Hacker News new | comments | show | ask | jobs | submit login
FSF condemns partnership between Mozilla and Adobe to support DRM (fsf.org)
459 points by mikegerwitz 1287 days ago | hide | past | web | 276 comments | favorite



If we should train our guns somewhere it should be at the W3C; the guardians of web standards. W3C shouldn't have legitimized this feature by bringing it into standards discussions. The media companies would have had to comply eventually. They had no future without distribution over the internet. Now of course, they have hope.

Mozilla had no chance once Google, MS, Apple and everybody else decided to support EME. Most users don't care if they fought for open standards. They are probably just going to say that Firefox sucks.

If you ask me, Mozilla could be the most important software company in the world. The stuff they are building today is fundamental to an open internet for the future. It is important that they stay healthy for what lies ahead.


The HTML working group at W3C has clearly rejected Google/Microsoft/Netflix proposal on both technical and ideological grounds, but the decision has been overridden by group's Chair, and further objections have been bypassed by forming a new, pro-DRM working group out of public view.

The EME spec draft has been published almost unchanged, even though it has known significant flaws, e.g. most of the spec is non-normative and it's been acknowledged (without a fix) that the key diagram is factually incorrect (shows that the browser is trusted).

It seems like corporate interests within W3C are much stronger than W3C's integrity.

I suspect it even goes farther than Google and Netflix using their market share and influence to pass the spec — they've probably been blackmailed by MPAA & co. that would pull the plug on Netflix and Google Play if they didn't do what they've been told to.


The W3C doesn't really have any power as was demonstrated by the failure of XHTML and the ultimate triumph of WHATWG. The history of the web has shown since the <blink> days that those who write the code to the popular browsers set the standards. The last 10 years have been a miracle of openness after Mozilla wrestled the web away from Microsoft, but now they are becoming powerless in the face of a Google-Apple-Microsoft industry alliance. Mozilla's desperate attempt to to stay relevant by distributing a closed source blob will fail. The closed source future will be increasingly anti-user. Personally I blame Larry Page, the old idealistic Google would have allied with Mozilla and could have stopped this.


Personally I blame Larry Page, the old idealistic Google would have allied with Mozilla and could have stopped this.

Huh? I think it is more complex than that.


Obviously it's complex.

Larry Page still failed to do a single thing to stop it (that I know of) and he is probably the single person with the most power to oppose this.


EME is not on the top of my list though, though this claim reminds me of this incident: http://slashdot.org/comments.pl?sid=3106555&cid=41288357


Blaming Mozilla's decreasing influence on a vague and alleged "Google-Apple-Microsoft industry alliance" isn't really accurate.

While the corporate players involved may just happen to have interests that might align somewhat in this case, Mozilla has made its fair share of mistakes that have driven people away from Firefox. A browser with fewer users results in less influence for its creator and users, obviously.

Phoenix, Firebird and Firefox before version 4 were generally excellent releases. This was back when Mozilla innovated and put out offerings that benefited users. These versions truly made people better off, and much of Firefox's rapid adoption was due to direct word-of-mouth recommendation.

Then around Firefox 4, they decided to imitate Chrome, rather than leading the way. The release schedule changes caused broken add-ons for a very long time. This drove people away. They've also repeatedly made harmful UI changes, to the point where Firefox today is almost visually identical to Chrome. This has driven more people away. Meanwhile, there has only been minimal progress when it comes to improving the performance of Firefox, and reducing its memory usage. This, too, has driven more people away to browsers that manage to perform better, with fewer resources. (Spare us the are-we-fast-yet-style benchmarks that just don't seem to match the actual browsing experience.)

Nobody but Mozilla themselves made Mozilla act in such a manner. Nobody but Mozilla themselves are responsible for driving away so many Firefox users.

And so here we are today, with Firefox at perhaps 15% to 20% of the browser market, if even that. This is a far cry from their peak, when they were above 30%. They no longer offer an appealing product, which causes a decrease in the number of people using it, which directly results in the unfortunate lack of influence that we're seeing in this case.


At the point they decided to (as you say) imitate Chrome, they had _already_ lost quite a bit of market share to chrome, and the market share loss seemed to be continuing.

Whether their choices to 'be more like Chrome' were appropriate responses or not you can debate, but dating their loss of influence or market share to after they decided to 'imitate Chrome' is a mistaken timeline.

Personally, I'd say their loss of market to share from Chrome came from a few things:

* Google's ability to promote Chrome was huge, since so many people look at google every day. This is huge, and perhaps we could just stop there, but...

* Firefox had become bloated and slow and a bit crashy. It's just true. Google had the resources to write a high-quality new browser (which is pretty huge), and their browser was really really fast and really really stable compared to FF. (It is no longer so stark a difference, cause FF has much improved on speed and stability, and Chrome, as it continued to be developed got the inevitable bloat and bugs that software does. Although Google writes pretty good software, and Chrome is no exception).

* FF just wasn't innovating much anymore in features, for users or developers. There wasn't a lot of (non-ideological) reason to use it, if something else came along. Developers matter because they influence other users (in part by designing their sites with certain browsers as their main testing environment), and developers aren't influenced as much by the fact that google.com tells them to download Chrome. But I think FF lost significant dev market/mindshare to Chrome too, in part because Chrome's dev tools were way better than FF's at that time.

Now, if Mozilla made the right or wrong choices to try and recover, we can argue (I think overall they've made a lot of the right choices for the hand they were dealt), but at the point they changed to be 'more like Chrome', it was a reaction to already having lost a huge amount of market share. If they had kept on the course they were on, I think they'd have lost even more by now.


Yes, I agree that some Firefox users had moved to Chrome early on, and that Google does have the potential to market Chrome more forcefully than Mozilla can for Firefox.

I don't think that the timing is all that relevant, though. This has been a gradual process over several years now.

The main point is that it wasn't so much what the other browsers and their vendors did that reduced Mozilla's influence, but rather that it was what Mozilla did (or didn't) do that has resulted in Firefox's decline.

Mozilla stopped leading, and instead decided to follow Chrome. While doing this, they've bungled major Firefox features, ranging from automatic upgrades to the UI design, time and time again. They've neglected to sufficiently resolve long-standing resource usage problems. They've ignored feedback from disappointed Firefox users for years now. They've ignored that this direction obviously isn't helping to prevent users from leaving Firefox, while at the same time it's driving a lot of users away, and furthermore it isn't really bringing in any new users.

In my opinion, Mozilla has been its own worst enemy these past several years. They've inflicted more harm on their own cause than any external opponent or competitor could have ever hoped to do.


Don't you get tired writing variations of the same comment over and over again?


The W3C and major tech corporations aren't separate entities, the people sitting on the W3C boards WORK for these companies.

Don't fall for the smokescreen.


>I suspect it even goes farther than Google and Netflix using their market share and influence to pass the spec — they've probably been blackmailed by MPAA & co. that would pull the plug on Netflix and Google Play if they didn't do what they've been told to

Add to that Youtube being able to now use EME to stop downloader extensions and get more streaming deals and it helps explains why Google pushed Netflix support on Chromebooks as one of the first real world implementations of EME.


Everyone keeps repeating the claim that "most users don't care" but I think the more accurate characterization is "most users don't understand". Teaching people is much harder than blithely complaining about their motives, so I can understand the appeal to HN commenters, but I would have expected Mozilla to see above that.


Without responding to your specific point, many people say "people who disagree with me (just) don't understand," but in reality the people who disagree often have just as good an understanding of the basic facts, yet disagree anyway.


Put me in that camp. I did care about DRM at one time, but that's tapered off quite a bit over the years.

A lot of this probably correlates with my having become something of a cord cutter. It's hard to get worked up over concerns that someone might be threatening my "right" to disposable content that I've decided I don't need, usually don't want, and tend to think of as having a net negative impact on my quality of life. Perhaps it's my jaded brand of libertarianism showing: I'm inclined to say that media companies have just as much a right to make it hard for me to give them money as I have a right to continue not giving them money. Ironically enough, we're actually working toward a common cause.

(edit: A response would be more edifying than a drive-by downvote, y'all.)


> Perhaps it's my jaded brand of libertarianism showing

The big catch is that it's an uneven equation because it's illegal to circumvent DRM due to the DMCA. If users could legally undo the DRM, I think you'd have a valid point: media companies are free to use whatever DRM they wish, and end-users and circumvent it if they are able. It would create an arms race which I believe the media companies would quickly lose. Instead, there's no legal weight in favor of the media companies, with no one standing up for end users' rights.


I think you're missing my point. My freedom to not give them money isn't about being able to easily copy their media. It's about my freedom to not consume that media whatsoever.

To put it in language that's less easily interpreted as being pro-DRM: If HBO wants to use digital rights management to sink Game of Thrones into a cultural black hole, I'm more than happy to oblige them on that one.


> my freedom to not consume that media whatsoever

But this freedom is bounded in that it comes with a cost. If you don't consume their output then there is a segment of popular culture which you are excluded from... the social distance between you and friends and family are increased. It might be a black hole from your perspective, but lots and lots of the people around you are opting-in.

There are ways around this— there are many more things that its possible to have in common with others, and its possible to leverage your ignorance to create conversation— I'd rather hear a summary of a TV series from a friend than see the series. But it isn't as simple or free of a choice as you seem to be making it out to be.


