What Do We Get for That DRM?

The W3C sells out users without seeming to get anything in return

I had a hard time finding anything to like in Tim Berners-Lee’s meager excuse for the W3C’s new focus on digital rights management (DRM). However, the piece that keeps me shaking my head and wondering is a question he asks but doesn’t answer:

If we, the programmers who design and build Web systems, are going to consider something which could be very onerous in many ways, what can we ask in return?

Yes. What should we ask in return? And what should we expect to get? The W3C appears to have surrendered (or given?) its imprimatur to this work without asking for, well, anything in return. “Considerations to be discussed later” is rarely a powerful diplomatic pose.

Berners-Lee, best known as the creator of the World Wide Web, seems well aware of the tarnish he’s applying to his creation. He acknowledges that:

“none of us as users like certain forms of content protection such as DRM at all. Or the constraints it places on users and developers. Or the over-severe legislation it triggers in countries like the USA.”

After acknowledging that, however, he goes on to define an open web as a marketplace, something that is “universal in that it can contain anything”, rather than being universal in that its content can be read by anyone. It seems painfully clear in his discussion of user priorities that the users who matter most in this universal marketplace are the ones who “like to watch big-budget movies at home”. The rest of us—including those who worry about “the danger that programmers will be jailed” are extremely welcome to “weigh into the discussion thoughtfully and with consideration”.

The saddest part of that discussion, however, is the question. What are we users—and what is the W3C—getting from building the risk of programmers being jailed into the core infrastructure of the Web? I have no doubt that browser vendors eager to cut deals will incorporate DRM into their offerings. Does that make it a good idea for the W3C to offer its name, its facilities, its intellectual property agreements, and its umbrella from antitrust prosecution to such a project? Why not leave the companies to pursue their own directions, and take on the risk of legal action themselves?

I’m left, however, with Berners-Lee’s failure to answer his own question, and his strange expectation that users can “ask” for something in return and hope to see it. I have too many memories of decade-old conversations with Microsoft employees after they had, for a time, won the Browser Wars. It was clear that the users I cared about, whether developers or individuals who just couldn’t make things work, were not the users they cared about. Our roles was just to create an ecosystem in which Microsoft could make a lot of money. (Microsoft is far from alone in that view—I only single them out for that past history.)

Berners-Lee suggests a mild possible response, the Restricted Media Community Group. It’s a place to gather input, but it’s a Community Group, and the W3C has no obligation to listen to it unless perhaps they need to save face. Robin Berjon pointed to the Web Copyright Community Group yesterday, but it too basically opens by acknowledging the W3C’s surrender and ends with a vague hope that pressure elsewhere might be useful.

Most of my technical work still revolves around the W3C, so I’m at kind of a crossroads. This is far from the first time I’ve doubted the intrinsic goodness of the W3C. It’s been a very long time since I’ve taken the W3C imprimatur as a sign that something was bound to be great. While HTML5 and CSS3 certainly reinvigorated public interest in the W3C, this is yet more reason to pick and choose the useful bits carefully.

On the bright side, I’m privileged to work at a place that understands the fruitlessness and damage inflicted by DRM schemes. I keep hoping that more people will take that example as a sign that businesses can thrive without treating customers as thieves.

What do we get for that DRM? A clear sign that we’re not to be trusted.

Related

Sign up for the O'Reilly Programming Newsletter to get weekly insight from industry insiders.
topic: Web Platform
tags: , , ,
  • Christopher Thomas

    most people realise this for the non-issue it actually is, the web is still open and you can still buy doritos from the supermarket.

    the api created here is nothing more than a way to connect to a series of binary objects made available to the browser depending on what software you’ve installed, it doesn’t impose any code restrictions and can be completely implemented in free/open source software.

    if you want to view content from website X, then it might require you to install some software to check the authentication keys, perhaps you didnt buy access to the website, or you don’t have a valid account, the website might ask you to install a binary, closed source encryption object or even use a standard encryption and ask you to provide a key.

    how is this different from any current situation right now? I mean, flash is closed source, so right now we already do this but with the battery sucking flash tech, now we get to eliminate parts of the “stack” which are inefficient whilst keeping people who want to retain control of their content happy at the same time.

    this really is a non-issue and most programmers who actually understand the issue, realise it’s not a problem, nor an issue to talk about.

    if people don’t want to use those websites, they are free to not use them, nobody forced them to type in n e t f l i c k s d o t c o m anyway, right? So if the website owner WANTS To act like that, let them, if the clients don’t mind, no problem, if they do mind, they’ll eventually go out of business or adapt….

    but the take away here is this: nothing changed

    • SilentLennie

      There is a difference, when the W3C makes this a standard it is rubber-stamping DRM as OK.

      • Christopher Thomas

        DRM is ok, for those who want it, those who don’t, don’t have to use it, why should you decide or dictate what other people can do?

        I don’t like EME, but I also don’t care, I don’t use websites which I would need to bother with it, so it doesn’t affect me, if it removes flash from the web and replaces MOST of flash with 90% HTML5 and a 10% binary encryption module, then I’m all for the extra 90% of HTML5 we’ll see instead.

        Then we’re one step closer to getting rid of DRM altogether, you really think they (the big media companies) can drag us back to the horrible world we had before? Thats never going to happen.

        Let them have their false victory, it won’t make any difference for the rest of us who refuse to use it, it only affects the tiny amount of websites who WANT to lock their content up, let them, it’s their property to do what they want, if you don’t want to buy from them you can just buy from somebody else instead, if you do buy from them, then surely it’s the conditions you accept and if you use netflix now then surely you are already buying into the DRM of the web because it’s already done using flash, what difference does it make that now it’ll be done in HTML5 instead of flash? it’s the same, just the name of the tech has changed.

        but realistically, nothing changed, it’s just a bunch of tech nerds circle jerking themselves over something that really doesn’t fucking matter……

        • Ted Appleby

          “it’s their property to do what they want, ”

          load of horse manure, mate. Intellectual monopoly is not property, copyright and patent should be abolished. See Boldrin&Levine, N. Stephan Kinsella, Pirate Parties etc. etc.

          • Christopher Thomas

            if they have it and you don’t, you either pay their price, or look to get it somewhere else, if you can’t get it, then you either pay their price, or don’t get it.

            it’s a simple fucking argument, learn to logic sometimes….

            if you don’t like the terms of any agreement, then just don’t agree to them, walk away….it’s easy.

            but if I like the terms and accept them, then I’ll do what I need and to some people, a infinitesimally small group, who might want to make copies, well, thats not in the terms of the agreement, so if you don’t like that restriction, then again, walk away.

            what is so hard about this point of view that you freetards don’t understand?

          • Spook

            That decides it. You’re a shill.

          • Christopher Thomas

            This is a typical response from a freetard, if somebody says something that doesn’t agree with their position but instead agrees with say, some company, you are immediately branded a shill.

            Well buddy, fuck you, I am not a shill, but I am not stupid enough to buy into your bullshit and I understand the technical issues well enough to know this isn’t a big deal and is a non-iasue, if you want to live in la-la land, then by all means, but don’t expect everybody to feel the same way

          • PaulDavisTheFirst

            You don’t understand the technical issues. You’re disgracefully rude. And you’re dismissing the real concerns of hundreds or thousands of developers who understand all this stuff much better than you’ve demonstrated in your posts here.

          • Christopher Thomas

            perhaps you could backup what you say with actual information then that’d be great!

            I’m rude? Hey, guess what? I don’t give a fuck what you think, I’m always rude to morons who talk like they know what they are talking about, but in actual fact do not, you’ll find other replies I put to people here who didn’t try to “slap me down” and instead I’m a perfectly reasonable guy, I’m just not reasonable with idiots who like to think they’re clever.

            I’m dismissing the real concer….no wait, I’m not doing that at all, I’m pointing out that hundreds of thousands of developers should check in at reality hotel and realise their concerns are not concerns at all and if they knew as much as they think they do about the topic they are apparently so incensed about, they’d realise that.

            if you have any ACTUAL INFORMATION on the topic, then put up, or take the other route, shut up.

          • PaulDavisTheFirst

            No. Fuck you, moron. Shut up. I’ve been a programmer for 30 years. Tired of your bullshit. You live in la-la land. Are you too fucking stupid to read the link?

            </sarcasm>

            You skipped right over the key issue when you wrote:

            So basically it’ll either pass the frame data back to the browser, or
            it’ll render through some protected path, perhaps on windows it’ll use
            some specific API, but either way, it doesnt matter,

            Unfortunately, it does matter. If there is no protected path, and there is no protected path on (e.g.) Linux, then it can only pass the frame data back to the browser, which means that the “raw” data becomes available to the browser code, which will be unacceptable to the sites that decide to use EME/DRM. This means that there can be no acceptable implementation of EME on platforms that don’t provide a protected path (to the frame buffer, to the audio buffer, to whatever).

            The result will be like netflix right now: it relies on Silverlight DRM, which is not available for Linux because it is not possible to implement Silverlight DRM on Linux in a way that keeps it “secure”. Ergo: no netflix on Linux unless you use Wine to hack around this (and even that is unreliable and not really feasible a lot of the time).

            Maybe you think that this is an acceptable future for the web, but many of the rest of us don’t.

          • Christopher Thomas

            > No. Fuck you, moron. Shut up. I’ve been a programmer for 30 years. Tired of your bullshit. You live in la-la land. Are you too fucking stupid to read the link?

            You’ve been programming for 30 years and yet you don’t understand this issue? seriously? have you been working in management or something? Cause I’ve only got 20 years and I understand it better than you seem to…..

