Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
DRM The Internet Your Rights Online

What's Actually Wrong With DRM In HTML5? 447

kxra writes "The Free Culture Foundation has posted a thorough response to the most common and misinformed defenses of the W3C's Extended Media Extensions (EME) proposal to inject DRM into HTML5. They join the EFF and FSF in a call to send a strong message to the W3C that DRM in HTML5 undermines the W3C's self-stated mission to make the benefits of the Web 'available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.' The FCF counters the three most common myths by unpacking some quotes which explain that 1.) DRM is not about protecting copyright. That is a straw man. DRM is about limiting the functionality of devices and selling features back in the form of services. 2.) DRM in HTML5 doesn't obsolete proprietary, platform-specific browser plug-ins; it encourages them. 3.) the Web doesn't need big media; big media needs the Web." Also: the FSF has announced that a coalition of 27 web freedom organizations have sent a joint letter to the W3C opposing DRM support in HTML5.
This discussion has been archived. No new comments can be posted.

What's Actually Wrong With DRM In HTML5?

Comments Filter:
  • by fustakrakich ( 1673220 ) on Wednesday April 24, 2013 @03:16PM (#43539941) Journal

    It exists...

    • by Anonymous Coward on Wednesday April 24, 2013 @03:22PM (#43540001)

      DRM in HTML5 doesn't obsolete proprietary, platform-specific browser plug-ins; it encourages them.

      The only reason any thinking human ever made a conscious informed decision to install Silverlight was to watch Netflix.

      • by lgw ( 121541 ) on Wednesday April 24, 2013 @03:27PM (#43540071) Journal

        The only reason any thinking human ever made a conscious informed decision to install Silverlight was to watch Netflix.

        I've always assumed the name "Silverlight" was chosen precisely because it was a platform designed primarily to allow you to watch movies.

        DRM means I get to watch Netflix, so I'm all for DRM in HTML5. If it's not embraced in some way by the standard, it will happen anyway, and be platform specific and even more annoying.

        There is no "movies without DRM" option available to the standards committee, sorry.

        • by Minwee ( 522556 ) <dcr@neverwhen.org> on Wednesday April 24, 2013 @03:33PM (#43540155) Homepage
          Really? I always thought they chose that because "Silverfish" was already trademarked by someone else.
          • by Elixon ( 832904 ) on Thursday April 25, 2013 @09:46AM (#43546075) Homepage Journal

            I can understand that gold has a real price. I can understand that a house has a real price... because they are scarce. That is why there will be real-world poor a rich people.

            Internet and the whole intellectual world was never meant to be driven by scarcity. The Internet was build to mitigate the real-world problems with duplicating resources. The Internet allows the main commodity - information - to be transferred, duplicated, created, shared... at virtually no cost. Internet is the attempt to create a world where there are no poor (speaking of knowledge) people but everybody share everything as much as possible for the good of mankind.

            The scarcity complex is artificially introduced to this unlimited e-world by companies who simply failed so far to find a new business model in a world where everybody is already rich with information - everybody are already fed with information. Where there is no hunger/demand there is no traditional business model. So lets make those information rich people become poor so they will hunger for information and then we can feed them for a price.

            Let's deny access to information using a copyrights, laws, DRMs... Let's artificially create once again information-rich and information-poor people because the existing real-world model proved to work so well.

        • Re: (Score:3, Insightful)

          If it's not embraced in some way by the standard, it will happen anyway, and be platform specific and even more annoying.

          And this is why circumvention is important and necessary.

        • by fuzzyfuzzyfungus ( 1223518 ) on Wednesday April 24, 2013 @03:42PM (#43540259) Journal

          I've always assumed the name "Silverlight" was chosen precisely because it was a platform designed primarily to allow you to watch movies.

          DRM means I get to watch Netflix, so I'm all for DRM in HTML5.

          Have you read the proposed standard? All it provides for are some javascript bits and pieces for interacting with the 'CDM', a totally unspecified piece of software and/or hardware that handles decryption and optionally on-screen rendering.

          They don't call it this, of course; but it's a plugin, albeit one that is invoked in the 'video' tag rather than the 'object' tag.

