Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
DRM Electronic Frontier Foundation The Internet Your Rights Online

Defend the Open Web: Keep DRM Out of W3C Standards 351

jrepin writes "There's a new front in the battle against digital restrictions management (DRM)technologies. These technologies, which supposedly exist to enforce copyright, have never done anything to get creative people paid. Instead, by design or by accident, their real effect is to interfere with innovation, fair use, competition, interoperability, and our right to own things. That's why we were appalled to learn that there is a proposal currently before the World Wide Web Consortium's HTML5 Working Group to build DRM into the next generation of core Web standards. The proposal is called Encrypted Media Extensions, or EME. Its adoption would be a calamitous development, and must be stopped."
This discussion has been archived. No new comments can be posted.

Defend the Open Web: Keep DRM Out of W3C Standards

Comments Filter:
  • by YesIAmAScript ( 886271 ) on Wednesday March 20, 2013 @11:46PM (#43231391)

    It's not going to knock DRM off the web.

    So why not put in a way for it to be done in a standard fashion?

    Putting the ability to serve DRM content into HTML is not going to close the web.

    • by slackware 3.6 ( 2524328 ) on Wednesday March 20, 2013 @11:52PM (#43231423)
      A standardised DRM means everyone will use it.
      If everyone uses a different standard it slows the spread of DRM and makes it more difficult for those who wish to use it.
      • by Shikaku ( 1129753 ) on Wednesday March 20, 2013 @11:57PM (#43231447)

        Can't we just make an IE/Firefox/Opera/Chrome add-on and be done with adding the DRM? If people want it they can install it themselves.

        • Re: (Score:3, Insightful)

          by BrokenHalo ( 565198 )
          No-one really wants DRM except for some of the bigger and nastier corporations. And as TFS mentioned, it does nothing to make sure the artists get paid for their work.

          The best way to ensure that is for them to either distribute it themselves or to sell it through one of the less-evil marketplaces (for instance Magnatune comes to mind). I personally prefer the former, since I like the warm fuzzy I get from the feeling that I am paying the artist directly, but I completely understand if they can't be bother
          • No-one really wants DRM except for some of the bigger and nastier corporations. And as TFS mentioned, it does nothing to make sure the artists get paid for their work.

            The best way to ensure that is for them to either distribute it themselves or to sell it through one of the less-evil marketplaces (for instance Magnatune comes to mind). I personally prefer the former, since I like the warm fuzzy I get from the feeling that I am paying the artist directly, but I completely understand if they can't be bothered with the learning curve involved.

            I know that is the overwelming perspective you see on slashdot, but believe me there are plenty of people who want DRM who are not just big nasty corporations. Some people (myself included) see no problem with a technology that prevents unauthorised viewing, use or copying of something provided it does not interfere with legitimate users in any way.

            If the DRM on DVD's let me watch a movie I had purchased in any country but simply stopped me creating copies for other people I would have no issues with it. Un

      • by Jah-Wren Ryel ( 80510 ) on Thursday March 21, 2013 @12:05AM (#43231487)

        A standardised DRM means everyone will use it.

        In no way do I support the idea of DRM in the HTML5 standard.

        But... There is an upside to having everyone standardize on one form of DRM -- once it is cracked it is cracked for everything

        I don't think that comes anywhere near balancing out the societal costs of ubiquitous DRM, but it ain't completely bad.

        • by AmiMoJo ( 196126 ) * on Thursday March 21, 2013 @12:30AM (#43231583) Homepage Journal

          It would seem to exclude open source software from essential web standards though, which is clearly bad. You can't implement a secure rendering path in open source software, can't hide secure decryption keys in it (even commercial BluRay players find that hard).

          It's bad enough that we have to deal with Flash.

          • If you can implement SSL and code-signing with opensource, you can implement DRM as well.

            You're probably thinking along the lines of having some key used to establish trust being baked into some binaries (and probably hidden using some sort of obfuscation). Sure, that approach gets defeated by revealing source -- but that approach isn't a fundamental necessity of DRM schemes (even though most of them do currently go that route).

