The reason Firefox is allowing this is that browsers and operating systems produced by nonprofits acting in the public interest don't have enough market share to resist being dictated to by for-profit corporations. Imagine FirefoxOS had the market share of Android and Debian had the market share of Windows. Would we still be having this conversation?
The free software people have been preaching this for decades. It turns out they're right.
So don't install Chrome, use Firefox. Then next time it will be easier for Mozilla to do the right thing.
I'm surprised to realize this: Firefox must be the best browser there is, in order to fulfill its mission.
Shouldn't be so surprising in retrospect (like many things), but I never fully got that before.
Power comes from being chosen by end users. Firefox needs power to be able to resist this kind of crap. In this case, they didn't quite have enough power (probably because they let memory bloat get away from them a few years back, giving Chrome the upper hand which is has done a decent job of holding on to).
Similarly, Mozilla tried to take the high road against H.264 in Firefox. Google pledged to drop H.264 from Chrome, too, but reneged on its promise. Mozilla lost users.
Google is trying to do the same with EME over HTTPS. Google wants Mozilla to stand together with Firefox and Chrome resisting EME over unprotected HTTP. But they want Firefox to go first (again), even though Chrome is already shipping EME.
> Firefox must be the best browser there is, in order to fulfill its mission.
Does caving in to commercial pressure and adding unpopular (for its core audience) features like DRM advance it in that direction, or in the opposite direction? I believe "more of the same" isn't going to help it pull ahead, it needs distinctive features such as more privacy, fewer ads, or even a strong anti-DRM stance.
As a (former) large-ish website owner I have to disagree with your assessment. Even browsers with 5% market share (Firefox has 15-20%) have the power to influence design decisions and thus counter browser-based DRM adoption, except strong de facto monopolies (like Google, youtube) that can make or break browsers by supporting or excluding them (youtube has even more influence than Google search currently because of its unique content). It's true that Firefox was simply too bad to use for a couple of years (cue conspiracy theories about Google being their main source of income and desperately trying to push Chrome), but it still had power due to its large user base.
A rather large part of Chrome's growth came from marketing. Pushing users of both Internet Explorer and Firefox to download it directly from the Google.com homepage, online ads, offline ads, etc. Firefox has never had access to that kind of marketing.
And don't underestimate all the bundleware installs, too. Even today, when upgrading your version of Java in Windows, it still tries to trick you into installing Chrome.
It's not about being the best browser, opera has long been the best browser as almost every innovation got copied from opera. It still failed to get a global market share and only came to lead some local markets.
Besides chrome didn't get its market share on technical merit alone, but mostly by paying for its installation and targeted PR.
What is your criteria for declaring Opera the best browser? I tried it a few years ago, but found it awkward and slow. I'm sure I did not give it a fair chance by reading about its features ... I merely tried it briefly and went back to Firefox.
Even if Firefox were a monopoly, content owners would still desire DRM. Without the option to deliver that in harmony with HTML5, they'd just continue to use Flash, Silverlight, etc.
We don't need counterfactuals to imagine a world without EME; we've lived it.
Flash and Silverlight were both dying before EME existed. Basically all it took was for Apple to say "no Flash" and Flash was as good as dead. I don't understand why you think that a free software infrastructure with a strong market position would be incapable of doing the same thing.
They were dying for most uses, but not for DRM-based video streaming.
Also, Flash did not die, just because Apple said so although that certainly had an impact. It also died, because the web was getting better and better; because it was a proprietary tool not available to everyone; because it integrates poorly with the whole architecture of the web - e.g. dynamic generation on the server; because it had a bad reputation due to security and performance issues; and because a plugin, even if widespread, is still a dependency that you want to avoid.
> They were dying for most uses, but not for DRM-based video streaming.
It is a tautology that DRM-based video streaming is going to use some kind of DRM. The point is that if several major platforms provide no support for any form of DRM then DRM will be removed from video streaming. The idea that video providers are going to give up a majority of their customers because their devices support no DRM is not reasonable.