            To sum up the rest of your post, the situation hasn’t changed for people on linux then, it’ll get better for people on windows and mac, but on linux, no protected path = no encrypted content, so ok, it’s still an improvement over the current situation

            This has been the status quo on linux for decades, so I’m not sure why you’re so surprised….or even angry…and the bullshit about not being able to provide a secure path on linux is absolute horseshit, people don’t WANT to do it, but thats different than people CANNOT do it, the problem comes from the companies trusting that the person hasn’t hacked their box with a piece of code to dupe the content as it passes through, ever heard of a HDCP stripper? So in reality, not even windows content paths are totally secure….

            This solution makes it better for people who currently now have to deal with flash or silverlight, it removes the need for those plugins and makes the problem a smaller issue, it’s like one step forward in the direction of completely eliminating them, but provides the entire web browser community with a way to provide fast access to encryption api’s, something that benefits people who want to encrypt data on the client, it’s not JUST about the content providers and big business..

            Do I think it’s the best solution? no, do I think it’s a step in the right direction, yes, it means less flash and more html, even if you don’t benefit as much as your windows friends do

          • PaulDavisTheFirst

            The “status quo” on open source operating systems has been that although companies have created proprietary protocols, APIs and systems for content distribution, the design of the web (which has generally eschewed such things) has pulled distributors back towards openness (which also implies user control too). Not 100%, but the pull has been significant, to the extent that even Adobe has felt a reasonable level of pressure to make Flash available on (some) open source platforms.

            With the W3C endorsing a plumbing API that allows DRM which cannot be implemented on open source platforms, some of that pressure is removed. Big content distributors, in their misplaced goal of “preventing copying” would love to be able to require us to use THEIR preferred technology. To date, the web has tended to push them toward using OUR (users) preferred technologies (ones that are open, free and leave users in control of their machines). The W3C’s endorsement of this idea will make it easier for them to switch away from what is good for users towards what is good for them. There will be browsers and platforms that can support their goals, but not open source ones.

            Clearly you don’t consider that a loss. A bunch of beg to differ.

            Your reference to HDCP stripping is precisely why the idea of DRM is so broken in the first place. It only takes 1 person to be bothered to do the hack …

            And no, I don’t do management.

          • Christopher Thomas

            I agree with your premise that an open web promotes openness, I disagree however that it should enforce openness. The openness of the web allows people of all types to do what they want on that platform, some people actually SELL things, so to do that they must control how that product is sold, to do that, sometimes you must restrict peoples access to things, you are not buying a copy of that content, you’re buying a licence to access it.

            You might disagree with that platform, but it’s what lots and lots of people like, they feel it’s ok to pay for their netflix account each month even though they cannot make copies, because they aren’t thinking like data horders, they just want to watch tv on demand.

            So you’re in the <5% of people who actually care about this, it's not really important anyway since a lot of people are getting linux in a different way, through android, which is practically doing what linux could not by having a sane development platform which doesnt break every two days and it's eating linux from the inside.

            This API allows people who DO care about how people access THEIR content control over that and restrict and sell that content in a business friendly fashion, thats good cause it removes flash from the equation in almost all the situations where people use flash for video players when they don't need it, it'll mean flash goes back to concentrating on what it should, making vector graphics and other things that HTML5 cannot do yet and actually, flash is a development environment first, it's where adobe gets the money from, guess what they are building now? a HTML5 version of the same tools they built for Flash. They can't lose, cause a million designers a day will want that tool when flash finally kicks the bucket.

            BUT, the sticking point is a tiny corner of the web which needs or wants to control the access to content on their network, so ok, lets create a small API that can interface with a plugin installed into the browser, it's an ALMOST complete solution, eventually people won't need it and it'll just be a general purpose encryption API, which is good for the rest of us because we now get native, high speed access to a great API To do encryption in the browser, so it's not a complete loss, we do benefit.

            At the end, flash is available on linux, as a closed binary and not open source at all and the alternatives are awful

            As for your diatribe against DRM, well, man, you have to live in the real world and I'm sorry you don't like it, but if I had something that people wanted to buy I would sell it too and I wouldnt give it away for free and if that means I have to sell access licences to my network instead of actual copies of films, videos, etc, then so be it, thats the real world, stop trying to force everybody to be as perfect as your dreams let you be, it wouldn't work in reality…..you're dreaming if you think there is a world without any sort of access control, how many popular platforms are there for buying music in non-DRM mp3 formats and how many users are there, combine that knowledge with how many people use itunes, even though those services exist, I mean, if you think people cared, why do you think people evidently don't care as much as you think? Do you think those people are just badly educated? Why is it? Grooveshark doesnt let you copy tracks to the computer, I can offline them on my android device, but I don't even though or worry about the mp3 files…I just don't care and guess what else….the MAJORITY of people don't care either..

            I appreciate your ideals, I just happen to see the world around me as not being compatible with those ideals, so get over it…

          • PaulDavisTheFirst

            Actually I make a living on those ideals. http://ardour.org/

            And if you think that was a diatribe on DRM … then clearly you haven’t read a real diatribe on DRM. You’ve also radically changed the direction of your argument, away from “you don’t understand the technical details of this” to “well, it will work ok on Windows and Mac and < 5% of people care about anything else". That is an argument, of a sort, but it is a very different one from the stuff you were aggressively pushing back at other people in this thread.

          • Christopher Thomas

            I’m wondering if you understand the words coming from your mind if you are a developer for ardour and yet are here explaining that you make a living from non drm and its ideals…..its a music production platform, you surely output in many formats and I am having a problem incorporating this conversation with your work on that product.

            As for the diatribe on drm, I have been online for around 15 of those 20 years and I think that I have heard all the arguments and actually I agree with most. I just think they are idealistic and not possible in the real world.

            I didn’t change direction, I simply explained another point in the discussion, I don’t know how you can logically combine the two comments within the conversation we are having, I can acknowledge that if you are a programmer, you do know the technical details, but simply have come to a set of invalid conclusions.

            And the argument hasn’t changed, its just gone in different directions, depending on who is doing the talking, that doesn’t mean the original conversation points suddenly stop existing, it just means they are explained, done and over with, or something else is being discussed, i would have thought that is obvious to a programmer…..

          • http://www.openbuddha.com/ Al Billings

            So you don’t get to watch Netflix? News flash: watching Netflix isn’t a right. If it is important, you’ll have a device that streams netflix. Currently I have:
            1) an Xbox 360
            2) a Samsung TV
            3) My Apple computers
            4) My tablet

            Just because it doesn’t work on Linux because the vendor doesn’t offer it on Linux doesn’t mean it is an injustice against humanity. The whole standard is a compromise to move away from the current way of doing things and STILL keep the media companies working with folks.

          • Christopher Thomas

            therefore proving my point, thanks al billings!!

            netflix isn’t a right, so if the company wants to run it’s business like that, then so be it, if this means a drop in the number of flash or silverlight solutions for a short term DRM in HTML5 solution, then so be it.

            over time, companies will become more open, but right now, I’ll settle for killing 90% of the problem than keeping 100% of the problem, the remaining 10%, the decryption can wait for another day, it’s much easier to kill a target when it’s small and confined.

            but they way people are acting here, it’s like netflix IS a right and supporting their right to run a business their way using standard technologies is apparently an affront to that right, you don’t have to use the encryption system if you don’t want to, but if a company wants to, then let them, if it helps or hurts their business model then that’s on their shoulders

            but don’t try to convince me that adding a NEW EXTRA API to HTML5 which nobody HAS TO USE, is going to hurt the web, cause it’s not, if you didn’t add it, you’d have tonnes of flash or silverlight players doing the job and HTML5 wouldn’t get a lookin, battery life would and does suffer and I can’t build a player using standard tech, at least this way we get rid of most of the problem and have a shot to hammer the final nail in the coffin in a couple of years.

            Right now, DRM isn’t going anywhere fast, this provides us with a way to divide and conquer the DRM world, but the freetard nutjobs are blocking it because of stupid ideology….

          • Christopher Thomas

            exactly, it doesn’t harm people who don’t use it and it will help those people who do use it and it will have benefits by eliminating a large amount of proprietary code which right now is closed source for no reason just because they require a decryption object the whole thing must be a black box….this allows us to liberate most of the object into an open source environment and keep only the decryption object a black box, it’s a victory and a step towards eliminating the black box completely.

          • http://www.openbuddha.com/ Al Billings

            But not the concerns of billions of actual users…

        • Rob

          “DRM is ok, for those who want it, those who don’t, don’t have to use it, why should you decide or dictate what other people can do?”

          DRM, by it’s very definition, is dictating what other people can do. Who are you to dictate what other people can do?

          • Christopher Thomas

            Surely its a choice you make determined by whether or not you want. What they have? Going to the cinema is exactly the same, people pay and use the services provided because they want what the cinema has.

            But if you don’t like it, then just dont go to the cinema, simple. But just because the cinema puts restrictions on your ability to say, take videos of what you see inside their building doesn’t stop you from going into any other shop which surrounds the cinema and looking at the dresses, or the shoes, or perhaps buying products they have inside, but they have no DRM restrictions because they don’t have any need for those restrictions.

        • jimmoffet

          You do realize that DRM causes people to be charged with crimes for simply viewing the code that is running on their machines, right?

          Regardless of whether that’s a technical or a legal issue, it’s a solid reason to keep it out of standards.

          If the businesses want DRM adoption, they can lobby to get rid of the laws that target programmers for viewing the code that runs on their machines.

          It’s like Ford being allowed to sue you for opening up the engine of your Mustang, it’s absolute madness.

          They need to acknowledge the fact that these insane laws produce no meaningful amount of security.

          • Christopher Thomas

            you do realise that the world doesn’t entirely consist of america and it’s screwed up DMCA, right?

            you do realise that people sometimes live in other countries and they do whatever they want without any repercussions, right?