          No CDM for your platform? No playback. That's the thing, this isn't even some 'well, pragmatic compromise to gain greater functionality' thing: it constitutes absolutely no improvement over the current 'proprietary plugin required to playback DRMed movies' situation, it just changes 'plugin' to 'Content Decryption Module' and slightly changes the mechanism for talking to it.

          Platform independent? Absolutely nothing in the spec about that(indeed, 'CDM may use or defer to platform capabilities', so it's explicitly OK for CDMs to have design features that require certain platform specific features).

          An improvement in the integration of video into the page, DOM access, etc? Well, requesting the encrypted video is handled in javascript and HTML; but the CDM blackboxes everything from decryption to (optionally, probably mandatory if anybody is worried about the browser just grabbing decrypted frames) painting onscreen. Totally opaque blob embedded in the page, just like a plugin.

          Other than giving the "HTML5!" stamp of approval to absolutely whatever CDMs people wish to use, the proposal really isn't "in" HTML5 at all. The CDM, the only important part of the game, is 'HTML5' in the sense that Java Applets, or flash objects, or ActiveX controls, are HTML: they can be embedded in web pages using HTML tags. That's it.

          • by Darinbob ( 1142669 ) on Wednesday April 24, 2013 @04:22PM (#43540671)

            This is one reason I think HTML5 is just a joke. HTML used to be about presenting information, but in HTM5 it's being turned into an application platform. Sort of like the difference between a Postscript viewer and the latest Adobe Reader.

            • by LordLucless ( 582312 ) on Wednesday April 24, 2013 @05:52PM (#43541457)

              Which is fine, because it mirrors the use to which it's being put. People used to display information on websites, now they run applications on them.

            • by coliverhb ( 886806 ) on Wednesday April 24, 2013 @10:28PM (#43543025)

              This is one reason I think HTML5 is just a joke. HTML used to be about presenting information, but in HTM5 it's being turned into an application platform. Sort of like the difference between a Postscript viewer and the latest Adobe Reader.

              As someone who works with HTML5, I have no idea what you are talking about. Most of the things you may consider HTML5 are actually javascript + html5 + css HTML5 is litteraly about structure, with sane defaults, that's it. Javascript handles the client side decision making, animations, etc., css handles the styling and some animations (It's just beginning to delve into that). HTML5 is absolutely about presenting information in a simple, standardized way - you're bemoaning the marketing dept. of most web solutions companies, which are taking a leaf out of the 'Cloud' and 'Green' marketing handbook.

          • by makomk ( 752139 ) on Wednesday April 24, 2013 @06:25PM (#43541639) Journal

            The CDM isn't necessarily even a plugin; it can be integrated into the browser. So for instance Microsoft could decide that Internet Explorer will have a built-in implementation of their PlayReady DRM as the only CDM it supports and that they won't allow other browsers to use that CDM or other CDM implementations in their browsers, and that'd be entirely compliant with the HTML5 ECE specification. It'd also be entirely non-interoperable with any non-Microsoft browser or platform.

          • They don't call it this, of course; but it's a plugin, albeit one that is invoked in the 'video' tag rather than the 'object' tag.

            No CDM for your platform? No playback.

            So it sounds like we're replacing the current system of platform specific plugins, with a new system of platform specific plugins.

            I fail to see the controversy.

          • You're missing a key point. In order for DRM to work, everything needs to be a totally opaque blob, including your browser, your graphics drivers, and your operating system. Any sensible CDM (yes, Flash is not a sensible CDM) is going to require the browser be tested and signed that it will uphold the restrictions of the DRM. Your signed browser will require your operating system be signed before it allows the DRM bits to operate. Your signed operating system will require all your hardware drivers be si

        • by the_B0fh ( 208483 ) on Wednesday April 24, 2013 @04:09PM (#43540555) Homepage

          Just so you can watch netflix, we ought to fuck over HTML5?

          No, fuck you and your overly endowed sense of entitlement.

        • So as long as you get netflix, people can impose whatever restrictive scheme they want?

          • by lgw ( 121541 )

            The ability of people to impose whatever restrictive scheme they want persists regardless of the recognition of the existence of DRM in the HTML5 standard. There's nothing the W3C can to do prevent DRM on streaming video.

            A standard is only useful and relevant to the extent that it standardizes what actually happens. Wishcasting has no place in a standards body.