            People are thinking of DRM in terms of music and videos. Time to think a bit out

            • by bWareiWare.co.uk ( 660144 ) on Thursday March 21, 2013 @06:12AM (#43232781) Homepage

              I am afraid you are confused.
              SSL and safely storing bank documents are jobs for encryption and this works very well. Basically you send a lockable chest to your bank but retain the key, they put your documents into it, close the lock, and send it back. Ensuring that only your key can open it. This is absolutely vital to modern society, but isn't a type of DRM.
              DRM usually requires encryption, but also something else. The content producers send their content in a locked box and then try and send the key to your computer in a way where the computer can use it open the box and play back the content but you can't use it to open the box and take the content out. This is obviously logically impossible, which is why you are always hearing of DRM schemes being broken just to watch a film (conversely if you could break a modern encryption system you could literally steal all the money in every bank in the world).
              So logically you can't actually implement DRM in closed source software, but with sufficient obfuscation you can get close (Intel literally burns some of the key into a special chip on your motherboard which makes finding it extremely hard). If you are open about what you code is and dose, that includes telling people where you hare trying to hide the key, making the game of hide and seek a bit shorter.

          • +1 to the open source part. The code may be opn source, but the builds need trusted clients you cannot put in the public domain.

            That is my main objection. Only trusted (big) players will get the decryption keys. And DRM has the feature is starts to spread. It starts with dycrypting the stream, then the renderer needs to be trusted. Next the HDCP link to the screeen, and if there was an option to encrypt the screen to eyes link, someone will build it.

            Open sourcing, and freely building, any of the components

        • by peppepz ( 1311345 ) on Thursday March 21, 2013 @01:03AM (#43231725)
          There is no standardization of DRM going on. What is being standardized is just a plugin scheme, like the one allowing Flash to be embedded inside web browsers. Once hackers crack, say, Google's "SecurChrome browser", sites will be able switch to Adobe's "Bolt plugin" or Apple's "iLockedDown platform", or just require customers to upgrade to "SecurChrome 2.1 SP3" which will be using a new encryption method or will implement a new kind of surveillance.
      • by tlhIngan ( 30335 ) <slashdot&worf,net> on Thursday March 21, 2013 @12:26AM (#43231563)

        A standardised DRM means everyone will use it.
        If everyone uses a different standard it slows the spread of DRM and makes it more difficult for those who wish to use it.

        No, it doesn't. We already have proof of it. In the form of flash video with DRM, and silverlight video, with DRM. Both were extremely popular, and everyone had Flash and Silverlight installed so they could watch their DRM'd videos.

        Now, is this a better outcome than having it as a standardized system? Consider all the flash vulnerabilities and silverlight vulnerabilities - everyone had to have them installed after all.

        And no, your opinion on DRM is not going to matter - if people provide useful content DRM'd like this, people will just install whatever.

        And frankly - what really keeps someone from taking Firefox and modifying the EME handler to instead of playing it in a video box, dumping the unencrypted content to a hard drive? Putting them in the HTML spec means the browser handles it, and honestly, I trust the browser vendors more than Flash or Silverlight. At least the browser gives you control.

      • Everyone who wants to use DRM in vids already does, using flash. Its not "do we have DRM or not", its "will it be standard, or will there be 50 implementations?"

        It also ignores the naievity of thinking "if we dont create a standard way to do something that people want to do, maybe theyll stop wanting to do it." You cant put the cat back in the bag simply by pretending the cat doesnt exist...

        • The problem is that this doesn't standardise DRM in any way, it just provides a hook in HTML5 for "content providers" (or whoever else) to insert whatever unspecified DRM schemes they want.

      • Administering DRM is a hassle for the provider as well as the user. Companies aren't going to throw on DRM just for the heck of it.