          • jimmoffet

            Hello, this is ACTA calling Christopher Thomas, can you hear me? The US and multi-nationals are forcing extreme IP law on the entire planet through a barrage of treaties. All indications are that this approach will be successful. I would love for you to give me a reason to hope this IP treaty campaign will ultimately be routed…

          • Christopher Thomas

            hello there jimmoffet! from a part of the world which rejected the treaty and therefore doesn’t have to give two shits what it says….

            /little dance

          • jimmoffet

            You’re a lucky man. As someone who has been fighting that kind of stupidity for a long time, it breaks my heart to see my country exporting it (sometimes in even more vicious form than we have here, as in Vietnam).

            Nonetheless, the momentum is clear. If you don’t have to deal with it now, just wait because it will come back around (as in NZ). Public rights advocates around the world are on the defensive and rightsholders are gaining ground every day.

            I hope you’ll take this issue seriously in spite of the fact that it may require fighting for someone other than yourself.

          • Christopher Thomas

            since this issue will only ever exist if somebody attempts to crack the encryption, I suppose it’ll only affect me if i attempt to crack said encryption.

            if I don’t do that, it’ll never affect me, since I cannot fathom any reason why anybody would want to crack the encryption, apart from wanting to gain access to content not permitted by the people who own those encryption modules, I can only say that this issue only bothers you if you plan on going head to head with “those guys”

            on mac the encryption modules will be made available, since everybody wants to watch netflix, on windows it’ll be the same, on linux, it won’t, it’ll be the status quo for linux, no support and no willpower by customers to support it.

            so nobody apart from linux programmers will even attempt it.

            so video providers will support mac or windows, if you have one of those platforms, you’ll buy an account, or rent a film, if you use linux, you can’t access those services

            if you don’t use any services which use the API in question, it won’t bother you at all, since you’ll never have any problems using the web, it’ll only affect you on websites which use those specific encryption modules, the open web will be completely open and will stay completely open in the exact same way that it’s open right now and was open 1 year ago. so nothing will change apart from a tiny selection of websites who want to use these encryption modules to protect their content and the rendering path will be something the browser and operating system work together on by providing a “paint rectangle” to display the decoded content in.

            so please, explain me why this bothers me and explain to me why I should care? this is a complete non-issue and it has always been that.

            I simply dont understand why it bothers you, apart from “I want to do that because I want to do it” well…then if you want to take a risk, do it, otherwise, don’t, but the other 99.999999% of us, don’t give a damn…why should we listen to you? Give me a reason.

          • jimmoffet

            99.9999% of people don’t create the innovations that change the world. Don’t “paint” innovation-free zones into w3c just because they happen to fall outside your particular area of interest.

          • Christopher Thomas

            Your argument is invalid and weak, since the whole point of the w3c is to make standardisations of technology for interacting with the world wide web for everybody, not pander to the tiny fraction of people who run linux and who will be affected by this.

            So thats what they did, they made it possible to standardise the majority of the code which runs in all of those customised [flash, java, silverlight] objects, make them all mostly irrelevant and reduced the amount of proprietary code online

            Also, your argument is stronger in the reverse, you’re proposing the 99.9999% of people have to use inferior technology just so you can keep your perfectly open play zone to yourself, a group of people which consists of the fraction of 1% that remains after you discount the 99.9999% of everybody else, which even includes web developers who DONT use linux which from my experience, happen to be the majority of web developers, so even then linux is a minority market.

            You’re (I’m assuming you are one of those who will be affected, correct me if I’m wrong) the minority compared to the rest of us who just want the web to work and dont think we need to jump through hoops just to play a video. Now I can watch that video with standard html5 code and the only part which is still a black box is a tiny decryption module. Which is a far smaller footprint that it had before, thats a good thing.

            The problem space gets even smaller when you consider that android is trampling over the cold corpse which is the linux desktop as it provides a standardised platform that anybody can make and sell apps on, something linux never ever had a hope of doing because nobody could figure out what colour to paint the bike shed…..google just painted it whatever colour they wanted AND WE LOVED IT.

          • jimmoffet

            One of the great ironies here is that Berners-Lee has repeatedly said that not needing someone else’s permission to innovate is one of the primary reasons the internet came along as soon as it did. He just painted the shed and everybody loved it, to borrow your phrase. One of the most deeply held principles at the w3c is that its standards not be encumbered by patents. This decision has failed that part of the mission.

            You are the commenter in the 1950′s saying, “who cares if we lock down innovation on switching electronic signals, it’s a tiny piece of the overall engineering of this device and there’s only a small number of people working on alternatives who would be disrupted. Besides, the [baby] step we are talking here works [slightly] better for 99.9999% of people.”

            If ideas like yours had prevailed, who knows when the transistor would eventually have been developed. What do you think the economic damage would have been for every year that had been delayed? How many trillions? How much delay in development around the world? How many additional world wars before we finally became too economically interconnected to countenance such stupidity. Technological innovation is serious business, with serious consequences.

            The point isn’t whether or not media playback is likely to change the world in the same way as semiconductors. Whether we’re talking about media playback or semi-conductors or 3D printing is irrelevant. The fact is that enshrining drm into international standards replaces an international group of highly-skilled professionals who took an important political stand with respect to innovation generally, with a group that does not. It’s really that simple.

          • Christopher Thomas

            over time everything changes, we cannot afford to be static and unchanging, it’s better to be flexible than rigid, ask any engineer who has built a bridge

            everybody interested in open source in a positive manner considers patents to be bad, but there are no patents in the standards and only the encryption modules are “POSSIBLY” (but in real terms, most likely they ARE) closed source. However the standard just defines an API for talking to those modules

            _I_ personally am not the commenter you’re talking about, it’s hard to imagine the level of misunderstanding you’d need to make in order to make this argument, I’m going to try to explain it to you a little bit better.

            There are two ways we can do this, we’ve already got the first way

            1) we can create a closed source, completely binary object which basically renders whatever it needs and because it’s a closed box, incorporates many more elements than the thing that is being protected, because there is no generic bridge between the two ecosystems

            2) we can create a small API which does the encryption part and then it can integrate directly with the page

            right now we already have 1 and it’s awful, but the protected content isn’t going away and maybe it’ll be a few more years before we see no drm on videos, but creating an encryption api is useful for more than just protecting videos, we could use it to encrypt any data we wanted, given a specific set of encryption modules for standard algorithms. However 2 is a step in the direction of completely removing the problem, it removes most of the black box and reduces the black box to just the part surrounding the encryption module, thats a huge win over the current model.

            If we did nothing, we’d just stay with option 1 until kingdom come and we’d walk nowhere down the road, at least this way we walk most of the way towards a completely free ecosystem with no encryption.

            Before you say that if we make encryption easy it’ll never disappear, I’d like to point out that itunes also had encryption and it was easy and they eliminated it, so it’s not impossible. In fact, the world is moving in that direction.

            Your analogy with the transistors is absolute rubbish though, you can’t say lets control how electrical signals work and then say that those electrical signals make up a small part of the device therefore it’s no big deal, only a person who didn’t understand the concept of what they just said would say that, if I prevent you from using electrical switches, can your computer still work? no! if I prevent you from watching encrypted media, does the internet still work? yes! therefore it doesn’t take much thinking to realise that your analogy is broken

            I’m going to ignore the rest of your comment, since it has no real bearing on the topic that we’re talking about and its barely relevent since I think I already covered these issues in the above paragraphs…

          • jimmoffet

            “I prevent you from using electrical switches, can your computer still work? no!”

            That missed the point spectacularly! The point was that the current method worked just fine (it allowed you to continue doing what you were already doing); what could be the harm of making a tiny avenue of potential future development more onerous for engineers, especially if the concession makes it slightly easier to do something we already know that we want to do?

            The difference here is between a group of professionals saying that black boxes are not conducive to progress and therefore that users will need to voluntarily install third-party plugins vs. incorporating black boxes into the “open” standard, thereby issuing a blanket ban on open-source compatibility.

            “I’d like to point out that itunes also had encryption and it was easy and they eliminated it, so it’s not impossible. In fact, the world is moving in that direction.”

            The necessity of drm is based on the premise that without it, people would lose their rightful earnings because drm is effective at preventing copying, which has been proven not to be. So, is it a surprise that Apple dumped it? Not at all! However, and this is the crucial bit, incorporating drm into web standards creates an ecosystem that makes it easy to ring the cash register for every link to a specific time-code, every embed of a link from a video, every timeshift, every transition of a video to another device. That will drive the Apples of the world back to drm. They will have no choice but to play along.

            The w3c used to be part of the push in the right direction, but now it’s allowed penny-pinching rightsholders to drop their anchor into it and continue foisting their crappy anti-features on the world for much longer, perhaps permanently.

          • Christopher Thomas

            well, the point is, that you don’t have a point, your example is flawed and would only happen in your imagination, thats why I approached it from the only logical standpoint that I had left open to me, cause the other points of view are hilariously wrong.

            You are seeing a very narrow point of view, open your scope a little bit more to see the complete picture, the real deal is that the professionals know the only path to progress is in steps, cause nobody is going to make a huge leap from one side to the other, so they’ve “divided and later will conquer” the problem by cleaving the user interface part of the video player (in this example) from the encryption module, they’ve reduced the problem scope from a large black box, to a small black box and in the meantime, we’ve now got an encryption api that I can use for other purposes.

            and whilst apple was using it, nobody else could move, there is a large difference between the 30 million dollars a movie studio might pay to make a movie and the couple of hundred thousand it costs to make a soundtrack, it’s a couple of orders of magnitude larger for a start, so DRM on movies isn’t going away quickly, but engineers much cleverer than you have decided the way to do this is to reduce the problem scope until the problem vanishes.

            nobody forces you to use the API, if you don’t want to use it in your website, then don’t use it, but if you want to use it then it’s there, if you find a website is using it, then use a supported platform, if they want to charge per time code, then they can do that, if you don’t like that, then don’t consume the content and go elsewhere, if you cannot go elsewhere, then life is tough I guess, watching content that doesn’t belong to you and is only available in a format that you don’t want is not a basic human right, it’s their content, not yours and they can do whatever they want with it.

            the w3c is still pushing in the right direction, you don’t agree with the idea of allowing an encrypted module into the mix, thats fine, but those engineers have done a good job at reducing the problem scope, you’re entitled to disagree if you can, but seems all you’ve got is a bunch of weak arguments and nothing substantiative to argue.

            so please, either come back with a stronger argument, cause this is pretty weak so far, nothing you’ve said has much weight to it..you’re arguing from an ideological standpoint and I’m seeing the engineering side, which is a far stronger point of view.