            Netflix streaming is a significant part of the internet. Netflix will have DRM, like it or not. A standard that simply ignores the reality of a s

            • The issue is whether or not that DRM should be enabled by the standard, or even a part of the standard, or whether the standard should remain open to the original idea of enabling the viewing of content in an open manner.

              Adobe Flash is a significant part of the internet, but it would be ridiculous to have HTML include it as part of the standard or to have a standardized "flash" tag.

        • by AlphaWolf_HK ( 692722 ) on Wednesday April 24, 2013 @04:46PM (#43540859)

          Eventually the content providers will just provide DRM free media anyways. Do you know why? For the same reason why they still allow content to be broadcast over the air DRM free:

          In spite of making threats that they wouldn't permit broadcasts of their media without a broadcast flag, none was ever implemented so they permitted it anyways because it was too lucrative to not do so.

        • by gr8_phk ( 621180 ) on Wednesday April 24, 2013 @04:46PM (#43540861)

          There is no "movies without DRM" option available to the standards committee, sorry.

          Actually, the video tag works just fine without DRM - go watch YouTube with HTML 5 and no DRM. The reality may be that there is no netflix in HTML 5 without DRM, but there will certainly be a netflix plugin or standalone app with DRM if it's not in HTML5. There really is no purpose for it in the standard - it's just a standard way to embed non-standard stuff in the web, and that's not good for anyone.

        • by Anonymous Coward on Wednesday April 24, 2013 @05:29PM (#43541255)

          There is no "movies without DRM" option available to the standards committee, sorry.

          You're mistaken and there's a standard which is over 20 years old. It works extremely well, better than HTML5 or Flash. It's called a "href" attribute of the "a" tag. I challenge you to put forth any movies-on-the-web solution which works half as well as that does.

          The reason we didn't just settle on that solution and move on, is that various parties decided they hated the standard, because the standard is too pro-user. It works too well. But don't pretend it doesn't work and isn't available. It's Netflix's fault they didn't use the right tool for he job, not the standard body's fault. You can make excuses and rationalize it if you want to, but at least lay this blame where it truly belongs.

          Actually, though it's rare, some people do use the standard. Louis CK's website uses the standard. And as a result, Amazon and iTunes ("technology" giants!) are relative usability nightmares, trivially one-upped in the tech game by a comedian. Louis CK is hilarious, but effortlessly beating the tech giants at delivering a bullet-proof web for-pay video site is especially hilarious.

          Seriously, go to the web site, pay the $5, and tell me Netflix isn't a totally anachronistic embarrassment next to that.

          The reason "DRM means I can watch Netflix" is that you didn't say "no" when you were supposed to. If you had abstained from Netflix, you might have modern tech today, and be wathcing your movies using that. Instead, you've got some bastardized proprietary software that nothing else can talk to, doesn't integrate with any other components, and whose feature list is made up of the dreams of the whole inter-- oops I mean -- the dreams of one single marketing department. Not even techies. Not movie-lovers. Just some group who makes decisions about what you're allowed to do.

          You can begin today, though. Just say no. Pirate until they open for real business, and throw your money at the few who actually deal in good faith and deliver the very best video products. LCK showed it can be done. Who else wants some money? Nobody? Ok, we'll keep our money for now. It's here and waiting for whoever uses the video standard: the "a" tag.

      • Actually, I first installed it (under great protest) when WotC discontinued their DnD character builder application for the Windows desktop.
    • by larpon ( 974081 )
      I second that. The simple look, feel and maybe even taste of the phrase "rights management" gives me the creeps. Rights are supposed to free - no matter to whom they belong.
      • by Miros ( 734652 )
        What? There are a lot of different 'rights' out there - are you arguing that there shouldn't be notions of property and 'property rights?'
    • Comment removed based on user account deletion
  • Bias (Score:5, Insightful)

    by bradgoodman ( 964302 ) on Wednesday April 24, 2013 @03:21PM (#43539987) Homepage
    As much as like the concept of "open and free", blah blah blah - I'm not really buying the argument. I don't want to swallow "big media's" load of tripe on the issue - things aren't all black-and-white. I don't necessarily swallow the arguments made by the OP about wanting to "sell back services" and "limiting functionality of devices". "Big Media" doesn't care about your device or what it does - it *does* care about piracy, though. So let's call a spade a spade, and admit that it *is* about copy protection (whether you like/agree with it or not).

    This is like the old DIVX argument from years ago. Just because your device is *capable* of playing protected content - it doesn't mean you *have* to play (or pay for) protected content. It would be nice to be able to offer the functionality for services like Netflix, Amazon, or whoever else you want to watch, in a standardized, cross-platform manner, without every media provider having to build some hokey Java or Flash player into every browser, TV, DVD player, Game console, etc etc etc - and still have wonky support for only half the devices, and no support for "new" services on "legacy" devices.

    But I digress - I'm not trying to sway anyone's opinion on the matter - let's just call a spade a spade - it *is* about copy-protection.

    • Re:Bias (Score:5, Insightful)

      by denis-The-menace ( 471988 ) on Wednesday April 24, 2013 @03:27PM (#43540067)

      For DVDs, at least, it's about forcing makers of DVD players to respect the "can't skip commercials" features of commercial DVD discs.

      That way the commercials are force-ably watched. (at least on hardware players)

      As copy protection goes, it's as good as ROT-13 for encrypting text.

    • Re:Bias (Score:4, Insightful)

      by blackiner ( 2787381 ) on Wednesday April 24, 2013 @03:45PM (#43540289)
      How about you guys actually think about it for more than five minutes?

      If making sure the video stream was encrypted was the big deal, it can just as easily be down with javascript. AES is not some mystical impossible to implement technology. The purpose of DRM in HTML5 serves only one purpose, to add a "black box" to websites. So how is this DRM actually implemented by the browsers? Who the hell knows. If it relies on software, then it will simply be cracked instantaneously. There will be no point to it. Firefox is open source, you can just recompile it to direct DRM streams into a file or something. If it instead redirects the DRM stream to hardware, well, then you are basically fucked. It will only work with certain computers/devices. You end up in a situation similar to websites requiring flash currently, where some sites simply don't work with your tablet or such.

      The implementation they seem to want is to have the browser redirect the DRM stream to a software blob that will decrypt it and do "something". God knows what. But it will work on most devices, provided they cross compile plugins. This is the same crappy situation as activeX, where you will are forced to install plugins where you have no idea or control over what they do. If you don't install them, entire pieces of websites will not work. And they will pop up EVERYWHERE.

      This is the worst possible outcome, there is a good reason people are fighting this.
    • by Hatta ( 162192 )

      So let's call a spade a spade, and admit that it *is* about copy protection

      If it was about copy protection, you would expect DRM to actually protect things from being copied. But I can find copies of anything I want easily, no matter how much DRM has been piled on. Therefore, it cannot actually be about DRM. QED.

    • Re:Bias (Score:4, Insightful)

      by MozeeToby ( 1163751 ) on Wednesday April 24, 2013 @03:52PM (#43540369)

      Here's the thing. It takes one guy, anywhere in the world, to break DRM and post it somewhere. Does your DRM eventually decode to a format that a human being can see and hear? Then it will be broken. Someone will use audio/video capture devices if nothing else and all you've done is piss a bunch of people off. DRM for movies and music is fundamentally broken because at some point you've got to end up outputting all the information to the user (at least with SW it is theoretically possible to prevent unauthorized access).

      • I agree. But if a service elects to use it anyway - why not just give them a standardized way to do it - that will work across all devices, rather than making them jump through hoops, creating different plug-ins for all sorts of devices, many of which are less-trivial than others. (Think writing a Firefox plug-in vs. a Tivo or Wii plug-in).

        If the services deem this as "sufficient" protection, give them a way to do it. If you're "pissed-off" by the way a particular service choose to implement it, and the r

        • by jedidiah ( 1196 )

          > . But if a service elects to use it anyway - why not just give them a standardized way to do it - that will work across all devices

          That's a nice fantasy.

          Unfortunately, the reality is much less ideal.

          It is not standardized. I will not work across all devices.

          It's really just like the current solutions (Flash, Silverlight).

      • by Miros ( 734652 )
        I dont think purveyors of DRM systems view them as being flawless. The point is not to make it impossible to pirate content but to make it inconvenient enough that the average consumer wont do it. HDCP, CSS, FairPlay, AACS etc. have been very effective at that.
    • Re:Bias (Score:5, Insightful)

      by silas_moeckel ( 234313 ) <silas AT dsminc-corp DOT com> on Wednesday April 24, 2013 @04:02PM (#43540493) Homepage

      Big media cares about a lot more than copy protection. They care about reselling you the same content in multiple formats. They care about restricting where, when, and how long you can access content. They want to limit sharing of content. They want more rights than what copyright gives them for longer than the already insanely long copyright term They want to force there content to check in so they have an idea who and where somebody is accessing it. They want control over what operating system and what hardware you access the content on.

      DRM is not just copy protection it's a slew of rights the content owners that they never had before. Copy protection can be as simple as watermarking each copy sold, that gives them about what they had in the dead tree age. It's flawed sure but keeps the status quo.

      You have to realize that you can keep adding more and more security along the path but it just hampers lawful users. Today's best consumer DRM is still vulnerable to "simple" attacks like emulating a LCD display since that's after the HDCP decoder. Watermarking only gives you a good idea of who to sue not all the rest of the bits.

      As to HTML5 it should include a robust media streaming framework. That frameworks must be open. All the DRM systems I know of can not exist without some sort of secret that's obfuscated from the end system but still accessible, that's the antithesis of open.
       

    • Big Media cares about piracy, slightly. DRM does slow down piracy, slightly. However what scares Big Media is that loss of control, and DRM is designed to fix that. DRM is all about preventing you from reselling media that you have bought, or lending the media out, or making backups, or viewing it more times than you are authorized for, or viewing/listening/playing on media that's not properly locked down to prevent illicit copying, etc. Piracy is just the excuse Big Media uses to get naive people to ac

  • by rubypossum ( 693765 ) on Wednesday April 24, 2013 @03:24PM (#43540037)
    We don't need to hobble our technologies to make certain people money.
    • by bradgoodman ( 964302 ) on Wednesday April 24, 2013 @03:33PM (#43540151) Homepage
      How is it "hobbling" the technology. If you don't like the DRM aspect of it - don't watch protected content with it. It's not going to have any affect on you.
      • by betterunixthanunix ( 980855 ) on Wednesday April 24, 2013 @03:41PM (#43540243)
        DRM, by definition, hobbles technology. This is not about "choice" -- if all the major media outlets use this technology, it will be enabled by default on everyone's computer, and everyone's computer will be programmed (by default) to fight against the user.
        • No, it would merely *allow* one to play DRM protected content. If you don't like the protection, don't use that services content. Service do all this today, they just need *proprietary* plug-ins to do so.
    • by Miros ( 734652 )
      The people trying to make money from content will deploy whatever technology best enables them to do so. Not enabling your technology to meet this need will simply ensure that they use something else. That something else may not be as good as your solution could have been.
    • Yea we want to make technology that no one will use or adopt!

      Sorry life requires compromise.

    • We don't need to hobble our technologies to make certain people money.

      As long as you're not the guy complaining down the road that Netflix still hasn't come to Linux.

    • We don't need to hobble our technologies to make certain people money.

      No. What you're actually advocating is making legal content inaccessible only to the niche you're in, by exclusion, for the sake of ideology.

      DRM will exist in most legitimate channels. That's a fact of life for the next 5+ years, yet. The option right now is whether or not you want it to work everywhere.

      • by h4rr4r ( 612664 ) on Wednesday April 24, 2013 @03:56PM (#43540403)

        Nope. It will not work everywhere, it cannot.
        If the plugin was universal then there is nothing stopping us linux users from writing the output to a file instead of the display. That means the DRM would be useless. Instead it will need a CDM for windows to use protected path, one for whatever OSX uses and that will be that. Nothing else will get support.

    • We don't need to hobble our technologies to make certain people money.

      Half of prime time Internet traffic in the states was a licensed Netflix download before Netflix offered a download-only service.

      Standard Definition, No multichannel theater sound. No captioning,

      The only thing you accomplish by keeping content protection out of the browser is to shift focus to the walled gardens of the OS branded app and app store.

      Subscription services?

      No problem for OSX and Windows, the Intenet enabled HDTV, the Dennon home theater receiver, the Roku set top box. The Xbox, Playstation or

  • by bradgoodman ( 964302 ) on Wednesday April 24, 2013 @03:26PM (#43540061) Homepage
    ...is that when I went back to the original Slashdot post on "Ian Hickson (author of HTML5 spec.) on the real purpose of DRM" - the enclosed link to the original article made me go through a sign-on to Google Plus" :-O
  • The reality of any petition is that the W3C will likely do what its (paying) members want (as it is after all an industrial consortium), and hence it is unlikely to care what others think provided it doesn't hurt growing the membership.

    • by ADRA ( 37398 )

      Much unlike MPEG, there are no trade requirements that requires these specifications to be followed. They throw them up, and the organization lives and dies by adoption, not because we have to. If W3C wants to release yet another specification that members or the general public decide not to adopt, nobody gets sued, and the specification most likely stick into the vestigial category of web crap thrown in that seemed like a good idea at the time, like VRML or the likes.

      Now as stated, W3C is essentially as re

  • Most of the web's video is streamed from Netflix. That's mostly streamed through Silverlight or browser specific plugins.

    How does letting HTML5 natively stream Netflix encourage proprietary browser plugins!? If just Netflix switched over (and they've said they intend to once DRM is in the spec) then by definition the majority of HTML5 streaming will be using less not more browser plugins.

    • by h4rr4r ( 612664 )

      Because the plugin will still be proprietary and OS specific. It has to be, else we linux users can just fire the output into a file. So instead it has to use some CDM for the OS it is on that only outputs to protected path hardware.

      • You can either run Netflix-on-Windows in a VM or run Netflix via wine....in both cases you could grab the unencrypted video output and dump it to a file for a pristine digital copy (well, as good as what you were watching anyway).

        • by h4rr4r ( 612664 )

          Sure, and with this plugin you will be doing the same exact thing. Well probably not the first one, since I think protected path fails on VMs.

    • by gl4ss ( 559668 )

      Most of the web's video is streamed from Netflix. That's mostly streamed through Silverlight or browser specific plugins.

      How does letting HTML5 natively stream Netflix encourage proprietary browser plugins!? If just Netflix switched over (and they've said they intend to once DRM is in the spec) then by definition the majority of HTML5 streaming will be using less not more browser plugins.

      well then whole browser would become the silverlight plugin. just think about it for a second.

      but this spec is more like about speccing out another plugin interface, because maybe they had at least the decency to think that doing the whole browser into a closed black box that needs to run isolated from the users own programs was a bad idea and a can of worms. sooo.. none of the implementations using it would be using native html5 streaming as implemented on variety of devices/browsers - and if it did then

  • This is easy... (Score:5, Insightful)

    by gQuigs ( 913879 ) on Wednesday April 24, 2013 @04:02PM (#43540495) Homepage

    DRM is bad.[1]
    HTML5 is good.
    If a bad thing is included in something good, that thing is still bad.
    Therefore, DRM in HTML5 is bad.

    [1] It should be obvious DRM is bad, but: https://www.eff.org/issues/drm [eff.org]

    In fact, Consumer oriented DRM should be illegal. It's an anti-competive anti-consumer dangerous practice. (I'm totally fine with the military using DRM to protect confidential information, etc).

    • by Miros ( 734652 )

      In fact, Consumer oriented DRM should be illegal. It's an anti-competive anti-consumer dangerous practice.

      How is it any more anti-competitive or anti-consumer than copyright in general? If your issue is with copyright why not just come out and say it?

      • by gQuigs ( 913879 )

        How is it any more anti-competitive or anti-consumer than copyright in general? If your issue is with copyright why not just come out and say it?

        I do have some problems with copyright in the US, but I don't really see why it's relevant. (It is way to long, this mickey mouse copyright we have in the US).

        I'm fine not having the right to copy your content, except for purposes considered fair use. I'm not fine with you enforcing that I don't have my fair use rights and that you will are able to follow me around and make sure I don't break your interuption of copyright law.

        How is DRM not anti-consumer?

        I guess it could theoretically be less anti-competi

  • W3C sent them back a letter in conjunction with ICANN sayng "Fuck you and Fuck the Interwebs. We want some of that internet money like the Canadians got!"

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...