        Other content simply won't be provided on the web without DRM. It'll either come through your browser, a browser extension or a separate app. Adding DRM to the standard will give the best possible situation for this too.

      • it also allows a standard way for it to be cracked, dvd encryption is barely even considered encryption any more
      • Unfortunately DRM is here to stay though. Putting our hands over our ears and yelling 'I CAN'T HEAR YOU' over and over won't make it go away.

    • by andrew3 ( 2250992 ) on Thursday March 21, 2013 @12:38AM (#43231609)

      Suppose a user sends me a threatening message on some site online. With DRM I can't save it. Suppose I want to save a video so I can play it later (maybe I need to play it offline for my assignment work). Again, if it's DRM'd I can't do that. I don't want my computer to work against me, and I don't think that should be a "standard".

      Perhaps the better question is why should DRM be a standard? Why should computers disobey their owners for the sake of corporate greed? Why do media companies pretend that the world will end if DRM isn't added to HTML5?

      It might also help to read what media companies have proposed for HTML5 DRM [w3.org]. The BBC wants to be able to take legal action against anyone that bypasses the DRM (even if the user isn't infringing copyright itself).

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Thursday March 21, 2013 @02:08AM (#43231933)
      Comment removed based on user account deletion
  • Let em do it... (Score:4, Insightful)

    by Fluffeh ( 1273756 ) on Wednesday March 20, 2013 @11:48PM (#43231399)

    It will just be another technology that ends up falling on it's face while sucking money out of the corporations while they try to get it adopted as the mainstream or most adopted technology. If they are good for all, they will get used. If they aren't, why on earth would a developer use them? Every W3C set of standards has a bunch of tags that no-one in their right mind uses - or they come up with great new ways to get what they want out of them. I mean as an example (though it never made it into W3C) but look at Silverlight, Microsoft tried to take the market away from Flash, invested heavily into Silverlight, no doubt paid a LOT of developers to use their stuff, I found for a while a bunch of free downloads that "asked" to install Silverlight along with their code.

    Look at these stats:

    According to statowl.com, Microsoft Silverlight has a penetration of 64.16% on May 2011. Usage on July 2010 was 53.54%, whereas Adobe Flash is installed on 95.26% of browsers, and Java support is available on 76.51% of browsers (May 2011); these statistics makes Adobe Flash the market leader in terms of penetration.[20] As of 26 August 2011, 0.3% sites are using Silverlight,[21] whereas site usage of Adobe Flash is around 27%.

    Taken from http://en.wikipedia.org/wiki/Microsoft_Silverlight#Adoption [wikipedia.org]

    • Re:Let em do it... (Score:5, Insightful)

      by Dahamma ( 304068 ) on Thursday March 21, 2013 @12:11AM (#43231505)

      Yeah, but counting "the number of sites" using Silverlight or Flash is silly. Netflix is one of those sites, and it's the single largest streaming video, DRM, and bandwidth user on the planet by a huge margin.

      If HTML5 adopted a studio-approved DRM solution Netflix (and most other streaming providers) would drop Silverlight and Flash in a heartbeat. There is definitely something to be said for that...

      • Netflix is one of those sites

        Yeah, I sort of think that that statement actually makes my point even stronger. Look at how many millions Microsoft has put into Silverlight. Now, if they only have a handful of sites using it, they can only make money back off those same sites. Lets face it, the only reason that Netflix would choose to adopt a new technology is if it made it cheaper for them. Even iTunes pissed off the studios by offering DRM free content because they saw it would make them more money.

        If everyone starts using DRM, a site

        • by Dahamma ( 304068 )

          If everyone starts using DRM, a site will pop up that doesn't use it if there is a want of it from the consumers.

          Except that's not how it works.... Netflix uses DRM because that's what the studios require. No site can pop up that doesn't use because they will never be allowed to license the content.