> Also, Flash did not die, just because Apple said so although that certainly had an impact. It also died, because the web was getting better and better; because it was a proprietary tool not available to everyone; because it integrates poorly with the whole architecture of the web - e.g. dynamic generation on the server; because it had a bad reputation due to security and performance issues; and because a plugin, even if widespread, is still a dependency that you want to avoid.
I'm not sure what point you're making... that Flash sucks and died for multiple reasons? Granted. But it was still dying before EME existed and DRM wasn't enough to save it.
Lol, no. If every web browser said "no DRM in video, freedom or death!" then the movie studios would say ..... OK. We'll ask users to download an app instead. Or use Apple TV/Xbox/PlayStation to watch things rather than their browsers. And consumers would. End of story.
Browser makers don't have some crippling monopoly power over how computers work that they can use to force submission on an entire industry (thank god).
The idea that the movie industry will give up on something they view as a fundamental requirement for them to earn money, just because browser makers throw a hissy fit, is not reasonable. The movie industry will find a way because they believe their industry must, or else it will wither and die.
At which point they'll be losing customers. And if the operating system doesn't support apps with DRM, what then? Ask the user to buy a new device?
> Or use Apple TV/Xbox/PlayStation to watch things rather than their browsers.
At which point they'll be losing more customers. And if the dominant console is also something that doesn't support DRM, what then?
> Browser makers don't have some crippling monopoly power over how computers work that they can use to force submission on an entire industry (thank god).
No, but customers do. Which is why customers should choose browsers and operating systems that do what customers want.
> The idea that the movie industry will give up on something they view as a fundamental requirement for them to earn money, just because browser makers throw a hissy fit, is not reasonable. The movie industry will find a way because they believe their industry must, or else it will wither and die.
This is just meaningless rhetoric. It is possible to make money without DRM as proven by the fact that many people are doing it. Piracy does not exclude profitability as proven by the fact that there are more Disney movies on The Pirate Bay than there are in the Disney store and Disney is still making tons of money.
The people who think the movie industry would disappear without DRM are idiots. The harder we make it for those idiots, the more share they'll lose to people who know better and the fewer idiots will remain.
It's not even like this is a fight. It's just widespread misunderstanding. DRM is bad for the movie industry. It locks customers into closed platforms which put the companies that control those platforms between the studios and their customers. It causes viewers to derive less value from DRM-encumbered content, which causes them to consume it less often and not be willing to pay as much for it. It causes piracy to increase because it has zero effect on the experience of downloading from The Pirate Bay and a negative effect on the experience of paying customers. The studios have been sold a bill of goods.
But what happened to netflix when apple said no plugins? They made it an app.
The whole idea behind the no flash movement was to move services that relied on a plugin, away from the web and onto the app store.
Apple wasn't fighting for free technology, they were pushing users onto Apple's own version of EME.
Let's imagine all web browsers drop flash, silverlight, EME and all the other common technologies used for DRM. What do you think netflix will do on the desktop? Will they move to pure HTML video or will they start building desktop apps?
> Apple wasn't fighting for free technology, they were pushing users onto Apple's own version of EME.
That's the trouble. They practically did it by accident. Imagine they actually were fighting for free technology. Then they wouldn't allow DRM in any apps either and what you're worried about goes away.
You get to the same place with licensing instead of restrictive app stores for actually free systems. For example put some language in the license (call it LGPLv4) for all the libraries for putting video on the screen that requires any application implementing DRM to be distributed under the GPL. You can have all the DRM you like as long as the source code is provided and anyone is allowed to make and distribute changes. :)
'market position' is a red herring -- it's a proxy for Developer Will. Developers care about the market share of what platform they write for, and they care about it more than principle.
You might as well say, if the developer community got its act together and stood on principle, no company could caputure 'market share' without their consent.
The problem is not the Mozilla non-profit knuckling under -- it is developers failing to have an institution similar to other professions, such as the Bar or AMA, giving them principles.
Developers have to care about market share. Writing code that no one ever runs is tilting at windmills.
A professional organization would have no control over that whatsoever. People have principles. Principles don't come from bureaucracies. Professional organizations are full of politics and politics and ethics are entirely orthogonal.