Yep. That segment of the population being people who are hard-pressed to carry a conversation that doesn't revolve around a subject that I don't enjoy talking about.

Believe it or not, that prospect doesn't actually depress me.


> [ I don't like that content ]

But how will you know? You can't judge the content if you haven't seen it..


I thought like that in my 20s, but as I've gotten older I've decided life is too short to give everything a chance. I'd like to be really sure I'll like something before I give it a chance. Ironically, the Internet, which has probably decreased my access to content because of its role in the creation of DRM, has also increased my ability to see what's worth spending my time on.

Perhaps I lose out on some serendipity, but it's worth it so I don't feel like I've wasted my time.

Which brings us back around to the point about DRM. There's so much I can consume where my rights as an owner are respected that I don't often feel the need to bother with anything else. Hell, I can even get Game of Thrones on DVD if its that important to my social life.

And he didn't say he wouldn't enjoy it, he said he doesn't enjoy talking about it. Probably because he hasn't seen it. But the idea that one's under some obligation to see it in order to engage in conversation probably means one needs new friends.


I believe he's referring to the following: https://www.youtube.com/watch?v=MKMbdfbpWvg

It's an interesting observation imo, you should watch the entire thing because when it starts out it doesn't seem as if it's relevant to this conversation.

having said that, I haven't watched television or cable in probably a good 15 years. If I find a show I really enjoy, I'll purchase the DVD/Blue-Ray and watch the entire thing mostly ad-free. And I prefer it that way.


There is a crazy abundance of things to do and content to consume, and life is short. I don't avoid DRM free books because I don't like them, I avoid them because there are other books that I'll have a great time with.


You could argue that most of the works available on Netflix are pretty superfluous, but this isn't really a reason to dismiss the reasons not to use DRM. For one, the issue extends to much more media than just video. Ebook DRM is way more scary.

In the case of any DRM though, it just so happens that not using their services is probably the only reasonable solution. So you're spot-on in that regard. The very existence of DRM is proof that these companies are on life support anyway.


>Ebook DRM is way more scary.

I'm curios about your use of the term "scary". First of all, is the assumption that ebooks are a more valid form of information transmission or artistic expression than video? If it's purely a question of information, then I'd argue that ebook DRM is largely irrelevant because the Internet has surpassed books as the primary information delivery tool (see: Wikipedia). [side note: I think it's curious that as our access to some content has become more restricted, are access to other content has exploded. A person would never have had access to something like the Wikipedia outside a library 20 years ago, now you can get it on your phone wherever you are].

And it's not like print books have gone away, nor like they will in the near future. Indeed, publishers are desperate to continue to sell them to you because they have more control over the distribution chain. This applies to video as well, for that matter.


I care when it is included in the browser. DRM usually needs to fingerprint the device it is on. DRM is essentially introducing another vector for track you, even if you don't consume DRM protected content.


First they DRM'd the videos, and I did not speak out— Because I don't watch TV and Movies.

Then they DRM'd the music, and I did not speak out— Because I have a nice vinyl collection.

Then they DRM'd the ebooks, and I did not speak out— Because I still use public libraries.

Then they DRM'd the news, and I did not speak out— Because I don't read the news.

Then they DRM'd me.


The reason the slippery slope is considered a fallacy is because if you're not careful about the validity of your logic, it would apply equally well to any ill.

That would therefore mean that all bad things must be stopped with full force, because "First they $VERBd the $GROUP[i], and I did not speak out" would apply for the union of VERBs, GROUPs, and possible {i}s.

E.g. in this case you literally end with "Then they DRM'd me". Are you seriously trying to claim that the end state of Mozilla supporting EME is that DRM is used to physically hurt people?


>Are you seriously trying to claim that the end state of Mozilla supporting EME is that DRM is used to physically hurt people?

Of course not. That last line is clearly meant to be absurd. I wanted break the slippery slope argument.

What I was trying to do was poke fun at the idea that DRM is okay as long it doesn't affect you directly. You should speak out against DRM, not because it is a slippery slope, but because it is wrong and it hurts people. The reason I think you should speak out against interning socialists is because it is wrong, not because of the slippery slope that it entails.


Fair enough. Poe's Law and all, it's hard to tell nowadays. :)


many people say "people who disagree with me (just) don't understand," but in reality the people who disagree often have just as good an understanding of the basic facts

I have yet to meet anyone who disagrees with the theory of evolution through natural selection who actually understands it well. Security, privacy, and cryptography are complicated subjects where the most potent effects are often epiphenomena. I don't have studies to back me up, but my impression from talking to most non technical people, is that they have only a hazy idea of what is involved.


To further the point, when 2 people diagree about facts (they disagree less often about morality), then at least someone is doing it wrong.

Might be you, might be me. Either way, contradictions are still false.


Did you just place scientific theories and political opinions in the same epistemological category?

And here I thought postmodernism was dead.


No. Scientific theories with cryptography and security. Both of those are closely associated with politics, but have verifiable truth.


but in reality the people who disagree often have just as good an understanding of the basic facts, yet disagree anyway.

Really? I hate to be the elitist asshole, but if people don't understand that making bits uncopyable is not in the realm of reality, then I would argue they don't understand basic facts. See Schneier's commentary on "making water not wet" and copy protection, eg https://www.schneier.com/crypto-gram-0108.html#7


It's impossible to make bits uncopyable, but it's easy to make them less convenient to copy. That's the purpose of DRM.


It's not easy to make them less convienient to copy.

It is easy to outlaw it, though.


Yes, it's exactly as with the mass spying issue. Most may even say they don't care, but only because they don't really understand how far NSA's power can go and how it can be used. Once you sit them down and explain it to them properly, they usually start understanding and realizing how dangerous it is.


What if people don't want to be teached? Honestly, if you talk to most users about this they'll just say they'll use Chrome if FireFox is broken on a movie, and if they have to pay for the movie they'll just use BitTorrent or Popcorn Time or whatever pirate app is popular right now.


Could an analogy be drawn to other issues where consumers have no hope of understanding all the issues and influencing the market, like medicine and automotive safety? There are decisions consumers aren't expected to make because of the enormous hidden complexity combined with powerful entrenched interests. Why, then, do some use consumer apathy as a sign that it's okay to force DRM onto everybody for the sake of a relatively small industry, or to charge extra to turn off intrusive deep packet inspection (AT&T)?


>Everyone keeps repeating the claim that "most users don't care" but I think the more accurate characterization is "most users don't understand".

Certainly. But look at the people here on HN, who do understand. How many have them have stopped using browsers and OSes that ship EME?

The people that would educate the "average" user, that doesn't yet understand, are HN-type people. But while there is lots of hatred for DRM in the comments here, there simply is not enough interest in actually fighting it. It we did want to fight it, we wouldn't use products with EME and we would get our non-techie friends to do the same.


>It we did want to fight it, we wouldn't use products with EME and we would get our non-techie friends to do the same.

I think if I tried to do this, I would have way fewer friends. I don't get invited to many parties to begin with.


Yeah, I'm guessing that is pretty common, and it's why EME is winning.


It seems to me that people view and treat the same as politics: your voice is supposed to matter but collusion, corruption, relationships, lobbying etc. seem to matter more.


It is actually both. While it is true that many users don't understand, there are many users who understand and still don't care.


I don't think people do care in an ideological sense. But they probably do get annoyed if they have to install Silverlight, or can't play a purchased movie on Youtube because the DRM has failed. If we are to continue having DRM to watch videos then it might as well work.


People don't care about this stuff until it bites them in the ass. Then they care a whole lot.


Most users don't care to understand. They just want you to quit spouting your nerd shit and give them their TV shows.


How about: it's unrealistic to expect most users to understand enough to care, in the foreseeable future. Therefore, free software organizations need to make a choice of mass appeal vs free software purity. I'm of the opinion that you're never going to get all those users, so why cater to them? Also, if you don't get them on your own terms (avoiding proprietary software), what's the point?


smartest comment on the thread


The media companies would have no issues whatsoever with continuing to use outdated, insecure and otherwise broken technologies to ensure that their content is delivered with some form of DRM. Those technologies already exist, and already ensure the media companies have a future of distribution over the web.

Creating some form of standard around the use of DRM is the lesser of two evils when compared to the use of a multitude of proprietary decoders.


I find this funny...

Today there are 2 decoders, Flash and Silverlight

with EME we are moving to a minimum of 4, and possibly a crap load more decoders... Adobe DRM, MS PlayReady, Apple FairPlay and Google Widevine.

How is that better?

Ohh and calling them extensions does not magically make them better than plugins.. they are still binary blobs running closed source code interfacing with the browser using an api. a plugin by another name is still a plugin


Today, there are two main browser plugins required for watching DRM Video on the web. These plugins are not decoders, they are merely platforms on which the decoders themselves can run, alongside any other code that the site may supply. The problem with this approach, as I see it, is that these platforms create an inherent security risk for the user alongside the current issues regarding free software and ethics. The use of Flash/Silverlight also slows the adoption of other, more open, web standards.