          • jimmoffet

            You talk about weak arguments, but it’s all from the point of view of someone who likes what we have now, isn’t affected by the changes and doesn’t care about leaving room for developments he doesn’t know the shape of in advance.

            It’s an incredibly short-sighted perspective to say, “if this doesn’t work for you, who cares? None of this (including, apparently, the open standards published by w3c) “belongs” to you. It’s the rightsholder’s content and they have the right to force us to accommodate crappy anti-features that have been proven ineffective at accomplishing their primary objective, so take your unintended consequences and piss off.”

            I hope no one reading this thinks that’s a strong argument…

            Do you really not believe that open source platforms will be crucial in connecting the billions of people who are not currently connected to the internet? Because if you do, then talk to me about the problem scope you’ve made larger by making open-source platforms incompatible.

            It’s only a smaller problem scope if you ignore the politics and focus myopically on the technology. If you consider the larger picture, you’ll realize that you’ve sacrificed the efficiency of the whole for efficiency in a tiny part.

          • Christopher Thomas

            yes, you’re right, I don’t care about the couple of hundred programmers this will affect, spot on, cause I care about the affect it’ll have on the hundreds of millions of people who use the web, millions of those are directly affected and most likely three orders of magnitude in number than the people who are actually going to be affected by this API.

            so you’re absolutely 100% correct, I don’t care, cause the number is so small, it’s inconsequential

            if the w3c sees it as a good thing to compromise and allow encrypted modules to decode encrypted content in the hope that the black box will one day disappear because it’ll be so small you won’t notice it, then I trust their engineering team over some random guy on the net and after examining the issue myself using my own technical ability, I actually agree that their step forward is the best bet that we have right now of reducing the dependency on those awkward black boxes.

            if that has to piss off some linux developers and users who nobody really knows how many there are, whether it’s less than 0.5% or 1.0% the number is so small, then so be it…..

            one of the main misunderstandings you’ve made here is to assume that because I can argue in favour of a smaller black box, I’m somehow not able to sit on the totally free and open source side of the fence, I’ve been using linux since around 1995 and I know the importance of open standards, but unlike a lot of people, I’m a pragmatist and I can fully see the benefits of open standards, the reduced black box they are doing with this encryption module scheme is a compromise, but ultimately a good one, we benefit from getting a native encryption API, don’t you see that as any benefit at all? secure encryption api’s available through javascript, that sounds a nice deal

            Nobody has made larger the problem scope, it’s already the largest it can get with an entire video player and encryption system all enclosed in a binary flash object, stripping the UX from the player and using HTML5 and using an encryption module, REDUCES THE SIZE OF THE PROPRIETARY CODE, it does not make the problem larger, it makes it smaller…..it cannot get larger

            And if you want to talk about efficiency, omg…ok, now I KNOW you’re not a programmer, cause no programmer would ever say that knowing the technology….the problem with flash and closed source objects is that they are inefficient and doing things in the platform is the best way to get more performance cause one step forward helps the entire platform whereas benefits in the speed of the flash engine did nothing for the speed of the browser….

            It would be nice if you knew the technology well enough to talk about this, but I think I can see you’re having problems with it and finding your limitations

            btw, I’m affected directly by this api a lot more than many other people, because I’m a web developer, this is what I do all day. what do you do all day?

          • jimmoffet

            “And if you want to talk about efficiency, omg …they are inefficient …did nothing for the speed of the browser…”

            Again, you’ve managed to hole up inside your focus on a sliver of current technology and completely miss the bigger picture.

            You’ve studiously avoided the important questions here. Will the newfound ease of monetizing every potential use of media playback make the web a better or worse place?

            Efficiency, of course, depends on the outcome you are trying to achieve.

            You’ve ignored the concern about the importance of open-source platforms in the developing world and the extent to which this decision lessens their potential to make people’s lives meaningfully better (you’ve strongly implied that the potential of html5 to make a meaningful difference in the lives of Netflix watchers is the only benefit worth considering). You are trading a small amount of computing efficiency for a tremendous amount of economic and social inefficiency.

            You’re right, I’m not a programmer and, frankly, I don’t care at all about slight performance improvements for the current population of Hulu watchers around the world.

            I’m a researcher who studies the impact of technology on Development. I can say that all of the technological advantages you’ve focused on sound pretty damn trivial to me compared to the powerful statement that the w3c had been making by excluding drm from its standards.

            I’m very happy that this is going to make your life easier, but I don’t think that you or most other engineers, regardless of their specific technical aptitude, fully appreciate the ramifications of these kinds of decisions outside of the sphere of development they work within.

            Having studied the politics of proprietary software and the penetration of technology for more than a decade, I can confidently say that you’re wrong about this decision hastening the end of the use of drm on the web. I don’t think you can find anyone who has studied the economics of technology that will tell you otherwise. In any case, this is clearly not your primary concern regarding this change, so be it.

          • Christopher Thomas

            “You’ve studiously avoided the important questions here.”

            Wrong, they are factored into the answers I gave you, but you’re not seeing that and thinking I’ve not taking it into consideration. I have.

            “make the web a better or worse place?”

            it won’t change the situation at all, since right now it’s the choice between a huge black box, or a small black box, both are equally ugly, except one is larger than the other and you get technological gains from choosing the smaller one.

            “Efficiency, of course, depends on the outcome you are trying to achieve.”

            A large amount of proprietary code will soon be obsolete, we’ll see battery and cpu improvements and those tiny encryption modules, somebody will happily wrap them up in WINE and create a small API which will make linux supportable, try that with a large, complex black box, since you don’t know much about the programming side, I’ll summarise for you: it makes it much much easier to “emulate” a different platform when you’ve got a smaller piece of the puzzle to emulate.

            “You’ve ignored the concern about the importance of open-source platforms in the developing world”

            I have not ignored them. it won’t change the status quo, so the open source would will see no gains apart from maybe having a better experience emulating foreign supported platforms, however all the other platforms will see gains. Also, android is open source and will be supported through a closed source binary module, since most of the developing world is seeing linux through an android lens and that trend will increase, not decrease over time, this can only end positively. People are not installing linux desktops, they are buying android tablets and notebooks are just over the horizon, they exist already for people with chromebooks and thats just the beginning.

            “you’ve strongly implied that the potential of html5 to make a meaningful difference in the lives of Netflix watchers is the only benefit worth considering”

            since this encryption api is aimed at those types of people, it seems obvious that I would focus on how it would benefit them and not benefit other people who currently dont use netflix, also, netflix and many other players are available on android, combine that with what I said above about open source, linux desktops and android and you’ll see that it really is the only angle to worry about. All the others are imaginary, hypothetical situations which don’t really need to be thought about because they are not sustainable, nor interesting for the majority of people this api would benefit.

            You’re missing a point here, the API is only an option, you don’t HAVE to use it, if you don’t use it, nothing happens, if you use it, you limit your audience, that means, the only perspective to think about, is from that of people who will use the API and those consumers of it, everybody else is not important in the discussion since they are neither creators, nor consumers of the content that will use the API, so when you say I focus only on that aspect, you’re missing the rather large point, that THIS IS THE ONLY POINT OF VIEW WHICH MATTERS.

            all the other websites, won’t care and won’t be affected.

            “You are trading a small amount of computing efficiency for a tremendous amount of economic and social inefficiency.”

            No, since it’s a choice and already the system is closed source, this option allows for a more open solution and from that point of view, it’s a step forward.

            “I’m a researcher who studies the impact of technology on Development.”

            You should study harder, cause you’re points are pretty dammed weak for somebody I would assume to be an expert in this field, however I’ve been a programmer for 20 years, so I reckon over that time I’ve studied this subject well enough myself…..thats why I know it doesn’t matter…cause I’ve seen technology developing in real time over the last 20 years and I’ve found certain things to happen, you’ve got around a decade of experience and yet you appear to be lacking in certain areas, after I had studied technology for 10 years, I knew a lot more than you did about how it affects certain groups of people.

            The fact remains, the api is optional, the current system is closed, no change means no benefits for nobody, some change means some people will benefit, others won’t see any benefit because it’s already closed to them and even in those emerging markets there are ways around that problem (android)

            So basically, is that all you’ve got? You’re whole argument is undermined by the fact that the api doesnt target the people you’re talking about and those people are already excluded and none of the companies who would use the API have much intention of targetting those people in the first place and if they did, it would be in a way which benefitted them by costing them money to access the service

            So I can confidently say that you should study harder and realise that you’re wrong and the w3c thinks you’re wrong as well, trust me, you’re not cleverer than those guys…they aren’t 2bit idiots you know…You didnt bring any new arguments to the table which they already didn’t know about and they STILL rejected it and did it anyway….That should tell you something

          • jimmoffet

            Nothing you’ve said argues against the theory that the increased ease of monetizing evermore minute actions across the web (which is inarguably a consequence of this particular standards change, and more importantly, of this broad policy change) will result in the increased adoption and use of drm technology by content owners.

            You say that nothing will change, the status quo will continue in all important respects, but I have a hard time believing you can’t see the attraction of monetizing more minute user actions and the influence these new avenues of monetization will have over users the commercial web, outside of media playback. I don’t think you can possibly believe that nothing will change.