If anything professional organizations are used to undermine an individual's principles: Economic interests pressure the professional organization to approve some unethical behavior and then anyone who objects to it is pointed to the professional organization's approval and told to shut up and do it.
Firefox has improved a lot, since I switched to Chrome. What I'm waiting for is proper sandboxing using a multi-process architecture (they are working on it) and rubberband scrolling. Recently, Chrome has also improved profiles a lot, and I use that to isolate Facebook. I don't think Firefox has a comparable UI for this.
Yeah, but Chrome now has a simple menu item that creates a new window for a different profile in just one click. I have skinned that window, so it's easy to distinguish.
That's not a sandbox by the same definition has Chrome.
Sandbox = CPU sandbox, not just cookie isolation.
To achieve that in Firefox will require massive re-writing of lots of code to basically do all the stuff Chrome was built to do. Chrome doesn't allow the CPU process running the webpage to access any OS services or hardware. All access to those are in other processes that do tons of validation that what the page is asking for it should be allowed to access. That way, even if there's a code execution bug it's unlikely to be able do any damage.
"Until that number changes I'm not switching to back to Firefox."
Maybe you should switch then, why?
A lot of this information is subject to interpretation.
# of Vulnerabilities in 2014:
Chrome: 127
Firefox: 108
The code exploit stats show how many exploits were found and patched, which is completely different from the number of exploits that a browser has.
Only 4 exploits were found and fixed in Chrome whilst 55 were found and fixed in Firefox... in my opinion that makes Firefox the leader as they found and fixed more vulnerabilities.
Unfortunately Chrome is a google product. I'm not using chrome ever, why would I voluntarily install spyware ? One that bundles itself with many freeware.
Firefox sucks a lot (no usable UI integration, missing many basic modern features, changes stripping user of choice, and more) but chrome sucks to infinity and is automatically disqualified, I would consider Iron but not chrome. Now my hopes are for vivaldi, I'm waiting for it to get out of tech preview.
You can use Chromium and have all the supposed "Spyware" removed. Although there is no spyware in Chrome.
Also Chrome doesn't bundle itself with anything other than a special more secure version of flash which you can turn off. If you got a version bundled with something else that was a fake install by a 3rd party. The same thing happens to firefox
Here's a search for chrome. First 3 links are fake installers made by a 3rd party that likely installs a virus/trojan/rootkit
Downvote me to oblivion but the facts are mozilla has long been funded by google and advertising, thus actively contributed (and still contributing) to turn the web into a surveillance tool.
You may have forgotten but I still remember how mozilla alienated developers around the time firefox was still firebird (or was it when it was phoenix?). How they killed the mozilla suite that turned out to perform better than the unbloated replacement for it. Then there's the legal threats towards debian.
These are only a few examples off the top of my head, but one does not have to look very deep to find a trail of not doing the right thing at mozilla along its history. Sorry if pointing this out infuriates the fanboï in you, but mozilla has done its share of wrong along the otherwise good stuff.
Except that Firefox does not include the closed source bits when distributed, and only downloads then on demand. If you don't watch DRM'ed content, you don't need closed source DRM, and once https://bugzilla.mozilla.org/show_bug.cgi?id=1089876 is fixed, you can disable EME altogether and ensure your installation's purity.
I don't understand how this is any worse than Firefox supporting (and reluctantly promoting) closed source plugins for years. In fact, this situation will be far better than Flash, Silverlight and all other plugins ever.
Why is supporting EME and limiting closed source crapware to a minimum so bad, while supporting huge closed source, bug ridden application runtimes sort of okay?
I think it's a valid point that EME reduces the amount of closed-source code. This was among the arguments used by Google and Microsoft when promoting EME.
However, on the other hand:
1. EME is an actual W3C standard. It feels - and is - wrong for an organization like the W3C to promote an API that is not about openness, but rather about the opposite.
2. While EME proponents - and DRM proponents in general - argue "content makers will never accept delivery without DRM", that is far from clear. First, and most importantly, just a few months ago The Interview was sold online, without DRM whatsoever, and it made lots of money. The sky didn't fall. Second, the argument that "DRM is necessary" was also said about digital music, which eventually dropped DRM. Finally, there are also alternatives like watermarking (with their own downsides, to be sure) which over time could be explored.
Overall, I think it is sad that Google, Microsoft and Netflix have won and EME is unavoidable at this point. But, given the power of those entities, only a miracle could have stopped it.
Just for my context - is the browser plugin DOM interface used for plugins (the <object> tag) a W3C standard as well?
I fully agree with point 2. Even if all browser vendors assumed this point to be true however, I think Netflix and other video content providers would have 'happily' run Flash and Silverlight for years and years. There hasn't been a shortage of browser DRM options for a very long time now. EME is an improvement over the Flash/Silverlight situation, and a realistic option at this point for improving the situation right now.
It's a shame Firefox is being derided for being pragmatic or not being perfectly virtuous here. With implementing EME they are still working on improving the openness of the web.
Browser plugins were never standardized. NPAPI was just done at netscape, later used by some other browsers too, but not all - not by Internet Explorer, in particular, which has its own plugin API.
At some point Google proposed standardizing PPAPI, a new plugin API (and a very large and complex one), but it met with no interest.
The argument at hand is that Firefox shouldn't support it, not that W3C shouldn't. (The argument is conditioned on it having been spec'd and adopted by the W3C, and concerns what Firefox's response should be.) Is it more wrong for Firefox to support an open interface to proprietary plugins, than a proprietary interface to proprietary plugins (the "N" in "NPAPI" literally means Netscape; this is something they deployed unilaterally and other people copied)?
NPAPI plugin usage was already declining without the requirement for EME. Most people disabled or uninstalled Java, and Flash was only required for some video and animation sites. Game engine plugins will be replaced by WebGL+JS. Audio/video conferencing plugins can be replaced by WebRTC.
Historically, plugin use was much more widespread, and there were plugins for all kinds of things. You had to have a separate plugin for each of Video for Windows, RealAudio, Quicktime, Shockwave, Java, etc., and there were others for playing different media types like .mod, .xm, .it, displaying image formats, ...
The NPAPI interface was also standard enough that every browser supported it. So yes, it's "more wrong" to add a new interface to new proprietary plugins than it is to continue supporting a dying legacy interface to proprietary plugins. The NPAPI trajectory was downward, while EME's intended trajectory is upward.
I think this needs data. From my foot in the enterprise world, this doesn't seem even close to true; random SSL VPNs and the like require Java. If anything, most people are running an out-of-date version of Java because corporate IT hasn't approved the one that fixes ten exploits yet.
> and Flash was only required for some video and animation sites.
Due, largely, to (EME-free) HTML5 video and other HTML5 features. EME is not replacing HTML5 video, nor is anyone talking about using EME to replace Flash-played videos that weren't using DRM inside Flash.
There's a lot of implication running around that Flash is being replaced with EME video. It isn't. The vast majority of Flash is being replaced with non-EME HTML5 features. A fraction that was previously implementing DRM in Flash is now implementing DRM in EME.
NPAPI plugin usage, specifically Flash video, was going to continue to be a thing for Flash videos that were using DRM. (You could make the argument that these things would just drop DRM if it were too hard, but given how long Flash stuck around until there was a high-quality replacement that was objectively better than Flash from the content-publisher's side, it's a hard argument to make.)
If this sandbox enables Firefox to safely host DRM malware, it could very well be used like a generic "Docker for the client", right? People could write high-performance code blobs in native chunks for things like online games, and Firefox would just load them without endangering the user's system or data.
Maybe someone with in-depth knowledge of the sandbox could weigh in about its actual security, I'd be interested in hearing about it.
Because if it's not secure enough to allow arbitrary code from random websites to execute safely, it's sure as hell not secure enough to run that DRM crap. What happens instead is Firefox becomes a vector for Trojan horses and root kits installable on my computer on behalf of any interest group imaginable.
I switched from Chrome to Firefox specifically for things like these.
There was a big kertuffle a few years back where Mozilla made it clear they weren't going to support anything like native client (and they then put a bunch of resources into asm.js).
I don't know if that has changed or not, I don't pay close attention. I only mentioned it because of the "Docker for the client" line, that it already exists is a pretty emphatic yes.
> I only mentioned it because of the "Docker for the client" line,
You're right. I corrected the original comment to make it clearer I'm talking about Firefox. The point was to call out the sandbox argument a bit, since I'm not so sure it's actually safe to run malware in it.
Well, I'm a 1. web developer, 2. independent filmmaker, and 3. work in media full-time, and this doesn't really bother me.
I want to be able to rent any movie for streaming. For better or worse, that means some kind of DRM is inevitable. I'd rather Mozilla and the standards advocates have a seat at the table, where they can be a moderating influence, than pretend the table doesn't exist.
DRM isn't preventing people from pirating the works, it just makes life harder for paying customers and potentially presenting a security hole to them as well.
I don't disagree; the piracy firehose is already on and this is all a moot point. But if you want the distributors to play ball with web standards instead of sticking to Flash, you have to address their concerns.
Is DRM really inevitable for streaming video ? I can listen to my music as much as I want, unrestricted, without DRM, through deezer. And that's a premium service. They seem to be doing just fine.
Besides, spotify uses flash for their webplayer, probably for DRM as well. Yet there exists an open source spotify client, despotify, that probably would make it very easy to download the music as MP3.
In the end, DRM just means making your client's life a pain.
What do you mean, without DRM? Does Deezer provide you with mp3 files to put on your devices (ipod shuffle or similar)? Can you send a file to a friend? Or does Deezer forces you to be online and/or use Deezer's own app to listen to your music?
There are a lot of ways to engineer DRM in a system, I think you just don't see that you're actually using a DRMed system to play your music.
DRM will not make it possible to rent any movie for streaming. Most of the recent and blockbusters one certainly but any is not gonna happen. Only way to get any movie is through file sharing from people, it's not legal everywhere yet but at some point a global license will come to be.
This is an interesting reframing of Cory Doctorow's position in his EFF post about YouTube last week. I assume the conversations with Mozilla's Mitchell Baker and Andreas Gal were arranged in response to the EFF piece. Is he playing "bad cop" on the EFF's site and "good cop" on the The Guardian?
Although this is relevant again since they also decided to put DRM in Firefox OS for the Matchstick (curiously, the plan is Adobe DRM for desktop Firefox and Microsoft DRM for Matchstick; corrections/clarifications are welcome).
Matchstick isn't a Mozilla project, is it? It happens to be built on Firefox OS code, but anyone can use that code, and Matchstick is made by a third party. Mozilla can't prevent someone from building a Firefox OS product and adding Microsoft DRM to it.
So I think the "they" in your statement there might be confusing, as it seems to imply Mozilla is doing something here.
(btw, I hadn't heard about this latest development with matchstick regarding Microsoft DRM, link?)
Matchstick is not a Mozilla project. The Matchstick company has been (deliberately?) fast and loose with its marketing around Mozilla's and content providers' brand names.
I've been rather irritated with the amount of sites reporting Matchstick as a Mozilla project, and again just recently.
They did work with Mozilla early on to get casting running in Firefox Android to their prototype and it does have the "certified by Mozilla" label.
Hopefully their efforts on MSE and EME will help expedite development in Firefox so that Youtube doesn't suck as much.
This is kind of surprising to me, that Microsoft would license PlayReady for a non-Microsoft platform, in this case Matchstick. I wonder if their policy was always that way, but it just didn't happen, or if it changed?
Microsoft wants its DRM to be supported on all platforms, otherwise it would irrelevant on mobile. PlayReady is available on Android, iOS, smart TVs, and set-top boxes (which most likely run Linux instead of Windows CE these days :)
The reason Firefox is allowing this is that browsers and operating systems produced by nonprofits acting in the public interest don't have enough market share to resist being dictated to by for-profit corporations. Imagine FirefoxOS had the market share of Android and Debian had the market share of Windows. Would we still be having this conversation?
The free software people have been preaching this for decades. It turns out they're right.
So don't install Chrome, use Firefox. Then next time it will be easier for Mozilla to do the right thing.