By switching to EME, you're switching out the Flash & Silverlight platforms for a set of closed binary blobs which take an encrypted stream from the browser and produce unencrypted video/audio for the browser to display instead of executing arbitrary code. Now, I'll admit I'm not terribly well versed on the issue, but to me that seems to increase user security, promotes the use of other open web standards over Flash/Silverlight and keeps the media companies happy. The only people losing out in this situation are those that find DRM conceptually abhorrent.


Functionally, as far as displaying video goes, there is very little difference between a Flash Video player, and a Adobe CDM Video Player.

Sure it might have a slightly smaller attack surface because it does not have all the other flash "features" that are not really used any more, but do not fool yourself, it is still executing arbitrary code that is beyond your control, and any attempt to control what this code does could be considered a violation of DMCA.

It however in no way promotes the open web, I do not know where you get that from. This is the exact opposite of promoting the open web

As to who loses out, it is not just people that find DRM objectionable. Will Adobe DRM work on ARM for the various SBC system like the Raspberry pi? Doubtful.. Will there be a CMD for midori? Ice Weasel? or any of the other less popular browsers? Doubtful. With the Adobe CDM work well, and bug free with out killing system resources under Linux x86? Doubtful (it will probably work, just not well)

So we are back to a world where only "approved" platforms are allowed to use the web fully, this is direct opposition to W3C's stated mission.


I imagine that playing videos is the Flash Player's primary use case. With EME supporting only video decoding, we can sooner phase out support for Flash Player and everything else it drags along.

If Adobe's CDM can run while completely sandboxed from network and file access, then what if it was implemented in asm.js? Then "CDM.js" could be portable across all browser platforms and architectures. I'm not sure how well Firefox's JIT would optimize obfuscated asm.js code generated from obfuscated C++ code. :)

Disclosure: I used to work on Adobe's Flash Player team and I now work at Mozilla, so I have many conflicting personal and professional biases. :)


>If Adobe's CDM can run while completely sandboxed from network and file access

I'll admit this isn't my area of expertise, but how would this be possible?


The CDM and the server runs some sort of secure key exchange with the browser doing the actual network traffic. The browser is eavesdropping on the communication but that's what Diffie-Hellman, STS etc are solving. Then the browser gets the encrypted stream, hands it to the CDM which has some ties to the OS to be able to draw on the screen. Only tie to the OS is required, no files, no network. The browser can handle those.


The EME spec is designed to make this feasible at least in principle: the browser hands the encrypted video bits to the CDM.

In the case of Adobe's CDM and Mozilla, this is one of the points that was explicitly negotiated: the CDM will be running in a sandbox.


produce unencrypted video/audio for the browser to display

That's the silly example used in all of the pro-EME propaganda, but the standard also allows content providers to demand an encrypted path all the way to the video card, IIRC, thus bypassing the browser's ability to save content, and exposing a potentially insecure video driver to the CDM blob.


This is my real objection to DRM: it fundamentally either is just a show (turning over the unencrypted message to the browser, anyway) or requires that I be locked away from the computation happening (has direct access to hardware and security features to keep me out).

So either it doesn't work by design, or it's a rootkit's wetdream since all hardware is designed to be able to lock me out.


Is a bank vault "just a show" simply because no one has ever invented one that can't be penetrated with a sufficient application of high explosives or a plasma torch?

The goal of making Joe-Average choose between the official channels or some malware laden underground site is a perfectly pragmatic one on the parts of the licensors. They don't need to block the ilicit copying completely to see a benefit...

Especially when the costs of their 'protection' are predominately externalized onto the users (in the form of restricted freedoms, closed software, spyware, etc).


In my terms, a bank vault would protect my valuables by fundamentally denying me access to them, except on terms dictated by some external trusted party. This is the case of DRM using entirely encrypted paths (which can be broken with the big guns, like in your analogy), not the case of it being "just for show".

> The goal of making Joe-Average choose between the official channels or some malware laden underground site is a perfectly pragmatic one on the parts of the licensors.

Uh... what? The problem with DRM from a practical standpoint is that the effective technical means serve as an impediment to Mr Joe Average using his computer for perfectly allowed purposes - including at times playing the game. (Look at any major game launch recently for thousands of upset players because the DRM servers are overloaded.)

Secondly, you presented a strawman, since there are lots of non-malware-laden copies available online.

I'm not really against DRM per se, if there were some magic solution. Nor am I arguing that partially effective security measures are meaningless. I'm arguing that having encryption protected computing channels which deny the user override (or inspection) access are dangerous (duh! they go on malware laden websites, as you point out), and that any DRM which doesn't use such hardware level (or even low-level software) is no more effective than just setting a metadata flag saying it's copyrighted.

I get why companies want DRM, but that doesn't mean that I think giving in to their wishes is a good idea, when it both creates worse computer security problems and fails to solve the problem at a technical level.

A lot of people pirate things precisely because DRM is such a hassle.


Incomplete or inaccurate, but "silly"?


sh... brainless devs just want to bash flash... that's why.Most of them didnt live the time when you had to install 60 plugins to read videos.


There is no "standard" around DRM. Google, Microsoft and Apple each will have their own different DRM platform. If you're outside of those 3 platforms, tough luck. Their only hope is to have a popular enough 3rd party DRM platform, like from Adobe, to be able to play those videos if their OS isn't from Google, Microsoft or Apple.

How will Jolla Sailfish play these DRM'ed videos? They cannot. Unless they implement the Adobe DRM, too, which can only be implemented as a plugin, into these non-Google/Apple/MS solutions.

So now instead of just Adobe's flash , and a Silverlight that was dying anyway since Microsoft deprecated it, we'll have at least four different DRM platforms. Yay for the "HTML5 DRM"!


> Creating some form of standard around the use of DRM is the lesser of two evils when compared to the use of a multitude of proprietary decoders.

I have nothing against the media and proprietary software companies getting together to make a DRM standard. It would have precisely zero impact on my life, since I already avoid all forms of DRM.

I don't see what that has to do with Web standards though, since their goals are completely incompatible. EME shouldn't exist.


For now. If this spreads to being able to DRM images and text, or they use it on YouTube/whatever other video site, you will be affected. That's the real danger to my eyes.


Open standards (and free software as well) do not directly fight closed distributors (both media and software) or ask them to change their ways. But what they do is give a more open upstart a significant advantage; an advantage that helps them offset some of the other shortcomings they have.

So if my company had average content that could reach 2 billion people against Mediaflix's 50m with closed silverlight, I'd still survive. Once I start making better content, Mediaflix is forced to do something or they'll slowly die.


So if my company had average content that could reach 2 billion people against Mediaflix's 50m with closed silverlight, I'd still survive.

Your company is called YouTube, and it's doing just fine.


Where are the latest Hollyood hotness on YouTube? I only found teasers, third party fair use, and deleted videos and accounts.


Hence "average content". The studios are the reason Netflix has to serve their content with DRM, and they're fairly unanimous about it.


The real fight here is about mobile and all the other platforms like Apple TV, Chromecast, Roku, Sony, wearables, cars, etc. Netflix and co. don't want to have to develop for all these platforms, they want to hijack the web to do the cross-platform dirty work for them. Especially since Adobe already gave up on running Flash on all the platforms after Apple blocked them on iOS.


We're rather talking about Youtube going under DRM than Netflix.

Youtube without DRM was an advantage for a couple of hackers: They could download vids for offline viewing (iPod/iPad and p2p-sharing after takedown).

Youtube with DRM could change the game. The impact of a movie being pirated on Youtube is much more contained if users can't download it.


But they will. If the video player can decrypt the content, so can any youtube downloader transparently for the user.


Adding DRM to youtube simply doesn't make sense to me. The majority of content is added to youtube because the publisher wants people to view it and share it as much as possible. They aren't monetising the content directly.

It's really only big media companies that are in the weird position of wanting many people to view their content but only under specific constraints.


Some videos on Youtube are already using DRM, in the form of RTMPE.


Sadly, I think you're right. Silverlight is effectively dead now, but still in use for a lot of streaming video. Netflix et al will probably only ditch it when it can't even be installed on many computers any more, and will probably go for some other third party framework when they do.


> The stuff they are building today is fundamental to an open internet for the future

How exactly and what's the point of Mozilla, if they aren't following through on their principles? If they do whatever Google and Microsoft do, then they are just as bad as them, and not something I can put my hopes in to protect an "open Internet". They proved that yesterday.


Mozilla could stick to their guns on this, but it probably wouldn't have much practical effect, and the users they'd lose give them that much less leverage to fight the next battle. We already have the FSF to make ideological points with no compromise, so I'd much rather Mozilla pick battles where they can make a difference, and compromise to maintain relevance when they can't.


> Mozilla had no chance once Google, MS, Apple and everybody else decided to support EME.

Given Mozilla always brags about their mission and openness, that somehow looks like as if someone had a public resolution about staying away from alcohol, but then... well... the circumstances were so unfortunate... and just one shot wasn't such a big deal... and it's not that person's fault - it's his friend who had brought a bottle.

That's unfortunate and not respectable.

Oh, and it's not like I say alcohol is something bad. (Grabs some ale.)


That is a complete misrepresentation of the situation. This is almost literally a case of "choose your poison" for Mozilla. Abstaining is no way to win. There is no way to win this for Mozilla, damned if they do, damned if they don't.

