and the game library was still intact.

It's accepted because of things like:

- Great selection. Just about any game can be bought on Steam

- Steam sales. Amazing, unprecedented prices for games

- The DRM successfully stays pretty much out of the way for 99% of users

- Centralized game management. I don't want to have twelve different game distribution clients, each with one or two games. I would much rather have just one

- Centralized automatic updates. Less of a big deal today than years ago.

I don't think you lose your library. From what I was told, your account is put into a no-purchase mode where you can play your games but can't purchase any new ones.

They used to ban users altogether, I think they've changed their policy. They also used to ban users if someone gifted them a game and the transaction buying the game was charged back.

It's pretty unreasonable to claim fraud (charge back) if you buy a game and then someone gifts you...

I think the problem was, I could have your account shut down by gifting you a game and charging back the purchase.

Maybe if you're a total jerk about it?... I purchased the full iD collection once for like $90+, and the next day I requested a refund because several of the old titles didn't want to run. Despite the no-refund policy, they reversed the transaction. I've heard more positive stories than negative ones.

Do you seriously not understand the situation ?

It's great that you had a good experience with your particular customer service agent. But what if you request a refund from someone who is feeling unwell that day, had a death in the family or is just feeling like being an asshole. Then you're account could be blocked with limited recourse.

In this day and age there really is limited point to DRM. Everything becomes available on Torrent sites anyway and all it ends up doing is treating legitimate, paying users as second class citizens.

Are you in Europe? Because I'm pretty sure european law forces them to refund you in that case.

Sure, but they ignore the law. Had that with GTA 4, which didn't run fully because the integrated Microsoft-Always-Online-DRM didn't work. Got the "no refund" answer despite having a 8 year old account (at that time) and a not so small, albeit not massively large, library, and without ever having requested a refund before. I'm still angry about that and minimized my purchases there.

Edit: This also means, to the original comment, that Steam does not necessarily make it especially easy to evade SecuROM Hell or other DRM methods, as games on Steam can still have their own protection schemes. It only makes it easier insofar as those are normally marked and games have with Steam only another, better option. Maybe that was meant.

The trouble with laws like that is that they are only worth anything if you have the means to enforce your legal rights under them. If Steam -- or any other supplier or on-line service you use -- is based in one jurisdiction and you're based in another, the cost of actually taking them to court to force compliance could easily be prohibitive.

I'm a little surprised that they haven't been dinged by the card companies yet if reports of whole accounts being blocked based on one chargeback are true. Even Valve are just another retailer to the likes of Visa and Mastercard, and the card services tend to take a very hostile view of merchants who try to evade their obligations under the card service policies if something comes to their attention.

I'm also surprised there haven't been more legal cases considering the implications of SaaS, on-line media library services, software that requires phone-home activation/DRM, and the like. There are obvious ways that such systems/services could provide unfair leverage against consumers in the event of any dispute, and as you mentioned it seems very likely that they would fall foul of the law here in Europe, or at least in several national jurisdictions within Europe. The US tends to give businesses a lot more slack to play with on such matters, though.

it still only takes it happening once to you to lose your titles.

Personally as one of those pirates they are trying to stop piracy is only an issue when your content is not easily accessible the legal way or it is too expensive.

I have experienced both. For instance songs are very cheap when your monthly income over £1,500 but when your monthly income is £300 (that's the equivalent in pounds in the country i grew up in) that's a bit too much for just one song.

Same for everything else since they're all price for the US,UK,etc market.

Now that i can afford it i choose to pay for the content i like (it's my way of encouraging the people creating the things i like) even though i could still pirate it.

Then again I'm still forced to pirate some things that can't get legally.

Wish i didn't have to but it's not like their giving me a choice.

You are NEVER forced to steal things that aren't essential to survival. Starving on the street and steal a loaf a bread, that's one thing. Don't want to participate in many varied ways of listen to music for free legally and so choosing to steal the next big album you want to hear, not ok, ever.

You are NEVER forced to steal bread. Don't want to participate in gathering seeds and wild fruits for free legally and choosing to steal bread, not ok, ever.

I guess "essential" has many definitions, huh...

Come on, they're not in any way comparable.

The UN declaration of human rights includes one sentence talking about the right to food, and many paragraphs talking about the right to participate in culture, community, communicate, and so on.

So if we judge by that, the right to participate in culture is more important than the right to food (or more likely, is simply more often challenged and disagreed with).

If the whole legal regime around copyright is having the effect of preventing people from participating in their culture/society, those laws are immoral and should be opposed.

Have you even read the Universal Declaration of Human Rights? Articles 23 and 25 are not supplanted by Article 27. In fact, Article 30 specifically states that you cannot interpret the UDHR in any way that would allow you to remove rights set forth in previous the articles. And, as surprising as this may sound, the UDHR doesn't specify order of importance based on word count.

Wait, are you implying that the UN has declared that stealing the results of someone's labor is justified because it's a "right"? We might as well declare anarchy and get it over with.

I also fail to see how copyright laws are preventing anyone from enjoying their culture.

It's sad times we live in when creating culture is labeled "labor", "work" and so forth... About the "stealing" part - http://www.huffingtonpost.com/2012/02/06/lady-gaga-jack-whit... artists are more than happy to let anyone experience their art, it's the producers that have a problem with it.

I guess this is what you get when you allow business-minded people to define what being human is all about...

"It's sad times we live in when creating culture is labeled "labor", "work" and so forth."

It's sad when idle consumers come to believe they are entitled to the product of another's labor for free.

Well, I was talking mostly about food.

But if I use my culture as a basis for a song that I write and I wish to sell it to make money, then you're dang right I see it as stealing if someone takes it without my permission.

If an artist wants to share it openly, then that's excellent. But if the artist wishes to make money from their effort why is it your "right" to demand otherwise?

It's not about being business-minded, it's called having rights over your own property.

Because mostly it's not the artists who want to lock it up, and it's not the artists that stand to gain most from locking it up, it's the suits.

Ok, how is that any different?

An artist who works alone deserves your money but an artist who agrees to work with a third-party does not? Because the third-party might get a piece of the pie dictated by the contract the artist agreed to? That's an extremely weak defense of not paying for content.

Are book stores okay? Because I'm sure they make money from the books they sell that they didn't personally write. Well, that's not an exact comparison but I hope you get my point.

I have to say, I am astounded at the level of entitlement people seem to have when it comes to consuming content others worked to create. I want it, therefore it should be mine is the mantra of this type of thinking.

You don't think Mickey Mouse and other Disney properties are part of our culture? Copyright on those works would have expired ages ago, if the laws were enforced as they were written at the time. Disney continues to prevent people from participating in that part of our culture.

How do they prevent you from participating? Do they stop you at the doors of Disney World? Can you not watch Disney movies whenever you go to the theater? Oh, that's right, you just want it for free.

Although, I agree with you on the copyright laws, they shouldn't be extended like they have been. But that's an issue to complain to the people who write the laws, not the content providers who take advantage of them.

> But that's an issue to complain to the people who write the laws, not the content providers who take advantage of them.

that works when the law makers are ethical and neutral. When the "content providers" get in bed with law makers to create laws favourable to themselves, then what?

I want to participate in culture by creating a derivative work based on the disney micky mouse figure. But i m disallowed, because of the said laws, unless i paid disney some amount of money. Do you think disney deserves this money?

According to the law, yes. They absolutely deserve that money because that's what the law says. You can't choose to ignore a law because it's inconvenient for you. If you choose to ignore a law for your own benefit then that allows others to do the same for your potential detriment. That's extremely bad short-term thinking.

Your complaint is with the law, it has nothing to do with the content providers. You say but the content providers influence the law with money. In that case your complaint is with the system that writes the law. Your ire is misdirected and likely will cause nothing to change.

Of course, there's civil disobedience to consider. It would be an interesting way to combat the laws at hand but I'm not sure how to go about that in terms of media consumption. I suppose if enough people did it at the same time.

But you fall into the common problems with these type of discussion; you act as if your choices are limited. For instance, with piracy it's usually "they don't make it easy and/or cheap enough for me to buy so therefore I must steal it" which is a self-limiting range of options. It totally ignores several options such as simply not consuming the content in question and move on to something else. You present only one option in your desire to create, a derivative work based off of another's content. That's not your only option in this case.

Finally, this idea that this stuff is a part of our culture and we're locked out of it. I would say if we're locked out of it so tightly that we can't enjoy it then I wouldn't call it part of our culture. But this culture defense is new to me in these terms, it's an interesting idea. It will ultimately fail in the end but an interesting defense nonetheless.

According to the law, yes.

That's begging the question. We could change the law, but first we have to ask if we should, and in what way. That's why chii asked: Do you think disney deserves this money? Only after we answer that, will we know what the law should be.

Change the law? Absolutely. That is actually what I've been trying to advocate all through several discussions, that the outrage is misplaced. Don't like the law? Demand a change in the laws instead and stop wasting time on the companies that follow the law.

It's like that silly issue where everyone gets mad every year at international companies following various country's tax laws to reduce their tax obligations as much as possible but never actually demand a change in the laws themselves. They rail against the company as if that will change anything.

But to answer the question again, yes indeed, Disney deserves that money because that's what the law states. I don't understand how I can make that more clear. The fact that they get any money at all from their original creation is directly tied into such laws. Without those laws they have to hope for the best on the goodwill of people to compensate them for their work. As for deserve? They created it didn't they? Do they deserve anything at all? If they do, for how long until it could be considered public domain? Should anything be considered public domain after a time at all? That's what the law is for, to answer those questions. If you want to change the law, the current law applies until you change it. You can't start at zero and build up, you have to start with what's already established. Therefore, Disney deserves that money because of the law as it stands today.

I'm not talking about piracy or passive consumption as "participation". I mean people who are making art, movies, music etc. can't create anything new with Mickey Mouse or Snow White or Bambi because they are owned by Disney. You can't even sell a ringtone of Alice saying "You’re mad, bonkers, off your head! But I’ll tell you a secret: all the best people are", even if you make your own version in your own voice. Because Disney decided they're not done wringing money out of a movie made before my father was born. I don't just mean wholesale copying, but using any of it as raw materials for something creative is prohibited.

Why does that matter so much? Why is it so important for someone to be able to sell a ringtone from a movie they didn't create? Why is it so important for someone to make money off a derivative work based off of the work of someone else? Besides, there are examples of people making money off of derivatives of popular content they didn't create. It's just a fine line between making a copy and creating a derivative.

I think the thing I've been missing is so far is because Disney is the example, which is a big company, and big companies are evil right?

Let me toss a wrinkle into that logic.

Newly graduated college student makes an animated short. Took months, maybe years, to get it done. Took weeks, maybe months, of hard work to get it visible to the public. Public loves the film and wishes to buy a copy. Someone makes a "derivative" work that copies the characterizations of the original animation. For some reason, derivative work becomes popular. Original creator loses out. Screw the original creator right?

You do realize that the most likely outcome of allowing derivative works to happen too soon is that the big companies with their huge resources will swoop in and wipe out the small guys in no time flat? You think I'm defending big companies with these statements? I'm defending all creators regardless if they are Disney or the dirt-poor artist down the street.