          An also, DRM provider revenue is also not something you can base on the number of sites. These proprietary DRMs like Adobe Access and MS PlayReady charge per license issued (basically per stream), so Netflix al

        • Look at how many millions Microsoft has put into Silverlight. Now, if they only have a handful of sites using it, they can only make money back off those same sites

          Microsoft makes nothing off Silverlight. It's free from Microsoft, both the developer tools (unless you want to use the non-free versions, but why would you if cost is an issue?) and the runtime is entirely free.

          Lets face it, the only reason that Netflix would choose to adopt a new technology is if it made it cheaper for them.

          Possibly cheaper, more likely, with better features. Netflix can easily do with Silverlight what is currently not possible in HTML or easy in Flash.

      • Absolutely nothing is to be said for that. You would still be limited to whatever platforms Netflix chose to target with their encryption module, and vulnerable to whatever exploits said module introduces. I suspect that said module would become the linchpin for all licensing negotiations, thus crippling the ability for all devices to be HTML5 compatible.

        I expect that what will happen if EME is adopted, is that it will be extended to cover entire websites with the next revision.

        Thus EME promises to solve no

      • by AmiMoJo ( 196126 ) *

        That wouldn't help free software though because you can't implement DRM at all securely and be open source. There will have to be some method of validating the client before the site trusts it, and clearly they wont trust anything you compiled yourself or an OS that doesn't implement a secure graphics path.

  • by RedHackTea ( 2779623 ) on Wednesday March 20, 2013 @11:52PM (#43231417)
    Stuff like this wouldn't be so bad if we didn't know how much an asshole these companies have always shown themselves to be in the past. Media stored on the cloud or a computer became fantastic for me because I didn't have to worry about a DVD working in the USA but then not working in another country. That means if you ever move to another country that you will have to re-buy every DVD in your collection. Fuck that. Now, I bet they'll add the same type of control here. You must buy a DRM for your specific country or even more ridiculous restrictions than this (like fast forwarding as mentioned in the article, etc.).

    The rich get richer, and the poor get poorer. The free get freer, and the shackled get deader.
    • That was always the way. Try accessing BBC iPlayer in the US, or me accessing Amazon Prime's video streaming services from the UK. You can't pay for licensed access to those services; You have to circumvent the system, get yourself a VPN.

      For the most part I would use Netflix, Amazon's services, LoveFilm, whatever if they had the content I wanted and it was fairly priced, and offered worldwide at the same time. However, we get US release first and the world waits 6 months. That's not the deal, bub. They don
    • No. Stop thinking there is any silver lining to DRM. No open standard can EVER require DRM, as doing so would immediately mean they are no longer open. In order to properly implement a secure DRM mechanism, the entire code path from the time the content is decrypted to the time it shows up on the display must be secure. That's not secure from outside intruders, like ssh, mind you. That is secure from the user themselves. That means the DRM package, the browser, the kernel, the X11 server, the graphics

  • I'm for it. (Score:2, Insightful)

    by Anonymous Coward

    The reality is that some apps (like Netflix) require DRM. Why not offer a standard way to do it?

    • by Yaa 101 ( 664725 )

      Let them open and buy there own fucking network for that. i.e. cable tv

    • I'd be much more inclined towards proper, standardized DRM, if the "rights" included my rights, too. The content provider could keep the right to create copies of the content, but I would have the ownership of that particular copy to do whatever I please to do with it. Enjoy, loan, sell, destroy...
    • I wish people would stop up-rating posts like this. The one thing that made the internet what it was today is openness. The HTTP and HTML protocols were OPEN standards. Anyone who wanted to could write their own server or client, and do whatever they wanted with it. In order for DRM to work, this goes away. In order to implement those parts of the standard, the code must be licensed by a single agency, verified that it protects the content from the user, and distributed as a binary to prevent users fro
  • NO (Score:3, Interesting)

    by technosaurus ( 1704630 ) on Wednesday March 20, 2013 @11:58PM (#43231457)

    1 standard is better than 1000 crappy implementations - if you don't like it just disable it like you do any other browser option and you'll never be burdened with DRM'd content.

    • 1) There is no standard for encryption. It's just the plugin scheme which is being standardized, so you WILL have competing standards. Hint: Adobe is one of the proponents of this standard.
      2) DRM can't be implemented by open-source applications, and it can be implemented only weakly on open platforms, so content providers will still have the option to tell you "sorry, you can only watch our site on non-jailbroken iPhones or non-rooted Samsung-branded Android phones" - in a standard way.
      3) We're not talkin
    • Re:NO (Score:5, Insightful)

      by Microlith ( 54737 ) on Thursday March 21, 2013 @02:14AM (#43231949)

      No, you'll have 1000 crappy DRM modules running in the background, exposing you to all of their flaws and limiting you to the platforms they support.

      This solves no real problems, except to shift them from Flash/Silverlight to an unknown, black-box module.

  • by Guspaz ( 556486 ) on Thursday March 21, 2013 @12:17AM (#43231531)

    Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

    I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

    • I agree. I really have no problem paying to watch a film; I just don't want paying for it to be a painful, unreliable experience. The way these discussions go on Slashdot, you'd think there was an attempt to make free content illegal.

    • by peppepz ( 1311345 ) on Thursday March 21, 2013 @01:21AM (#43231791)

      Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some of us DO, and we'd like to be able to use these sorts of services without proprietary plugins like Silverlight dictating what operating systems we can use it on.

      Sorry, but it's YOU who want to use DRM'd services who must not drag other people into paying the price of your DRM. And by paying the price I mean the added complexity which I will pay to develop, the computational overhead which I will pay with my energy bill, and above all, the platform lockdown which is necessary to support a minimally meaningful DRM subsystem which I will find in the devices I bought. Define all the standards you want, but don't put them into HTML.

      I'm a realist. DRM is idiotic and useless, but the people holding the cards are too dumb to realize that. If that means that I have to accept unobtrusive and transparent DRM to view content because of that, so be it. DRM done right doesn't get in the user's way, and a standardized form of DRM will help keep it from getting in the way. This needs to happen.

      Then as a realist you need to know that EME is nothing like that! EME does not specify a single standard, but rather an unified framework allowing binary-only plugins or incompatible binary-only browser implementations dictate what parts of HTML pages you're allowed to save on your PC, depending on who you are, what you're doing and what operating system you're running. In other words, it's just like the Flash plugin without the presentation layer. And unlike Flash, it won't be possible to implement it with open source code.

    • by devent ( 1627873 )

      Did you even looked at the Article or read it?
      The EME proposal will not eliminate proprietary plugins. All EME is do is to standardize an interface to access those proprietary plugins. Look at the graphic: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html [w3.org]
      Do you see the big block "Content Decryption Module (CDM)"? That is the proprietary plugin.

      No DRM can work without a proprietary plugin. Right now it's Flash or Silverlight and you can download it if you want to use Netflix

      • by devent ( 1627873 )

        See the bug: EME is not limited to video. [w3.org]

        The EME CDM is not limited to just video and could well implement an entire
        HTML engine defeating the good work of many to allow users to customize the
        presentation of HTML. I suggest there is not way to achieve such a restriction
        within the space of solutions acceptable to the proponents.

  • by SwampChicken ( 1383905 ) on Thursday March 21, 2013 @12:20AM (#43231535)
    ....has been drawn my fellow geeks.
  • Seriously, everyone raves about it, but it's already poisoned candy. Adding DRM to it would just be adding a razor blade.

    The HTML5 spec as it stands now is a mess. The semantics are laughable. Sectioning is a mess. The expanded set of characters allowed in identifiers means lots of ugly escape sequences in CSS and Javascript when those new characters are used (seriously, try writing a selector for <div id="foo.bar[baz]"></div>). And there's still no grouping element for dt and dd elements i

  • This extension is really just a API to communicate with DRM plugins. Whilst it would be good to standardise on a single API, it still requires having closed source plugins to do the actual decoding.

    Kinda like what Flash does now.

  • by kermidge ( 2221646 ) on Thursday March 21, 2013 @12:57AM (#43231701) Journal

    When I see comments on the inclusion of Digital Restriction Management in Web standards couched in approving tones, I know that I must be getting old. To me the only valid use of DRM in the long term is as an answer to a trivia question on screwy 'net practices of the late 20th and early 21st centuries.

    If in the interim DRM is deemed necessary for some things by some people then incorporate it in a desktop or browser widget as is currently done, say, for Netflix.

    And no, I haven't any wonderful answers to all kinds 'good' questions on this, or any deep thoughts on this and the related larger issues; it's just my old fart reaction.

    When I bought a book, it was mine. When I used a camera it wasn't locked in to one film manufacturer. Anything with an engine would happily use any brand of gasoline of the correct octane range. When I found that a DVD player/burner I had bought was region-locked, I half flipped. Ditto, when terms of 'sale' for a program I bought on CD forbade making an archive copy.

    But then, when I went to see a movie at the theater the thought to bring a movie camera never crossed my mind.

    Oh, yeah, just for grins: take Netflix for an example - it uses some kind of DRM, right? (Yeah, I know it does, 'cuz I had to fire up an vm of XP to install Silverlight - until an enterprising duo came up with a wonderful change to Wine that lets me use Netflix from my Ubuntu desktop.) So then, just how many of the protected movies on Netflix don't have torrent or magnet links somewhere? If the answer is few to none, then WTF is the use of having the DRM?

  • What is the W3C 'Working' Group doing on this anyway?

    HTML5 wouldn't exist if it wasn't for the WHATWG going around the W3C (who was busy fucking up CSS standards at the time)...

    W3C needs to go away...

    DRM has no place in codebase

  • by knorthern knight ( 513660 ) on Thursday March 21, 2013 @02:52AM (#43232067)

    EME is proposed as an API, allowing "binary blobs" to execute. That's ***EXACTLY*** what Active-X does in Internet Explorer. Just like Active-X, the binary blobs won't be a complete stand-alone OS. Instead, they'll hook into your operating system, with high privileges. That means that the binary blobs will be OS-specific.

    I can see compromised websites popping up with requests to load codec-XXX to "See Sexy Suzy Stripping". And there'll be a lot of idiots who'll fall for it.

  • Then make some movies of your own and release them to the world DRM-free. That's the FOSS way. RMS couldn't find an OS he could trust so he started working on his own. Linus came along and tied it all together and now we've got Linux. The point is they didn't just bitch about things they didn't like on message boards, they solved a problem they were having and made the world a better and wealthier place for it.

    The content that's getting DRM protection - that's other people's stuff. What they do with their

  • and that is exactly the reason why i believe it must be standardized. When i get a program or a file i want to answer the question "does it use DRM" easily.

    I had recently a very bad experience with an deployment tool, which did not mention DRM at all but actually used DRM methods to protect code from being changed without telling so. I got a little suspicious and after drilling the support for 1h they admitted that the real purpose of the "encryption" was not to "protect the code on the way to the customer"

  • First of all, every DRM has been and will be cracked. If my computer will somehow be able to decode a video for playback, then it's already cracked. And there's no way open source browsers will somehow lack the ability to play back these encrypted files. So, to that end, let them do it. We will have our content.

    I understand there may be some GPL issues, but Firefox isn't GPL is it? What browser(s) are?

    DRM is a devil. The ignorant and greedy believe things about it which are not true. This isn't a "lo

  • by ElusiveJoe ( 1716808 ) on Thursday March 21, 2013 @04:58AM (#43232493)

    Next thing they'll add will be DRM for web pages, so you won't be able to view the HTML code.

    I mean, WTF? Millions of $$$ were invested in the web page, and now some greasy nerd can view it freely? Protect! Protect! Intellectual property!

  • Now tell me; since Flash and Silverlight will exist, anyway... How are we going to keep the web open, exactly?

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...