However, at least with Mozilla you get the benefit that the DRM piece is as contained as possible and you are not leaking information to the content providers. Something Mozilla fought for that neither Google nor Microsoft gave anything about.

Also, Mozilla doesn't brag about its mission. What does that even mean? That Mozilla is pointing out the difference between itself and the other players in the market? It's vital that people are aware of the fact that Mozilla is a mission driven organization. That is the reason d'etre of Firefox.


> Also, Mozilla doesn't brag about its mission.

Really? Maybe that's just my perception, but I'd say their homepage is almost all about their mission and principles (and then about their products that are said to be driven by those). And their "about" page is the same. If that's not bragging - I'm not sure what bragging really is.

Then, their manifesto is very anti-DRM by nature, all promoting openness and end-user accessibility and control. So, it seems that they had already chosen their position and part of it was to abstain from the consumer restrictions.

Now, when their targets (bringing their products to everyone and promoting openness) started to seriously conflict with each other, it was clearly shown that the dark side is more seductive.


My old firefox tshirt says "Take back the web" across the back in big letters. Now that they have "given the web back", Im not sure I can wear it anymore.


Definition of brag [1]: 1. a pompous or boastful statement 2. arrogant talk or manner: cockiness

[1] http://www.merriam-webster.com/dictionary/brag


No it's a perfect analogy.

Mozilla have added an attack vector on users. They fought for the right to be the people adding the poison. That's not noble or unfortunate.

It means that there is no difference between Mozilla and the other "players in the market". Except that Mozilla are lying to themselves about it.


Unfortunately, the principled path is not tenable for Mozilla in this position. They were seriously damaged by their refusal to implement H.264 due to its patented nature, which they gave up recently. Mozilla has the choice of taking their lumps by swallowing this piece of crap and continuing to survive or becoming obsolete. If users can watch videos without a struggle in Chrome but can't watch in Firefox, what's the effect going to be? Firefox is already on the ropes, they can't handle another H.264 debacle.


You stand by your principle or you don't have one.

"We 98% stand by our principles but at the end of the day, if it is important enough, we will cave like we did before"

Is not an inspiring message.

Mozilla should stop the whole "We are Mozilla Doing good is part of our code", "Different by design" shtick because it is no longer true, they are now just another software house that makes a browser.


And where does most of Mozilla's funding come from? Google. As long as that's the case it can never be truly independent.

I wish they found an alternate source of cash that allowed them to get rid of those Google hypocrites.

Disclaimer: I work for the arrogant Google hypocrites.


I don't think Google has anything to do with it. Any realistic source of funding for Mozilla is going to be proportional to market share.


But they are not healthy. They have been corrupted by Adobe.

We need software freedom to be healthy, not organizations that attack that health.


They're wearing protection!!


If GNU can follow an alternate path, then Mozilla too can


There can be multiple alternate paths. I would much rather see Mozilla live to fight another day and GNU and FSF fight the battles.

Many important battles are fought with multiple tactics and multiple loosely aligned parties with a common goal.


"The stuff they are building today is fundamental to an open internet for the future" Citation needed, what is that fundamental stuff they are building?


Well, I suppose there is no fundamental stuff for the web build by Mozilla then.


Why the mod down and not an answer? coward.


How would targeting W3C change anything? Browser vendors have a final say, and at the end of the day it matters what they've implemented, not what W3C wrote in some document. Frankly, all those cries that having DRM somehow destroy open web are at the same level as the claims that homosexuals are destroying families.


Who are exactly are the W3C if not the big three, with Mozilla, Adobe and Yahoo etc tagging along?

I can't stand naive comments from those who complain about standards bodies when the standards bodies are the big companies and/or their proxies.

It is like Javascript and HTML5. They've both been inadequate from day one, and are still going to be inadequate in their future incarnations, yet every company blames the standards body as though they are not the standards bodies themselves, Mozilla included.

This is where Mozilla's disingenuity comes in.

Javascript and HTML5 are generally inadequate, and Flash if open and bug free would be a whole lot better. Mozilla then decides to implement Flash in Javascript, which is an underpowered language and difficult for large scale programs.

This is the problem with Mozilla. You sit on a board which devises an inadequate Javascript language, then you decide to implement Flash in the same inadequate language, then you go and make an agreement with the original creators of Flash for your EME/DRM implementation, because your implementation doesn't look like it is going to do too well.

Why didn't you create your Flash replacement, even a superior superset of Flash, in Nimrod, or even C, then make it the plugin standard, rather than have to go cap in hand to Adobe for some closed implementation, and top it off with some reassuring comments to Adobe's board from your CEO?

This what happens when Mozilla executives are beholden to the competition for their income. Expecting Mozilla to take a strong stance is like expecting the SEC and banking regulators to tackle TBTF banks effectively. It ain't gonna happen.

It is time to tidy up/clean up/restructure/refactor/rearchitect their code base, document it properly, hand it over to the any interested hackers, then prepare to close down, else go on to make a better browser which will have all the users and content providers flocking to your implementation

for those who don't know Nimrod I like to think of it as my favorite language du jour. C and C++ are so meh


> You sit on a board which devises an inadequate Javascript language

No board devised JavaScript.

> then you decide to implement Flash in the same inadequate language, then you go and make an agreement with the original creators of Flash for your EME/DRM implementation, because your implementation doesn't look like it is going to do too well.

EME has nothing to do with Shumway.


I mean they sit on a board responsible which is taking years to make Javascript a tractable language, and at this rate it looks like that is never going to happen.

Shumway has everything to do with EME not on a technical level, but on a business level because a superior Flash replacement games developers and other content providers found more dependable than the original Flash would put them in a stronger bargaining position vis-a-vis the other majors.

Good technical execution is Mozilla's strongest bargaining chip and if they fail at that they make themselves less relevant.


Flash is written in actionscript. Actionscript is Javascript (ECMAscript) with some additional functions added. Implementing flash on a highly optimized JS JIT is probably better than Adobe's buggy and insecure VM.


May I ask when the highly optimized JS JIT is going to arrive? My question is why they are implementing a Flash replacement in Javascript when C or C++ would be better.

Adobe's problem with Flash is that it is not open source and its bugs can't be tracked down.

An open source Flash replacement might as well be written in a faster language. It is the open source nature that matters, not the language it is implemented in.


> My question is why they are implementing a Flash replacement in Javascript when C or C++ would be better.

Using JavaScript reduces memory safety problems, and interfacing with the Web APIs from JS is simpler than for C++.


I suspect I've rubbed a few redditors the wrong way.

Why does should the announcement of acquiescence to DRM have to mention Adobe? They could have announced that they have capitulated first, and they are sorting out the details later. Oh no, Adobe had to get a mention. Why are some redditors in such denial?

This is really about a deal between Mozilla and Adobe in which Adobe becomes the Mozilla preferred vendor for those who seek to use DRM in Firefox, for whatever Adobe offers in return. It isn't just an announcement of acquiescence to DRM. Quite a few content providers will have to be dealing with Adobe and Mozilla will probably get a share of the income stream. Denial is not a river in Egypt.

I am not concerned about what deals Mozilla does, but they will have to deliver technical superiority faster and better and make their browser the one developers recommend to their clients if they are to survive in the long term.


Since people who understand the issue understand that Mozilla is incapable of developing a Hollywood-approvable CDM, if we had just announced the intent to do EME, it would have raised a big unanswered question: Where is the CDM going to come from?

Instead, whe chose to talk abour EME when we were able to answer that crucial question.


Honestly, I think the w3c should've just told Netflix et al to get the heck out of the browser.

Really, that's what this is all about... but those companies are already building fully native applications for every platform other than win32+Web. Telling them to go make a native application (or keep dealing with Silverlight/Flash) for that one last platform would be completely appropriate.

The world of software has changed - now we have major companies building applications for multiple different platforms instead of "just windows" or "just web". The web doesn't need to do everything.

It doesn't need to do this.


The W3C could have told Netflix et al to get the heck out of the browser, but the outcome of that would have been a different DRM mechanism in each of the main browsers. There's enough money in digital content distribution that browser developers will implement it regardless of what the W3C want. So the W3C had to decide between a standard they have an element of control over that's widely used, or several different DRM mechanisms that they have no input in to. The choice was not between DRM or no DRM. It never will be.

The W3C maintain web standards. They do not maintain what browsers can and can't do.


> outcome of that would have been a different DRM mechanism in each of the main browsers.

That's a common misconception of "W3C DRM". There is no such thing.

The EME spec doesn't define any DRM mechanism. There is a different, closed-source proprietary mechanism in each of the main browsers, by design.

EME is like the `<object>` tag. It doesn't do anything without a plugin (and the plugins are now called CDMs).


A different DRM mechanism in each of the main browsers is fine by me, because none of them would ever gain traction in that scenario. It takes everyone getting together and agreeing on one to achieve the critical mass required to make DRM happen. What is the use of having "an element of control" over exactly how you'll get screwed over?


DRM gains traction from people buying services that use it. It's that simple. If there's enough demand for a Netflix-like service in an ecosystem where only one browser does DRM, a company will spring up that provides such a service only for users of that one browser, even if it's a relatively small market. But, as it happens, watching digital content over the internet is a huge market, so every browser is going to have DRM built-in whether there's a standard or not. The market is big enough to support many different DRM mechanisms (we can tell that by the fact it already does).

Consequently we have to accept that DRM is going to exist whether we (the technical "elite" who understand the issues) want it or not. If we want an internet where DRM isn't entirely pervasive, where video will work without being DRM'd, where it doesn't spill out in to things like only running "signed HTML" or something horrible, we will need a decent standard that people on both sides of the debate agreed to on a pragmatic level if not an ideological one.

I believe that a W3C sanctioned DRM is a hell of a lot saner than Microsoft, Google and Apple coming up with their own systems.


What's on track to becoming W3C-sanctioned (EME) is about Microsoft, Google, Apple and now Adobe having their own systems.


But that's entirely the reason Netflix wants this. They don't want to create a separate application for every platform. EME offloads the cross-platform responsibility onto the browser vendor.


But why should standard bodies and browser vendors help them out?


Because it so happens that two important browser vendors: Google and Microsoft also distribute DRM content. They have as much to "gain" from this as Netflix does.


And a third browser vendor (Apple) is also a DRM vendor.


They want to have one lame web app instead of a set of nice native apps? I mean it's very efficient for start-ups and a cost-saver, but they seem to be past early stage...


Native apps have a huge set of their own problems. People don't want to have to install junk just to look at what should be a website, especially not when so many love grabbing all the personal data they can. If it had to be watched through an app, I'd bet any sum of money you'd find many/most accessing things like camera, mic, location, messaging, contacts, device ID, and other things they have zero business intruding in.


Why should it be a website? The only connection between movies and hypertext is both can be delivered over the internet. Why the HELL would you shoehorn a branded DRM-enabled movie streaming application into a document viewer?


> into a document viewer?

DRM discussion aside, the browser has not been a simple "document viewer" for quite some time, despite its origins.


One can teach a dog how to dance, but we don't say that dogs make good dancers.


Not necessary one web app, but one streaming layer, yes.


Then contribute to the development of a cross-platform environment that allows DRM. Push Microsoft to get Silverlight onto every platform. This does not need to be under the w3c's bailiwick.


> Then contribute to the development of a cross-platform environment that allows DRM.

That's exactly what they did here.

> Push Microsoft to get Silverlight onto every platform.

Why do that when you can get every company to adopt DRM with the pressure of browser competition?

> This does not need to be under the w3c's bailiwick.

Agreed, just pointing out how this benefits Netflix by offloading a development cost onto browser vendors.


> Honestly, I think the w3c should've just told Netflix et al to get the heck out of the browser.

The w3c isn't some nameless, faceless entity. What happened is that Google and Microsoft, two influential figures in the w3c, developed and pushed EME with Netflix.

The w3c couldn't have stopped them, EME came from the companies in the w3c.


The FSF refuses to compromise their principles. They refuse to negotiate. I respect them for that, morally its nice to have a fixed point to hold the line and refuse to change, it gives you a benchmark against where to judge yourself. Even if sometimes you think the old guard ate a bit to much paste.


I fear the day the FSF changes, be it because its leader(s) die (it's a fact of life, sadly) or the new world phases them out. That day is the day I will know freedom has lost. If Stallman came to me and said he's using a Windows machine and has given up on his uphill battle against proprietary software, it'd probably be the day I realize it's over.

I thank the FSF and Richard Stallman for being an unwavering wall without compromises, it makes me feel safe and legitimizes me to follow an ideal. It lets me hold such ideal, a target, knowing it's possible to be like them one day.


> it's possible to be like them one day

Every day you don't, every dollar you spend on proprietary software/content, it gets harder. That's why the FSF was created.


Exactly - every time I hear someone like ESR troll the FSF about why they should support "open source" instead and embrace proprietary software, I have to wonder what they're thinking. The sole purpose of the FSF is to promote free software.

If the FSF had come out in support of this, I would have said that they're shirking on their responsibility. The FSF has been known to make compromises for the sake of pragmatism in the past, if and only if such compromises actually promote free software[1]. DRM in the browser is a very different case, though.

It reminds me of the Republican party leader[0] in 2009 who said, on the topic of healthcare, 'It's over. Democrats lost. The people spoke, and they don't want healthcare. They want lower taxes. Democrats need to move on.'[2]

[0] It may have been Eric Cantor, but I can't remember

[1] e.g., using the LGPL instead of the GPL for glibc: https://www.gnu.org/philosophy/why-not-lgpl.html

[2] It's actually even worse than that, because political parties change their platforms over time, but since healthcare has been the crux of the Democratic party platform for half a century, it's the closest thing to a fixed principle as politics has.


Another example regarding [1] (by rms, not exactly the FSF) is actually supporting a non-copyleft/permissive license for libogg: http://lwn.net/Articles/299016/


I sincerely doubt it was esr that was advocating closed source or non-free proprietary software. He's pretty staunchly in support of FOSS.


Calling it "healthcare" is a Democratic shibboleth, it's not a word you hear Eric Cantor use a lot.


Yes, thank you FSF for being the stronghold of my freedom. I was expecting Mozilla to keep standing with the same comprise, but they are disappointing me as user :-(


Mozilla can't stand up for users if they don't have any.


At present they're attacking them.

Not having any users is better than that.

For the users.


They'd have me if they had stood up for me. I'll just stay in Chromium (edited, used to say just Chrome) I guess!

If I'm going to get binary DRM blobs anyways, I'd rather use the best/fastest browser.

EDIT: Please explain the downvotes! I won't know why you disagree or why I'm wrong if you just downvote and don't reply.


> They'd have me if they had stood up for me. I'll just stay in Chrome I guess!

The fact that you so readily admit that you'd rather just use a non-free browser[0] makes me doubt whether you'd actually be using Firefox even if they held out against DRM, rendering an increasing number of websites unviewable in Firefox.

[0] Chrome, unlike Chromium, is not free or open source.


> Chrome, unlike Chromium, is not free or open source.

How should we consider Chromium, knowing it is most probably used to serve Google's interests in terms of reporting, orientation, strategy, etc? Does it contain usage tracking code like Chrome?


Mandatory tracking was removed form Chromium in 2010

Opt-in tracking still exists.


I'd rather use the best browser.

If Firefox sucks (I really don't want to rant about it) and doesn't even fight for their user's rights... why shouldn't I just use Chrome/ium[0]?

I'm a switcher. I will stay with whoever offers the best browser or added value. Chrome is blazing fast for me and IMHO has better dev tools, which is why their browser is so popular. Mozilla's added value is their Foundation's goal, which they kind of betrayed accepting downloadable DRM blobs in their browser.

I come back to Firefox from time to time just because I love Mozilla Foundation. DRM would be a great excuse to finally ditch Chrome forever. I'm not even mad about it and completely understand Mozilla's decision. I'm just sad I'm not coming back to Firefox because I'm having DRM blobs anyways.

[0] When I said Chrome I meant Chrome/ium.


> I'm just sad I'm not coming back to Firefox because I'm having DRM blobs anyways.

It has been made clear that you will be able to choose whether the closed source blob is downloaded and installed.


> Mozilla's added value is their Foundation's goal, which they kind of betrayed accepting downloadable DRM blobs in their browser.

Chrome's goal is to use your browsing data to make money. I guess we can count on that principle to never be betrayed or compromised...


Did Chrome promise not to use your browsing data?

If I'm going to get non-free blobs in my browser anyways, I'd rather use the best one.


That's what I'm stating.. They promise nothing, and delivery nothing. I'd rather see my positive moral get challenged, then no morals be maintained.


> I'd rather see my positive moral get challenged, then no morals be maintained.

If I remember correctly, Mozilla was very careful not to promise never to implement H.264, for this very reason.

Anyway, if you really want a browser that has promised never to be non-free in anyway, and which you can count on to keep that promise, just use Iceweasel. It's essentially the same as Firefox with no proprietary blobs (Flash, DRM, etc.).


> It's essentially the same as Firefox with no proprietary blobs (Flash, DRM, etc.).

I had always thought Iceweasel was about Firefox branding (i.e. trademark, not copyright) issue. Mozilla had issues with some custom Firefox builds, so they asked to not call "Firefox" anything that wasn't build by them.

Maybe I'm unaware of something, but at least I hadn't seen any Flash or DRM blobs in Firefox packaging. Blobs are Chrome/Chromium distinction.

Oh, well, but if they're adding DRM to Firefox, guess that would be a new distinction between it and Iceweasel.


You don't at least want your blobs surrounded by an audit-able sandbox so you get some privacy and security?


I'm probably switching to surf now.

Anyone know a better option?


To be honest, it will probably be made very easy to you to not use the DRM components (remember that this will be a small plugin that you have to expressly install) or download a patched version that does not support EME at all. If, as a user, you feel the need to stick to principles it won't be a problem to do so.

If you, as a user, want to decide what freedom means for other people, then that is a different story.


The key insight for me is this one: "Popularity is not an end in itself. This is especially true for the Mozilla Foundation, a nonprofit with an ethical mission."

Even though non-profit organizations like Mozilla do not seek to maximize financial gain (by definition), they often seek to maximize their relevance in the world. As a result, they ARE susceptible to corruption: most if not all are willing to "compromise" -- that is, sacrifice their mission and values -- in order to remain "important" in the eyes of society.