If you have a problem with Disney being able to continue making money from their original characters, despite some of their characters being based off previous stories in the public domain, because copyright laws keep getting changed then you're problem is with the system that allows such things. Attack the system, not creators because you'll almost always come across as unfair to them in some way.

Disney is the example, which is a big company, and big companies are evil right?

No, just a few :) My problem with Disney is that in protecting their own interests, they also extended copyright on tons of other people's works as well. http://web.law.duke.edu/cspd/publicdomainday/2014/pre-1976 I believe the original creator, big or small, is not as important as the rest of the people in society. If big corporations make most of the money from derivative works, that doesn't prevent other people from making their own as well. But copyright means there is a state-granted monopoly on nearly all creative works.

If you have a problem with Disney... then your problem is with the system that allows such things.

How would you "fix the system" so that only certain people get a say? Disney can lobby if they want, I just want them to lobby for different things.

> stealing

You keep using that word without realizing that the rest of us may have already moved on to a different concept of ownership.

By the rest of us I'm guessing a small number of people who have high ideals outside of reality? Your definition almost literally means no one has ownership over anything when it is your "right" to take it as you please.

How shall we define the act of taking property without due compensation that the owner of said property expects?

You seem to be acting intentionally dense. Surely you understand that the difference being discussed here pertains specifically to duplicable content, where the property involved is "intellectual property" and much more open to alternative interpretations than things like land or food.

No, I'm not dense, I see property as property. You act as if I don't know what's going on technology wise. But I do know and understand, it's not a difficult situation to comprehend. Implying I'm dense or any other derogatory term is just an attempt to dismiss me without having to actually consider what I'm saying. You shouldn't do that because that's typically the defense of someone who has little to back up their side of the debate.

You simply want to redefine things so you can apply your alternative interpretation of ownership in a way that allows you to obtain someone's property without compensating them for it. You feel entitled to someone's work because it's easy to duplicate it. It could take an artist weeks or months to create their work and you feel they deserve nothing because you can copy it in seconds. That's a sad justification.

Whether the fact it can be easily duplicated is irrelevant. Someone created that work with their time that they can't get back. They spent a moment of their life away from other things creating this that they can't get back. They spent resources (not necessarily money) creating this that they can't get back. None of that can be duplicated in seconds. If they wish to be paid for granting you access to that work then they should be compensated as they wish. If you don't agree with the price of admission then you don't get access. Thinking otherwise is admitting you feel you are entitled to it because you simply want it and the original creator can suck it. You are saying the creator's time and effort is worth nothing.

I simply cannot agree with that way of thinking.

I didn't say that you were dense, I said that you were acting dense. I also didn't espouse any of the positions that you credited me with, rather I simply pointed out that this is a complex issue. You have acted throughout this thread as though this were black and white, and as though "stealing" music were the same as stealing bread or any other physical object. The specific post that I replied to was the most telling instance of this. I'm not arguing for a position on either side of this issue right now, I'm simply telling you that if you want to have a discussion about it, you have to at least come to the table with the recognition that there is a rational basis for the opposing point of view. You can disagree, sure, but the way that you are doing so is far from productive.

Ah, ok, I see what you mean by not claiming I'm dense but just what I'm saying. My bad.

Also, again my bad, I'm attributing the whole discussion onto you instead of specifically your statement. I tend to lump everything together when multiple people respond throughout a single thread as though they are in agreement with the thread as a whole. I'll have to work on that.

I fully recognize the opposing position in this debate, I understand the thought behind it, I use to agree with it. But at this point, exactly as you point out, I highly disagree with it today. For the most part, I see people wanting to alter the definition of ownership for their own benefit to the detriment of the original creator. That the simple idea that a song can be perfectly copied countless times without damaging the original copy is somehow license to demand that the original creator hand over all their ownership rights without compensation is just wrong. It is as simple as the "black and white" example of stealing bread or any other physical object. I would give more credit to discussions about stealing bread because it's possible a human being stole it to survive, no one needs the latest hit song or movie to survive. If time and resources were spent in the creation of the product then I fail to understand why it's wrong for the creator to expect compensation, if they desire it.

Rational basis? What exactly is that in this case? Because I've never seen it. If anyone can give me a rational example of why the "I want it, it's easy to copy, therefore it should be mine" way of thinking is justified, then I'll reconsider my position.

I inadvertently focused this discussion too much on the duplicability aspect of the argument, when there are other factors at play as well. For example, if someone purchases a song and then plays it on speakers, and you are nearby and listen to it, I've never heard someone claim that you've stolen the music. Similarly, if you go to a music video on youtube, then listen to it while switching to another tab, you also have not stolen the music. Yet if you download the exact same song from a torrent site, then listen to it, and then delete it, the claim is that you have stolen the music. The dividing line here seems arbitrary and difficult to pin down. In every case, you had the same auditory experience. In the latter two cases, you had the same sequence of bits stored in memory, the same instructions execute on your processor. Yet only in the latter case have you stolen something. So, what is the property? What, exactly, is it that you have stolen? The fact that this isn't completely trivial to answer is my justification for claiming that there are, at the very least, some shades of grey in this issue.

If those seeds or fruit happen to be on land that someone owns then you are stealing those as well.

Ok. I agree forced may be a bit of a strong word since i can always choose not to pirate it.

However what about books or scientific papers which are hidden behind pay walls or just incredibly expensive.

The price of a good programming book is about £20. But when your monthly income is £300 that is a lot of money. Not to mention you have to pay electricity, gas, etc. and the prices for the utilities are not that much different.

So your options are:

1. buy the book and not eat for 2 weeks

2. pirate it

3. don't do anything and let your progress as a programmer be hindered by the lack of knowledge

That's what i call being forced. There's no situation where i can say i helped the author with the little i have and progressed in my development as a programmer.

If you give in to the system they set up knowledge become the privilege of the wealthy I agree that content creators need to live but the one size fits all approach is really f*ed up.

Open it up let people pay as much as they want or set different prices for different regions piracy will fall considerably if you do and for god sake don't limit peoples access to content by regions it's a sure way to increase piracy.

"The price of a good programming book is about £20. "

If only we had a global computer network by which you could find a much cheaper used copy. Or even a free loaner copy.

I will agree with you that it's definitely important for products to be priced appropriately for the region they are sold in. And, I understand that access to information can be a huge roadblock, which is why it's important for people to free up information as best as possible. Still, when you consider things like public libraries, free access to internet, etc., you have to question whether or not you have really tried to do it without pirating someone else.

Really? How about turning that around: how is it okay for me to pay more for something, solely because I live in a different country?

This is known as the 'Australian Tax' here, and is at the point where for some software products (Microsoft's dev tools, e.g.) it's cheaper to buy a budget flight to the USA, buy them there, then return.

Geographical pricing is morally indefensible.

I'm talking about lowering the cost in areas to match the economy. I too think the cost of software in Australia is crazy.

They are the same thing. The exact same thing. All you're quibbling about is that you don't like where the pricing is set for the region in which you live.

Huh? I'm not quibbling about anything. You brought it up, not me. I'm perfectly happy where pricing is at in my region. It's commiserate with the general economy. Nothing is disproportionately priced here. Some areas seem to be out of sync with their economy, either high or low.

Indeed - and if things get too far out of sync, it becomes worthwhile to import things from countries where they aren't. Except that such free trade is often prohibited by law.

And I sure as heck don't justify stealing just because you don't like the price.

Well, yes. I think we're in agreement there.

To play devils advocate, I'm not sure why you think the very poor should be concerned about respecting copyright law.

Also thinking along devil's advocacy lines -- it seems that without a universal basic income, people naturally resort to theft and copyright infringement to pull themselves back up to the baseline quality of life. With the economy naturally balancing itself out either way (The rich either pay taxes or get stolen from; the poor either spend their money or don't have any), it seems to make sense to go for whichever option has the lowest overhead.

Because being poor doesn't give you the right to take from others to satisfy your own entertainment desires. I think Jean Valjean wouldn't have been quite the sympathetic character if he stole a lute instead of a loaf of bread ;)

Yes, but copyright abuse doesn't equate to stealing bread. I realise you already know this, but it's kind of a fundamental distinction here.

I totally agree with your statements. The only thing I pirate nowadays are basically movies because there is no easy way to purchase them. I don't really pay for music though as I use mostly Grooveshark/Soundcloud and/or listen to online radio.

And it's fucking ridiculous that you have to a saloon to watch a new movie and pay a ridiculous amount of money per person to watch a single movie.

I pirate all movies I can out of basic principal, they are not getting a dime extra from me since they continue with their harassment.

I am actually very pleased with Steam as it's an excellent service. But if I would want to play a game on let's say Origin I would definately pirate that game if it doesn't exist on Steam.

So, content providers are "harassing" you in some way by not making it easy for you to purchase their content or they want to charge what you personally feel is too much? You pirate because they "harass" you? That's a new defense of pirating for me.

Do they target you specifically with this harassment or is it just in general for the population of where you live?

> forced

You keep using that word. I do not think it means what you think it means.

Depends... He could live somewhere that he can't get access to legal copies of TV shows he wants to watch (Some TV shows take months, if ever, to show up locally). Or live somewhere like Australia where everything costs prohibitively more than elsewhere.

If I want a TV show - Say House of Cards - and it's not available, or it's available much later than elsewhere, or it's prohibitively more pricey... They want the show and the only reasonable way to get it... then it will "force" people who want it to Piracy.

>> "They want the show and the only reasonable way to get it... then it will "force" people who want it to Piracy."

I would very much like a Ferrari California. It's unlikely I will ever be able to afford one - it is prohibitively expensive for me. I am not being forced to steal it. I understand like a rational human being should that if I can't afford something or it isn't available to me and it isn't essential to my survival I have no right to take it. I know that physical theft analogies aren't very good when comparing to piracy but seriously - you are not being forced to do anything. You make a choice to steal it. Whether that's morally right or wrong is your decision to make.

First, the show is being given away for free elsewhere--it is mere accident of geography that the person can't access it.

Second, stealing implies that the person being stolen from can't access it anymore--which is clearly not the case here.

Stealing is the wrong framework to use here.

No, I think it's more the role of the victim of the theft to decide whether it was morally wrong or not.

Otherwise, yes, this idea of being "forced" to pirate something they want but don't have easy access to seems a rather silly statement.

You seem to have confused "wants" with "needs".

> DRM-free . . . Steam

How is Steam DRM-free? You must first log in to your Steam account in order to play. Locked down. They seem to do it with very good UX, but it's DRM.

I think this negates the first part of your thesis: that DRM-free is picking up.

Steam could be used simply as a distribution method, you have an account to purchase and download. The level of DRM protection is up to the developer/publisher to decide. It's possible for the game to no longer require Steam once it has been downloaded.

Although, if the developer/publisher doesn't include an installer of some sort within the game files reinstalling without Steam might be a bit tough. Makes me wish for the old days when you didn't need installers, you just zipped up the folder as a backup. Need to reinstall? Unzip to new folder.

They can also remove games from the store and from users' libraries: http://www.forbes.com/sites/erikkain/2013/12/30/steam-remove...

From the store, anyway. The update at the end of the article states that they were wrong, and the single player game is still in users' libraries.

> For games, Steam makes it easy to avoid SecuROM Hell

Not really, there are Steam games with all kinds of additional vendor-specific DRM, including SecuROM.


The reason for piracy is simply bad salesmanship.

Nobody would bother with torrents if there is a much easier and correctly priced alternative - when Steam started selling games in Bulgaria I stopped pirating games. When Spotify started selling in Bulgaria I stopped pirating music. When, eventually, Netflix starts selling in Bulgaria - I'll stop pirating movies.

The solution to piracy is simply knowing how to sell your product. DRM is an attempt at a technological solution to a non-technological problem.

> DRM only works if you don't know how it works.


Doesn't really apply here. When sending an encrypted message, the adversary doesn't know the secret key. With DRM, the adversary is the receiver of the message. You (or your computer) already has the secret in Kerckhoff's sense. It's just a matter of finding out where the key or the unencrypted data is stored - in the worst case by hooking up hardware to the mainboard or the screen.

You could make DRM "Kerckhoff hard", but you'd have to use a completely trusted architecture with secure boot and signed applications - which is not conicidentially where all major players are moving. Even then, there are a couple of loopholes (bugs/jailbreaks, you could tamper with the hardware, or you could just record the signal during playback ("analoge gap"))

People don't seem to understand this about DRM. It's based on encryption, but encryption only allows a secret message between alice and bob, away from the prying eyes of carol. But in a DRM situation, alice and carol are the same person.

> or you could just record the signal during playback ("analoge gap")

And for that we are striving for newer technologies to close that gap from the analogue side. I'm not being entirely serious (yet), but thinking about Occulus Rift or Google Glass, etc.

Once we get our media/games to jack in directly to our brains, like all the cyberpunk novels prescribe, it's going to be pretty hard to get a tap between the analogue side :)

Whatever means you use, you must have an unencrypted stream somewhere, and you can tap that stream.

In your example, just make a computer that pretends to be your brain, and you'll get the data to post at Pirate Bay.

Overall I agree with you except your example of Steam.

Steam is DRM.

Gaming is going towards more online by adding value (just like SAAS can't be pirated like traditional software) always online games by nature such as Battlefield 4 can't be pirated as well.

That's possibly why also Simcity decided to go online but the added value wasn't enough and caused a backslash.

No, the organizations are just paranoid. I had to sign an NDA before seeing the Disney digital content handling requirements. That sort of document will be the W3C requirements. It didnt say anything detailed about implementation, just requirements about encryption, watermarking etc.

> * For games, Steam makes it easy to avoid SecuROM Hell

Steam has its own DRM, and games distributed via steam may have additional third-party DRMs (including SecuROM and other similar shite).

IIRC GOG is only DRM-free games, although it is less convenient.

GoG is actually quite convenient, it has a much better website and a good downloader.

The only downside is the much smaller library than Steam.

I find the site good, but I only got grief from the downloader (back when I tried it a year or 2 ago, it may have gotten better since), for all of its slowness Steam's installation and updating process is much more hands-off and convenient.

The downloader is quite smooth, at least now. You still have to install and update manually, which is a bit annoying.

The one really cool thing in Steam is savegame sync, but not even all games support it.

> The one really cool thing in Steam is savegame sync, but not even all games support it.

Yes, that was a very annoying discovery when I came back from holidays, after I'd started playing Rogue Legacy on my laptop and realised I had to hunt the savegame locations and pray they were compatible between the OSX and Windows versions of the game (they were)

And no GNU/Linux support...

> all the reasons people don't pirate and instead buy on Steam.

Because the sames are stupidly, insanely reasonably priced. $5 for 20 hours of content? Games from time to time being 50% off? The ease of getting new content in a few clicks?

Contrast that with movies that are available for download at the same time they show up on DVD in stores: $15 for <2 hours of content that's probably not going to be that great, when my alternatives are to go to the movie store and pick it up for $2 as a rental or to pirate it for free.

I think that the early exploitation of Napster against the music industry made publishers feel like they were losing large amounts of revenue. There was one programming publisher who was trying to make the argument that the lack of availability for an affordable price was the reason why people were downloading illegally.

The counter argument was that his small niche was not indicative of a large industry. What you are mentioning about Amazon is pretty enlightening for me to read. If you think about it, the lock-in you suffer from iTunes is an outdated and anti-consumer stance. It is absolutely unnecessary to force a purchaser to store his digital goods on the cloud.

> DRM only works if you don't know how it works.

That's not entirely true, I don't think? What about AACS, which uses a very clever master key / sub key + key revocation mechanism. People figured out exactly how it worked well before it was actually "broken" - and it was broken by stealing private keys from devices.

> For games, Steam makes it easy to avoid SecuROM Hell

Steam is DRM. Sure, it's fairly nice as DRM goes, but it is still DRM.

> Steam is DRM. Sure, it's fairly nice as DRM goes, but it is still DRM.

Depends on what you mean by DRM. Many Steam games run without Steam and only use it as a platform for digital distribution.

> DRM only works if you don't know how it works.

Which is why it doesn't work.

But it is very useful for excluding competitors and pissing off consumers.

I recall DreamCast failing primarily because of piracy -- everyone burned games to CD-Rs instead of buying them.

Not really... in the PSX there used to be TONNES of copied CDs and we all know how that went...

The failure of the Dreamcast was the pitifully small library, not piracy.

the dreamcast had 700+ games, more than gamecube and xbox combined

Wikipedia lists 967 games for the xbox alone. The Gamecube appears to have come in somewhere around 500 or so. But it's probably worth noting that no one ever claimed either of those consoles had massive libraries, either.

It is amazing how that myth persists. Piracy was much more common for the playstation, and I seem to recall it did ok.

I even heard that Sony was trying to make their games pirat-able in order to promote them faster and kill the competition, LOL. Don't know if was true, but worked fine.

DRM enables movie rentals over the internet and that's about the only good use I've seen for it.

Sadly, both Steam and Netflix still include DRM, it's just a bit less annoying.

Netflix along with Google and Microsoft are the companies behind the HTML5 DRM proposal.

iTunes doesn't DRM music anymore either. Haven't for years.

This is up to the publisher, audiobooks and most japanese music is still DRM'ed on iTunes. (and the most annoying thing about it is there is no way to see that before you purchase).

This is all so ridiculous, rtmp for instance is as secure a DRM as its ever gonna get and that never stopped me from downloading a stream. Even things like HDMI/HDCP is broken beyond repair. And all of this should justify damaging the w3c reputation forever, what are they thinking?!

This whole concept of DRM is just idiotic, its enough if one guy breaks the DRM and releases it. Why should I even bother booting a propertary OS (windows) and buying a stream everytime I want to watch something if I can just download a release and watch it, and its not like they can do anything against that either.

Why should I bother and buy HDCP capable new hardware, bother with proprietary NSA-compliant US software I much rather buy the DVD, trash it and just download it in a open and free format (I don't even bother with ripping (and breaking CSS) anymore).

> And all of this should justify damaging the w3c reputation forever, what are they thinking?!

Thinking isn't required to accept your paycheck -- in fact damaging the reputation of the W3C is their goal. There are fewer ways to fragment the standards of the internet better than undermining the integrity of the dominant standards committee by infiltrating it and proposing crap to be standardized.

Since the MPAA and her malicious allies are standing members then their propositions are considered seriously as a matter of policy, regardless of the stated goals and their actual effect.

Preventing piracy is at the bottom of a very long list of power that DRM provides, and maintaining control over your content distribution networks is at the top. The two have some overlap, but it's extremely limited (pirates don't pay, but content distributors do, so they will squeeze the distributors as much as they can).

What are they thinking? The majority of the W3C membership want this work done, and the W3C is ultimately bound by its membership. Not working on this isn't an option — take the W3C out of the picture and it'll still be done, quite probably behind closed doors, which is even worse for the web; MS, Apple, and Google are all likely going to ship this whether the W3C specifies this or not; for better or for worse, it is likely to become part of the de-facto Web Platform.

And if you read the lists (as opposed to overly emotional hearsay calling them stupid), you'll realize their concern isn't so much piracy in and of itself (they recognize DRM can and will be broken — they aren't blind), but rather "casual piracy", as it were, ripping a disc having had it lent to you, for example. The aim is to make it sufficiently inconvenient to work-around that that doesn't happen, not that it avoids release on P2P networks and the like.

Are you sure about that? The majority of the W3C membership is staying pretty quiet about it, at least on the list.

Even if you're right about the requirements (it's hard to say, what with their being confidential and all), is it worth breaking the Open Web to make it slightly harder for folks to pirate TV shows?

And if you're right, why then is every requirement short of non-user-modifiable client components being promptly shot down?

> The majority of the W3C membership is staying pretty quiet about it

As gsnedders said, it doesn't matter. The EME spec is written and pushed by Google and Microsoft, and Apple is on board. Those companies have a strong financial interest to do what hollywood asks here, and together they account for a large majority of the browser market.

The only possible thing that could stop this is pressure on those browser vendors by users of those browsers - which means, for users to stop using them. So far, the public and even here on HN there is little interest in doing that.

I don't think Apple was initially on board. I think it may be there only since late last year.

All of this started with Netflix, and the outrage should be directed mostly at them (but definitely at W3C and the 3 companies, too).

Netflix got Microsoft (obviously, since Hastings is/was on their board), they got Google because of the Chromecast and perhaps some other previous partnerships, and also because Google is very interested in having content these days, which inevitably leads to them supporting the studios' corrupted ways to get the deals. And finally, I guess they got Apple, who saw Google and Microsoft was already on board, and thought it's a done deal, so why not?

I just can't believe that Netflix & Co would rather ruin the web than try to negotiate harder with the studios and make them understand DRM doesn't work, or just get some other kind of deal that's perhaps a little more profitable for the studios. I mean Google managed to give people the same "Match-like" service for free to the users, while Apple charges $25 a year, right? And Apple managed to make their music DRM-free years ago, no?

So I refuse to believe this is the only way around not using Silverlight and nothing can be done about it. There is a way - they just found it much easier to corrupt W3C, and I think this was MPAA's goal from the beginning. MPAA are the people who want to make IPSs all over the world police the web for them (ACTA/TPP), and want to be able to censor the websites they want off the web at will, with no judicial process (SOPA).

So you can only imagine what they have in mind for the browser vendors. Bringing DRM to the web is merely Step 1. Protocols like WebRTC's Data Channels that can make file-sharing easy through the browser, the way https://www.sharefest.me does it? Well, I guess that needs to be banned and discarded now. We can't have such piracy-aiding tools in the browsers, now can we? And so on.

It's clear MPAA runs the show already, if they got W3C, and 3 of the major browser vendors to do what they want. So expect more of this. MPAA member to take over after a "sudden" retiring of Tim Berners Lee from W3C in a couple of years? Wouldn't surprise me at this point.

> I just can't believe that Netflix & Co would rather ruin the web

People keep repeating this. How is it ruining the web to remove the requirement for crappy (and, at this point, end-of-lifed) browser plugins in order to play Netflix content? The only reason I, and I suspect most people, even bothered to install Silverlight was for Netflix. If I can get a pure HTML5 video-watching experience with no browser plugins, and get Netflix content, that is unambiguously a win for users everywhere.

You're acting like DRM didn't exist on the web prior to EME, and would continue not existing without EME. That's flat-out wrong. It existed and continues to exist using proprietary software that is shoved down users' throats.

But you can't get a pure HTML5 DRM experience! All the HTML5 bit is, is a Javascript API to a CDM decryptor that is every bit as crappy, proprietary, closed-source, insecure and buggy as Flash or Silverlight.

I'm still unclear as to how users are supposed to get the CDM decryptors. Are they installed like browser plugins? Or are OS vendors going to provide built-in ones for other companies to use?

Either way, the actual user experience is going to be a pure HTML5 player. If I have to install something first, that's unfortunate, but once it's installed I'll never have to think about it again, unlike the current situation where I'm confronted with the crappy plugin-based user experience every time I use the site.

Currently CDM decryptors are bundled with the browser, which in turn is generally locked to a particular OS or device. Browser vendors don't have to provide a way to install different decryptors and many of them aren't planning to.

Also, the actual user experience is not going to be a pure HTML5 player. Since this is intended to support hardware DRM that overlays the video onto the rendered page itself, sites have to assume the video is basically a rectangle crudely inserted into the page just like with plugins. They might be able to overlay stuff like controls on the top using HTML, but it's not clear if they'll even be able to rely on that.

None of the ones that have shipped already are installed like browser plug-ins. The ones Netflix deploys (PlayReady on Windows 8.1 with IE11 and Widevine on Chrome OS with Chrome) are bundled with operating systems and work with the browsers (one per OS) bundled with those operating systems.

Well, at the very least, it's a smaller piece of code :). (Don't get me wrong, I'm very strongly opposed to DRM and HTML5 DRM in particular.)

Maybe compared to Flash and Silverlight because they provide much more. But a CDM module would still have to do all the decryption, decoding, rendering, overlaying the browser window stuff. So it would still be a rather large piece of code.

> Well, at the very least, it's a smaller piece of code :)

I'll grant you that :)

> How is it ruining the web to remove the requirement for crappy (and, at this point, end-of-lifed) browser plugins in order to play Netflix content?

Because then the Web will rely on proprietary binary crappy blobs in its basic functionality. Something which can't be implemented in an open source way. A plugin like Silverlight is no necessity for the web and if Silverlight is crappy and dying then that's really a problem of its users and Netflix. It shouldn't be my problem as a non-Netflix user. If the Web however starts to depend on such a crappy binary blob (which is the result of the EME proposal) then we all have to suffer and it will be a problem for us all.

In other words: If Netflix insists on DRM then they should write their own crappy plugins and applications but not ruin the open Web for all of us.

> You're acting like DRM didn't exist on the web prior to EME, and would continue not existing without EME.

No, we are not. We are just saying that EME will make the open Web depend on crappy proprietary binary blobs and hence no longer be open or libre.

> It existed and continues to exist using proprietary software that is shoved down users' throats.

EME is exactly that! It's proprietary crap software which is forced down everybody's throat because it makes the former open Web depend on it. It's not only something Netflix customers will have to deal with. It's something every web browser and web implementation has to deal with somehow. Which is impossible for open and libre implementations. Thus it will be the end of the open web.

> I don't think Apple was initially on board. I think it may be there only since late last year.

Didn't Apple already ship an implementation of that API in Maverick?

(Disclaimer: I haven't read the lists actively in quite a while, and no longer have access to Member-Only lists.)

There have been votes about whether this is in-scope of the AC. As you can tell by work continuing, the vote passed. How many abstained (explicitly or by not voting)? I cannot remember, and cannot check.

The requirement to merely make it more difficult, but not impossible, has been stated on several occasions. Forgive me for not looking up references for this, but it's almost 4am and I ought to sleep. :)

And they believe, rightly or not, non-user-modifiable client components are needed to make this sufficiently difficult — as otherwise someone could easily make a tool to make it sufficiently easy to violate the licensing terms (assuming, for now, all content is licensed — which is itself questionable; if it's not then in many jurisdictions they cannot place restrictions).

We (EFF) raised a formal objection to whether content protection was in-scope for the new HTML WG charter; our objection was overruled by the Director, but there was no vote of the AC.

Hmmm. I think a vote would be a good start, but as an interested third party I don't think I have any way of encouraging that short of advocacy.

In which case they're being supportive in private, and utterly quiet in public. That's a neat trick in itself.

But I don't think it's an issue of what they believe, it's an issue of what the actual licensing terms are. Those are the real requirements, and so far they've not been made available.

I don't think there's any WG which includes all W3C members — most members simply don't care enough to wish to dedicate resources to every WG, not to mention the extra obligations it makes them take on via the patent policy. The situation isn't at all unusual — just a more contentious subject matter!

That's true ... but this is a most fundamental issue. I'd have expected that the companies that have benefited historically from the Open Web would be at least a little concerned. Like Google. Oh, wait.

Google's now got two of their own OS'es (one of which has 85% of the worldwide market on the fastest growing segment of personal computing...) and a leading browser in the desktop space. Whatever caring about an Open Web they had before (when they were at the whims of Microsoft, Apple, other browser makers, etc) is long gone.

> What are they thinking? The majority of the W3C membership want this work done, and the W3C is ultimately bound by its membership.

When they accept organizations like MPAA on their board, no surprise this is the sort of decisions we get, and the sort of decisions we can expect for the web standards from now on.

W3C has been corrupted, and it's only going to get worse for the web if people keep listening to them.

No, it's perfectly reasonable that the MPAA be allowed membership. It'd be worse if the W3C got to choose who could join.

The issue is the 'crisis of representation' - i.e., some voices are heard more clearly than others.

It becomes the defacto standard when it's adopted by developers, it's adopted by developers when their boss hires them to adopt it, they hire people to develop it because they are assured a return on their investment. Why are they assured a return on their investment? Because they decide what the standards are.

It's the same old regulatory capture game since before, but now it's divorced from government support.

W3C's reputation went out the window in the minds of all serious software developers with the concept of HTML5's "living standard" aka, no standard. This is the kind of standards we can expect from a standards body in the industry. The only solution is to start again from scratch, maybe on top of TCP/IP only.

W3C have never been an official standards body; the most they’ve ever made is a ‘Recommendation’. That’s not necessarily a bad thing.

Standards matter only as much as the implementations adhere to them. Making HTML living standard thas the right thing to do, because only this really reflects the reality: browser vendors implementing differnt bits of the functionality described. Feel free to start from the scrach.

and now they are changing HTML5 to "HTML," the purpose is clear, to sew more confusion into the so called standard and hide the debacle that is w3c.

"this reality reflect the reality"

please... why have a standard at all then. What a joke and perversion of terms. Orwell would be proud.

I don't care how it gets done, but if we need this to finally kill off flash than I am for it. This problem is solved technically so let's just get it done. Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

I don't understand why purists on the email list end up holding up something that will ultimately be a positive thing from a number of perspectives. Security, battery life, and script-able/touch friendly controls.

We want to kill Flash because it's proprietary and closed source (just like HTML DRM). Replacing Flash, which at least works on Linux, Windows, and Mac, with platform-specific DRM, is a huge step backward for the web.

Not really. I want to get rid of Flash because of security, battery life/performance and because it is not touch friendly.

Security, battery life and touch-friendliness aren't necessarily the most renown features of a DRM binary blob.

Communicating with the blob in an open-source project will be particularly fun.

Because those purists - and I'm one - care very deeply about the principles of the Open Web, the very principles that are touted on the W3C website itself.

The fundamental issue is this: up until now, anyone with the will to do so and a general purpose computer could build a browser that could display all the content on a W3C-standards-compliant website.

If EME + CDM are endorsed, then that will no longer be true. The Open Web will be a thing of the past.

That is why we're trying to prevent this from going forward in its current form.

I don't even understand what the term "Open Web" even means. I don't see how driving video on the web away from flash and onto a standardized system is against the principals of openness, even if DRM is a requirement for content creators.

Because it's not standardised! Only the interop between the browser and CDM is standardised - the CDM itself is a closed-source, proprietary blob like Flash or Silverlight.

Actually, it's worse than that. The interop between the browser and CDM isn't standardised at all. The only thing this standardises is the browser API that websites should use to request that the browser communicate with the CDM on their behalf.

The interface between the browser and the CDM is proprietary and unspecified, so browser vendors and CDM providers have to negotiate that themselves. The format of the encrypted binary messages passed to the Javascript API is proprietary and unspecified. The API used to communicate with the license server is also proprietary and unspecified, so it doesn't even provide much interop from the media provider perspective - they still have to write a whole bunch of DRM-provider-specific code for every DRM scheme, and it looks like every browser vendor will have their own one.

Basically, it standardises just enough to give media providers the ability to claim they're using pure HTML5, without offering any more interoperability than if every browser vendor just had their own proprietary HTML5 extension for DRM. It's a PR stunt rather than a meaningful attempt at interoperability.

What is exact benefit of driving web away flash? It would make sense if the alternative would be open, but it is not.

> Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

Executives are never satisfied, and the world doesn't revolve around them. Should we allow tapping of our communications because it satisfies our leaders.

> Security, battery life, and script-able/touch friendly controls.

And what do any of these have to do with DRM? In fact, I can guarantee DRM will offer more vulnerable entry points, require more battery on mobile devices, and not be script/ux friendly.

They will be satisfied enough to offer HTML5 video. The point is killing off Flash. It is a lot easier to secure a smallish DRM module in a browser than a gigantic environment like Flash.

Not really.

"Securing" a DRM plugin means "securing" the browser it runs in (otherwise it will be cracked by the browser lying to it about whether DRMed media is being played "securely"), which means "securing" the OS the browser runs on and so on...

Oh yeah, and in terms of being a purist - the company I co-founded produced a DRM system for Windows software. It's still in use, and I still make money from feature enhancements and bugfixes to it.

So please don't (like a few on the W3 list) paint me as some sort of anticapitalist hippie tinfoil-hat wearer.

I know a fair bit about DRM myself, which is why I say it has no place in the W3C or the Open Web.

We have basically two options here. DRM for video and audio streams will be introduced by each browser vendor separately, or we have some kind of standard. I would rather see a standards based approach... This is reality. The merits of DRM really have nothing to do with this discussion.

What is the purpose of a standards based approach, if one cannot implement the standard? That is the reality that EME + CDM offers: 'standards' that can only be implemented by the company that owns the proprietary, closed-source CDM blob.

So the only solution is to make the propriety, closed-source CDM blob independent from the browser. Something that can be plugged into any browser. Like Flash or Silverlight. Or maybe something more specialized that just handles the DRM with as little overhead as possible, to make sure it doesn't eat up more CPU than it should.

If it cannot be open, it cannot be part of browsers that are open, which a lot of browsers are.

note that, flash playback is still the default at most websites because HTML5 video playback generally sucks. its less efficient and provides a lesser experience in all major browsers.

Eventually this will change, but still.

That and of course, that NO single benefit is worth giving way to DRM. NONE. DRMs are a terrible invention from all points of view.

You would only see big investment in HTML5 video if big content sites could use it. Currently most of them want DRM...

This should really be at the top of every HTML DRM discussion:

HTML DRM will not give you plugin-free or standardized playback. It will simply replace Flash/Silverlight with multiple custom and proprietary DRM black boxes that will likely have even worse cross-platform compatibility than the existing solutions. In other words, giving in to HTML DRM will only make the situation worse.

Some vendors will keep pushing for it, but at the very least we should not officially sanction what they are doing.

For this reason, I would advocate abandoning the W3C (which is now socially toxic) and creating a new set of standards (I'd love to see a replacement for HTML) which we can advance freely.

But that's the solution you would want, a plugin. That way the DRM is not part of every browser being made, it's an add-on that individuals can decline to install. Content providers want this and they will eventually get it, one way or another. If they don't get their plugin then they'll go with their deep pockets to demand laws that require all browsers to have this tech by default, without your choice. Which would lead to browsers either complying or removing the media elements.

What you are saying is just ridiculous. Adding DRM to HTML5 will destroy the open web and not preserve it.

First of all the DRM proposal does NOT talk about plugins. The DRM support won't be plugins. Microsoft already implements the spec in their latest IE and it doesn't work with plugins at all. They ship Microsoft's DRM technology as the one and only available DRM. Which is perfectly fine according to the spec.

So do you understand? This moves DRM into the browser and not into a plugin. The plugin thing was what we had with Flash and Silverlight. Those things were plugins which are not part of the browser (well except Google decided to make Flash part of Chrome).

There could be no law to force browser vendors to ship DRM. It would not be legally possible. It is silly to think so. And if it gets proposed we can fight it then. We don't have to bend over backwards now to take the DRM bullshit that vile companies like Google are proposing.

If content providers want DRM then they can develop their own crappy DRM plugins and applications. But they should under no circumstances be allowed to ruin the open web.

That's the initial proposal that I was aware of so if it's changed since then I suppose I'm no longer up to date. That's fine.

But it is not ridiculous thought for this to plugin based, especially if your only example is Microsoft. I suppose Apple and Google will build it into their browsers since they support this. I suppose it's ridiculous that I said it but it's the solution you support by your very own words? If the content providers make their own crappy plugins the browser needs a way to communicate to that crappy plugin, which is exactly what I've always understood this proposal to be and exactly what I stated.

You don't think that an industry with the backing that the entertainment industry can't get this done? It's silly to think that? Where do you think the DMCA came from in the first place?

Now, I'm only talking about DRM for video and audio elements. If you're talking about DRM across the board for every aspect of what makes a web page, then I'm with you.

A key paragraph:

link: http://lists.w3.org/Archives/Public/public-restrictedmedia/2...

Well, as I say, the actual requirements that lead to the proposal of EME would be a start. This is how it looks to those who don't agree that EME is a good fit with the Open Web:

- 'big content' has certain requirements relating to preventing users copying data streams

- they won't make those requirements public (as you've said, the agreements are confidential)

- their licensees propose a technical solution that is unacceptable to many others because it necessitates the use of non-user-modifiable client components

- all proposed alternatives (e.g. FOSS DRM, server-side watermarking, client-side watermarking, no DRM at all) are shot down as being either too expensive or inadequate to the (secret) requirements

In a normal software project, I'd take an apparently insoluble conflict (the requirement for non-user-modifiable client components) to mean that we have done a poor job of determining requirements.

Hence my request for either a real user to talk to (e.g. an MPAA rep) or the actual requirements docs, which you've told me are confidential.

And that sets off my spidey-senses ... something is not quite right here.

Exactly. The "just trust us" approach is bogus, antithetical to the open web, and cripples the overall progress in this discussion.

Well, my question is does HTML even need to encompass everything it does. It seems to me that we have an ever expanding monster. HTML does not have to be everything for everyone.

I thought that was more-or-less what was being discussed. My understanding was that the media element being accessed would not play the stream unless a specified DRM component was available, most often due to a plugin installed to the browser. It wasn't that they wanted DRM in the open web, they wanted the open web to have the ability to communicate with a third-party DRM. A third-party solution that an individual can decline to install and not participate.

>> A third-party solution that an individual can decline to install and not participate.

A third party solution that they can't get hold of because the 'official' one only runs on windows and intel, and the ps4.

So? If they don't provide the content you wish to see in a way that's convenient for you but is convenient for the mass of their market I fail to see the problem. If you want to see the content bad enough then you accept the requirements. Otherwise, it says more for you to not participate by not giving money. As more people do this, things will change.

So we shouldn't encourage its addition to open standards.

If it's in the standards to explain how to implement it and make use of it but it's implemented as a third-party item that's up to the individual to decide whether to install or not, what difference does it make? We're eventually going to get that anyway so why not know how it works upfront?

Plus, from what I've read Chrome should start losing market share immediately because it already has a form of EME implemented. All these people in an uproar over the W3C's decision should be switching to something else to show their concern.

Email the W3C. Tell them what you think of this bullshit (in reasonably polite manners).

I've done it. I've gotten a non-canned response.

But clearly they need more people at the gates bitching. This needs to be stopped.

To their credit, the W3C are handling the level of interest in this very well indeed. Especially as many (myself included) have only passing familiarity with W3C process & protocol.

But yeah, the more voices making clear, well-reasoned objections to this, the better. Especially if that might actually result in it going to a vote.

"they need more people at the gates"

Their Cambridge office is indeed in the Gates tower of building 32. But the "gates" are sliding glass doors.

It's worth mentioning that the CEO of the W3C, Jeff Jaffe, is trying to rectify that:


... but the more I think about it, the more it's scary that things have progressed so far without the requirements being public.

It's not that surprising, given it started off with a proposal of the spec. I mean, it was basically stated that among other things a secure path to the external hardware (like HDCP) was needed, and the actual DRM itself isn't specified anywhere.

Yeah, that should have been a warning sign.

The thing that really set off my spidey senses was folks on the list saying "if you have a better idea than EME + CDM, please propose it", then all proposals being shot down.

The whole thing looks rather suspicious to me, hence my attempt to back it up a level of abstraction to the actual requirements.

There are versions that are public and I doubt the "secret" studio requirements are much different: http://www.microsoft.com/playready/licensing/compliance/ http://www.aacsla.com/license/AACS_Adopter_Agrmt_090605.pdf (see Exhibit E on p. 90)

In reality these requirements are not set in stone; they are a business negotiation. The first version of iTMS did not meet the record labels' DRM "requirements", but Jobs convinced them that he'd make them enough money to make up for any piracy that iTMS allowed. Likewise Windows XP did not meet Blu-ray's "bag of hurt" robustness requirements but they made an exception because no one was running Vista and Hollywood presumably cared more about their movies being playable on computers than about the piracy that XP would allow. Of course, this doesn't help free software people who aren't willing to negotiate and would be starting from a very weak position even if they were.

Why do you say that Free Software people aren't willing to negotiate? We are very willing to; it's just that every suggestion we've made has been shot down. I think it's very clear who is unwilling to negotiate here.

It's true, though, that there's one point on which we aren't willing to negotiate: any W3C-endorsed standard must be implementable by anyone who chooses, without paying royalties or licensing patents.

EME falls foul of this requirement, because the CDMs with which it is intended to operate themselves fall foul.

TBH I think "free software people" (whatever that means, really..) would have every right to refuse to negotiate and just refuse DRMs.

I don't see any pride is finding a middle ground for the sake of saying "look, we're trying to be helpful!"

But then, that's just me.

By that argument, tar can never be a proper open standard, because people can put non-open things in tar files, or would you give tar a pass because open things can also be put in tar archives?

EME is similar. CDMs used to implement DRM will probably be non-open, but there is nothing that requires EME only be used for DRM. One obvious non-DRM use is for privacy protection.

For instance, once could design a pretty nifty photo sharing system that shares encrypted photos and uses EME to interface to the CDMs that decrypt the photos for display. The EME/CDM mechanism would allow this to be done in a more user-friendly way than the password and account based systems that are usually used for this kind of thing. The CDM necessary for such a photo sharing system could be completely open.

Free software people aren't willing to negotiate about the right to read and modify code but non-modifiable code is the only way that DRM can work.

Can you even name any other class of software that cannot work unless people are somehow forbidden to modify or even read the code? It sounds like this is a problem with DRM, not with the free software movement.

As a class, just about any program that depends on security through obscurity has this trait.

There is no 'Security through obscurity'. At best, you will have the illusion of security, wich is worse than no security at all.

This seems a bit like saying that there is no such thing as debugging because applications still have bugs afterward. I agree with the overall thrust that the security through obscurity is unreliable, but it is something, and it has even been effective to a limited degree on many occasions. (For example, many video game companies have employed defeatable security-through-obscurity successfully, because they only need to hold off the crackers for a couple of weeks.)

Can you name any software that relies on security through obscurity -- and I assume you mean obscurity from the user of the software, since nothing else seems relevant here -- that is not just a specific kind of DRM?

Viruses, worms, trojans, spyware (think the NSA), hardware verifiers (think laptops that only allow one brand of battery). There are a few.

I'm not making any kind of judgement or assigning blame, just stating the fact that free software is fundamentally incompatible with DRM. I'd prefer to see EME get killed. But as a practical matter, if we go into a negotiation with nothing that we're willing to concede, we can't be surprised if it stalls immediately.

There is plenty that we're willing to concede; as I've said, there is only one single point where negotiation is not an option - both from a FOSS and Open Web perspective. Unfortunately, it seems like the same is true of EME proponents, and it's the same issue :(

Even leaving that issue[1] aside, if the W3C were to endorse EME, then for the first time in its history the Open Web would not be implementable by anyone who chose to do so. That is the real problem here, not incompatibility with any particular software license.

[1] which is pretty much the reason for the existence of the FOSS movement, so I'm sure you'll understand the inflexibility there :)

What do you mean by "Open Web"? AFAICT the term "Open Web Platform" is only 3 years old, and before that "open web" (not capitalized) just meant all the freely implementable standards, which makes your first sentence circular.

We've had non-free things in the web since GIFs, and flash is currently used for a lot of the things that EME will be used for.

I don't endorse EME on principle, but it is inevitable at this point, whether or not the W3C endorses it.


W3C standards define an Open Web Platform for application development that has the unprecedented potential to enable developers to build rich interactive experiences, powered by vast data stores, that are available on any device.


The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

Thanks for pointing to that. Clearly DRM violates the "available on any device" part of OWP, since some devies will not be able to implement DRM.

Like I said, I'm opposed to this, I just wasn't sure if it was the w3c's job to make this happen (In any event the web hasn't been truly open since 1993 when NCSA Mosaic added the patent-encumbered GIF format, so an open web is a goal to strive for rather than something we have ever actually had).

Now tell me, how adding DRM disables all the open web bits.

Now tell me how the landmine in the field prevents grazing everywhere in it.

> they are a business negotiation.

The fact that you (and others, obviously) think of this as a "business negotiation" is part of the problem. Many of us see Free {Software,Standards} as necessary for a free society, and as such should be considered some kind of "right" similar to those listed in the 1st Amendment.

The idea that we should "negotiate" away those rights is obviously not something that will be taken seriously, for much the same reason you may laugh at the idea that you should negotiate away part of the Bill Of Rights.

Also, for many of us not directly involved in the creation of standards like these feel like we're being handed an ultimatum: go give up on the entire concept of Free Software and run some binary blobs from an industry that has already shown itself to be incompetent and malicious (XCP, etc), or become 2nd class citizens on the web destined to be cut off from various parts of modern culture.

So yah, we aren't willing to negotiate on some of these critical ideas. The idea that movies or other entertainment could take priority over having a free society is at best lamentable and at worse /fighting words/.

And only a subset of movies, don't forget: big-money blockbusters. That's the only sort which depend upon the business model 'big media' is trying to protect with DRM.

And they don't need it their setting record figures every year nearly.

Can't we just fork the w3? Start using Firefox and forget about these people. Oh I'm sorry your browser is a little slower, but at least it's not Google made.

Fork the W3C? This is pretty much happened with HTML. The W3C membership voted against chartering a group to work on progressive improvements to HTML (v. XHTML2), initially in the form of Web Forms 2.0, and so the WHATWG was born.

The big problem is copyright on all the specs is owned by the W3C. Oh, you want to spec CSS? Well, then you have to do it from scratch. Yes, HTML is now at a point where it is better specified than ever, and more interoperable than ever, but it's been a long, hard journey there. Consider the spec has been worked on for over a decade now. Respecifying, from scratch, large parts of the web platform is an incredibly large undertaking, especially ensuring the spec defines something compatible with almost all web content when browsers frequently disagree in edge-cases with up-until-now unspecified behaviour.

You don't need to re-specify anything from scratch. Copyright does not prevent you from referencing the existing documents.

are you serious?! copyright instead of left on the standards for the "open" web? wtf

thanks very much. am i right in that the main reason for this is that forking is undesired? how is that helpful to an open system?

The view is that forking of specs leads to a multitude of specs, thereby making interoperability harder, and ultimately making the system less open.

If you can get people to stop using Chrome, Safari, and IE en masse over this issue that might have the effect you describe. Anything else won't, because the problem here is not the W3C per se but that those three browsers are very happily implementing this stuff (already shipping it in releases in the case of Chrome on ChromeOS and IE 11) whether the W3C actually specs it or not.

Oddly enough, the people producing those three browsers just happen to all be DRM system vendors (WideVine, FairPlay, and PlayReady). Who would think they're want to build their own DRM systems into their browsers, eh?

In order to "fork" the w3, you would have to make a new organization that would create a standard replacement, convince people to make browsers for it, convince server operators to support it, and convince people to create content with it. Granted, this is more simplified then it what would actually need to happen, so no, you cannot "just fork" the w3.

Don't forget the non-trivial task of avoiding whatever structural pressures that started the w3 on the path you hope to avoid.

The "Animal Farm" problem.

I'm not sure what you're talking about. Mozilla is a W3C member organization.

Perhaps you're thinking of something like the WHATWG? (bad news for you on the Google front if it is)

Or your browser is faster, depending on what you're doing.

Maybe instead of getting everyone to adopt Silverlight, we could just make the web more like Silverlight. Like more closed and stuff, because movies!

Silverlight has nothing to do with DRM. It's a web content runtime similar to flash. Sure, some codecs exposed through the runtime on a windows machine supported DRM. But silverlight itself has as much to do with DRM as http that was used to transport that content.

> Silverlight has nothing to do with DRM

You are technically correct ("The best kind of correct"). However, the only places where Silverlight still enjoys any use is, as far as I can tell, in streaming services to PC and Mac (e.g. Netflix) - and in those places, the only reason they preferred Silverlight to Flash or HTML5 video is .. DRM.

So practically, Silverlight is on life support maintained by DRM. If e.g. Netflix decides to drop DRM, you can bet they will stop using Silverlight and switch to something more portable (e.g. Flash or HTML5 video).

Statistically, Silverlight use has everything to do with DRM.

(weak analogy: Guns don't have anything to do with causing bodily damage. They just shoot projectiles at high speeds. In this thread, we are discussing personal safety)

If Silverlight is predominantly used for that reason (which I believe it is and http is not at all), it's a fair characterization.

Why is W3C involved in this?

Not only does this create a lack of openness and transparency in the core of the web, but "big content" creators get to pass on the costs of DRM that nobody else benefits from, including to people who are not consuming their content.

Meanwhile, browser vendors will become uncompetitive - since nobody else can compete against a closed standard - and they become even more motivated to work against openness to maintain their existing oligarchy.

Could not be worse for the web.

Compliance rules for Microsoft Playready: http://www.microsoft.com/playready/licensing/compliance/

The encryption part of DRM systems is effectively the same as client-side SSL certificates with a secret SSL certificate. How well it's kept secret is defined in the compliance documents. This secret, plus a secure decoding and output path, are the engineering core of DRM systems.

Studios require "industry standard DRM" for movies and TV shows, with lesser requirements for SD. This effectively means "DRM backed by some entity with lots of money that we can sue if things go wrong". Studios approve each individual device that you serve to, usually with compliance targets at some particular future date for various existing loopholes.

Flash (Adobe Access) is somewhat different, and has an obfuscated method for generating the equivalent of a client cert, thus on laptops it's only rated for SD by most (all?) studios. Apparently studios don't care too much about people copying SD content.

Studios would theoretically approve watermarking DRM systems, but there are two major barriers: having a large (ahem, suable) company offering it, and some way to serve individualized media through a CDN. Neither seem likely. So nobody loses too much sleep about whether studios would actually approve watermarking.

Sigh. Look, I'm okay with DRM, as long as it works on all my devices. EME won't, under linux, I guarantee the DRM Vendors won't bother releasing Linux binaries. That annoys me.

> I'm okay with DRM

It seems really defeatist to say this. You are a consumer. You have the ultimate vote on everything, with your wallet, with the only exceptions really being what you need to survive and whatever your government takes.

And I don't think netflix is on par with eating.

My problem is I have no idea what to do about the w3c. I'd really like to know what alternative network protocols for document rendering there are, because they are destroying the platform they are supposed to advance, community backlash be damned, they got bought off.

I'm definitely looking into ways to get qml into browsers, though. I think qtquick apps as remote resources would be amazing, because they would be actual apps, not documents with scripts running on them.

> My problem is I have no idea what to do about the w3c.

If the W3C disappeared tomorrow, the world would be fine. (Similarly, the weather channel is not an essential service, planes can still attain flight without the TSA, and there is still life outside of the panopticon's walls...)

The W3C served a useful role a few decades ago when it focused on codifying historical standards that resulted from the early exponential growth but, like many others who took the minutes in important situations, they now seem to think they are "leaders." But documenting historical growth doesn't mean you are suddenly a source of good ideas; leading isn't something you say you will do, it's something others say you did.

I propose that everyone simply ignore the W3C whenever it's useful.

If only ignoring the TSA, the NSA, and corporate managers were as easy.

Remember that ignoring copyright 'protection' methods is in fact every bit as illegal as ignoring the TSA and the NSA (at least, in most countries).

This stuff matters.

I've been hacking around with 'websites as Racket' ... the idea that you could use Racket's documentation format for, well, documents, and the Racket GUI for everything else. Much the same idea, just Scheme instead of QT.

But I don't think it's too late for the W3C. I don't think they've been bought out in the strictest sense; rather, I think they've been subject to some very effective lobbying that has proved most persuasive ( a.k.a. 'crisis of representation; see http://boingboing.net/2013/06/06/w3c-insider-explains-whats-... ).

I'll be honest, I can say that I don't mind it as I rarely consume media that we're discussing. If I do, it's one show rented on my Apple TV, and that's it, maybe once every six months.

Well, this very push for DRM on the web is to change exactly that. It's to force you to use DRM-only content.

So - yeah.

If you don't frequently consume those media, then you should be doubly angry that the W3C might harm the Open Web to support it.

EME will work on Linux. The thing is, the CDMs with which it is designed to interface won't.

It is technically possible to produce a purely FOSS CDM that will compile on pretty much any platform. However that idea has been rejected by content licensees on the grounds that it won't meet requirements, as defined by licence agreements that (so far) no-one is authorised to post on the W3C discussion list.

Other ideas that have been rejected are server-side watermarking (too expensive, doesn't meet requirements) and client side watermarking (doesn't meet requirements).

So, myself and (most) others are rejecting EME on the grounds that it is inseparable from "non-user-modifiable client components" (a wonderful phrase I picked up on the list), a.k.a. closed-source, proprietary CDMs that are tied to particular OSs.

I find it somewhat awesome that this whole html drm debacle is effectively what Richard Stallman has been saying for decades versus outdated entrenched old media interests. Except in this case, the web standards consortium is giving away your freedom for you.

That is what pisses me off most, really - if big media was left to squalor in broken plugins and horrible drm, which should be horrible because its entirely anti-user, they would have to eventually adapt to the Internet and change their ways or die.

But with the power of money and apathy on the part of vast swathes of the tech community that think they don't have ground to stand on (hint: you are the consumers they want buying stuff, you hold all the cards) they are ending the open inter-operable web. It sucks.

Yes it sucks, but it's not too late.

The issue of patents in W3C standards came up a decade ago; it looked like the W3C had caved then, but a 'firestorm of public criticism' (to quote an article at the time) caused them to back down.

So, agitate. Tell people about it. Bring it up at user groups. Post to Hacker News :) If you know anyone in tech. journalism, tell them. Support the EFF.

Also remember it isn't the W3C as an entity that is really the problem — it's convincing a majority of member organizations of the W3C that is the problem. The W3C is just an industrial consortium, and will do what the industry wants. If that's DRM, that's DRM.

What happened with patents and what needs to happen now is to convince the majority of members who have no entrenched opinion that they should be against this work happening at the W3C (which by no means guarantees the work will stop — it may well just move to another venue, quite possibly closed, and still de-facto become part of the Web Platform), and that they should oppose this at the AC level, who ultimately control the direction of the W3C. (The AC, essentially, has one representative from each and every member organization.)

> they are ending the open inter-operable web. It sucks.

I don't know what web you have been browsing, but as far as I can see, HTML5 is just now starting to replace flash for online video and audio. I am much sooner ready to support EME over flash, if it helps that transition, despite the ridiculous ineffectiveness and inconvenience of DRM.

Why do you suppose that EME + CDMs will be a better solution than Flash? What advantages do you expect?

I see EME as a way of reducing the area which DRM can affect. It is a sanely designed box around an insane (but persistent) concept. Whereas flash applies usage restrictions to the whole environment, EME is strictly for streaming video and audio, and encourages the rest of the system to be developed with open technologies (HTML5 and JS). It is the minimum evil necessary to meet the requirements of the existing contractual obligations that cause DRM to exist.

Why do you assume that EME is strictly for streaming video and audio? Others have documented an interest in extending it to other media types.

Also, you're assuming that it is necessary. We don't know, as long as the requirements are secret.

Finally, there's no reason that, in order for work on EME to proceed, the W3C has to compromise itself or the Open Web. It'll happen regardless of the W3C.

> Others have documented an interest in extending it to other media types.

Sorry, I guess "strictly" was the wrong word. Rather, it is designed particularly for the streaming video use case.

> We don't know, as long as the requirements are secret.

True. But I think a pretty good idea can be had just by looking at the current state of the industry.

> It'll happen regardless of the W3C.

Exactly. Having the W3C head the initiative is the best thing that could happen to it, short of it not existing (which as you say is impossible). Not compromising on ideals is nice, but not when it stands in the way of what is best for the user (or in this case, least bad).

Do you want to buy and run windows 9? Because to see the new series of the game of thrones only windows 9's CDMs can read it. That is the kind web you are negotiating for.

How long do you think MS would back port these things to win7 before they bump their minimumContentPlayer=win8 and then that's it you're not seeing any of that media to you pay up.

Perhaps they'll choose to offer a binary for other open source OSs, it will just be a major version behind, 6 months late and kind of buggy.

>Perhaps they'll choose to offer a binary for other open source OSs

Even that's a bit hopeful imho - consider how easy it is to imagine an advert declaring "Game of Thrones Season 5: Exclusive to Apple!"... Hell, it could be worse - "Only on Intel"?

> That is the kind web you are negotiating for.

As discussed, that is a motivation that will exist regardless of the W3C's course of action. What I am negotiating for is the W3C being in charge of what access these "big bad companies" have over web standards, rather than allowing the development of similar technologies to continue unmoderated.

The fact that EME is being seriously entertained by the W3C should tell you everything you need to know about the power relationships there. I don't think there's as much 'being in charge' as you think there might be.

>> Perhaps they'll choose to offer a binary for other open source OSs, it will just be a major version behind, 6 months late and kind of buggy.

And only supported on 32 bit intel machines!

Wouldn't another option simply be making it so that Netflix et al are in a position that they can't move forward to these new standards with their licensed stuff, but everyone else can? Them being the only ones left using Flash/Silverlight would probably give them a good incentive to push back on their contracts...

So the system the way they intend it won't work, which means you won't get the content anyway.

Let's not get lost in semantics here.

I'm not okay with DRM.

It will never work on all devices. It will never work with all software. That's the nature of DRM. It's made to block playback on non-approved devices/software (and generally is a PITA even with approved stuff).

There is an alternative which works on all devices and with any software. its called "not using DRMs".

It's pretty much baked into the definition of DRM that it may not work on all of your devices.

There is no technical reason that DRM technology can't be FOSS and use non-secret keys; this is a result of licensing agreements with content owners. I'm hoping to have those agreements made public so technical discussions surrounding EME can take place with a degree of transparency.

Eh? If your DRM code is FOSS I'm just going to patch it, recompile it, dump out the keys, decrypt my media, and ignore all your constraints.

Technical DRM only 'works' when the code is an obfuscated steaming pile and the implementation/platform/hardware tries to make it an incredibly difficult process to mess subvert.

Theres never been a consumer-facing DRM technology thats made a lick of sense, and frankly I'm glad most of the FOSS success stories are in defeating it rather than proliferating a broken trust model that serves to prop up slow-moving industry monopolists who bump up costs (of many kinds) to consumers and are going to lose in the long-run anyway.

Sure - and the fact that you can do that is why 'big content' don't want a bar of FOSS DRM.

Personally, I like the idea of copyright bits that travel with content. Some way of telling the user how the creator wishes the content to be used, or not used. Not enforced, mind you (because as you say, that's impossible) but just notified. Making it easier to do the right thing.

That would go well with watermarking to identify paid content, and a good system for processing micropayments.

But of course it's easier just to lobby the W3C and break the Open Web :(

I agree. I think if we promoted Creative Commons and generally made people more aware of how copyright law can be used to promote creativity, fair use and empower indy content creators that we'd become more sympathetic to the case made by Hollywood and the music industry, and maybe eventually get out of this rut of seeing it as a weapon for big media.

I wouldn't oppose any standard that made it mandatory for copyright and license information to be encoded in to image, video and audio content. Nor would I oppose a requirement for browser vendors to expose that information accessibly (on demand) to users.

I'd also like to see online registries that worked like TinEye or Midomi and let me quickly identify content with an emphasis on copyright and license discovery.

DRM destroys the possibility that the contract of copyright can be upheld.

The contract is that we, the people, give - through our respective states - content producers a limited monopoly on reproduction [and modification, etc.] of artistic works in exchange for them being release in to the public domain at the end of that limited term.

With DRM a content producer (or at least the rights holder) destroys the ability of the work to pass in to the public domain [effectively].

In other words applying DRM breaks the contract. This means that we, the people, should be under no obligation to provide the state enforcement to their monopolistic rights gained via that contract.

There are ways the contract could be maintained under DRM [deposit an unblemished copy that can be released to all copy holders on expiry of the term] but I've never seen anything to suggest rights holders are acting to avoid breaching the central contract.

This is pertinent because it's not just linux that will be cut out of being able to present this data [DRM protected works] but also the OS of those in the future who're supposed to get access to copyright works which are currently being locked for good by DRM techniques.

No one should be OK with DRM if we want this garbage to be gone. If we are OK with it, how can we expect brain dead publishers to understand that it's not needed ever?

you should not be okay with DRM. It's as simple as it's: DRM is the form of slavery.

> DRM is the form of slavery.

I dislike DRM as much as the next guy, but really? Slavery?

Captain Hyperbole to the rescue!

> you should not be okay with DRM. It's as simple as it's: DRM is the form of slavery.

Sorry Ivan, but voluntarily agreeing to access encrypted content is not comparable to slavery.

first of all, I agree that my message was too short and didn't have any arguments to positively contribute to the thread. Sorry about that.

Now, let me explain how did I come to this comparison (even if it seems rogue). To make it more specific, let's consider Raspberry Pi, which is one of the most open ARM boards and, at the same time, practices DRM. For example, its hardware video decoding capabilities might be unlocked, if a separate digital license is acquired in the store [1].

I am perfectly fine when people voluntarily agree to access encrypted content or "premium" functionality. The problem is that the need to put this DRM to the chip, has led to the decision of the manufacturer to make its GPU core a supervisor. GPU starts to work ahead of CPU, initializes its firmware and starts CPU at some point later ([2]). Additional GPU firmware (provided by a binary blob) may be loaded to support OpenGL and other related stuff [3].

Effectively, even if the user does not want to access an encrypted content or use the "premium" functionality, he is being kept in a jail to make sure this premium stuff is not used. Moreover, the supervisor capability of the GPU chip combined with a binary blob updates, makes it possible for the manufacturer to reduce the amount of allowed to the user.

The user of the device is treated as a customer, and it's the manufacturer who is the owner of the device, not the user.

Given these capabilities of the manufacturer over this aspect of the user life, we may start looking at the definition of slavery [4]:

"""Slavery is a system under which people are treated as property to be bought and sold, and are forced to work. Slaves can be held against their will from the time of their capture, purchase or birth, and deprived of the right to leave, to refuse to work, or to demand compensation."""

At least half of the definition applies:

1. The customers are treated as property to be sold or rented. There're video dongles/boxes on the market which stream content to the TV. They would often allow only a subset of the video services to be used, even if these services are freely available on the internet. The manufacturers of this devices may actually sell the access to the users of this device to the content providers.

2. The customers may be shown ads against their will and their user experience may be altered by the manufacturer w/o their consent or right to refuse.

Again, that does not happen to the people, it happens to the customers, which appear as a virtual entity applied to the devices, but I really see some similarities.

[1] http://www.raspberrypi.com/mpeg-2-license-key/

[2] http://stackoverflow.com/questions/16317623/how-does-raspber...

[3] https://github.com/raspberrypi/firmware/tree/master/boot

[4] http://en.wikipedia.org/wiki/Slavery

> For example, its hardware video decoding capabilities might be unlocked, if a separate digital license is acquired in the store [1].

One particular format. It'll do h264 fine, it's only MPEG-2 that it won't do in hardware unless you buy a license.

> Effectively, even if the user does not want to access an encrypted content or use the "premium" functionality, he is being kept in a jail to make sure this premium stuff is not used.

Effectively kept in a jail? I've got a raspberry pi in the corner of the room, I still seem to be able to leave. This is identical to any service with a premium.

> 1. The customers are treated as property to be sold or rented.

With slavery, people are actually bought and sold. They then belong to someone else. When you watch a video with DRM you just can't copy it.

> 1. The customers are treated as property to be sold or rented. There're video dongles/boxes on the market which stream content to the TV.

Wait, are you saying that it's slavery for the dongles?

> The manufacturers of this devices may actually sell the access to the users of this device to the content providers.

In the same way that the newspapers do, but I wouldn't say when I'm reading the paper I'm being sold into slavery.

> 2. The customers may be shown ads against their will

In return for watching the programme. That part is key. If we were being held down and forced to watch it, then I'd agree more but you aren't. It's just part of the transaction.

Slightly off-topic, in addition to the DRM, the Raspberry Pi has a proprietary firmware that is not open source, so it's difficult to bake your own bootloader.

DRM is not slavery.

They're going to have to create ways to play their media on Linux, with the growing popularity of the OS for appliances such as living room video players and products like the Steam Machine.

Playing on Linux is not the issue. The issue is that EME + CDM introduces an 'Open Web' standard that cannot in fact be implemented by anyone who chooses.

Say the W3C decided to add a new tag to HTML, called '<happy>', that displays a smiling face. Anyone who wishes (Firefox, Mozilla, you, me) could implement that feature and start properly displaying content that contains <happy> tags.

This is not true of encrypted content that requires a proprietary, closed-source CDM and / or a secret key to operate.

That is why EME should be rejected by the W3C. Lack of Linux support is a consequence of the problem, not the problem itself.

How about the embed tag? What big differences do you see between implementing EME vs the embed tag?

One difference is that with embed you can still support most existing platforms by implementing NSAPI.

My reading is that ESE is intended to work in much the same way -- the main work is done by the Content Decryption Module, which is more plugin-like. And indeed, the way existing DRM-using systems work in the browser is with the embed tag.

The spec says "The Content Decryption Module (CDM) is a generic term for a part of or add-on to the user agent that provides functionality for one or more Key Systems."

What they'll do is created CDMs that work on restricted subsets of Linux (Android and ChromeOS already support DRM and many media player devices have Linux buried inside) and tell you that if you want "Linux" you can use the supported subset (which is totally Tivoized so it's no more open than Windows).

Netflix already works on Linux: Android devices.

What, you were talking about GNU/Linux? See, that is not going to happen. Instead, you'll see the Linux kernel, some GPLv2 userspace, and a hardware-enforced lockdown that renders the GPL useless. There will be jailbreaks but only a minority of people will even be aware of them, let alone care enough to actually make use of then.

Which is why it's so important that the W3C doesn't endorse this technology. It's not, in itself, the fact that it's incompatible with GPL3 etc. It's that for the first time in the history of the Open Web, the Open Web will not be implementable by anyone with a general purpose computer. That is the problem here.

You seem to think that "the Open Web" doesn't mean the part of the Web that's freely implementable but the part of the Web that uses W3C-specified tech. What makes you think that?

Wouldn't it be more logical to say something like, for the first time in the history of the W3C, the W3C publishes a non-Open Web spec? Or something like that.

Turns out, Chrome on Linux shipped with a Widevine CDM before any other browser (including Chrome on Windows).

Chrome for Linux indeed comes with libwidevinecdm.so, but still, Netflix is not letting the Chrome on desktop Linux play content even though Netflix allows Chrome OS to play content.

So that libwidevinecdm.so isn't particularly useful to Linux users.

It will work under Google Chrome (not Chromium) on Linux most likely, as Google is a DRM vendor.

AFAIK ChromeOS supports Widevine EME and Chrome does not. Why is it enabled on one platform and not the other? Make of that what you will.

Because they haven't got it locked down enough yet, presumably.

Chrome on Android doesn't support it either, yet, but http://code.google.com/p/chromium/issues/detail?id=275989 is targeted for Chrome 32...

And Google will presumably have a Linux CDM for Chrome OS, so they could release it for Linux desktop, too.

But it doesn't matter. Google could release their CDM for any operating system they choose; it doesn't alter the fact that EME and CDM are inimical to the Open Web and should be rejected by the W3C.

> So, the DRM vendors have solved the problem of creating solutions that meet studio requirements and what we are trying to do with EME is provide a clean API to integrate these solutions with the HTML Media Element.

Which reads as: studios have nonsensical requirements, which are implemented and soon broken. And "we" (i.e. W3C) need to oblige this insanity for the sake of <...>.

Put your own reason, but I bet it won't be good.

I just posted to the list, trying to explain that EME is not a requirement, it is an implementation.

I understand. My point is, it's an implementation of an absurd requirement which simply should be ignored, rather than obliged as in providing an implementation.

I guess, the "another backdoor" proposal will go very well in Europe, where most citizens are just static about americas view on privacy and respect for constitutional rights. Way to go, maybe the W3C will finally get Europe and the rest of the "free" world to create their own web!

HTML-DRM, proudly building "solutions" to problems nobody has, by following requirements nobody knows about, to create a landscape of content nobody can play.

Way to go W3C, keep up the "good" work.

Why should DRM be part of a standard? Aren't plug-ins sufficient?

EME essentially defines a wrapper around a module, which can quite easily be a plugin, that implements the DRM. You can view it as a means to require smaller plugins than NPAPI, PPAPI, etc.

So, why have that discussion inside a standards discussion, especially if it brings in confidentiality requirements? Let the publishers talk among themselves and write their plug-ins.

In my more paranoid moments, I worry that the answer is: this work is explicitly intended to break the Open Web as we know it.

This is why I'm so keen to get all the requirements out in the open and start discussing them transparently.

Personally, even in my least paranoid moments, I think that's a certainty. Why let things be open when you can charge people for the key? See also: turnpikes.

The problem is a normal plugin doesn't allow a browser vendor to write their own version. (iPhone + Flash for example).

Perhaps a plugin standard and API would solve it, then a vendor can build their own plugin (Apple) and allow others to use a non shipped third party (Firefox).

If Apple wanted to, they could write their own implementation of the non-DRM parts of swf. Mozilla is doing this in Shumway. Apple did this for PDF.

Of course, just like you aren't allowed to interoperate with an EME CDM without permission, you aren't allowed to interoperate with the DRM part of Flash (called Adobe Access) without permission. (Or the DRM part Silverlight called PlayReady, which, unsurprisingly, Moonlight does not clone.)

Sure, but I believe that Adobe didn't really want anyone to clone flash (at least not in the early days).

If this was the goal from the outset the DRM parts could be described in the same way the HTML5 ones are being.

There are several technical reasons why EME is superior to the existing solutions; in particular, usability and ease of implementation are two.

However that doesn't address the fundamental problem that EME breaks the Open Web.

I could sort of get "ease of implementation" but would trade that on behalf of the implementers to keep their secret bullshit out of standards.

Have they got an actual case that says it's easier versus plug-in implementations that would, in real world cases, rely on libraries the content publishers agree to use?

Yes, malware. EME creates a nice standard compatible way for bidirectional communication with arbitrary servers, for native code run with the privileges of the user. ( By now there is at least a security considerations section in their standard... what could possibly go wrong.)

The only benefit I can see from standardizing something is that browser makers who want to claim to be compliant actually have to support it, so you won't end up in the flash/silverlight situation where some platforms don't support it.

But if a plugin framework is standardized, why settle for only DRM? Why not fix the whole crapfest that is plugin applications entirely? A standardized interface to a fast sandboxed virtual machine with good hardware support would be excellent. Currently there is javascript, ActiveX, flash, java applets, Silverlight, NaCl, WebGL and a number of others, each having their own benefits and drawbacks.

If I want to write a web based multi-threadced GPU accelerated webcam-using application that works on any compliant browser on any platform, what do I do? Isn't that what the next kind of web standards should be addressing?

> The only benefit I can see from standardizing something is that browser makers who want to claim to be compliant actually have to support it, so you won't end up in the flash/silverlight situation where some platforms don't support it.

Please read the spec. Your assumption is wrong! The EME just defines an API for JavaScript to access an unspecified CDM (the DRM module) in the browser. It does not specify how the DRM should work (it would be by definition impossible). It does not specify how a browser should acquire or handle the CDM.

Therefore EME will not only ruin the open Web. But it will be less portable than Flash. At least Flash somehow works on Linux.

You misunderstood me, I think if there should be standardization of some kind of platform indepndent "plugin" it should address what flash, applets, ActiveX and Silverlight does but in a standardized way.

It is - by definition - not possible to have an open standard or libre implementation for DRM. You could simply implement it to dump the stream instead of displaying it.

If you mean the features besides DRM then we don't need a plugin because HTML5 and JavaScript are perfectly fine for replacing those plugins and they can be openly implemented and distributed.

I mean a standard way of distributing binary executables where anything the plugin author wants can be done (within a sandbox). For example the decoding and display of protected data. Much like flash, but with some form of standardized bytecode vm. I understand that the implementation if the actual DRM will probably be closed, but the plugin standard that hosts the DRM code should not have to be.

Apart from allowing closed binary applications it should of course offer some other benefit over javascript, such as offering good hardware support (true multithreading with shared data, access to all peripherals, and so on). Javascript even with WebGL+WebWorkers+similar frameworks isn't it.


Web workers?

>GPU accelerated




Here are some thoughts by Cory Doctorow on web DRM. Spoiler: he's not a fan.


Looks like the W3C may have been the inspiration for Games of Thrones...

Seriously, if there are men and women of honor in this organization, they should stand up against any form of standardization for DRM. DRM can be a proprietary extension for the people who want it.

Hey Guys, can somebody create a simple guide, FAQ or something similar for non-tech people to understand what is going on with HTML and DRM? It will help to spread the word.

https://hsivonen.fi/eme/ explains what EME is. Granted, it might not explain "what is going on".

Actually there's talk on the W3 mailing list of doing just that, covering all the info and debates that have happened to date. I'll post it to HN when / if it's done.

From the mailing list: "[with EME] ... the publisher will have the possibility of deciding which platforms may access their content."

That was from one of the proponents of EME, touting this as a good thing. The response from another list regular was excellent:

"In non-web-terms this is the publishers deciding on what brands of TV you're allowed to play their content."

That's where EME will take the Open Web. We need to oppose it, strongly, urgently.

I download movies and TV shows using Bittorrent and index sites like TBP because of DRM. Often these DRM systems are not available for Linux, or if they are, they require installing some big blob of binary code. It is easier and more secure for me to use bittorrent.

I would happily use the legal services, if not for this DRM. Those services sometimes are even free (e.g. BBC iPlayer). I would happily pay for a subscription service (I pay subscriptions to a number of different of online sites, mostly journalism or data-organistion - I've no problem with that).

The industry standardising proprietary DRM in W3 will just ensure that I continue to support the distributed, end-user provided services which are DRM-free.

Since many are using Steam as an example of DRM - the important difference is that Steam is a free product, but is not open-source (though it can be used to distribute open-source). It is produced by a company as a means of distributing their products.

It is not even a valid comparison to the blinkard pig ignorance of the secret DRM requirements in HTML, which is an open standard.

I'd just like to know what dipshit at the W3 signed off on this.

What's the problem? Don't support companies that distribute any DRM content. Standardizing DRM and propogating DRM aren't the same thing.

Standardizing DRM is bad because it prolongs its usage and makes it easier to apply. DRM shouldn't be helped in any way. It should be made harder to use for those with bad intentions who wish to proliferate it, not easier.

The problem with avoiding is, that many don't understand why they should vote with their wallets and boycott Netflix, Steam and other similar services which proliferate DRM. Many readily and gladly use them. Either because they don't understand the unethical nature of it, or because they are getting used to the police state mentality, which they accept for the price of getting some service. Unfortunately, the later seems to be the case more and more.

It sure helps propagating it, once you have a standard all the vendors can use.

But all this standardises is the interop between the browser and the non-user-modifiable client component, the CDM.

Any standard makes it less messy and gives them more excuses to continue pushing it instead of admitting that it should be dropped. It's absurd to promote standards for unethical practices.

Yes. Perhaps I did a poor job of explaining things in my previous post. I was just trying to say that EME being standardised won't actually help standardise CDMs.

Can't we just boycott this entirely?

If our end result is to see Netflix using HTML5 video on Desktop browsers, how do we get there from a technology and business point of view? Keep in mind that Netflix has content created and owned by the major studios. If any form of DRM is not the way, than what? How do we get to this end goal? Do we make streams 'free' to copy and rely more on the legal system for protection? We are all keen to slam DRM, but what is a viable alternative?

There is no reason why the free and open standards of the internet should be compromised so that a particular business can operate on it. If DRM-free HTML video makes it so that Netflix can't develop a browser based viewer, so be it. The internet is bigger, and considerably more important, than streaming movies.

> If our end result is to see Netflix using HTML5 video on Desktop browsers, how do we get there from a technology and business point of view

Where's the specific value in that? Netflix can use their own application to display the DRM-ridden content. I don't see why everyone else should have to deal with DRM in the browser because of that.

why can't they just build it in NaCl and leave the open standard alone.

In that case, the site providing DRMed video and the NaCl player would have distribute an H.264 decoder (and potentially other encumbered stuff) to end users as part of a NaCl executable. It's much more convenient for a company like Netflix not to have to distribute the DRM component when companies like Microsoft and Google are willing to do it instead. Also, NaCl doesn't integrate with the HTML media elements, you'd need to implement the whole media stack in NaCl instead of just the DRM part.

Furthermore, since NaCl is sandboxed by the browser (and the browser is untrusted by Hollywood in the DRM trust model), it can't conspire with the GPU on low enough a level to hide pixels from the browser and the operating system.


The internet was nice while it lasted.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact