Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DRM Encryption Privacy Security The Internet

EFF Officially Appeals Tim Berners-Lee Decision On DRM In HTML (techdirt.com) 149

Last week, the World Wide Web Consortium (W3C) decided to officially recommend the use of Encrypted Media Extensions (EME) for protecting copyrighted video on the internet. This will enable web surfers to watch media in a browser that requires Digital Rights Management copy protection without the need for browser-based plugins. "It moves the responsibility for interaction from plugins to the browser," the consortium states at the time. "As such, EME offers a better user experience, bringing greater interoperability, privacy, security, and accessibility to viewing encrypted video on the web." TechDirt shares an update: It's been a foregone conclusion that EME was going to get approved, but there was a smaller fight about whether or not W3C would back a covenant not to sue security and privacy researchers who would be investigating (and sometimes breaking) that encryption. Due to massive pushback from the likes of the MPAA and (unfortunately) Netflix, Tim Berners-Lee rejected this covenant proposal. In response, W3C member EFF has now filed a notice of appeal on the decision. The crux of the appeal is the claimed benefits of EME that Berners-Lee put forth won't actually be benefits without the freedom of security researchers to audit the technology -- and that the wider W3C membership should have been able to vote on the issue. This appeals process has never been used before at the W3C, even though it's officially part of its charter -- so no one's entirely sure what happens next.
This discussion has been archived. No new comments can be posted.

EFF Officially Appeals Tim Berners-Lee Decision On DRM In HTML

Comments Filter:
  • by michaelcole ( 704646 ) on Thursday July 13, 2017 @09:07AM (#54800135)
    Good for the EFF. Donated $50 because of this very issue. https://www.eff.org/issues/drm [eff.org]
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      fuck that, thankfully regardless of the result EFF have lost this fight. EME is being included in most browsers regardless. While you and the EFF may find it offensive the rest of us just want shit to work, when I browse Netflix or whatever other streaming site I choose I don't want a fucking plugin and all the incompatibilities, support issues and problems that come with it. If your solution to not wanting this is plugins then you have already lost.
      • Re: (Score:3, Informative)

        by gl4ss ( 559668 )

        it makes open source browsers impossible.

        without a eme plugin i suppose.

        • by Anonymous Coward

          The eme plugin also has to have more access to your system than you do, even as admin. Otherwise the OS can't be "trusted" with the decryption, neither can the browser or application with the EME plugin.

          And if it has better access to your computer and MUST by definition be accessible to the internet at large and whatever is accessing it is implicitly trusted more than the operator or owner of the computer so infected, it will be the end goal of hacking and botnets. Even removing it would become a crime. Hel

        • No, it really doesn't make open source browser impossible. They're just as possible as always.

          You just won't have open source DRM plugins, exactly like is the situation now.

      • by Anonymous Coward

        when I browse Netflix or whatever other streaming site I choose I don't want a fucking plugin and all the incompatibilities, support issues and problems that come with it

        Good, then you agree with the EFF.

        Because this is a new plugin system, with all the problems that comes with it. Just as Flash and Silverlight were finally dying, some asshole at the W3C decided to bring that idea back.

      • by mysidia ( 191772 ) on Thursday July 13, 2017 @09:25AM (#54800273)

        EFF may find it offensive the rest of us just want shit to work, when I browse Netflix or whatever other streaming site I choose I don't want a fucking plugin and all the incompatibilities

        Right.... Plugins are history. And DRM should Not be grafted into an open standard such as HTML. If Netflix insists on DRM-encoded content, only option should be to use their own custom protocol with an external viewer: Not the web browser, because they are not implementing a "Web site", at that point, they are implementing an encrypted binary blob that can only be viewed using proprietary software.

        • by Anonymous Coward

          If DRM is to be grafted onto open standards (which I do not think it should be), then it should be available for everyone to use, not just the media corporations etc. If Joe Public wants to protect his work with DRM then (because it is an open standard) he should have just as much right to do so, and the means to do so should be easily available (eg not requiring a license costing megabucks) to him.

          • pretty much my thoight on the topic.
            while i love the eff i think they and netflix are wrong on this issue.

            netflix has a monopoly position because they can spend the money on the tech.

            make that tech open and free and everyman and his dog can run their own version of netflix and there is nothing the movie mafia can do to stop it. because they dont get the rights to see if a video is pirate content or not.

          • by Desler ( 1608317 )

            They can.

          • If DRM is to be grafted onto open standards (which I do not think it should be), then it should be available for everyone to use, not just the media corporations etc.

            Actually, you can totally do this. Nothing prevents you from writing your own EME plugin.

      • by peppepz ( 1311345 ) on Thursday July 13, 2017 @09:26AM (#54800285)
        With EME, not only you can be forced to install a specific plugin to browse the open web, but it's much more likely that you'll be forced to actually install a specific browser or even a specific operating system - most probably of the kind oriented to "media consumption", with spyware built-in and not fully controllable and observable by its owner.
        • by Merk42 ( 1906718 )

          With EME, not only you can be forced to install a specific plugin to browse the open web, but it's much more likely that you'll be forced to actually install a specific browser or even a specific operating system - most probably of the kind oriented to "media consumption", with spyware built-in and not fully controllable and observable by its owner.

          Isn't the point of EME so you don't have to install a plugin/specfic browser/operating system?

          • Not exactly, the point of EME is that the plugin won't have to manage content presentation, in the way that Adobe flash does today, but will only have to manage access conditioning. In fact, Firefox already ships with an optional DRM plugin today. But, it's up to the content provider whether to allow an application plugin to protect their content or to require user surveillance at the operating system level.
          • Isn't the point of EME so you don't have to install a plugin/specfic browser/operating system?

            No.

            The EME is a standardized plugin mechanism. The DRM plugins themselves are proprietary and nothing prevents companies from requiring a specific one for specific platforms.

        • by Desler ( 1608317 )

          But even if this EME decision is overturned all the existing browser shipping an EME module will continue to ship with one and all the sites that require DRM will continue to do so. It's not as if overturning this decision will have any practical effect on current reality. Browser makers are free to ignore things if EME is overturned.

      • I fucking hate what this site has become. DO you not understand that EME will mean you will be FORCED to watch ads, with absolutely no way to control them? It means text will become uncopyable, it will make pictures not downloadable. Its the end of the free web.
        • im pretty sure eme will not reach out of your screen and hold your eyelids open.

          what it will do is make paid content lower quality than the free sruff, like unskippable warnings on dvds.

    • Seems like drm should be a PLUGIN to me.

      That's what EME is. The DRM doesn't come with the browser. It's a plug-in scheme for DRM. It will finally murder Flash, but we will still have plugins and DRM, so it is only a minuscule victory. However, we will basically have more and more DRM forever and ever amen unless we fight that battle at another level. If you keep it out of the browser, you'll just wind up having to install apps to watch streaming video. It won't stop DRM. What might? A law that says that if DRM interferes with Fair Use, there are

      • Hopefully the plugin mechanism used for EME will still allow me to plug in NoScript or it's analog.

      • It will finally murder Flash, but we will still have plugins and DRM, so it is only a minuscule victory.

        And it may not be a net victory at all. For all anyone knows, these plugins will end up being worse than Flash was.

        • by Desler ( 1608317 )

          Why do you presume they won't just keep using EME? They were already doing so long before EME was even approved.

    • by pak9rabid ( 1011935 ) on Thursday July 13, 2017 @09:18AM (#54800233)
      Way to totally miss the point. The point here is whether or not the W3C will allow outside researchers to fully audit (see: break) the EME encryption without punishment from rights holders. Tim Berners-Lee bowed down to the pressure of the MPAA and other entities to not allow that, which is a shitty thing to do considering this is being presented as an Internet standard.
      • Tim Berners-Lee bowed down to the pressure of the MPAA and other entities to not allow that, which is a shitty thing to do considering this is being presented as an Internet standard.

        Yup. But it's what we could expect from TBL. He's made his position on DRM painfully clear, and he doesn't seem like a "half measures" kind of guy.

    • Technically speaking, the EME does make DRM a plugin. It's just a different plugin mechanism than used to be used.

      The whole "standardization" argument for the EME is bullshit. You still have to run proprietary plugins.

  • Riiight.... (Score:5, Interesting)

    by argStyopa ( 232550 ) on Thursday July 13, 2017 @09:13AM (#54800189) Journal

    "EME offers a better user experience"

    Is this like one of those "up is down" or "black is white" postmodern things?

    Because as far as I can tell, EME seems more like a scheme to lock DRM into browsers ?

    Or am I misunderstanding?

    • It's a better *USER* experience, not a better *PIRATE* experience. Arrr....
      • Re:Riiight.... (Score:5, Insightful)

        by Anonymous Coward on Thursday July 13, 2017 @09:38AM (#54800367)

        You mean like when USER Bob can't get his key to verify because Reasons while PIRATE Johnny has no problems?

        Yeah

      • Re:Riiight.... (Score:5, Informative)

        by squiggleslash ( 241428 ) on Thursday July 13, 2017 @10:54AM (#54800975) Homepage Journal

        Other way around: pirates will continue to do what pirates do because EME will add nothing that Flash et al don't already do.

        Users will, after initially losing Flash, go back to Flash-like plugins except with the added overhead that the video rendering will be done via an HTML5 layer. Flash may have been horrible, but it was at least efficient. Here's a breakdown for the inevitable idiot who doesn't read the entire comment and thinks EME is a DRM scheme rather than a plug-in platform:

        Efficient? Flash: Yes. HTML5+EME: OMG.
        Secure? Flash: No. HTML5+EME: No.
        Platform independent? Flash: Bad. HTML5+EME: OMG, it actually makes Flash look platform independent.

        (EME requires one plugin to be written for every single browser+operating system combination. Flash at least existed at a time when most browsers, IE excepted, implemented NSAPI for whatever operating system they ran on.)

        HTML5 was one step forward. EME is two steps back.

    • Re:Riiight.... (Score:4, Insightful)

      by Mouldy ( 1322581 ) on Thursday July 13, 2017 @09:25AM (#54800271)
      If the alternative is relying on flash or silverlight or some arbitrary other player to watch video - then yes, EMEA does offer a better user experience.

      This isn't a question of whether DRM is good or bad - it's a question of, we're already stuck with DRM so can we make it a bit less painful by providing native browser support.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        It's not a bettr user experience, it's the same user experience. Hell, it'll be worse, since each EME black box would have to be written specifically for each OS and browser since it will have to interact with both at higher levels of authority than either flash or silverlight did. That means not only MORE plugins to fuck about with, but ones that more completely hose your entire system when hacked.

        Tell me how it's a better experience?

        If you want a better fucking experience, download a specific app to displ

        • Tell me how it's a better experience?

          Flash. Silverlight. What do these have in common? They're whole programming environments shoehorned into a browser which has already had a whole programming environment stuffed in there. These days there's no reason for any of that crap to be in the browser, and the way to get rid of it is to provide a way for them to put the part they really care about (the DRM) into the browser without all that other garbage.

          I agree that DRM is undesirable, I would like it to go away, but not making it easy to put DRM int

          • I have a Netflix app that I downloaded from the Windows App Store that I use to watch Netflix content on my PC. Said App isn't available for every PC platform, sadly. It isn't even available to Windows 7 users. Perhaps that is the route that content providers should go down if they want to 'secure' their media content.

            They should provide 'Apps' for all common popular platforms, including desktop Linux. Then people who want to be Netflix customers can choose or not to install a binary blob on their machi

    • by gmack ( 197796 )

      We already have DRM and we already have studios who only license their content to services with DRM. This doesn't solve the DRM problem, it just moves it to where we can better sandbox the DRM without giving it access to the whole machine, what this does is allow better competition in the browser, OS and device markets by freeing the DRM from custom apps, Flash, or Silverlight.

      It is not perfect, but it does make things better than they are now

      • It is not perfect, but it does make things better than they are now

        I guess it depends on what you mean by "better". I don't see how it improves anything of importance to me, but it does make some things much worse.

    • Yes, their experience with the users will be so much better for them.

    • "EME offers a better user experience"

      Is this like one of those "up is down" or "black is white" postmodern things?

      Sortof. It's really just a string of words devoid of any actual meaning whatsoever.

  • I can has video of cat cheezburger in browser still if DRM in browser? Oh Good! Spy Spy! Cheezburger cat! LOL!
  • by i_ate_god ( 899684 ) on Thursday July 13, 2017 @09:20AM (#54800245) Homepage

    W3C has created a standard set of Javascript APIs, and DRM providers provide a similar set of standard APIs that can talk to the JS APIs.

    The web isn't suddenly locked down and all browsers must be closed source now. If you don't want to use DRM, then don't go to DRM enabled services like Netflix. You are not entitled to anything Netflix, Hulu, etc has to offer.

    I feel there is a lot of FUD here, and in many cases, there is a conflation between allowing Netflix to send you content, and the erosion of net neutrality which is a separate, unrelated, and in my opinion, far more worrying problem.

    • paying customers are entitled. people who get things without subscription but agreeing to endure ads shown before video also are entitled.

    • by Vairon ( 17314 ) on Thursday July 13, 2017 @10:37AM (#54800823)

      If there's a vulnerability in this closed source module that can't be examined and someone browses any website on the web that exploits this module then a user is at risk without ever visiting Netflix.

      • Worse, since DRM tends to require direct, encrypted, "trusted" access to a DRM'd audio/video output path, these closed source modules will necessarily be in a privileged position. As in, direct access to DMA hardware privileged. The damage this level of access can do is unlimited, and will never be subject to sandboxing.

    • I think it's that the EFF doesn't want DRM to be convenient - like how the FBI doesn't want smartphone encryption to be convenient. They figure if something they consider evil is convenient, then we'll end up in an Eminiar-Vendikar sort of situation where we tolerate evil rather than stamp it out. This argument is sort of like the one people have about acceptable beach wear, someone's not going to be happy with the outcome, regardless of what it is.
      • by GuB-42 ( 2483988 )

        Interesting how we can make a parallel with drug or prostitution policies.

        Drugs and prostitution exist in every society, and are unwanted in most cases. To tackle the problem there are two global stances : harm reduction and abstinance.
        - Abstinance focuses on bans and enforcing rules
        - Harm reduction focuses on taking control of the situation and making it less bad

        Like drugs and prostitution, there is a need for DRM and open organizations have to deal with it.
        - The W3C goes with a harm reduction policy : int

        • I'd certainly be happier if harm reduction was the primary technique used regarding recreational drug use and prostitution. In particular, I think that if recreational drug use isn't outlawed as a concept, then it won't take long for chemists to find drugs that do a better job of getting people high without the adverse health effects of current low tech drugs. This won't end the epidemic that starts with prescription opioids, but it might go a long ways towards replacing other physiologically unsafe recreat
        • The W3C goes with a harm reduction policy : integrate DRM but confine it within an API in an attempt to avoid fully proprietary solutions (apps, flash-like plugins, ...)

          How is that "harm reduction"?

    • by Anonymous Coward

      W3C has created a standard set of Javascript APIs, and DRM providers provide a similar set of standard APIs that can talk to the JS APIs.

      The first step in wide-spread adoption of DRM is to standardize on it. Making it part of an "open standard" speeds up that process.

      The web isn't suddenly locked down and all browsers must be closed source now. If you don't want to use DRM, then don't go to DRM enabled services like Netflix.

      Or Youtube. Or xhamster. Or basically any video site because, you know, DRM is ju

    • by Gravis Zero ( 934156 ) on Thursday July 13, 2017 @11:45AM (#54801409)

      The web isn't suddenly locked down and all browsers must be closed source now. If you don't want to use DRM, then don't go to DRM enabled services like Netflix. You are not entitled to anything Netflix, Hulu, etc has to offer.

      That's not even half the problem. The W3C's own mission statement [w3.org] states that:

      The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.

      I run Linux on PowerPC and can see everything that complies to standards on the net just fine. Who is going to port their DRM to Linux let alone PowerPC?! I can't watch Flash stuff but it's also not an open standard. However, with the EME I cannot watch several platforms despite complying with every standard.

      I have zero problem with those companies withholding their services from me but I object to mere suggestion that they should be able to claim that they are complying with open standards. There is no standard interface or format for CDMs which is a problem because the EME is specifically designed for them.

    • The web isn't suddenly locked down and all browsers must be closed source now.

      No, it's just that all browsers that comply must include closed-source components, and most of the major browsers (all but Firefox AFAIK) have EME enabled by default.

      • No, it's just that all browsers that comply must include closed-source components

        This is not technically accurate. To meet the standard, a browser must include the plugin mechanism (which can easily be open source). It doesn't have to actually ship with the plugins.

    • by Anonymous Coward

      There will be no DRM free sites left. All ads and tracking scripts will be quickly converted to using the DRM interface and you won't be able to block them nor shield your identity once it gets linked to your tracking id.

      Some sites already try to block right-clicking. Imagine what these control freaks will do once they can lock everything down.

      Well, I guess the good side will be I'll waste less time online.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Not only as the other poster said xhmaster, youtube and many ones could switch to DRM video (I wouldn't care that much if they allow 480p DRM-free, require DRM on 720p or 1080p)

      But a far greater danger is if H265 stills with DRM are used all over the place to replace images, text or even whole websites.
      Will some famous person in a position of power tweet a one-picture DRM "video"? Does that track or de-anonymize users? If your hardware is obsolete or the "wrong" kind (VGA monitor, or even HDCP 1.x eventuall

    • You are correct, technically. My objection is that the EME's sole purpose is political in nature, in a way that will see an expansion of the use of DRM. It solves or changes nothing on the technical side.

      My stance is that this stuff has no place in the browser to begin with. If you want to stream locked-down video, then do it with your own player, not in the browser.

  • There shall be forbidden areas of research and knowledge!

    Whoo hoo! The goals of a free society!

    Remember this the next time some politician tries to censor stuff by saying, "It isn't speech. It's behavior we're regulating!"

  • by Opportunist ( 166417 ) on Thursday July 13, 2017 @09:36AM (#54800347)

    You want to win the browser war and become the dominant browser? Then better be the browser where this junk can easily be removed so people can watch their content the way they want to.

    • You want to win the browser war and become the dominant browser? Then better be the browser where this junk can easily be removed so people can watch their content the way they want to.

      Right. Because if you remove all this "junk", people will be able to watch Netflix and Hulu exactly how they want, instead of the awful player that has drm built in. Cause, you know, they'll make their players fall back to non-drm if they can't use the drm system. Right?

      Are you really that stupid?

    • by gweihir ( 88907 )

      Indeed. I will limit myself to browsers where this crap is either not present or can be switched off. There is no way I will use software that has higher privileges than me on my machine and DRM cannot work without that. As to the "content" I will be "losing", most of it is utter trash these days anyways.

      Also, as games have amply demonstrated, DRM is completely futile.

  • by thomn8r ( 635504 ) on Thursday July 13, 2017 @09:41AM (#54800381)
    translation: Bend Over Here It Comes Again
  • Because whit all that is going on, it looks as if Churchill wrote their war speech.

    We shall go on to the end. We shall fight in France, we shall fight on the seas and oceans, we shall fight with growing confidence and growing strength in the air, we shall defend our island, whatever the cost may be. We shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender,

  • by Anonymous Coward
    It would be good if the author of the snippet mentioned who the f tim berners lee is.  Most people who read this probably didn't care because it was written awkwardly.
  • And I think he's long for a pie to the face.

To do two things at once is to do neither. -- Publilius Syrus

Working...