The folks running Mozilla are sacrificing the organization's mission and values because they're afraid of losing market share. They do not want Firefox to become a niche platform.


It is not as simple as that, because I got the impression THE reason folks at Mozilla do not want Firefox to become a niche platform is popularity is a necessary resource to have leverage in the standard body, not popularity itself. Frankly, I think they will accept Firefox becoming less popular as long as the probability of maintaining necessary market share to have leverage increases, although I don't think such situation is likely.


Great point. The criticism is still valid, however: Mozilla IS sacrificing its mission and values... in order to remain "important" enough, in the eyes of society, to get a seat at the table.

It's a slippery slope.


What's the point in having leverage if you're not going to use it?

This was their moment. They have the second largest audience of desktop users. They have their leverage, and chose not to use it.


> What's the point in having leverage if you're not going to use it?

You act as if the audience is tied for Firefox. It's not. As soon as a user opens up another browser instead of Firefox to get access to the content, they are no longer leverage. And when you look at the audience as those with just Firefox alone, and those with a second browser, that audience dwindles to very few indeed.

You could make the argument that they then don't need to support the DRM because users can easily get around that. But then the problem there is that suddenly users are being punished. The content producers aren't suffering, just the users who are forced to switch browsers.


If you have leverage and don't use it because you're afraid you'll lose leverage... you don't really have any leverage.


Mozilla is using leverage, just not to fight the battle you want them to fight.

Mozilla has decided to use their leverage to make DRM more private and secure.


That is exactly the point! In this case, Mozilla does not have leverage. Users have leverage. Chrome and IE users could have decided to abandon those browsers when they implemented the DRM measures. They did not.


I don't necessarily agree with their decision, but sometimes you've got to choose your battles, as they say. Maybe they weighed the importance of this issue against the decrease of influence in future (perhaps more important) matters that the alternative stance would have brought in terms of userbase, and concluded that it would have been detrimental to their overall mission?

What is your theory as to why they chose to not use their leverage, as you put it? Greed, vanity?


My theory is that they are more concerned about market share and being relevant, then they are about protecting the rights of their users and standing up for what's right.

This is a move from the Mozilla Corporation, not the Mozilla Foundation. Losing users would be a threat to their bottom line. However putting the bottom line above their supposed principles certainly reduces their credibility.`


This was one of many possible moments. How well did it work when they didn't support H.264? They're picking their battles.


I'd just like to point out that the H.264 issue is way smaller than this. H.264 is a public standard that anyone is free to implement. This is why FOSS encoders and decoders for it can freely exist without any issues (and the FOSS x264 encoder also happens to be pretty much the best H.264 encoder in the world too). The complications arise from the fact that a lot of tech used in H.264 is patented (software) and licensing of said patents is required in many cases to make use of it. But all in all, H.264 is still quite compatible with FOSS (and would be perfectly compatible if software patents didn't exist), whereas DRM is completely incompatible due to its secret nature. This is a far bigger issue for Mozilla to compromise on.


> H.264 is a public standard that anyone is free to implement.

That's correct -- you can implement it. But you have to pay for its usage. See http://www.mpegla.com/main/programs/avc/Documents/AVC_TermsS...

EDIT: guess who is paying for this?


and if they choose to battle for privacy and proper DNT it makes a lot more sense than a losing battle against DRM.

The most annoying part of this is that Abobe is providing the plugin. Much rather Mozilla do their own thing.


DNT is a non-starter. It's asking companies to play nice and please please please don't track users. That's never going to be a reliable option.

Blocking third-party cookies by default on the other hand is a good start.


Mozilla can't really do their own thing unless they start writing some closed-source code. And then negotiating directly with various content providers about what the code will do. Probably a few other things I haven't thought of as well.

It's all possible, but it'd be a pretty big difference from what Mozilla does normally and I'm not sure they'd be very good at it. So outsourcing that stuff makes a good bit of sense.


This was the last possible moment. Once the web is full of DRMed content, they're entirely beholden to any demands that their DRM partners and content providers might make, like removing the privacy safeguards and giving the binary DRM module full access to the system so it can make sure code outside the sandbox isn't siphoning off the decoded video, extending the DRM to images or even HTML, etc...


Mozilla is just another nonprofit, disregarding its mission and instead working to promote the salary of its administrators and executives.


I work for Mozilla. I suppose you have evidence I do not.


Didn't you get the memo? They "fixed" the "glitch".

Sorry, couldn't resist.


Yes, it's disappointing that Mozilla is adding DRM to Firefox. No, that does not mean they hold "misguided fears about loss of browser marketshare".

People have the freedom to disagree with you, FSF. Just because they do doesn't make them misguided, especially on a future prediction.

How is this any different from flash/silverlight plugins we already have?


Exactly.

If Joe Sixpack or Aunt Tilly uses firefox, wants to watch Netflix, and can't because of this, they're going to switch to Chrome. They won't understand why, and won't care even if they did. I'd have thought the FSF would be more concerned about them potentially switching to Chrome in that use case...


> I'd have thought the FSF would be more concerned about them potentially switching to Chrome in that use case...

How is Chrome(/Chromium) worse than Firefox, if the latter starts encouraging DRM?

If the FSF should compromise their principles for this, should they have also encouraged everyone to use KDE back when Qt was proprietary?

How about admitting that GIF, despite being patent-encumbered, was OK to use because there it was on so many Geocities sites?

Shoud we all give in and sign patent licenses, so that we can access all of those Bzip1 files?

Maybe we should stop improving our Javascript engines, since clearly Flash won the battle for Web multimedia.

Heck, we could increase the average level of user Freedom if we stopped all of this distracting GNU/Linux/BSD busy-work and concentrated all development effort on developing our Windows and Mac builds.

Clearly no. The FSF have been playing this game for 30 years; they're in it for the long haul.


>How is Chrome(/Chromium) worse than Firefox, if the latter starts encouraging DRM?

Because chrome will too for exactly the same reason Firefox has, but chrome comes with the bonus of tracking the user's activity, creating profiles, and sending pseudonymised data back to google, which with google's analytics and profiles, is as good as personally identifiable to them as they can just link it to maps, gmail, youtube, etc to get a full profile.


Then the users need to be educated about those things too.

Don't you think it's a bit odd that the premise is to "trick" users into using Firefox by luring them in with promises of Netflix support? What's the point of this, and what precedent does it set? These are the issues we need to think about, rather than just saying things like "oh no Mozilla is losing all it's users" and other silly doomsday predictions.


>Then the users need to be educated about those things too.

If you have some magic trick for doing it, go ahead.

A majority of people are stupid. They don't care about their privacy, they use chrome because google advertise it, they leak data everywhere they go, and either don't care, or are imbecilic enough to believe "If you've got nothing to hide, it doesn't matter".

In a way, HN acts as a reality distortion field if you get the bulk of your news from here, because people here are likely to make well researched comments with thought behind them; which makes it easy to forget that a lot of the world's population is very stupid and/or apathetic about most issues.


Aunt Tilly won't be switching to Chrome. She will continue to use Internet Explorer 6 with the Yahoo! and Ask toolbars, but russian bride popup all while partying like it's 1999.


True enough, unless a family member installed Firefox with an IE theme for them and changed the icon, which I have seen happen before. Either way, a user without a clue will switch without understanding the underlying issues.


Joe and Tilly should stop subscribing to Netflix. That would be the correct solution.


Should vs. will is just about what this entire discussion boils down to.


Why does Mozilla care if Joe and Tilly use Chrome? If they don't care about or fund free software, no one benefits from them using Firefox. The user base that cares is the one that matters.


No, all the users matter. The number of people using Firefox gives Mozilla leverage that e.g. GNU Icecat doesn't have.


So, give in to the capitalist bullies who want to make the web theirs as a wholly commercial outlet, starting with the browser, because "they're going to win"?


> If Joe Sixpack or Aunt Tilly uses firefox, wants to watch Netflix, and can't because of this, they're going to switch to Chrome.

They won't switch because they are already using Chrome.

Most Firefox users I know (perhaps I'm biased?) do so not because it's the best browser (it is absolutely not!) but because of Mozilla Foundation's values.


You don't know anyone that uses Firefox for its wider selection of extensions, more customizable UI, and better privacy (separate search bar and URL bar) features?


> wider selection of extensions, more customizable UI

Nope. Most people don't care about that or in fact prefer Chrome's non-customizable UI.

> and better privacy (separate search bar and URL bar, keystrokes not sent to Google as "partial searches" by default)?

That's what I meant with "Mozilla Foundation's values".


Usually when "supporting a company's values" is given as the primary explanation for choosing one product over another it implies that the customer does not gain or is in fact sacrificing some direct benefit because of a factor that not related to the utility of a product relative to its competition.

Increased privacy is very much a direct benefit for a user and it is a real factor that contributes to the utility of FF.


Which adding DRM detracts from.


You're reading too much between the lines.


That's weird. I know a fairly even proportion of users of each, but people who are power users or close are overall more clustered around firefox, to be fair.


That's mostly the case for me too, but not exclusively. As it is, I'd guess Firefox is maybe at most 10-20% power users who are likely to understand privacy issues etc.


You are biased.


