EFF Officially Appeals Tim Berners-Lee Decision On DRM In HTML (techdirt.com) 149
Last week, the World Wide Web Consortium (W3C) decided to officially recommend the use of Encrypted Media Extensions (EME) for protecting copyrighted video on the internet. This will enable web surfers to watch media in a browser that requires Digital Rights Management copy protection without the need for browser-based plugins. "It moves the responsibility for interaction from plugins to the browser," the consortium states at the time. "As such, EME offers a better user experience, bringing greater interoperability, privacy, security, and accessibility to viewing encrypted video on the web." TechDirt shares an update: It's been a foregone conclusion that EME was going to get approved, but there was a smaller fight about whether or not W3C would back a covenant not to sue security and privacy researchers who would be investigating (and sometimes breaking) that encryption. Due to massive pushback from the likes of the MPAA and (unfortunately) Netflix, Tim Berners-Lee rejected this covenant proposal. In response, W3C member EFF has now filed a notice of appeal on the decision. The crux of the appeal is the claimed benefits of EME that Berners-Lee put forth won't actually be benefits without the freedom of security researchers to audit the technology -- and that the wider W3C membership should have been able to vote on the issue. This appeals process has never been used before at the W3C, even though it's officially part of its charter -- so no one's entirely sure what happens next.
Seems like drm should be a PLUGIN to me. (Score:5, Insightful)
Re: (Score:1, Insightful)
Re: (Score:3, Informative)
it makes open source browsers impossible.
without a eme plugin i suppose.
Re: (Score:1)
The eme plugin also has to have more access to your system than you do, even as admin. Otherwise the OS can't be "trusted" with the decryption, neither can the browser or application with the EME plugin.
And if it has better access to your computer and MUST by definition be accessible to the internet at large and whatever is accessing it is implicitly trusted more than the operator or owner of the computer so infected, it will be the end goal of hacking and botnets. Even removing it would become a crime. Hel
Re: (Score:2)
No, it really doesn't make open source browser impossible. They're just as possible as always.
You just won't have open source DRM plugins, exactly like is the situation now.
Re: (Score:1)
when I browse Netflix or whatever other streaming site I choose I don't want a fucking plugin and all the incompatibilities, support issues and problems that come with it
Good, then you agree with the EFF.
Because this is a new plugin system, with all the problems that comes with it. Just as Flash and Silverlight were finally dying, some asshole at the W3C decided to bring that idea back.
Re: (Score:1)
EME will still exist regardless of what comes of this appeal. It's not as if browser makers are legally obligated to stop shipping EME even if Tim did reverse the decision. They were doing so long before EME was even approved.
Re: (Score:2)
Exactly. What the EME really does is make DRM more politically acceptable. It doesn't give any technical advantages over the old way.
That's precisely why it should not be part of the standard.
Re: (Score:1)
And I agreed. I was just adding more info.
Re:Seems like drm should be a PLUGIN to me. (Score:5, Insightful)
EFF may find it offensive the rest of us just want shit to work, when I browse Netflix or whatever other streaming site I choose I don't want a fucking plugin and all the incompatibilities
Right.... Plugins are history. And DRM should Not be grafted into an open standard such as HTML. If Netflix insists on DRM-encoded content, only option should be to use their own custom protocol with an external viewer: Not the web browser, because they are not implementing a "Web site", at that point, they are implementing an encrypted binary blob that can only be viewed using proprietary software.
Re: (Score:1)
If DRM is to be grafted onto open standards (which I do not think it should be), then it should be available for everyone to use, not just the media corporations etc. If Joe Public wants to protect his work with DRM then (because it is an open standard) he should have just as much right to do so, and the means to do so should be easily available (eg not requiring a license costing megabucks) to him.
Re: (Score:1)
pretty much my thoight on the topic.
while i love the eff i think they and netflix are wrong on this issue.
netflix has a monopoly position because they can spend the money on the tech.
make that tech open and free and everyman and his dog can run their own version of netflix and there is nothing the movie mafia can do to stop it. because they dont get the rights to see if a video is pirate content or not.
Re: (Score:1)
They can.
Re: (Score:2)
If DRM is to be grafted onto open standards (which I do not think it should be), then it should be available for everyone to use, not just the media corporations etc.
Actually, you can totally do this. Nothing prevents you from writing your own EME plugin.
Re: (Score:1)
I think you'll find that point 2 is a huge step forwards in limiting the potential attack surface of the browser.
Re: (Score:2)
Re: (Score:1)
Actually no you're not allowed to create a browser without the EME api because it's part of the GOD DAMNED STANDARD YOU MORON!
Re: (Score:2)
Actually no you're not allowed to create a browser without the EME api because it's part of the GOD DAMNED STANDARD YOU MORON!
Sure you can. Nobody can or will stop you from making a browser that implements all of the standard except the DRM.
Re: Seems like drm should be a PLUGIN to me. (Score:2)
To be fair, browser vendors don't actually have a good history of sticking to standards. I'm pretty sure you could just ignore that and write your own browser. I don't believe there is a browser police task force.
Re: (Score:2)
How in the world do you arrogate to yourself the right to decide what belongs in a web browser or implements a 'web site'.
What is a HTML5-compliant website is defined by the HTML5 standard.
A HTML5-compliant browser is a web browser that implements the DOM.
I don't care about proprietary vendor-specific extensions in the browser....
If your hypertext content uses a proprietary extension, that is fine, BUT your content is no-longer HTML5.
Also, HTML5 as an open standard should not specify media types th
Re: Seems like drm should be a PLUGIN to me. (Score:2)
For some perspective, no browser seems to actually be fully compliant. It looks like Chrome and Opera are the closest.
Re: (Score:2)
For some perspective, no browser seems to actually be fully compliant.
They are fundamentally compliant. There are some limitations, because the W3C keeps adding new standards,
and the browsers haven't provided a mature implementation of all the new features yet.
But the HTML standard wars are essentially over..... Browsers aren't going out and doing something insane like trying to work around the process, 1up the competition by adding new nonstandard features, Or create new elements under HTM
Re: (Score:2)
Maybe I remember IE too clearly.
Re: (Score:2)
I mean, insofar as you are using the word 'should', that's fine. You are describing how you believe a browser ought to be, which is surely your right. If any particular piece of software does not behave as you believe a browser should, you likewise surely have the right not to run it on your machine.
But it remains absolutely true that someone else can write a browser that implements HTML5 plus a proprietary tag for OfficeWebâ. They are free to construct that piece of executable code. Endpoints are sure
Re: (Score:2)
absolutely true that someone else can write a browser that implements HTML5 plus a proprietary tag for OfficeWebâ
No... if the DocType says HTML5, then the renderer must implement Exactly the tags, Attributes, and DOM trees present in the HTML5 standards and no others:
If they omit tags or provide additional tags or attributes, then the browser is no longer compliant with the standard and cannot claim to support HTML5.
Re:Seems like drm should be a PLUGIN to me. (Score:5, Interesting)
Re: (Score:2)
With EME, not only you can be forced to install a specific plugin to browse the open web, but it's much more likely that you'll be forced to actually install a specific browser or even a specific operating system - most probably of the kind oriented to "media consumption", with spyware built-in and not fully controllable and observable by its owner.
Isn't the point of EME so you don't have to install a plugin/specfic browser/operating system?
Re: (Score:3)
Re: (Score:2)
Isn't the point of EME so you don't have to install a plugin/specfic browser/operating system?
No.
The EME is a standardized plugin mechanism. The DRM plugins themselves are proprietary and nothing prevents companies from requiring a specific one for specific platforms.
Re: (Score:1)
But even if this EME decision is overturned all the existing browser shipping an EME module will continue to ship with one and all the sites that require DRM will continue to do so. It's not as if overturning this decision will have any practical effect on current reality. Browser makers are free to ignore things if EME is overturned.
Re: (Score:2)
Re: (Score:1)
im pretty sure eme will not reach out of your screen and hold your eyelids open.
what it will do is make paid content lower quality than the free sruff, like unskippable warnings on dvds.
Re: (Score:2)
Re: Seems like drm should be a PLUGIN to me. (Score:1)
tbh, if you are using windows for anything more than chatting nonsense on message boards thats entirely your own fault.
Re: (Score:2)
Seems like drm should be a PLUGIN to me.
That's what EME is. The DRM doesn't come with the browser. It's a plug-in scheme for DRM. It will finally murder Flash, but we will still have plugins and DRM, so it is only a minuscule victory. However, we will basically have more and more DRM forever and ever amen unless we fight that battle at another level. If you keep it out of the browser, you'll just wind up having to install apps to watch streaming video. It won't stop DRM. What might? A law that says that if DRM interferes with Fair Use, there are
Re: (Score:2)
Hopefully the plugin mechanism used for EME will still allow me to plug in NoScript or it's analog.
Re: (Score:2)
You can always choose not to install the DRM plugins, even if the browser supports them.
Re: (Score:1)
As long as that always remains an option.
Re: (Score:3)
It will finally murder Flash, but we will still have plugins and DRM, so it is only a minuscule victory.
And it may not be a net victory at all. For all anyone knows, these plugins will end up being worse than Flash was.
Re: (Score:2)
Why do you presume they won't just keep using EME? They were already doing so long before EME was even approved.
Re:Seems like drm should be a PLUGIN to me. (Score:5, Insightful)
Re: (Score:2)
Tim Berners-Lee bowed down to the pressure of the MPAA and other entities to not allow that, which is a shitty thing to do considering this is being presented as an Internet standard.
Yup. But it's what we could expect from TBL. He's made his position on DRM painfully clear, and he doesn't seem like a "half measures" kind of guy.
Re: (Score:2)
Technically speaking, the EME does make DRM a plugin. It's just a different plugin mechanism than used to be used.
The whole "standardization" argument for the EME is bullshit. You still have to run proprietary plugins.
Riiight.... (Score:5, Interesting)
"EME offers a better user experience"
Is this like one of those "up is down" or "black is white" postmodern things?
Because as far as I can tell, EME seems more like a scheme to lock DRM into browsers ?
Or am I misunderstanding?
Re: (Score:3)
Re:Riiight.... (Score:5, Insightful)
You mean like when USER Bob can't get his key to verify because Reasons while PIRATE Johnny has no problems?
Yeah
Comment removed (Score:5, Informative)
Re:Riiight.... (Score:4, Insightful)
This isn't a question of whether DRM is good or bad - it's a question of, we're already stuck with DRM so can we make it a bit less painful by providing native browser support.
Re: (Score:3, Insightful)
It's not a bettr user experience, it's the same user experience. Hell, it'll be worse, since each EME black box would have to be written specifically for each OS and browser since it will have to interact with both at higher levels of authority than either flash or silverlight did. That means not only MORE plugins to fuck about with, but ones that more completely hose your entire system when hacked.
Tell me how it's a better experience?
If you want a better fucking experience, download a specific app to displ
Re: (Score:3)
Tell me how it's a better experience?
Flash. Silverlight. What do these have in common? They're whole programming environments shoehorned into a browser which has already had a whole programming environment stuffed in there. These days there's no reason for any of that crap to be in the browser, and the way to get rid of it is to provide a way for them to put the part they really care about (the DRM) into the browser without all that other garbage.
I agree that DRM is undesirable, I would like it to go away, but not making it easy to put DRM int
Re: (Score:1)
I have a Netflix app that I downloaded from the Windows App Store that I use to watch Netflix content on my PC. Said App isn't available for every PC platform, sadly. It isn't even available to Windows 7 users. Perhaps that is the route that content providers should go down if they want to 'secure' their media content.
They should provide 'Apps' for all common popular platforms, including desktop Linux. Then people who want to be Netflix customers can choose or not to install a binary blob on their machi
Re: (Score:2)
We already have DRM and we already have studios who only license their content to services with DRM. This doesn't solve the DRM problem, it just moves it to where we can better sandbox the DRM without giving it access to the whole machine, what this does is allow better competition in the browser, OS and device markets by freeing the DRM from custom apps, Flash, or Silverlight.
It is not perfect, but it does make things better than they are now
Re: (Score:2)
It is not perfect, but it does make things better than they are now
I guess it depends on what you mean by "better". I don't see how it improves anything of importance to me, but it does make some things much worse.
Re: (Score:2)
Yes, their experience with the users will be so much better for them.
Re: (Score:2)
"EME offers a better user experience"
Is this like one of those "up is down" or "black is white" postmodern things?
Sortof. It's really just a string of words devoid of any actual meaning whatsoever.
I Can Has Cheezburger? (Score:1)
I don't get the controversy (Score:5, Insightful)
W3C has created a standard set of Javascript APIs, and DRM providers provide a similar set of standard APIs that can talk to the JS APIs.
The web isn't suddenly locked down and all browsers must be closed source now. If you don't want to use DRM, then don't go to DRM enabled services like Netflix. You are not entitled to anything Netflix, Hulu, etc has to offer.
I feel there is a lot of FUD here, and in many cases, there is a conflation between allowing Netflix to send you content, and the erosion of net neutrality which is a separate, unrelated, and in my opinion, far more worrying problem.
Re: (Score:2)
paying customers are entitled. people who get things without subscription but agreeing to endure ads shown before video also are entitled.
Re:I don't get the controversy (Score:5, Insightful)
If there's a vulnerability in this closed source module that can't be examined and someone browses any website on the web that exploits this module then a user is at risk without ever visiting Netflix.
Re: (Score:2)
Worse, since DRM tends to require direct, encrypted, "trusted" access to a DRM'd audio/video output path, these closed source modules will necessarily be in a privileged position. As in, direct access to DMA hardware privileged. The damage this level of access can do is unlimited, and will never be subject to sandboxing.
Re: (Score:3)
Re: (Score:2)
Interesting how we can make a parallel with drug or prostitution policies.
Drugs and prostitution exist in every society, and are unwanted in most cases. To tackle the problem there are two global stances : harm reduction and abstinance.
- Abstinance focuses on bans and enforcing rules
- Harm reduction focuses on taking control of the situation and making it less bad
Like drugs and prostitution, there is a need for DRM and open organizations have to deal with it.
- The W3C goes with a harm reduction policy : int
Re: (Score:2)
Re: (Score:2)
The W3C goes with a harm reduction policy : integrate DRM but confine it within an API in an attempt to avoid fully proprietary solutions (apps, flash-like plugins, ...)
How is that "harm reduction"?
Re: (Score:1)
The first step in wide-spread adoption of DRM is to standardize on it. Making it part of an "open standard" speeds up that process.
Or Youtube. Or xhamster. Or basically any video site because, you know, DRM is ju
Re:I don't get the controversy (Score:5, Insightful)
The web isn't suddenly locked down and all browsers must be closed source now. If you don't want to use DRM, then don't go to DRM enabled services like Netflix. You are not entitled to anything Netflix, Hulu, etc has to offer.
That's not even half the problem. The W3C's own mission statement [w3.org] states that:
The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.
I run Linux on PowerPC and can see everything that complies to standards on the net just fine. Who is going to port their DRM to Linux let alone PowerPC?! I can't watch Flash stuff but it's also not an open standard. However, with the EME I cannot watch several platforms despite complying with every standard.
I have zero problem with those companies withholding their services from me but I object to mere suggestion that they should be able to claim that they are complying with open standards. There is no standard interface or format for CDMs which is a problem because the EME is specifically designed for them.
Re: (Score:1)
No, it's just that all browsers that comply must include closed-source components, and most of the major browsers (all but Firefox AFAIK) have EME enabled by default.
Re: (Score:2)
No, it's just that all browsers that comply must include closed-source components
This is not technically accurate. To meet the standard, a browser must include the plugin mechanism (which can easily be open source). It doesn't have to actually ship with the plugins.
Re: (Score:1)
There will be no DRM free sites left. All ads and tracking scripts will be quickly converted to using the DRM interface and you won't be able to block them nor shield your identity once it gets linked to your tracking id.
Some sites already try to block right-clicking. Imagine what these control freaks will do once they can lock everything down.
Well, I guess the good side will be I'll waste less time online.
Re: (Score:2, Insightful)
Not only as the other poster said xhmaster, youtube and many ones could switch to DRM video (I wouldn't care that much if they allow 480p DRM-free, require DRM on 720p or 1080p)
But a far greater danger is if H265 stills with DRM are used all over the place to replace images, text or even whole websites.
Will some famous person in a position of power tweet a one-picture DRM "video"? Does that track or de-anonymize users? If your hardware is obsolete or the "wrong" kind (VGA monitor, or even HDCP 1.x eventuall
Re: (Score:2)
You are correct, technically. My objection is that the EME's sole purpose is political in nature, in a way that will see an expansion of the use of DRM. It solves or changes nothing on the technical side.
My stance is that this stuff has no place in the browser to begin with. If you want to stream locked-down video, then do it with your own player, not in the browser.
Re: (Score:2)
I wish I could disagree with this.
Merry Sue (Score:2)
There shall be forbidden areas of research and knowledge!
Whoo hoo! The goals of a free society!
Remember this the next time some politician tries to censor stuff by saying, "It isn't speech. It's behavior we're regulating!"
Stripped in 3, 2, 1... (Score:4, Insightful)
You want to win the browser war and become the dominant browser? Then better be the browser where this junk can easily be removed so people can watch their content the way they want to.
Re: (Score:3)
You want to win the browser war and become the dominant browser? Then better be the browser where this junk can easily be removed so people can watch their content the way they want to.
Right. Because if you remove all this "junk", people will be able to watch Netflix and Hulu exactly how they want, instead of the awful player that has drm built in. Cause, you know, they'll make their players fall back to non-drm if they can't use the drm system. Right?
Are you really that stupid?
Re: (Score:2)
Are you really that naive that you think this will be the first time DRM works?
Re: (Score:2)
Indeed. I will limit myself to browsers where this crap is either not present or can be switched off. There is no way I will use software that has higher privileges than me on my machine and DRM cannot work without that. As to the "content" I will be "losing", most of it is utter trash these days anyways.
Also, as games have amply demonstrated, DRM is completely futile.
Re:Stripped in 3, 2, 1... (Score:5, Insightful)
The vast majority of people want to get what they expect. What do they expect? Well, basically what they're used to. What are they used to? TV and video. So what do they expect? Basically, a VCR experience. Including the option to fast forward, rewind, skip what they don't give a shit about, pause where they want to and watch it as often as they like for buying once.
Offer that and they won't bother to ask their geek friend how to get what they want. I somehow doubt that they'll get all that out of the box, though. So it will be the same that we already had back when their DVD and BluRay players started to "misbehave": Geek, fix that for me!
And gladly we will be of service again.
Re: (Score:1)
So what do they expect? Basically, a VCR experience. Including the option to fast forward, rewind, skip what they don't give a shit about, pause where they want to and watch it as often as they like for buying once.
What exactly does pause, fast forward and rewind have to do with EME? You can freely do all those things with EME.
Offer that and they won't bother to ask their geek friend how to get what they want.
The vast majority of people don't do this. They simply just install the Netflix or Amazon Prime video app on the 100s of devices that are supported, log in to their account and the start playing videos. It's so cute that you think people need a "geek" to do this when they don't.
Re:Stripped in 3, 2, 1... (Score:5, Interesting)
What exactly does pause, fast forward and rewind have to do with EME? You can freely do all those things with EME.
You could "freely do" all those things with a DVD, too. Then the FBI warning started being un-skippable. Then the preview ads started being un-skippable, which is really great when you pop in an old movie and have to sit through trailers for "upcoming" features that bombed at the box office 5 years ago. What the technology itself allows, and how the media cartels will allow the technology to be used by consumers, are two entirely different things. And they wonder why people pirate.
Re: (Score:1)
Shifting the goalposts. How cute.
Re: (Score:2)
does not reliably work, particularly on newer (and ironically higher cost) units.
When previews became unskippable I invested in a "lifetime" AnyDVD licence and started ripping all the disks I owned, built a plex server, and have not looked back. (other than to have to buy a new lifetime licence).
Re: (Score:2)
We have very different opinions on what's cute. I think it's cute how naive some people are who think that they'll freely be allowed to FF, rev, stop and skip in software that's explicitly been created for the sake of taking control out of the hands of the person paying for content when exactly that has been done before time and again.
Then again, it's cute when an 8 year old has that kind of faith in the industry. With a grown up that should actually know better, at least if he's not been under a rock the p
Re: (Score:1)
I think it's cute how naive some people are who think that they'll freely be allowed to FF, rev, stop and skip in software that's explicitly been created for the sake of taking control out of the hands
And yet I can freely do all those things on Netflix, Hulu, Amazon Prime and basically every other streaming service using EME.
Re: (Score:1)
Because going to Netflix.com, clicking a video and it plays is tough to do?
Re: (Score:1)
yes because 100's of millions is most of the entire internet. STFU idiot.
Re: (Score:2)
Don't worry, that's still gonna be possible. We only remove the bits that are detrimental to our experience. It's the industry's job to protect their precious content from us, and it's our job to protect our undisturbed viewing experience from them.
"a better user experience" (Score:3)
Re: (Score:2)
Re: (Score:3)
Are people the enemy?
No, DRM peddling corporations are the enemy.
Awkward snippet. (Score:1)
Re: (Score:2)
I see you're new here. Welcome!
TBL is a big old doody-head (Score:2)
And I think he's long for a pie to the face.
Re: (Score:2)
By examples from the past, EME will bring unskippable ads, subtitles that cannot be turned off, restriction to dubbed versions, bad video-quality, etc. Hence this is all about screwing the user over better. Fortunately, I have long since stopped caring. I will just use a completely FOSS browser, and that is fundamentally incompatible with DRM.