            Additional monetization has very real costs in terms of innovation, and we should consider them carefully, rather than cursorily, as you have done here.

            If this does, in fact, result in the increased adoption and use of drm in the commercial web, then the cost of developing open-source platforms for integrating with the commercial web increases, no? Remember, costs are many and varied. What are the opportunity costs of being beholden to proprietary software. Surely, you would say, “nothing”, but many would disagree with you.

            It’s not about what a single user “can” do if they’re willing to sacrifice all convenience. It’s about how the standards will affect the behavior of the average user and, more importantly, the average content owner and how those new norms will dictate the course of the commercial web.

            You keep focusing on the api, as if this specific api is the issue here. I don’t know how many times I can tell you that this specific api and its technical advantages or ramifications are beside the point.

            W3C changed a POLICY with this technical standard. The advantages or disadvantages of this particular standard are not relevant in the face of ramifications of this POLICY change, unless of course this change is completely isolated and does not indicate a new willing to compromise and integrate closed-source technology when there is a short term gain to be had, which precisely no one believes.

            I believe that continuing to refuse to integrate closed-source technology into these standards would have meaningfully hastened their decline, and I believe that their decline lowers the costs of integration of new economies into the commercial web.

            If you truly believe that correlation does not exist, and that the people who use this specific api are the only users worth focusing on here, and that no one else will be meaningfully affected by this change in policy, then we can simply agree to disagree.

          • Christopher Thomas

            IN FACT EVERYTHING I HAVE SAID “argues against the theory that the increased ease of monetizing evermore minute actions across the web (which is inarguably a consequence of this particular standards change, and more importantly, of this broad policy change) will result in the increased adoption and use of drm technology by content owners.”

            Right now, the only thing which affects that is:

            1) the number of companies wanting to engage in that capability
            2) the number of people online who are in the target market
            3) the ease of enabling such technology and methods of functionality

            by adding DRM to the HTML5 spec, [1] does not increase, since the companies either exist or they do not exist, it’s not like tomorrow there is going to be a dozen more companies all doing this because HTML5 now supports DRM, that would be a preposterous observation, any company that comes into existence would happen regardless of DRM in HTML5

            the number of people online in the target markets will increase, but are increasing regardless of DRM in HTML5, and the emerging markets are targeting android and not linux, so the number of people coming online who could grow the market are already in the target zone, so nothing changes here either since the number of disparaged people, linux users who cannot view the content, does not increase and has remained almost static for a decade now since around 10 years ago was roughly < 1% and is now still roughly < 1%, therefore this point is unchanged regardless of the status of DRM in HTML5

            the ease of using such technology is exactly the same as it was before, since I already have video players I can literally drag and drop into my project that will support HTML5, Flash, and Silverlight, so if I want to run a business that encrypts contents, I can already do this and nothing at this time prevents me from doing it and even if you mention tablet markets, I can just run an app which gives me even greater freedom. So nothing changes here either.

            So, there literally is an almost unobservable movement in the number of companies who can do it, the number of clients who are disparaged and the ease of deploying the technology.

            So DRM in HTML5 doesn't affect ANY of their businesses, it's practically unchanged and exactly the same level of difficulty to implement, the only thing you can argue is that the w3c group changed their "policy" and in this regard, I think you're bending the argument too far. They are engineers and engineers are known to bend the rules in order to get a better result, ALL THE TIME, in fact, it's what I expect them to do.

    • http://codeflow.org/ Florian Bösch

      it doesn’t impose any code restrictions and can be completely implemented in free/open source software.

      The CDM (content decryption module, the DRM part) cannot be implemented free/open source, as it relies on obfuscation to make it impossible to get access to the plain content. You cannot come up with an implementation that would be open source, that also obfuscates how it works. You can implement an “open source DRM”, but you won’t get Netflix, BBC, Amazon etc. to support it, because it’d be completely transparent and easy to get at the plain content.

      how is this different from any current situation right now? I mean, flash is closed source

      Flash (and Silverlight) share a framebuffer filled with plain content with the browser, in order for the browsers compositor to do its job (layering things on top of the content, CSS transforms etc.)

      If the CDM would share its plain content with the browser, then the browser (or any program) could easily use the CDM to save the plain content to disk, exactly what EME/CDM (DRM) is designed to prevent. So if sharing is the modus operandi, only proprietary browsers (such as IE11) could support EME/CDM and have a fully functioning page compositor that allows you to layer things on top (advertising, styled playback controls, other content), transform it with CSS/CSS shaders and put it into WebGL. Obviously only proprietary browsers being able to implement EME/CDM is vastly detrimential to the Web ecosystem.

      If the CDM does not share its plain content with the browser, then the browsers compositor and other APIs cannot treat the content. Which means that you could not layer anything on top of the content (no playback control, no advertising, no user annotations, no other navigation/informational content, no branding etc.), you can’t CSS transform it, you can’t CSS shade/filter it and you can’t stick it into WebGL. That would be extremely unusable, you could not run Netflix, Youtube, Amazon etc. like this.

      if people don’t want to use those websites, they are free to not use them, nobody forced them to type in n e t f l i c k s d o t c o m anyway, right? So if the website owner WANTS To act like that, let them, if the clients don’t mind, no problem, if they do mind, they’ll eventually go out of business or adapt…

      The problem is that any scenario that would make EME/CDM work comes down to either having it only work in proprietary browsers, or EME being so crippled nobody would want to support it on their web property.

      Only proprietary browsers being able to support EME would be tantamount to killing Open Source/community browsers, if large web properties like Netflix, BBC, Amazon, Youtube, Facebook etc. adopted EME. Because Open Source/community browsers would become known as “those browsers that don’t work” and would fail to expand their reach or get traction.

      The problem with no Open Source/community browsers on the Web is the same problem we already had with IE6. You’re inviting the Web to become a monoculture again, and although innovation would happen in those Open Source/community browsers, nobody could rely on that because the vast majority of users would only run proprietary browsers that have stopped innovating at all.

      • Christopher Thomas

        So, lets get this straight Florian, “cannot be implemented free/open source” and then less than 5 lines down “You can implement an ‘open source DRM’”

        You realise of course that you just contradicted yourself, right? What an utterly ridiculous argument you just tried to make, then debunked it for me, I don’t even have to do anything, except point out your own words.

        The API doesn’t involve any secret code within the browser, so if chrome supports this, which it does, it’ll still be 100% open source, there won’t be a single line of hidden or secret code in the browser AT ALL.

        The plugins that you install can be binary only and surely they will be, just like the Flash Plugin is a closed source binary.

        “Flash (and Silverlight) share a framebuffer filled with plain content with the browser”

        How do you imagine the graphic data will end up in the browser window? magic? Are you a programmer? cause you certainly don’t appear to be sure how computers work. At some point, I must have the framebuffer data in order to render the final page, this is 100% obvious to most programmers, thats why I’m asking….At point stage, the CDM as you called it, must give the data to the browser, you could in theory just compile a special version of chrome to extract the data and sidestep the fact that you cannot access the framebuffer, if it’s even possible to prevent in the first place, there will just be a “reasonable barrier” like there is with HDMI, but of course, there are always ways around these things.

        “Obviously only proprietary browsers being able to implement EME/CDM is vastly detrimential to the Web ecosystem.”

        Oh, you mean like chromium…..cause thats a proprietary browser, or what about blink/chromium? I mean, you do realise it takes about 5 seconds of thought to understand you’re talking utter bullshit right?

        https://code.google.com/p/chromium/issues/detail?id=173059

        It’s already there, in an open source browser……

        “That would be extremely unusable, you could not run Netflix, Youtube, Amazon etc. like this.”

        wrong again, you can run netflix like this, cause netflix’s website will just be showing a video in a web browser and won’t be transforming, etc, etc, etc the website, they make their own website and run their own code and probably will provide their own decryption module, so again, you CAN do it and they WILL do it and you are still WRONG.

        “only work in proprietary browsers, or EME being so crippled”

        bullshit, see above for the link to code.google.com it works in chromium and all they have to do is make it “reasonably hard” for the big players to play ball, they already use silverlight and as long as you can’t trivially copy content, it’ll be enough. They already know you can encrypt everything until a certain point, but then it’s raw video and audio, they already understand it’s not 100% possible to stop people copying the streams, they just want it to be sufficiently hard they can still make money from selling their services.

        I don’t agree with EME to be honest, but I’m sick of idiots like you coming here and trying to act all knowledgable about a topic you clearly have no fucking clue about, either that, or your ideology so overshadows your sense of logic that even if you are a programmer, it has prevented you from using your skill to understand the ideology is wrong, bullshit and making you look stupid online.

        • http://codeflow.org/ Florian Bösch

          So, lets get this straight Florian, “cannot be implemented free/open source” and then less than 5 lines down “You can implement an ‘open source DRM’”

          You realise of course that you just contradicted yourself, right? What an utterly ridiculous argument you just tried to make, then debunked it for me, I don’t even have to do anything, except point out your own words.

          An “Open” DRM system will not be supported by content distributors (such as netflix, amazon, etc.) because it could not obfuscate how to assemble the plain content, the very thing a DRM is supposed to make impossible.

          The API doesn’t involve any secret code within the browser, so if chrome supports this, which it does,

          Chrome (currently) does not support EME. Chromebooks chrome does. There’s a difference.

          it’ll still be 100% open source, there won’t be a single line of hidden or secret code in the browser AT ALL.

          Chrome is a proprietary browsers. There’s numerous proprietary bits that Google tacks onto chrome. Chromium is an open source browser. One which also doesn’t have any of the proprietary bits.

          The necessity of the EME CDM to be a proprietary runtime, makes it impossible for Chromium to ever support it in the most likely of two scenarios.

          How do you imagine the graphic data will end up in the browser window? magic? Are you a programmer? cause you certainly don’t appear to be sure how computers work.

          Irrelevant Ad-Hominem, well done.

          At some point, I must have the framebuffer data in order to render the final page

          That’s among of the points that I make, yes. Although you can defer the problem higher up the OS and let it do the compositing, in which case the browser would never see the plain content, also, it would make it extremely unusable from a web programming perspective.

          you could in theory just compile a special version of chrome to extract the data and sidestep the fact that you cannot access the framebuffer

          If the CDM is written such as to share the framebuffer with the browser, then yes you can do that. However there’s a catch. If you do that, you are now in violation of the DMCA, which states that you cannot circumvent a DRM. So while you may do that personally, if you find that fun to do, and be relatively risk-free. You could not distribute such a browser, Google/Microsoft would just DMCA takedown your github repo/browser download page.

          I’m arguing that because the possibility exists if the CDM works in this fashion, that the CDM distributors (of the CDMs that are supported by the likes of netflix et. al) will be unwilling to make the CDM accessible to open source browsers, at all. Which is the main crux of the story, because if they do that, then only proprietary browsers will be legally able to distributed and use EME. Browsers like Firefrox won’t be distributable with EME support, because it’d be “reverse engineered” which is an offense in the DMCA.

          bullshit, see above for the link to code.google.com it works in chromium

          EME so far only works in IE11 and Chromebooks Chrome. EME does not so far work in either Chrome or Chromium. It will also never work in Chromium, and when it comes into Chrome, you won’t find the CDM in the source.

          I don’t agree with EME to be honest, but I’m sick of idiots like you coming here and trying to act all knowledgable about a topic you clearly have no fucking clue about, either that, or your ideology so overshadows your sense of logic that even if you are a programmer, it has prevented you from using your skill to understand the ideology is wrong, bullshit and making you look stupid online.

          More Ad-Hominem. If you could unbunch your panties and stop being anal retentive and start thinking a bit, you’d not act like a total dickwad online. I don’t always insult people on the internet, but when I do, I like to do it properly and not watered down like you seem to enjoy.

          • Christopher Thomas

            Jesus….the stupidity continues….you should have given up…

            “An “Open” DRM system will not be supported by content distributors (such as netflix, amazon, etc.) because it could not obfuscate how to assemble the plain content, the very thing a DRM is supposed to make impossible.”

            Doesn’t matter, you said it was impossible, then claimed it was possible. Obviously it IS possible and you got it wrong, admit your mistake. Don’t make this awkward.

            “Chrome (currently) does not support EME. Chromebooks chrome does. There’s a difference.”

            WRONG, it DOES support EME and I showed you a change set later in my comment where there are source files about this very topic….

            “Chrome is a proprietary browsers. There’s numerous proprietary bits that Google tacks onto chrome. Chromium is an open source browser. One which also doesn’t have any of the proprietary bits.”

            WRONG, you seem to be making a habit of this….

            https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/S6Ri9Diwrv8

            You can’t be wronger if a wrong shaped object lodged itself up your arsehole and made you shit wrongs for a week, seriously…..

            “Irrelevant Ad-Hominem, well done.”

            http://lwn.net/Articles/550424/

            So basically it’ll either pass the frame data back to the browser, or it’ll render through some protected path, perhaps on windows it’ll use some specific API, but either way, it doesnt matter, what I’m doing is removing you from the discussion by pointing out you don’t have the technical understanding to be part of this discussion, you call it an irrelevant ad-hominem, I call it “you’re full of shit and perhaps you should do some homework before opening your mouth”

            “Although you can defer the problem higher up the OS and let it do the compositing, in which case the browser would never see the plain content, also, it would make it extremely unusable from a web programming perspective.”

            It wouldn’t make anything extremely unusable at all, since it would be on netflix, they would write the website in order to run correctly and display the content, why would this cause programming my websites any problems at all? Surely it would be a cost evaluation done by netflix to determine whether they want to do it and if yes, they will do it and take care of the problems that surely arise from it.

            Other people who make websites without DRM won’t be affected at all, since DRM is optional, this is why I’m calling you out on your bullshit, cause you actually havent a fucking clue what you’re talking about.

            “However there’s a catch. If you do that, you are now in violation of the DMCA”

            Surely thats a legal issue and not a technical one and surely if I do that, then it’s up to me to take responsibility for it, we’re talking about REAL problems here, technical limitations, not problems you imagine in your mind, or problems created by laws which are there to protect whoever they are protecting, technically you can do it and that means somebody will try and it’ll be an illegal software you can download, it won’t be on github….

            “then only proprietary browsers will be legally able to distributed and use EME”

            WRONG again…..see my links to the CHROMIUM repository and if you fancy it, google a little bit before replying next time, cause you might realise how wrong you are before trying to defend your indefensible position once again.

            “EME so far only works in IE11 and Chromebooks Chrome”

            NO, IT, DOESNT, READ, THE, FUCKING, LINK!!!!!! What is it with people nowadays are you all too fucking stupid to click a link and read what is right in front of you???

            “you won’t find the CDM in the source.”

            Why would anybody create a CDM in the source code of a browser, surely a CDM is for a content provider who wants to protect their media assets and has nothing to do with being part of a functional web browser, the EME is just an API for talking to a CDM, an EME is part of open or free software, it’s the CDM which is not.

            “More Ad-Hominem”

            yes, absolutely more, cause you’ve proven that you’re not technically competent in this topic and yet you think we’re on equal terms, we’re not, you don’t know this topic as well as your reading of the internet news websites make you believe you are, I’m a programmer for 20 years and I’m dismissing you from this conversation not because I Don’t want to listen to your arguments, but because your arguments are complete and utter bullshit and you’ve got no knowledge on the topic and therefore have nothing worthwhile to contribute to the discussion apart from a bunch of stuff you read that made you angry online.

            This, as a technical discussion is easy, you’re trying to inflict an emotional state of mind onto a technical argument, it’s ridiculous, pull your head out of your arsehole and pray the next time you feel the need to reply to me, you actually put up a decent fight, it’s like I’m punching a baby in the face….

          • Spook

            > Surely thats a legal issue and not a technical one

            Explain, exactly, how a legal issue involving a real threat of imprisonment is not a REAL issue.

          • Christopher Thomas

            we’re talking about technical issues, not legal ones, if you want to discuss those, probably this is not the place to do it.

            the legal issue will only affect the very few people who deliberately go ahead and create a browser which sidesteps the limitations and considering the millions of people on the web the handful of people that issue would affect, makes it more an academic issue than a real world issue.

            It might be nice if you understood what I said before commenting on it, because it seems you are confusing things together in order to make points….hardly a winning strategy…

          • Christopher Thomas

            If you had any problem to do research on the topic material you’re talking about, then I’m here to help you! cause I’ve done it and found proof. Please open this link.

            http://downloads.webmproject.org/adaptive-encrypted-demo/adaptive/index.html

            In a word: suck it

            You’re dismissed.

        • Guest

          learn to read.

          you just strawmanned him and look an ass.

          • Christopher Thomas

            please elaborate, I don’t see any strawman….

          • SoItBegins

            There is this thing I have in my hand, which I give to you, called a mirror… :D

          • Christopher Thomas

            why is this mirror broken? :)

        • SoItBegins

          Read the other half of that line.

          “cannot be implemented free/open source”

          and then next

          “You can implement an ‘open source DRM’ but it’d be completely transparent and easy to get at the plain content.

          So he’s saying “You could try it, but it wouldn’t work.”

          • Τυφῶν

            Why are people even attempting to argue with the shill? Ignoring him actually improves the debate quite a bit

          • Christopher Thomas

            People are argujng with me because they know I am not a shill, but you on the other hand are very stupid, your think that by branding me a shill, automatically makes it true? Your are just trying to negate everything I said by using one of the stupidest tricks in the book

            Shouting “shill” doesn’t make it true, but it does make you look weak, because if that is the strength of your counterargument, I feel bad for you

          • Christopher Thomas

            No, technically speaking, it can work and will work perfectly fine, remember encryption techniques are open source yet the data encrypted with them is perfectly secure.

            Actually it would be possible to make an open source DRM which was just as good as any closed source binary blob, because at the end of the day, once the content goes to the output device, you can copy it anyway, so in this respect open and closed systems are the same.

            The issue is how hard is that, with any good code it would be non-trivial and that’s the point, the companies know its not a 100% solution, they just want it hard enough that the average Joe can’t do it. They know programmers will find a way, but the instructions will be too complex for most people to bother with and nobody can provide a service for this because they will be sued out of existence. That for them is enough protection and it works, people happily pay for content because people know it has value and the price is acceptable.

          • putaro

            Sorry Christopher, you’re wrong. The reason you can make an open source security system but not an open source DRM is because the use cases are completely separate.

            Open Source gives complete control to the user. When we are talking about security, the use case is that the user wants and requires complete control. Modern cryptography allows the algorithm to be well known and as long as you keep your keys secret, your data is secure. So the user knows the keys, keeps them secure and the rest of the system can be open and transparent to everyone else (including the user but also any adversaries).

            Where DRM is different is that DRM is trying to protect data from the owner of the computer. While the same algorithms are used for encrypting the data, the keys are obfuscated and kept hidden from the user. If the user gains access to the keys, the DRM system has failed.

            Software players for DRM media attempt to hide the keys by obsfucated coding. Once the code is open source this becomes much more difficult.

            Even if the decryption module itself is secure, for example if it were implemented in a secure dongle, once the data is decrypted the user has the option of copying the decrypted data. The only way to keep that data even semi-secure is to have an end-to-end pipe to the screen/speakers where the user cannot modify or examine the code.

            So, the short answer is, Open Source DRM is impossible because Open Source is about giving control to the user and DRM is about taking control away from the user.

          • Christopher Thomas

            Sorry putaro, but you’ve got this open source definition wrong and I’ll explain why now.

            Open source isn’t about giving complete control to the user, it’s about giving a copy of the code to the user, nothing more, once you have the code, you’re in a position to POSSIBLY do something with it, but you don’t have complete control as those do not depend on JUST having the source code, they depend on being able to use it.

            TiVo was open source, you even had the code if you wanted, problem was, you could never use it as the hardware was signed, so even open source didn’t give you complete control over what you could do with that TiVo, since TiVo had locked the hardware

            However, the other part of what you wrote is worth replying to as well…..So of course Netflix is not open source, yet I can do what you claimed that would break an open source solution, I could record the outputs as they travelled through the computer, just because netflix is encrypted, doesn’t mean I can’t just grab the output once netflix is done

            So in those terms, open source DRM is almost as faulty as closed source DRM, it’s just that closed source DRM makes it harder for the average person to crack, so it’s business “friendly” whereas open source DRM would give most businesses the jitters by making people think that JUST BECAUSE you have the code, means hordes of downloaders are going to steal the content, even if that isn’t true (PROTIP: it’s not, the majority of people will pay for netflix, even though for 20 bucks they could buy a usb recorder and save as many streams as they wanted) it still makes the business shit it’s pants and run away…

            And in regards to this conversation, most people are happy to have their liberty to save movies to their hdd away if it means more convenience, netflix has millions of users and itunes has many more and yet you could just go and download the mp3s yourself, or save the streams, yet those companies make a pile of money, because people are ultimately NOT pirates when given easy choices, they’ll happily justify paying 8 bucks a month to stream what they want, when they want (internet permitting) and barely anybody cares about whether the stream is locked down or not.

    • Guest

      > the api created here is nothing more than a way to connect to a series of binary objects made available to the browser depending on what software you’ve installed, it doesn’t impose any code restrictions and can be completely implemented in free/open source software.

      Then why even bother? We already have HTML elements for embedding binary blobs.

      > how is this different from any current situation right now?

      Exactly. So what is the point, again?

      > this really is a non-issue

      To the contrary. The fact that W3C wants to tackle DRM in a way that, apparently, changes nothing technically (but at the same time revising its charter to do so) is an issue.

      • Christopher Thomas

        Wrong, the specification has no way to interact with binary blobs in the way that this system would require, so a new API is needed to make it possible.

        The point is the current situation requires the black box of flash to wrap up all the code when mostly using flash for the playback of audiovisual content is normally just “make a GUI for a video player and play the file we give you” most of which can be done in HTML and yet cannot be because of the encryption, so putting that in the browser means you can drop all the baggage of flash and write the GUI using html5 and then use the new API to decrypt the contents. So the point is to eliminate unnecessary use of flash when html5 is available instead.

        This really is a nonissue, the last point you made was an /eyeroll’er, who cares, I don’t, because I understand the technical reasons and have no ideological money riding on the game

        • R

          > This really is a nonissue

          Because you said so? This is not how it works.

          > the last point you made was an /eyeroll’er, who cares

          It is clear some poeple do.

          > because I understand the technical reasons

          I don’t think you do.

          > and have no ideological money riding on the game

          Your passive-aggressive style of implying something you have no right to imply prevents any meaningful discussion. If you want to seriously discuss something, stop it.

          • Christopher Thomas

            This isnt how it works? then please, demonstrate knowledge on the topic.

            It only matters to people who prefer to deal in ideology and not technology, technically, it’s a nonissue, if you want to invent reasons to be offended, the only thing I can do is provide the salt to rub in your self-inflicted wounds.

            if I don’t understand the technical reasons, then please provide some basis to say it, otherwise it wouldn’t be a very clever thing to do, would it?

            considering the article can’t be taken seriously as it’s just some overhyped nonissue and considering how rabidly you guys are jumping up and down over absolutely nothing, I doubt anybody here is interested in serious discussion, you’re just here in circle jerking your free software credentials in a public space

          • R

            > This isnt how it works?

            Nope. You declaring it a non-issue does not make it a non-issue.

            > It only matters to people who prefer to deal in ideology and not technology,

            This is meaningless. W3C, as every organisation with a mission and value statements, is necessary ideological. Technological choices are implementations of ideology, values and worldviews.

            > if I don’t understand the technical reasons

            You don’t understand technical reasons because there are no technical reasons. You don’t understand the problem because it is not a technical problem. Creating an API for interacting with binary blobs is the real non-issue here. It has been done before, it will be done in the future. There is nothing hard about it technically.

            The issue, the real issue, has always been ideological. Questions about the place and relevance of W3C. Questions about whether the organization should even care about DRM and what content providers do. What it means to be “open”. What are political ramifications of declaring EME inside or outside the scope of W3C activities. This has been the real debate here, on W3C mailing lists and, more broadly, on the web.

            There are no technical answers to these questions. Technology is a triviality here, not even worth mentioning because it does not change the real questions.

            > you’re just here in circle jerking your free software credentials in a public space

            This is what I am talking about. Not only you don’t understand what the core issue is, instead trying to boil it down to technical trivialities. You also keep the passive-aggresive, patronizing tone, without good reason.

            A good advice for you – remove your name from your comments. The tone you are using to deride others in this thread will be career limiting at some point in the future. They will hit you like a brick when somebody looks at your Disqus profile.

          • Christopher Thomas

            > Nope. You declaring it a non-issue does not make it a non-issue.

            A cat is a cat whether you like it or not, just because you want to believe it’s a dog doesn’t mean it’ll become a dog and if I tell you it’s a cat, then well, reality has a way to deal with that, it’s called “it’s a fucking cat, get over it”

            > This is meaningless. W3C, as every organisation with a mission and value statements, is necessary ideological. Technological choices are implementations of ideology, values and worldviews.

            The W3C is not an ideological group, it’s a technical working group, it has ideological values, but it’s primary purpose is to define the technical aspects of the world wide web, included in that are discussions about whether something is right or proper and guess what, they believe it’s ok to add an encryption api to the spec, even though some people will use it to restrict access to resources based on their business model.

            this decision alone tells you more than you need to know, they are more concerned about the technical aspects, so regardless of what you want to believe, reality has that tool I mentioned above, it’s called “it’s a fucking technical group, get over it”

            > You don’t understand technical reasons because there are no technical reasons. You don’t understand the problem because it is not a technical problem.

            It’s actually the reverse, our conversation, the one YOU replied to, was talking about the technical aspects of the issue, therefore you reading that and then misinterpreting the conversation in terms of an ideological point of view is where YOU MADE THE MISTAKE, either read the conversation, understand it and contribute, or shut the fuck up, but don’t try to act clever or smart when you’re clearly talking about a completely different topic

            > This is what I am talking about. Not only you don’t understand what the core issue is, instead trying to boil it down to technical trivialities. You also keep the

            > passive-aggresive, patronizing tone, without good reason.

            I have plenty of good reasons, I’m sick of pretend tech geniuses discussing points they are clearly not qualified to discuss, then attempting to stamp over actual technically inclined people with their problems, either study the material and take part in the conversation by FIRST READING IT, or don’t, but don’t try to stamp me with your bullshit

            > A good advice for you – remove your name from your comments. The tone you are using to deride others in this thread will be career limiting at some point in the future. They will hit you like a brick when somebody looks at your Disqus profile.

            I don’t have anything to fear, nobody can hit me with a brick, because I never give people any chance to do that in the first place.

  • http://codeflow.org/ Florian Bösch

    EME needs an implementation in the form of a CDM (content decryption module). The CDMs job is it to keep the user (or any program) from d/l the plain content and saving it to disk.

    If the CDM shares the plain content with the browser (or any program) for the purpose of making the Browser compositor work, then the CDM cannot make any guarantee that it will be hard for the user to get access to the plain content. Therefore the CDM could not grant any program access, except proprietary browsers.

    The above scenario would relegate Open Source/community browsers to second class citizens that, if DRM infests major web properties like Netflix, Amazon, Youtube, Vimeo, Facebook etc., would become known as “those browsers that don’t work”.

    If the CDM does not share the plain content with the host Browsers, then EME is in a very sad state of affairs where the “content” cannot be composited with the page, required for such things as: Tab switching, Layering content on top (advertising, user annotations, playback controls, other navigational/informational content), CSS transformations, CSS shading and WebGL treatment of any kind and so forth.

    So the choice of implementing EME/CDM comes down to either crippling the web and only allowing proprietary browsers to do it, or to cripple EME and make it non-interoperable with almost everything a browser does.

    There should not be a standard for something that can only work in either two fashions of destroying the Web or being completely unusable.

    • SilentLennie

      My guess would be they’ll have an API for the binary blob which says: paint DRM content in this region. Maybe the browser can send the content that goes on top of the DRM-region to the binary blob. That means many other things won’t work.

      How the DRM people want to protect that region that is their problem.

      So the binary blob has to secure how it paints on the screen so the binary blob won’t be available for every platform.

      So even if something like Mozilla Firefox could support it, there won’t be a blob for Linux because there won’t be a way to protect the plain content to be grabbed by for example the kernel.

      It’s all crap anyway.

      It will be as well integrated with the rest of the page like most plugins.

      • http://codeflow.org/ Florian Bösch

        there won’t be a blob for Linux

        And none for Ouya, Community Android, SteamOS, FreeBSD, OpenBSD, Heiku, Hurd, Plan9 etc.

        It will be as well integrated with the rest of the page like most plugins.

        I’tll be significantly worse. These days flash is sharing a framebuffer with the browser so people can paste their flash together with HTML every which way (and they’ve gotten quite used to do that). Back in the olden days, flash drew by itself, that was when it constantly broke websites and UI/UX out there and Adobe has wisely left that folly behind. But that’s the glorious times the EME disciples want to resurrect.

    • http://www.openbuddha.com/ Al Billings

      Florian, how many places are you going to post the same comment, almost word for word?

      • http://codeflow.org/ Florian Bösch

        In as many places as required.

        • http://www.openbuddha.com/ Al Billings

          I’d recommend choosing your places for effectiveness over volume. You do realize that your Mozilla bug posts aren’t really being read because you refuse to go to the Mozilla newsgroups/mailing lists as directed, right?

          • http://www.openbuddha.com/ Al Billings

            The whole community will happily engage but 100 people yelling “me too!” in a bug just makes people’s eyes glaze and bugs are not discussion forums.

    • http://walid.damouny.com/ Walid Damouny

      Totally agree! The alternative to DRM in HTML5 is the reliance on app stores such as Apple, Microsoft, Google, Amazon (at least for books), etc. The problem with such stores is that they are platform specific and intentionally try to be incompatible with each other. Apple’s is probably the most extreme as it locks a user in a specific hardware make while Google and Amazon are happy to sell you content on nearly any device as long as they implement DRM.

      Note that I’m not a huge fan of DRM and I like buying digital non-DRMed books from O’Reilly but I constantly see open source platforms missing out whatever the rest of the market has to offer. The overwhelming number of publishers use DRM which is annoying and I see a problem with it since I’m in Lebanon and content may be location restricted but I also sympathize when I can search for any of the books I legitimately bought and find the pirated copy hosted somewhere online.

  • http://chris.improbable.org Chris Adams

    The real question here isn’t an endless rehash of the DRM debates but how to change public
    opinion: we have a preponderance of evidence that most computer users are happy to accept DRM if that’s how they get convenient access to content. The W3C is reacting to the strong, growing trend away from web technologies so it feels a bit pointless to criticize that unless you have a viable plan to either get content providers to adopt less invasive but equally effective technologies like watermarking or get the public to stop paying for restricted content.

    Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft? The only alternatives are native apps which directly compete with the web, which users are picking because they provide a better experience than the web. Moral purity has value but billions of dollars annually in native apps and DRMed content suggests that we really need to change the question because we’re not winning the current debate.

    • Henri Tuhola

      Here’s my viable plan: Lets show big finger to so called “content providers” who require DRM. They’re completely all right with their proprietary “native” apps and fixed-function DVD players. We won’t need dead browsers – so called closed source browsers – for protecting their copyright. They could go fuck, debate and abuse someone else please.

      Simply put, those moral values behind open web are too high to be put aside just for billions of dollars. Don’t you see you’re fighting against something akin to independence and freedom of speech?

      • http://chris.improbable.org Chris Adams

        I’m sure it felt good to get that off of your chest. I remember making many similar statements myself – the better part of two decades ago, when computer DVD players were new. The problem is that while it might be cathartic, it doesn’t change anything.

        For every person who refuses to use DRM there are a thousand who are quite content paying for an iTunes movie, Kindle book or app store purchase. Even the guy who filed that Bugzilla issue that Mozilla should refuse to implement EME used a device with built-in DRM to do so: https://news.ycombinator.com/item?id=6494346

        Any plan which requires those millions of people to stop doing something they consider acceptable needs to offer a better reward than smug self-righteousness. If you want to solve this problem, start figuring out how you can ruin the economics or build up a unencumbered store – music has done much better because there are a ton of places where a small artist can get a much better deal AND not harass their fans with DRM but that market’s considerably different. Until the business changes, this war won’t end.

        • tlwest

          I’m not certain its a particularly bad thing to argue one’s own self-interest, even if it would result in a net decrease in over-all welfare. I certainly expect the pro-DRM crowd to do so, so why not the anti-DRM crowd?

          In every change, some people’s interests are sacrificed for others. Why would one expect those who’s interests are being sacrificed *not* to complain, especially in as friendly a forum as you can find?

          The W3C adoption is especially painful because the anti-DRM crowd’s strength is strongest with the technical crowd where it has strength out of proportion its proportion of the populace. This is a set-back akin to the pro-DRM losing on SOPA in the political landscape.

    • Guest

      > Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft?

      Everyone benefits. Nothing changes on the technical level but W3C ceases its affair with legitimizing DRM by baking a standardized API for communicating with it into HTML5.

      Not everything that is related to web in some way, has to be resolved by W3C.

  • tzs

    People seem to overlook that EME would be useful for more than just DRM. For instance, consider sharing intimate photos and movies with family and friends. One way to do that now is to do all the sharing by email. That’s annoying in many ways.

    Another way to do it is to put the photos or movies on a photo or movie sharing site that provides good access control options. Everyone you are sharing with then needs to have an account on that site, which is annoying.

    With EME, it should be possible to build an application or service that lets people encrypt photos and movies, store them on public file hosting sites, distribute the keys to family and friends, and uses EME so that they can easily, conveniently, and transparently access the photos and movies from their browser.

    • Christopher Thomas

      Yes, this would allow in-device encryption of content before its sent to the server, meaning that perhaps the server doesnt have have the decrypted contents, but the mobile device on the other side could decrypt it without anybody in the middle knowing what was sent.

      I would use that in my websites…

      • Dzzd

        You can already encrypt and decrypt client-side with js, with the server only ever seeing the encrypted content. It is nothing new.

        • Christopher Thomas

          oh sure, except doing encryption in javascript is bound to be a lot more intensive than using a native code interface, would be a lot faster, so it has benefits….

          I didn’t really word my original comment very well, sorry for that :/

          • Dzzd

            Yes, but both of those solutions are actually bad (can you trust the crypto implementation in the perhaps obfuscated JS the server sent you without having to go through the excruciating ordeal of examining it in detail? and it’s even worse with a binary file).

            In fact, your use case is exactly what the W3C Web Cryptographi API proposal is supposed to solve. This would mean you would only have to trust your browser vendor’s implementation to be secure, instead of everyone who is providing a service that uses encryption.

          • Christopher Thomas

            if it wasn’t encrypted and sent in the clear, then obviously thats not secure at all

            if it’s encrypted with javascript, at least you perhaps have access to the algorithm, but at least it’s encrypted (you hope)

            considering https is a pain in the arse, lots of people dont even bother using it and even when you do, some of those algorithms are crackable as we all found out recently by the NSA and probably others by now if it wasn’t already, thats if people setup https correctly in the first place….

            most people don’t have the technical chops to know whether that algorithm is secure or not, so for them, there is no change, they just have to blindly trust “cleverer people” have verified it’s working the way it’s supposed to

            if you use a native encryption object in the new API, I guess it’s still better than clear, but less than the javascript option since I can’t inspect the code, I have to blindly trust the guys who verified it works and I can’t manually do it, even if I have the technical skills to do so.

            using the native encryption object would be faster than javascript, but more opaque in terms of knowing whether it’s legit or passing copies to the NSA for example

            Objectively speaking I would trust mozillas encryption objects over a javascript version, if it was available, I can’t manually verify the encryption of data is secure myself anyway, even if I wanted to spend the time to do it, I would rather just accept that people far cleverer than me have done that and hope they didn’t make a mistake, or got corrupted enough to put a backdoor.

    • http://michal.gancarski.pl/ Michał Gancarski

      EME is not needed for anything you have mentioned. You can store encrypted files wherever you want to. P2P encrypted communication is already here as well, and open source for that matter.

  • Howard K

    What the proponents of EME and DRM never want to question is whether it’s actually the most effective way of preventing piracy and copying. It’s easy to see why they want it though: it gives a small set of players a monopoly on high-end content delivery, limits the usefulness of third party apps and allows for more exploitative, more lucrative business models.

    But we know now, this is the wrong move: indie gaming and music streaming show the best antidote to piracy is to make the product as accessible as possible. This includes “pay what you want” rates (Humble Bundle) and seasonal sales (Steam) that offer lots of bang for little buck. Netflix and Rdio’s flat-rate subscriptions are immensely popular.

    We can protect these services from the server-side pretty effectively without needing EME: we can set up CDNs with temporary URLs to make it near-impossible to share download links with others. We can implement a “maximum devices per account” rule using session-based tokens and JavaScript based authentication. Look for example at Typekit, used to serve fonts on the web: there’s no real DRM there, they just use a delivery mechanism with a simple obfuscation to discourage piracy. Adobe still bought them, as their affordable plans were a runaway success with designers big and small.

    The worst that can happen is that someone makes a downloader app that can rip streams and files at their broadcast rate (i.e. slowly) using a legitimate account. Such programs exist e.g. for YouTube despite Google’s best efforts. But in that case, it’s going to be more convenient and faster to find a torrent to pirate from than rip legitimately. Someone can always create that torrent, using the analog hole, or capture data digitally using e.g. a virtual machine. One should also not underestimate how organized media pirates have gotten in tagging and coordinating their releases, and ensuring high quality. Piracy is already more attractive than a dozen DRM-encumbered systems backed by flaky clouds and groggy “social” clubs.

    That hasn’t stopped GOG.com from becoming one of the most popular gaming stores on the web. Their games are 100% DRM free and can be pirated with ease. It hasn’t affected their bottom line, and only makes their user base more loyal.

    Accessibility is the antidote to piracy, and it just so happens to be the secret sauce of the web too. So we have to ask: is it really worth building a faux-protected bridge from the server to the user’s video player? When what comes out that video player can still be captured by anyone dedicated enough? And when that protected bridge necessarily relies on native-only plug-ins that hold the web back? It’s DVDs-in-Linux all over again, only now we have smartphones, tablets and cloud services to contend with.

    Just say no, and look at how things actually work, rather than how Hollywood thinks things work.

  • jokeyrhyme

    So, apparently EME is already in Chrome 26 and up, with a vendor prefix: http://www.chromestatus.com/features/6578378068983808

    Anyone know if this is usable in the Linux build of Chromium? Is the source code open?