How about people switching away from Firefox due to DRM? Don't they care about loosing users that way?

Although TBH there aren't many alternatives (open source, doesn't support DRM), other than a fork of Firefox itself without the DRM bits.


Are you aware that by default Firefox will not be able to display any DRMed content, and that people will be given the choice to download a plug-in to do that just as they are given the choice to install the Flash plugin today? Can't those users just decide not to download the closed source plugin to view the DRMed content? What's the point of switching browsers?


AFAIK the plugin interface for Flash is something generic, its not made for Flash only. This DRM plugin will have open-source code written specially to support DRM plugins, and thus Firefox/Mozilla has given up, and actually endorses the W3C EME, and endorses DRM. That is bad. I'd rather use a browser that doesn't endorse that.

I think the EFF put it right https://www.eff.org/deeplinks/2014/05/mozilla-and-drm "Baker may think that Mozilla cannot change the industry on its own (despite it having done so many years ago). Sadly, it changes the industry by accepting DRM."


Adding that capability removes any reason for web sites to use any of Firefox's other capabilities.

Mozilla just told all its users to install IE, Chrome or Safari.


I have no idea what other capabilities you are talking about. This is about DRM. What Firefox features would web sites use instead of DRM?

To your second point: If you install IE or Chrome the DRM system will be part of your browser and you have something out of your control running on your system whether you want to watch DRMed content or not.

With Firefox you can just keep using the web, and as long as you never want to watch any DRMed content, nothing changes for you. Only if you want to watch DRMed content will you be asked to download a plugin. As the cherry on top, Firefox will not leak identfiable data about your video usage to DRM or content providers.

Unfortunately Mozilla alone can't stand against the power of Google, Apple, Mircrosoft, Amazon, Netflix and others united in their desire to push DRM through, but if you can't see the difference between Mozilla and the others, I don't think there is anything I can say to change your mind.


How is this any different from flash/silverlight plugins we already have?

It's a W3C standard, for one. Whereas Flash/Silverlight are completely third-party, EME can be argued to be "browser-endorsed" or "web standards-endorsed" to a degree.


You mean for developers? I don't think users care which standards body does or doesn't endorse the content they're trying to view.


> You mean for developers?

More for concerned citizens.

There is a difference between add-on code for particular proprietary content platforms, and writing DRM support into the web standard. Not implementing a Flash plugin doesn't break compliance with the 'official' browser standards - not bunging in the EME stuff will, presuming it gets fully adopted.

That, as I understand it, is the real point of controversy in this whole thing - whether DRM belongs in web standards. Mozilla was fighting it, uniquely among major browser vendors so far as I know; this move means that they've basically given in.

Whether they are right or wrong to do so is another matter.


Citizens who are concerned about browser standards? I'm having a hard time picturing this. It's hard enough getting developers to care about official standards.

When I click play on a movie in Chrome, I don't know (or care) whether it's using Chrome's embedded Flash or an "open" HTML5 video tag or some crazy proprietary thing. I only care when it doesn't work.


> Citizens who are concerned about browser standards? I'm having a hard time picturing this. It's hard enough getting developers to care about official standards.

Are not the hundreds of people who responded to this thread citizens of somewhere or other?

Are they not concerned?


Why are they doing it then?


I mean that their fears are not (necessarily) misguided, and claiming them to be is not helping the FSF's argument. I would rather they focus their arguments on the real reasons to avoid DRM, rather than making unverified claims about Mozilla's motivations.


But Mozilla gave us unverified claims, such as "we'll lose market share". Where are the numbers to support that? That's what FSF means.


How are they supposed to verify a claim like that in advance? Their market share is dropping already, that's about as rigorous as you can get without forking the universe to run some tests.


Meantime I think Firefox still doesn't support DASH/Mediasource by default, which means you get lower resolution videos on Youtube: https://bugzilla.mozilla.org/show_bug.cgi?id=778617

If video support is so important, why don't they prioritize that over this DRM thing?


Not from lack of EME. EME isn't nearly widespread enough to have any impact. Netflix still runs just fine in Silverlight.

In the absence of evidence, I don't see how claiming those fears are misguided is any less valid than claiming that they are well founded. I'm not really sure what argument you're making here.


The FSF would have good points, but then they ruin them with things like "or the issues that inevitably arise when proprietary software is installed on a user's computer.". Yes, DRM is bad, but not everything has or needs to be open source to treat its users ethically, and some people do need to make a living from their software.

Not everything needs to be GPL to respect people's rights to do what they want with something they bought, not everything needs to be open source just because they like it that way, and above all, people should have a right to choose to install whatever they want, and distros should have the same right to choose to tell the user about closed source software when it would be helpful to them. If the end user didn't want to hear that, they can either ignore it, or use a FSF-endorsed linux distro like Trisquel. The fact that so few people do shows to me how most people are completely fine with having the ability to install what they want.

Freedom may include giving others freedom to do things you personally don't like, but the FSF tends to think a single, ironically restricted set of freedoms to match their philosophy are all that everyone needs.


It's not like they said "proprietary software is evil". They say "[issues] inevitably arise when proprietary software is installed on a user's computer." That's a very mild statement that's hard to argue with.

>not everything has or needs to be open source to treat its users ethically

The FSF's entire raison d'etre is to disagree with that statement, and they do so eloquently. If you have a different view, that's fine, but you need to engage with their arguments a bit more deeply than just contradicting the premise.

>some people do need to make a living from their software

People make a living selling all sorts of things. This has no bearing on the ethics of doing so.

>most people are completely fine with having the ability to install what they want

...which is typically the first thing to go in closed ecosystems.

>a single, ironically restricted set of freedoms

Freedom of the sort we're talking about here is zero-sum. Your freedom to swing your fist ends at my face. Would you call that "ironically restricted"? The FSF argues not unreasonably that your freedom to run private software ends at other people's computers.


If I choose to run Windows as well as Linux, if I choose to install software I purchased, it doesn't harm RMS. In fact, it doesn't harm anyone as long as I'm aware of any potential direct personal impact, which goes for any software including open source.


The FSF doesn't fight for open source. They're not the "open source foundation". That's someone else.

Proprietary software is obviously not a requirement to make a living off software, unless you think Mozilla had been starving until now and that's why they have to put proprietary software in Firefox.


So every random small developer or indie game studio can get a multibillion dollar partnership with google?

As it is, Mozilla's relationship with Google is looking shakier every day, as from Google's perspective it's undercutting their own business with Chrome, while from Mozilla's perspective, they promote firefox as being a browser that respects privacy, and partnering with an organisation as fundamentally anti-privacy as Google undermines that.

Yes, Mozilla needs funding, but I'd rather pay a one off fee to purchase firefox if it really became necessary. Firefox could then come with no bundled search engines[1], and by default direct the user to the mozilla addons page to select which they would like to add, perhaps with a predefined list of popular choices given prominence similarly to the microsoft browser choice screen that gave prominence to Firefox, Chrome, Opera, IE and Safari, then had others listed if you cared to look further. I guess that whole argument is getting into the question of whether firefox is for power users or the drooling masses who wouldn't want to configure their search engines though.

[1] I'd like to see it bundled with duckduckgo included, but I know that even if it came without any, many users would want to add google themselves. I respect their choice to in that case.


Yes, Mozilla needs funding, but I'd rather pay a one off fee to purchase firefox if it really became necessary.

Note that this alone would not make Firefox proprietary software. It'd still be free, just not gratis, provided redistribution and modification rights are still present.


> Yes, Mozilla needs funding, but I'd rather pay a one off fee to purchase firefox if it really became necessary.

Wonderful! So you don't even have to wait - you can do almost exactly what you're describing right now! Just do the following:

1. Donate to the Mozilla Foundation[0]

2. Download IceWeasel, a version of Firefox that comes with no non-free software by default (but which allows you to install non-free plugins later on if you desire)[1]

[0] https://mozilla.com/donate

[1] http://www.geticeweasel.org/


a version of Firefox that comes with no non-free software by default

So is the Mozilla version, and that will even still be true after EME gets added.


[deleted]


>Chrome isn't a business, so much as another way to search the web. But instead of automated crawlers it has people who will do the searching, do the crawling. Kind of ingenious if you think about it.

Google will make more (indirect) money off the average chrome user than the average firefox user, simply because they get far more metrics, analytics and data from them to make a profile for advertising. Obviously, the average firefox user is likely to have higher technical skill so possibly go to some lengths to confound tracking attempts, but that is beside the point, especially since comparable privacy addons are generally available for chrome too, with the primary exception of NoScript. (Edit: NoScript itself for chrome may not exist, but there are still comparable addons).

Back when google signed the Mozilla deal, they didn't have a browser, and the stream of data they get from directing firefox users' searches through google was and still is more profitable to them than letting mozilla pick another default and denying them that data.


[deleted]


Isn't that exactly my point? Maintaining their (that is, Google's) majority is more important to them than a small financial loss as they make more money off those firefox users indirectly. If they didn't, they would probably write them off as a loss and let mozilla direct them somewhere else, especially since a majority would likely add google to their search engine list anyway.


Yes, I was using open source as a catch all term for free, both because free is far easier to misunderstand, and because free tends to create negative connotations for many people, especially at the large scale end. I know the FSF disapproves of that usage, but it seems convenient to me, it's one of the most common descriptions I see, and the alternatives are primarily acronym-based like FOSS, FLOSS, etc. and don't roll off the tongue as easily. None of that invalidates the point; namely that the FSF thinks that only free software should be allowed to be promoted to users (and possibly other software outright discouraged), which I find identical to DRM mindsets, just in the opposite direction


Yes, I was using open source as a catch all term for free, both because free is far easier to misunderstand, and because free tends to create negative connotations for many people, especially at the large scale end.

Open source is very easy to misunderstand, as well. A lot of companies have been abusing the term by giving (limited) source code access without any actual rights to the code itself, and then calling their products "open source".

I know the FSF disapproves of that usage, but it seems convenient to me, it's one of the most common descriptions I see, and the alternatives are primarily acronym-based like FOSS, FLOSS, etc. and don't roll off the tongue as easily.

It's funny, because "convenience over ethics" is one of the major points that the FSF opposes. And there is a smooth and unequivocal alternative: libre.


Libre suffers from the same problem as 'free' perception-wise, and has the bonus issue of being hard to know if you're pronouncing it right. Libre means free, so any word association issues around free will apply by default. Also, not all open source software is free in price terms, which free/libre creates confusion around.


No, libre does not mean "free as in zero-cost" it means "free as in freedom". The word for zero-cost is gratis.


> No, libre does not mean "free as in zero-cost" it means "free as in freedom".

Prior to its adoption by the Free Software community to resolve the distinction, it was obsolete and virtually unused in English; while it was used in English with that meaning, it was no longer current at the time, and in some of the languages where the word is current -- and where people it in fact has the same "zero-cost" vs. "having the quality of liberty" ambiguity as "free" has in English.

Using current, widely used, and idiomatic English terms that address the distinction -- "complimentary" vs. "unencumbered" rather than "gratis" vs. "libre", for instance -- would probably be more clear to people outside the movement than adopting terms that had fallen into general disuse in English. Specialized and unfamiliar-to-the-general-public language can be good for jargon intended to make technical distinctions in a closed community, but its a barrier to communicating with the wider public.


No it wasn't "obsolete and virtually unused" - at least, not in the UK. I knew what libre meant back when I was a youngster, long before I'd ever heard of the FSF.

I suspect the vast majority of literate English speakers could tell you what libre meant and wouldn't think of it having any connection with software at all. It's an English word borrowed from the French, not computer jargon.


Exactly; so deliberately using a word with a double meaning is counterproductive there.


Well, you're right, but still: Mozilla is funded mostly by companies that make money out of proprietary software.


> and distros should have the sameright to choose to tell the user about closed osurce[sic] software when it would be helpful to them.

Of course they should. That's why they have that right, and are using it. The FSF isn't stopping them; in fact, by supporting development of GNU, they're indirectly helping such distros.

What point are you trying to make, that the Free Software Foundation should not complain about encroachments on Software Freedom?


I think you do not understand how the free software movement work. Let me shine some light by rewriting your comment as if it was about a more commonly understood environmental issue.

"Yes, pollution is bad, but not everything has or needs to be pollution-free to treat the environment fairly, and some products need be cheap enough to produce revenue.

Not everything needs to be green to treat the environment fairly with stuff people have bought, not everything needs to be pollution-free just because they like it that way, and above all, people should have a right to choose to run whatever car they want! The fact that so few people do run pollution-free cars shows to me how most people are completely fine with driving the car they want."

(btw, the FSF philosophy is the freedom to do anything except restricting other people freedom. If you want to define freedom as the right to restrict others then go ahead, but I don't).


Nice strawman. The clear indicator of a desperate "I don't like your point but can't directly refute it".


As opposed to your comment, which contains an eloquent refutation of belorn’s comment?

Don’t simply call people trolls or strawman-slayers, use good arguments to counter bad ones. Otherwise we get bad arguments countering bad arguments, followed by meta-arguments, tone arguments, etc – don’t let it happen. See this comment for example; Is this comment not better with the second paragraph than without it?


Does anybody know what Brendan Eich's stance on DRM is? I can't help but wonder if this would have turned out differently had he still been in charge.

Eich helped found Mozilla back when it was just contributions to Netscape, and then helped break off as a fully-fledged project. My guess is that he understood the loss here. On the other hand, Gal wrote PDF.js which replaced the proprietary PDF reader, so you'd expect him to get it, too.


Eich strongly opposed DRM and patent-encumbered formats like H.264, but he also understood the realities of the situation[0].

The writing has been on the wall for a while - as soon as Mozilla realized that Google was going to renege on their promise to remove H.264, Firefox was bound to include it (since H.264 wasn't going anywhere). As soon as the W3C enshrined DRM in the HTML standard, it was a matter of when, not if, Firefox would be forced to, assuming the media industry adopted it (which they will).

The only alternative would be for Firefox to hold out and refuse to adopt it, watching their userbase shift away to all the other browsers that did support it.

[0] http://blogs.computerworlduk.com/open-enterprise/2013/11/bre...


EME is not in the HTML standard yet, and is in fact not even out of Working Draft state yet.

Meanwhile users abandoning Firefox for not supporting DRM in the browser is not at all a foregone conclusion. More likely is years of content providers forced to support other browsers, giving more leverage to those seeking other solutions.


I saw a relevant post in an older thread: https://news.ycombinator.com/item?id=7746442


I was curious about that too. I think the result would've been the same. I hope these organizations (including the FSF) can remain focused solely on free software. Getting involved in other issues lowers the odds that a given free software community member will agree with all of those, harming the community overall.


Mozilla is Serving Users. A great Orwellian phrasing.

http://ebb.org/bkuhn/blog/2014/05/14/to-serve-users.html


I don't see why the FSF is up in arms about this. Mozilla is essentially doing the same thing that the FSF does with the GNU C library by releasing it under the LGPL.

They even spell out the case when they should adopt the lesser License[0], despite the fact that it goes against the FSF's core values and they advise not using it[1].

At the end of the day, I see this as Mozilla's LGPL.

http://www.gnu.org/licenses/why-not-lgpl.html 0. The most common case is when a free library's features are readily available for proprietary software through other alternative libraries. 1. But we should not listen to these temptations, because we can achieve much more if we stand together.


Has Mozilla really changed its policy? At a certain abstraction level, they already had a plugin in system that allowed for DRM binaries embedded in the browser. So what if the plugin system is a bit different?

You could already watch DRM netflix in firefox. If they were going from no-DRM plugin policy to allowing DRM in plugins, that would be cause for uproar. But Mozilla has always allowed DRM via plugins.


Arguably a DRM-specific plugin API is worse than a general-purpose plugin API (NPAPI) that was used for DRM.


Even if that DRM-specific API offers sandboxing of the plugin in ways that a general-purpose API could never hope to do?


> Has Mozilla really changed its policy?

Yes, they are accepting a web standard that can only be implemented in a closed-source and patent-encumbered way, which should be something that both Mozilla and the W3C bitterly opposed.


  Write to Mozilla CTO Andreas Gal and let him know that you oppose DRM.
mailto:agal@mozilla.com


To help Google to essentially kill yet another browser.


Mozilla is very much trying to be a technology company these days with profit in mind (realize that there are 2 Mozilla's - one which is a nonprofit org and another a for-profit inc).

They are not like the fsf. They care about user share, market and all that. Idealists cannot afford to think that way.


If there was some way we could verify DRM was "what it says on the tin," it could be a tremendous tool for ensuring our privacy and freedom online. When big companies DRM content, it limits our freedom, but if we could DRM our own data, it limits big company and government abuses.

However, there is admittedly a big caveat here. I don't know of a workable way to know that DRM is "what it says on the tin." Big business and governments could place back doors into such mechanisms, which would put us in an even worse position than where we are now.


Audited open source DRM could work if it ran on trusted computing hardware, but that's a double-edged sword.

Also, the imbalance of power between companies and individuals is so great that I don't think any amount of DRM can overcome it. Companies can afford to not negotiate with individuals.


That's exactly the verifiability problem I'm talking about.


I can't find the information to answer my question, so don't downvote me because it's a stupid question. I admit it is, I just want to know for curiosity.

I don't understand why Adobe has to be used here? Why didn't Mozilla partner with Apple, Google, and Opera on a standard implementation code for this? After that's done, then Mozilla can try to sneak in one last question for all partners, can we do it better than this?


Here's some speculation based on industry politics: Apple doesn't cooperate with anyone. Opera is irrelevant. Google, MS, and Adobe are probably willing to license their DRM plugins to Mozilla. We can imagine that some kind of three-way bidding process went on and the outcome was that Mozilla chose Adobe DRM. As others have pointed out, Adobe is kind of desperate because they don't have their own browser, so perhaps Adobe was willing to make their DRM plugin slightly less evil than Google or MS.


If Mozilla licensed DRM from a competing browser vendor, they would effectively be crowning a de facto DRM "standard" based on combined browser market share. Mozilla's support for Adobe's "less evil" CDM means there may be more competition around DRM, though I have no theories how that might play out.


I'm assuming Adobe simply ported the tech from Flash video DRM (which everyone was using).


Well, there's a bit more tweaking to make it EME-compatible, but basically: yes.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: