Let's add the US Congress and the EU to the long list of parties to blame for the DRM situation. "Reverse engineering" software for the purposes of "circumventing" copyright is illegal.
"Circumventing" is much more broadly defined than it should be.
It's not just illegal to redistribute copyrighted material. That's the point of copyright and has been the case for a long time. It's also illegal to watch/consume content yourself in any way that the copyright-holder didn't explicitly enable, even if you have a general right to watch/consume that content. You're not allowed to create a browser that can watch DRM-protected Netflix content. And if someone does create such a browser, it's illegal for you to use it, even if you pay for a Netflix subscription.
That's pretty new (circa 1996 or so).
In 2002 I went to see Lawrence Lessig argue the Supreme Court challenge of the Digital Millennium Copyright Act, which introduced these anti-circumvention concepts. Here are my notes: https://allafrica.com/staff/kwindla/eldred.txt
Completely agree. Those government believe that protecting intellectual property is necessary to further human and societal progress. I won't take a position on whether I agree with that or not.
However, based on that premise they've instituted rules to "protect" intellectual property, but unfortunately they're so weighted toward the "owner" of the IP that they do (IMHO serious) harm to regular users and consumers. It seems to me that regardless of which political side you fall under, we should agree that governments exist to protect the rights and interests of everyone, not just a select few.
Something is really wrong here, and getting mad at Google or Widevine or some other company is a red herring. The real problem is what we've allowed our government(s) to do. We need to fight back there. Once the government isn't propping up the companies anymore, their abuse will disappear.
> ...but unfortunately they're so weighted toward the "owner" of the IP that they do (IMHO serious) harm to regular users and consumers.
To the established owners of IP. If you're not an established creator, you're going to be on the side that gets hurt by the IP. Some IP claims are gonna hit you sooner or later, and even if they're complete bullshit, you won't be able to do anything about them.
Established owners can generate enough of a fuss that they could cause an outrage big enough for some actual human to look into your issues, but if you're not big enough for that... tough luck. Try again from scratch once Google cuts you out. This happens regularly across their products, be it Google Play, YouTube, or Chrome's extensions store.
Absolutely. I have work floating around out there and I know it's being used without permission. Not that I'd sue someone if I could, but I can't while corporations can. And while for me I could maybe make a living off my work if it were being paid for rather than stolen, for the corporation it's just more profit.
Systems fucked. The little guy should have the advantage, not the already rich one.
The government is propping up the companies because that's what the companies made happen. Your framing suggests that government did this on its own. It did not. The outsized ability of companies to influence the government is the core problem that must first be solved. It is the root of most people's gripes with the government.
The outsized ability of companies to influence the government is the core problem that must first be solved.
Replace companies with nobility or aristocracy and you're talking about a problem as old as civilization itself. The fact is, small groups with control over a lot of resource (elites) will always work to consolidate and secure their power. Barring some radical, unforeseen technology, the masses of people will always have a more difficult time coordinating their actions to prevent this. This is the class struggle narrative of history.
I don't want to downplay the importance of campaign finance reform but that's just a drop in the bucket. Look at all the wealthy donors that endow the Ivy League. Look at all the charity speaking engagements, yacht clubs, Davos junkets, private island parties.
Meanwhile, mainstream television is waning in influence for political advertising. Now it's all about Facebook. Think of the micro-targeting turnout power they have. It's obscene!
The introduction to State and Power by V. I. Lenin says exactly this - the state will always become a proxy for the rich owners of production (GDP generation.) And not in a nefarious way but in an inevitable "forces" way. Democracy is the best government for large/rich entities in a capitalistic environment. It presents the appearance of fairness and legitimacy, yet delegates most of its power and direction to the heads of production via influence, lobbyists, etc.
I have no idea - I'm not usually one to espouse political ideas unless wholly relevant to a topic at hand. It seems that a band of HN users are politically adverse - which is sad, since capital rules our lives and society, and merely ignoring its flaws does nothing to abate them.
I'm just paraphrasing Lenin. Even if you are emotionally repelled by the horrors committed in the name of communism, The Communist Manifesto and State and Power are worth a read. Lenin was the best writer of the bunch, direct and explanatory. Marx is wordy and almost writes in an obfuscated fashion.
The problems with democracy that were described _still_ exist today. One can dislike communism and still acknowledge the criticisms of capitalism as valid and in need of address.
Communism was never actually executed true to the image. The state of the proleteriat was supposed to wither away - instead it became a dictatorship with secret police.
The above is most probably for US based clients.
E.g. in Poland it is perfectly legal to watch copyrighted material as long as you don't redistribute it.
It is also legal to do a reverse engineering of software to allow it to run on your system, software, hardware (so I think a browser also applies).
(I'm not a lawyer, just reading some of the more technical law articles)
Poland is an EU member, so your government must have some implementation of the EU Copyright directive, which includes somewhat similar anti-circumvention clauses as the DMCA[0].
There are lots of differences in the details, but I wouldn't make a blanket statement that it's completely legal without actually checking the corresponding laws.
I read during earlier attempts to pass the Copyright directive that it is not implementable in Poland because it would be unconstitutional. I understood that was why Poland was voting against it, but that was in the summer, and I’m not sure if the version that passed is different.
You need to realize that the EU "directives" are not actually the law (aka the thing that will get you prosecuted).
The directives are "transposed" into national law, country by country - and each country can (and does) add a local "flavor" to it. So if the Poles have watered down the anti-circumvention clause (it is very vague in the directive, giving a ton of maneuvering space to the national parliaments), the situation he is describing is very possible. On the opposite side of the spectrum is traditionally France, with its (fortunately incredibly ineffective) three strike system. Very different approaches to things even though both countries are implementing the same copyright directive.
The other type of texts coming from Brussels are "regulations" - those go into effect immediately, without having to be rewritten into national laws. GDPR is an example of such regulation.
You're absolutely correct. However,in the event that directives are not transposed (or not transposed correctly) courts can find that the directive is (vertically) directly effective.
I am aware, that's why I wrote "some implementation of", which needs to be checked. I am skeptical about the blanket statement made, it's usually more nuanced.
> in Poland it is perfectly legal to watch copyrighted material as long as you don't redistribute it.
Be careful with that one. The Netherlands had that too until some European court decided that our laws were foolish and went "that's all wrong, it's obviously illegal" after which there was case law about it being illegal and now it's illegal. The ministry immediately went "oh, well, we s'ppose it's illegal then from roundabout last week!"
In case you were wondering who's behind this expensive lawsuit that lasted from 2008 to 2014: we had "home copy tax" (thuiskopieheffing), so you pay a few bucks extra for storage devices (hard drives, usb sticks, smartphones) and that was redistributed to rights holders as compensation for "home copies" (copies for personal use in your household, backups, that sort of thing). Shops did not like that they had to pay extra taxes that they did not have to pay in other countries, so they went to court and got us where we are now.
> Nederland stelt dat het downloaden van dergelijk materiaal hetzelfde is als het kopiëren van een cd of dvd, maar daar gaat het Europese Hof niet in mee. Volgens het Hof kan een wet die 'geen enkel onderscheid maakt tussen kopieën uit geoorloofde bronnen en kopieën uit vervalste bronnen' niet worden gedoogd, omdat dergelijke wetgeving auteursrechtinbreuk kan bevorderen.
Translated:
~ The Netherlands claims that downloading of such material is the same as copying a cd or dvd, but the EU court does not agree. According to the EU court, a law that makes 'no distinction can be made between copied from allowed sources and from forged sources' can be allowed, because such laws promote copyright infringement.
> Het is in Nederland per direct verboden om auteursrechtelijk beschermd materiaal te downloaden uit illegale bron, bijvoorbeeld via torrentsites en nieuwsgroepen. Dat stelt het kabinet in een reactie op een uitspraak van het EU-hof.
Translated
~ It is in the Netherlands henceforth prohibited to download copyrighted material from an illegal source, for example through torrent sites and newsgroups. This is the ministry's response to the ruling of the EU court.
So we didn't need any law change, parliamentary debate, nothing. It was in effect right away.
> so you pay a few bucks extra for storage devices (hard drives, usb sticks, smartphones) and that was redistributed to rights holders as compensation for "home copies" (copies for personal use in your household, backups, that sort of thing)
We have kind of the same in Germany, and our overview on Wikipedia[1] looks even more complicated and expensive than yours[1]. You're still not allowed to circumvent effective copyright protections to make your private copy. But I'd be surprised if e.g. music only available with DRM would be excluded from earning a share of that fee.
Interestingly, before the recent EU copyright reform, this fee benefited only authors directly, instead of the rights holder.
I also read many articles claiming that it is legal to watch copyrighted material, as long as it is not redistributed. However I'm not sure that's actually true.
> It shall be permitted to use free of charge the work, which has been already disseminated for purposes of private use without the permission of the author.
Article 6, point 3:
> the disseminated work shall mean a work which, with a permission of its author, has been made available to the public by any means whatsoever
So, it is legal to access the work without permission, if author gave prior permission to make it available to the public. However I'm not sure if selling a book in a store or showing a movie in a cinema would automatically mean that such work can be downloaded freely from the Internet - technically the work is available to the public, but I'm sure the author did not give permission for the work to be available on the Internet.
Fun fact: due to the situation of CS in late USSR, Russia still has a law preserving the right to reverse engineer any software over any agreement or license.
> Let's add the US Congress and the EU to the long list of parties to blame for the DRM situation. "Reverse engineering" software for the purposes of "circumventing" copyright is illegal.
That does depend on the countries, at least on my case in France there's an accessibility exception which makes it okay in his case to break the DRM legally because he does not have any other choice.
It's a dangerous precedent. Think about adblock. You're just choosing to render the data websites give to you differently.
What if you design a web browser that just ignores most blobs of CSS/Javascript and renders content in a very different way. Are you now breaking copyright? Because you're rendering the data differently than the W3C standard or blocking certain elements?
I realize this is specifically about DRM content, but I feel like it won't be a stretch to try to apply these laws to common content.
Lets all start running Gopher servers again... Fuck the modern web.
Pretty soon web traffic will be decrypted and rendered via site specific web assembly blobs that will do everything in their power to defeat custom rendering. The modern web has just begun, and the powers that be are still grappling with its control. So we're still living in a comparative wild-west, but you can see the writing on the wall in every direction you look online right now.
Basically an ecryoted proxy connection to a powerful ad stripping instance that will randomize and pipe all that shit to dev null, and reply to trackers with addesses of their competing ad systems.
So that every ad for “microsoft” appears as though its being used by apple users...
It's not always possible to even modify the client, think of the embedded browsers in "smart" devices as well as the increasingly-locked-down mobile platforms. But as long as installing your own certificates still works, you can continue to MITM your traffic and modify it before it gets to the client(s).
This is why we need to build a JavaScript-free web. Just plain old HTML and CSS. With no cookies either. And a search engine that only indexes pages that conform to these rules.
This is what pisses me off aboit ads and data consumption pay rates: if i am paying for “1GB” of data, then i should have full control over how that data gets consumed by the content i am accessing over that paid pipe. Period.
uBlock Origin supports[0] both network filtering where requests to an ad cdn or domain are blocked before the network connection is ever made, and it also supports cosmetic filtering where elements can be hidden after the fact - but this is mostly for blocking intrusive popups or dialogue boxes and the like rather than for blocking ads. The vast majority of filter lists that come with uBlock Origin are network filters where ad domains are blocked outright. As uBlock Origin uses the Adblock Plus filter syntax it's not difficult to use ABP filters or to port hostfile filters over.
though at this point it is kinda predictable - all news sites, except the ones with paywalls (and if you haven't bought the subscription, then its pointless visiting them). All information sources, except a few notable exceptions (usually aggregators like HN/Reddit, but also Medium).
Everything else divides into SaaS products, personal blogs and random shit. Random shit is usually ad-supported, the rest are usually fine.
it's all sort of moot anyway - the ads model is crap and getting worse, and businesses are going to have to move to something else soon. I don't think we'll have this problem long.
> How do you know a site will have content you want?
I'm often told in advance, by virtue of it coming up in a search result, promoted link, friends post, etc.
"This site contains adverts that perform obtrusive tracking" is seldom mentioned before or during the visit, the only way to know is by trying to block all such things and seeing the site fail if it tries to block the blocking.
Sometimes the advance information of content relevance is deceptive of course, and this often coincides with darkest patterns in the advertising/tracking.
when a site identifies my ad blocker and specifically asks that i disable it, then i have to decide either to momentarily disable my ad blocker and view the content, or leave the site.
the Big Media people don't want to be so upfront about their restrictions. "if they don't know about the restrictions, they won't get angry."
It is not the ads I/we dislike. It is the tracking. If we go to <insert name of IT news website> and we would see a laptop as on a laptop related article, that would be ok. But if we then to to Winter-ski.xyz and still see the same laptop as, then we no like!
Boy howdy, this is one subject where I loathe saying "I told you so", but... I sure told you so.[1]
HTML DRM is antithetical to the Open Web itself. It was built on a sham of "plugin-free" media playback, but all we did was change Flash and Silverlight for a whole range of closed black boxes, which in turn are effectively all controlled by Big Media (to make it crystal clear: EME was built with third-party decryption modules in mind, and Big Media was obviously never going to support any sort of decryption modules that they couldn't control, so even if your custom browser supports EME it's completely useless without a Big Media-approved decryption module). And make no mistake: Requiring permission from Big Media to essentially build a fully-fledged browser is a 100% intended and expected outcome of HTML DRM as conceived. Big Media would love nothing more than to turn the entirety of the Open Web into Closed Web that they control, and with HTML DRM they've certainly achieved a great step toward doing so, to the detriment of public at wide. I'm sure they're positively salivating about the thought of eventually reaching The Right to Read![2]
The saddest part is it doesn't even seem to accomplish anything. What would-be pirates are actually being foiled by this? Netflix, Hulu, and Amazon Prime use EME, but all their exclusive content is still readily available on torrent sites. Does it raise the difficulty bar? It's hard to imagine anyone who knows how to rip video from their browser doesn't know how to torrent something.
Iview is the one I'm talking about. YouTube DL basically downloads the unencrypted video direct from the server but the website doesn't work until you enable drm
content is no longer the only draw. the business goal is now monetizing the group experience. consider Fortnite. Companies won't care if a few people watch pirated content alone. They want to control the experience of group content consumption. This does require content, but managing the group experience is the new frontier. consider http://rabb.it Pirates can get ppl in groups to watch premium content, but at some size, authorities will show up to protect their property.
Hear hear. The parent commenter's I-told-you-so attitude frustrates me because it completely misses the point: Google de-facto controls the web, and the W3C is essentially irrelevant. Trying to suggest that the W3C's opposition would have stopped any of this is completely naive, and only serves to shift the blame.
> DRM is the price one must pay to consume BIG MEDIA content.
It's just what big media has happened to get away with.
If they found themselves without a way for their paying customers to access their content via DRM, they'd drop the requirement on the spot, with little to no financial impact except for DRM scheme licensing fees.
While that's true at the moment, I had hoped that the web being such a big market, it would entice content producers to deploy without DRM for fear of losing market share to other content providers who do.
But with the introduction of DRM into the standard, this is no longer possible.
There are still plenty of providers who don't use DRM.
You just want the DRM users content but you want it without DRM.
So what really happened is the content producers enticed the users into DRM with their content. It's the other way around, and the consumers voted with their wallet (and clicks)
The whole discussion revolves around video. You can't imagine a browser today that is "just a reader" (Mosaic? hahaha), no one would use a browser without video support.
Surprisingly to me the author of "down and out in the magic kingdom" and the maintainer of BOINGBOING supports web DRM and he's part of the W3C committee. he's a great author and a good person with an anti-authoritarian bent I don't understand his position on this.
Yeah, I believe Doctorow has multiple characters (from multiple books) say something along the lines of "no lock is there for your protection", and I'm certain I've read his opinions on DRM to be negative multiple times.
Hell, I'm fairly certain he had a deal with Barnes and Noble to publish his book without DRM which was nonstandard at the time.
I don't know if this will be helpful to you but an open source media player, Kodi, recently added support for Netflix in the latest version of the app (by implementing a DRM engine for people to use).
On a related note here's an arch linux package that rips Widewvine out of chrome and adds it to chromium - download the source files by clicking the "Download snapshot" button on the right, or just view the main script by clicking "View PKGBUILD" also on the right.
Yeah they didn't make Chrome in order to "build a better world" or whatever. They saw what Microsoft did with IE, and how it enabled the pushing of products, data collection, platform tie-in, etc. And Google thought they could do even better and make people feel good during the process, unlike how they felt using IE.
I hope Kodi makes some decent progress. I installed it a few weeks back and it is a rough experience. The docs on how to do simple things seem to be nonexistant because they don't want to be sued and shutdown entirely.
Kodi's been around for like 15 years now so if you're hoping for it to become something else, I would stop holding your breath. I'm not thrilled that it's non-free nor about some of the changes they're making, but I've found Plex to be pretty pleasant to set up.
I think Kodi has made amazing progress. I've not had issues getting it installed on different devices since the 15.x days. Currently run it on 4 different dedicated devices in my apartment as well as some mobile and media devices.
> The docs on how to do simple things seem to be nonexistant because they don't want to be sued and shutdown entirely.
What docs are you looking for? They have a very extensive wiki as well as an active community on their own forum.
I’ve been running it since the earliest beta versions when it was literally Xbox Media Center - a media center for modded Xboxes (original).
I’ve ran it on all kinds of hardware from laptops, Android phones and tablets, Raspberry Pis (version 1 through to 3), Intel NUCs, etc. And obviously not forgetting the Xbox. Until very recently it was my go to media center.
I even went as far as to write some plugins for it. But they were for version 8 or something. It was probably 10 years ago and hasn’t been maintained.
I’ve never used a media center - free or non-free - that was as easy to set up nor ran as flawlessly as XBMC / Kodi did
As a (former) plugin developer and long-time user and community member, I don't think you're exactly the best person to evaluate today's install usability for a non- or even somewhat-technical new-ish user.
I'm really not sure what the point of your post is but what I can tell is you've completely misunderstood my post (and possibly Kodi too?) because several of the conditions you highlighted (eg "todays", "non-technical") wasn't even in the scope of my monologue.
Besides, non-technical users wouldn't be ripping DVDs to a NFS / SMB share in the first place (or using a home server / NAS for bittorrent / usenet / etc if that's how one prefers to accumulate their video archive). So why would they want a Media Centre that's designed for playing local or networked content?
Maybe what you're referring to is the stuff that has been in press a lot in recent years; the stuff incorrectly named (imo) as "Kodi-boxes" (or similar). I say "incorrectly named" because they used 3rd party plugins for illegal streams but those really have naff all to do with the Kodi media centre itself. It's like calling illegal downloading "Windows-boxes" because someone uses a bittorrent client on Windows 10.
I guess you could argue that Kodi now fills a niche that is dying out - that's certainly the case for me as I tend to use Netflix et al on my smart TV. But for playing local / mountable files, Kodi still leads the pack in terms of ease. Which is hardly surprising when you consider that's what the media centre was built to do.
I didn't know it existed and it wasn't for lack of trying. I landed in the forum a few times which didn't help. Bing or Google a simple query where you would expect the official Kodi website or Wiki to show in the results. For example: "How to stream Netflix on Kodi".
As a long time Kodi user, I'll just say that the combination of Kodi on my PC hooked up to a big screen and the Yatse app on my phone was a total game changer. A WiFi remote control on the device I basically already had in my hands anyway changed the way I interact with media at home.
Interesting... I mostly use Kodi for NAS media and run it under NVidia Shield TV because running it on an HTPC was so limiting of an experience for Netflix, etc. Almost ironically also have a Fire stick, because Hulu won't port the updated interface (for live tv) to the Android TV version despite working on Fire devices.
DRM is just a huge pile of shit. I mean, if it would actually work I would say okay, at least we have a solution that everyone is somehow happy with. But instead we consumers just loose. To give a few examples:
- When I want to watch movies on Amazon Prime Video, there are some movies I can't watch in HD, even if I paid for HD (so the movie obviously exists in HD; probably dependent on the rights holder). The problem is that I can't see if I can watch the HD version before I buy the movie.
- On Netflix, I don't get 1080 at all with my browser, even if I pay for 4k.
- Every few weeks, Spotify pushes a broken version of their web player to the website and from one moment to the other, I can't listen to 'my' music anymore until they fix it. The good news is that it seems to happen less frequently lately. Nevertheless, that would not be a problem if I could listen to 'my' music with a normal mp3 player.
- A few hours ago, I wanted to play a game, but guess what... Steam had a network problem [1] and didn't even let me enter the offline mode.
>- A few hours ago, I wanted to play a game, but guess what... Steam had a network problem [1] and didn't even let me enter the offline mode.
I think Steam is a really good (not shitty) DRM enforcer. A very occasional lapse in service is acceptable for entertainment platforms. I use steam because it is actually easier to use their DRM systems than it is to, for example, buy CDs or download individual game installers.
> A very occasional lapse in service is acceptable for entertainment platforms.
I would generally agree that this is acceptable, but it's still a step backwards from Itch and GOG, where my library literally never has a lapse in service. Steam is arguably one of the best DRM solutions out there, but even the best solution on the market still has worse uptime and reliability than a store that just provides users with a bunch of DRM free downloads that they can launch offline whenever they want.
Of course, platforms like Itch don't have cloud saves. But Steam's DRM isn't essential for cloud saves, or for the community workshop, or for the storefront, or for the library management tools. The DRM part of it doesn't add any value to the consumer. So while Steam is an excellent product, Steam without DRM would still be a better product than it is right now.
That's what people mean when they complain about DRM. You can take a great product and add DRM in a way that doesn't completely break it, but it's still pretty much always a strict downgrade in user experience. People look at services like Steam and think, "yeah, this is acceptable. But it could so easily be really great."
I'm surprised to hear that there are non-DRMed games on Steam. Do you have an example? I thought it was standard that every game released on Steam that doesn't have some awful third-party DRM like Uplay has the Steam launcher code patched into the executable. Valve has some tooling for doing this even to existing legacy exes that can't be rebuilt from source.
Valve has their DRM solution ([1], "CEG"), but the DRM is fully optional, as it needs to be applied by the game developer to their executable before they upload their game.
I don't have good examples in mind right now, and I would need to double check, but I am pretty sure I was able to launch Supreme Commander 2 trough wine directly with the game executable, without launching Steam some time ago. I also recall "Tyranny" doing a free week-end, after which I could still launch the game trough the executable (although steam refused to launch it). That was a Linux game, though, and could be slightly different.
I would roughly estimate that more than 20% of my Steam library does not have DRM attached to it. There are a couple lists out there that help find DRM-free games on Steam [2][3][4], etc.
Some game developers advertise this as a feature of their game on Steam. For others, it could be an oversight. I find it pretty convenient in any case (example: copy FTL on a USB stick for playing on the go, even without internet connection on an underpowered computer). It also helps with wine.
Kerbal Space Program on Steam is not DRM-ed. I can launch it without Steam running, and it doesn't automatically launch Steam client or anything, the game just starts up.
The Netflix issue isn't really DRM, it's just a way to minimize bandwidth[1]; they found HQ 720 encodes to be sufficient quality for most consumers. I personally find it lacking.
I pay for 4k netflix but can't watch it on my computer because of drm. On Chrome it only streams up to 720p, and I have to use Edge for 1080p. To stream 4k you need to use their microsoft store app, a specific high-end processor or graphics card, and on top of that you also need a monitor that supports hdcp 2.2. I have all of the above (1080ti and hdcp 2.2 compliant monitor) but still can't stream 4k because my second monitor is not hdcp 2.2 compliant. The monitor states that it is but I couldn't get it to work even after extensive research. All of my setup is pretty modern and high-end and I still can't stream 4k netflix because drm hardware keeps evolving. If this is supposed to make me pirate less, it's not very effective.
I have a 1080ti too, 2x HDCP2.2 (over DP) compatible monitors and a 1 gbps connection and yet I can’t even stream 1080p content on Linux, much less 4K.
I guess it’s still me to blame because I pay for it for friends and family who use my account.
Anyway check your cable if your monitor states that it’s compatible.
Ah this actually explains something I have been wondering about. My new computer with firefox sometimes hitches and blacks out all the screens when I start/stop watching certain netflix content. I just realized this must be a DRM thing.
There are (or at least were) some titles which even Edge didn't show in HD, but the Windows Store application does (did). But even then, certain drivers like virtual audio devices might restrict all available methods to lousy SD quality that requires a full reinstall of Windows to reset.
The blog post you link explicitly mentions that they have 1080p streams (and since then they have added 4k). That post makes no claims about 720p being sufficient for consumers.
And if you have the right combination of browser, os, Intel CPU, GPU and monitor to have intact DRM of the required level, Netflix will stream you the 1080p or 4k stream
Consumers are not going to put up with all sorts of shenanigans regarding browsers, monitor support etc. etc. - it's an ugly mess.
If it 'just works' - then I think most people will accept 'paying for content' as a premise.
But when the pieces don't fit together because industry players don't see the 'big picture' ... it will just be bad for everyone and ironically encourage piracy.
Nobody cares about pirating, it's when the masses are able to do the pirating easily and get the content easily that is when things break down.
That is what DRM is about preventing.
If some knowledgeable people can copy it and put it low-fi on some competitor of Youtube and Google doesn't show in in search results. That isn't that bad. That means the general public won't easily find it.
DRM often results in a whitelist of media clients, killing standards in favor of a centralized authority. HDCP does the same for video feeds (HDMI, etc.). DRM-protected boxes can only output to DRM-protected displays, giving a central authority the ability to effectively deny new client devices from being made: https://en.m.wikipedia.org/wiki/High-bandwidth_Digital_Conte...
The link mentions that to produce a HDCP-compatible device (eg one that has an HDMI port) it needs to be licensed, pay an annual fee, and make promises to frustrate DRM-mitigation efforts.
If I wanted to make my own monitor with a VGA input (or, more practically, pipe the signals coming from VGA into a program that does something with the feed) I would just have to find a suitable adapter and receive the serial data.
Does this mean that doing so with HDMI (either the real-world DIY monitor, or the in-software feed-ingestion program) would be:
A) Difficult/time-consuming to write due to a lack of open drivers
B) Run afoul of IP laws pertaining to the HDMI standard and get me sued
C) Prevented by the cryptographic handshake that happens between an approved display and the output drivers
D) All of the above?
A is true, as HDMI requires a pretty ugly IP core on an fpga or an asic to process or produce the phy.
B is also true, as to sell a device with an HDMI port you have to join the group and pay fees. If you're just hacking stuff together for personal use I think you're A-okay here.
C is true ONLY in the case of HDCP protected content, as that handshake does not occur for unprotected content or HDMI 1.0
Also, side note, VGA uses analog R/G/B channels so if you want to pipe signals into the program you'd need an ADC to get useful values from it, and a pretty fast one depending on your resolution.
All DRM solutions eventually fail. It's an endless race. Companies pour millions and millions into media DRM, and yet all of the content is cracked and uploaded on pirate sites, without fail. They don't seem to understand how much of a waste their efforts are, and the government doesn't seem to realize how pointless, and stifling of innovation and competition laws like DMCA are.
I imagine their argument looks something like: We earn billions of dollars a year and want to earn more. We see people are downloading our stuff without paying us. This technology/company/etc promises to make copyright infringement more difficult and it'd only cost us $y million. If we see even a 0.01% increase in sales, it'll pay for itself in x years. Do it!
And government is even more straight forward. Media companies/individuals donate lots of money to campaigns, and there's a typical unspoken quid quo pro. They donate getting politicians into office and hire some lobbyists who know how to get those politicians what they want. In turn, those politicians then pass the media company's legislation. Like much of what the government does, the motivation is not a holistic effort to create a better country but an individual effort to get elected or reelected.
Hahah, come to think of it - it emphasizes that governments and capitalism suffer from the exact same problem. Capitalism works great when people put out good products and look to get rewarded for doing so. And similarly governments work great when politicians do good stuff and look to get rewarded for it. Things only get really messed up when companies start with the goal of making money instead of making a good product. And similarly, politics gets messed up when politicians start with the goal of getting [re]elected instead of creating good legislation. Because in both cases what makes the most money is not necessarily the best product, and what gets you reelected is not necessarily the most beneficial legislation.
it's really a pitch that starts with the hardware companies and the media companies buy into it because more DRM has no downside for them.
You better believe some "HDCP-certified 2.0" badge or whatever is on every hdtv and gpu you find at best buy. I wonder if the engineers on hdcp 1.0 knew how fast it would get cracked, but they knew that would just let them sell another round of hardware for the 2nd version.
Outputting an image via HDMI using an FPGA is relatively straightforward, almost as easy as VGA. I don't know about HDCP but expect it to be next to impossible.
Inputting any pulse-based high-frequency signal is more difficult, be it VGA or Ethernet or HDMI.
A little bit of A and all of B/C/D. Not all of HDMI is encrypted, but for the part that is the protocol is known, but you also need the keys which are meant to be stored in secure hardware and difficult to extract.
Also, old keys are frequently phased out, with new media requiring newer keys for playback.
How does that work? If I have an old player that is perfectly technically capable of playing new media, will it fail to play requires new keys? If so, that's atrocious, and I'm glad I jumped off the physical media train post-DVD.
>If I have an old player that is perfectly technically capable of playing new media, will it fail to play requires new keys?
Yes. It will require a soft/firmware update, which won't be available if the device has widely known vulnerabilities which cannot be software patched that would allow for key extraction. HDPC is not limited to physical sources.
I'm not an expert on HDCP but I don't think this is exactly correct. The standard doesn't rotate through new generations of keys; instead, revoked hardware keys are burned into all Blu-Ray disks burned after the time of revocation, and compliant HDCP implementations are required to check their own hardware key against that list before allowing playback. I don't know whether a hardware manufacturer could remediate the vulnerability that caused their key to get revoked and distribute a new key via a firmware update, but that sounds reasonable.
> which won't be available if the device has widely known vulnerabilities
Probably won't be available full stop. Very few devices ever get manufacturer updates - they're all focussed on just making a new version of the device.
If it's still in warranty, sometimes they'll take it back for a refund.
HDCP is of course completely broken, and has been ever since the master key was leaked years ago. You can find all sorts of "video stabilisers" and such sold online, which will strip HDCP completely (they do not obviously advertise this ability, so read between the lines...)
(I wonder if the same people who are up in arms about China's lax IP laws and massive product counterfeiting realise that it's the same country, the same culture, the same mentality which allows them to easily produce these devices that actually fight for your freedom to consume content.)
I also find the title to be rather sensational.. "I tried creating a web browser" ^ "Google blocked me" implies that Google blocked them from creating a web browser.. which is not the case.
If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different? Google is effectively deciding that anyone other than pre-approved browsers can't play Netflix content.
If an ISP fully embraced the Net Neutrality repeal and started blocking video content, and someone posted on HN that ISPs were "blocking them from building a streaming service", no one would be complaining that, "technically you can build it, you just can't reach any of your customers." Everyone on HN would understand that part of building a service is the having the ability to reach customers.
In the same way, part of building a web browser is having the ability to render web content. If Google can block your custom browser from rendering content, then for all practical purposes they are blocking your ability to build a browser.
Which has proved, time and again, to be the only way a lowly user can appeal or seek redress for grievances with Google. If you don't -- or can't -- raise a shitstorm on social media, you have no voice in their decisionmaking process.
Break them up. They are no different from a competing government at this point.
> If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different?
Because those third party sites choose to utilise closed software from that company. And Netflix doesn't only utilise Widevine as a DRM, it uses several different DRM systems, so Google don't have control over anything.
This. Netflix is buying security for their product by doing this.
We may all think (know) DRM is dumb, but DRM is more than just about how hard it is to hack. Sure, everyone could in theory reverse engineer this stuff. But the point is that it's only legally protected as long as it's at least not trivial. Open sourcing would probably invalidate their legal defences against people downloading Netflix movies.
> invalidate their legal defences against people downloading Netflix movies.
I highly doubt that. A ToS violation is still a ToS violation (in the case of Netflix, which is expressly a streaming service), and copyright infringement is still copyright infringement. The legal protection that's afforded to DRM itself is something that's literally only useful to you as a content holder if you're looking to abuse copyright and go far beyond what copyright law actually grants you! That's what makes the whole notion so problematic in the first place.
Well, they are granting you a license to download the copyrighted content. That's the consideration you get in exchange for paying subscription fees. IANAL but it seems doubtful to me that copyright law on its own (without the anti-circumvention parts of the DMCA) could be twisted to produce criminal penalties for downloading licensed content in a non-streaming way given that it's legal to download it in a streaming way. And ToS violations are not criminal acts.
The issue is more complex than that, and generally relates to some hardware APIs for securing the video path not being available to Win32 applications in Windows.
> If a single company can effectively decide whether a bunch of 3rd party sites that they don't control work on your browser, how is that any different?
That's just a sensationalistic as the headline. There isn't a single company controlling and selling these modules. There is a several of them, in open competition. The OP chose Widevine because they are easiest, but with sufficient perseverance he could probably use any of them, or at least any that distribute x86 binaries. It's damned near impossible to prevent someone from running a binary if they really want to.
I also found the original article difficult to swallow. It gave very little detail - so little we have no idea what Widevine said no to. For example, was it "could you provide Widevine and loan me an engineer to help me integrate it with my browser - but I can't pay you because it's all open source". Or was it "I've got it all going, I'm willing to pay you commercial rates per licence - how can I buy licences?" It if is the former hats off to Widevine for replying at all.
As it is, we only get a small part of his side of the story, no insight at all into why Widevine reacted they way they did, and a headline that's guaranteed to get clicks.
Call me paranoid, but I get the feeling I'm being manipulated.
> In the same way, part of building a web browser is having the ability to render web content. If Google can block your custom browser from rendering content, then for all practical purposes they are blocking your ability to build a browser.
Eh.. in a way, but not really. It can still work as a web browser but a web site can still render however they'd like based on your user agent.
If I made a site today, I could add the same functionality if I wanted to. Since I own the site, that's my choice.
I completely agree that Google should _not_ block their content based on your custom web browser. That is evil.
I would still claim two differences on the user agent side of things:
First, any browser can report any user agent they want. There are a number of examples of browsers faking or changing user agents to get around sites that try to differentiate based on those strings.
Second, while any individual web site can implement logic based on the user agent, that's the sole choice of the web operator. By restricting Widevine access, Google is blocking rendering of content on other people's domains.
The non-ISP, in-browser analogy I would use would be if Google decided that in order to render an AMP page in your new browser, you first needed to get their permission. They're not just blocking their own content, they're blocking an entire category of technology.
It's also worth mentioning that even under the user agent analogy, if this headline was, "Google uses user agents to block Firefox from accessing Youtube", pretty much every person on HN would call that anti-competitive behavior worthy of regulation.
Right! And when the headline was Google uses user agents to block Windows Phone from accessing Google Maps (along with reports that changing the user agent made the software work fine), we all agreed on swift and decisive action against Google /s.
Oof, rereading this article in the present just hurts.
To be fair, the 2013 ecosystem was a lot more Google friendly than the 2019 ecosystem is. I'm sure the average non-HN reader still wouldn't care today, but I would at least hope HN itself would have a different reaction.
> By restricting Widevine access, Google is blocking rendering of content on other people's domains.
This isn't good, but it's not arbitrary control. These companies chose to implement widevine, so they chose to allow Google to dictate who gets to legally use WV.
The point isn't that the control was granted arbitrarily - as you note, the granting was explicit. The point is that as a result of that, we have arrived at a situation where Google is now capable of arbitrarily exercising control over this subset. This wouldn't be a problem if that subset was small, but it's not - it's huge, and ever growing.
But times change and today playing videos (including DRM protected ones) is no longer a feature but a required part of a browser. A requirement which likely will get stronger with time.
(Sure some "special purpose" browsers get away without, but they also only Target a very limited audience)
To be fair, I think that it's primarily the content owners pushing this ridiculousness. OP's project is not a general purpose browser, and it will not compete substantially with any Google products, so I don't think this is a case of Google trying to knock out OP.
I completely agree that this is unacceptable... but I think the blame really rests on the content owners who forced this DRM in the first place. Every damn thing on Netflix is widely available on torrents in hours, so it's totally useless and just makes things worse for everyday consumers.
Absolutely. The title isn't just sensational, it's misleading. OP's browser is opensource and uses a P2P-like architecture. It sounds incompatible with current rights management.
OP sounds like he feels entitled to others' work and efforts. If he wants to play videos in his browser, he can make them. Or find people who will make videos for free for him.
All OPs browser does is syncronse playback across users legitimate Netflix (or other) accounts.
OPs broswer will pass the encrypted video through to the DRM plug-in, which will authenticate from Netflix through to the to the screen. It will decrypt the video, decode it, re-encrypt with hdcp and send it to the monitor.
The DRM chain is intact. OPs browser can't be used to pirate the videos, or steal Netflix.
All he needs is permission to ship the closed source DRM plug-in.
EME does not require Widevine; you can implement EME in its entirety yourself, in open code.
Widevine is only one of several implementations of a Content Decryption Module; it just so happens to be by far the easiest to license (though that doesn't mean that's easy!).
> you can implement EME in its entirety yourself, in open code
Noope. Netflix has explicitly stated, at W3C, that they absolutely won't use any open EME implementation.
In practice any open CDM that you implement yourself will be totally useless. The "open" parts of EME have no real utility, and exist only to be able derail criticism by making rhetorical arguments about hypothetical open implementation, even though it's by definition exactly the opposite what Netflix and Google designed EME for.
So could I write a custom Content Decryption Module that would be able to decrypt Netflix content? Or would the content providers have to support my custom Content Decryption Module?
A website can decide which Content Decryption Modules it would like to support, because ultimately the site runs the keyservers and can decide which CDM's keys it would like to generate.
But EME includes a fully freely implementable Clearkey spec. Ultimately sites generally don't want to generate keys for it, but it can be done.
So... I can technically implement my own EME standards compliant web browser, but that browser won't actually be able to interoperate with the existing set of websites that make use of EME. What's the point of the standard again?
Certainly complying with EME isn't enough for web compatibility, but EME plus any given CDM isn't in reality interoperable either: sure, Firefox and Chrome both use a Widevine CDM, but Safari and Edge do their own things. As such, in principle a website could easily not support Safari and Edge (given you get the two larger browsers with one CDM).
To be fair, you can make a similar argument about what's the point of a standard for the video element: in reality, you need to support H.264 encoded video, so just supporting Ogg/Theora/Vorbis (as some early implementations did) doesn't suffice, so what's the point of that standard? (Also the img element, the object element, etc.)
But yes, EME is different because it fails to fulfil its use-cases in a fully free implementation (one can imagine, potentially in the future, a free software implementation that passes encrypted content to a hardware module that implements the decoding, but that seems like little gain and unlikely to happen).
It made the top of HN with 945 votes (2x the votes of anything else right now). As much as we hear criticism of it on this site and elsewhere, clickbait headlines work.
Right, thats the whole thing that sucks about DRM and these video providers in general. Not only do they want to protect their content from unauthorized viewers, they want to control how it is consumed. Which to me is especially outrageous because netflix and youtube are the only two with a good user experience. (I used to count Hulu, but at some point they really fell off)
I would think that Amazon would lead the charge for an open standard for distributing video which handles DRM, subscription, pay per view, etc. and then all the non-Netflixes would publish to that standard, and let player applications thrive. Even when using a Roku it feels like each app is completely different. And most of them suck. Imagine if in 1985 Prism, HBO, and Showtime all manufactured their own TVs and required you to use them, but they all had wildly different layouts and remotes.
The idea of syncing up two video streams is awesome, I can see people enjoying that, and it would encourage people to pay for whatever services their friends have. Though it does sound a bit similar to rabb.it
The world doesn't rotate around netflix and co. You do not need to consume them if you don't want to. There is also no right from yourside to how you wish you like to consume it.
I would prefer to have NO DRM of course don't get me wrong. But still in this case, it is not your decision and apparently most people really don't care for that at all. They wanna see netflix in there browser. Thats why google and co did it. Thats why no one cares that there might be a electorn based browser somewhere which is unable to implement its core feature of sync viewing.
And while i like the idea, just because is just not good enough. Noone will cancel there netflix subscription over this.
I wanted to be sure that there were multiple instance of this in your posting history (there are) before I commented, but you regularly use "there" in place of possessive "their".
I would want someone to correct me on a fundamental grammar mistake in Spanish, so I felt it would be useful to correct you here.
Thank you for the effort on checking my previous comments as well :-).
Really appreciate it as a non native english writer! :)
I sometimes think it would be nice to have a community correct feature which allows anyone to make simple corrections in a way you, as the author, also become aware of it.
The entire idea behind DRM is to gain control over the user experience of legitimate users. Pirates will always break whatever DRM scheme you use. Wasting energy on them will always be futile. Controlling the user experience? That's where you can make a lot of money by pushing out competitors.
I think this is an incomplete picture. Guessing at their motivations, DRM also serves to reduce opportunities for casual copyright violation when you have to jump through illegal (which is part of the scheme) hoops to circumvent it.
But by and large people don't make mix tapes, or bootleg videos anymore. They torrent it from the one person with the time to break the DRM. They would likely still do this even if the content was DRM free since its easier.
exactly, but my point is that most of the players don't have a good product, so why would they force people to use it? In the last few months I've used Prime Video, Crackle, FXNOW, WWE Network, NJPWWorld, and HonorClub. All of them are awwwwful, and it would only benefit them if they could come up with an api standard for content, and let other vendors take care of the front end.
Regarding browser extensions, the Firefox "webextensions" API is (mostly) compatible with Chromium's, so with relatively little effort you could target both the Firefox and Chromium families of browsers.
Firefox compatibility is valuable because Firefox extensions don't have to be distributed through the Mozilla add-on store (they do need to be signed by AMO, but provided your extension isn't doing anything illegal, that should not be an issue).
Finally, you could try redistributing unbranded Firefox or Chromium with your extension pre-installed. Waterfox (a Firefox fork) can have DRM — it's disabled by default, but it can be switched on — and I don't think they put a great deal of effort into it, so I think that your "version" of Firefox could also easily have DRM. (I have no idea whether the same holds for Chromium.)
I was curious about this too, and I wonder if OP can clarify what they mean by "reduced features". What exactly is it that they want to do, which requires them to create a whole new browser, vs just creating a website/extension.
I would much rather have a webapp than have to download a whole new browser just to watch videos with a friend. Most of the stuff listed on the github (WebRTC, WebSocket) are just normal web technologies. The only other thing I see is "Discord Rich Presence".
Sorry for the late reply. Building Metastream as a web browser instead of a web extension was a complexity burden created solely by myself.
One of the main requirements I wanted was the ability to use the app with as little centralized dependencies as possible. P2P is the primary way to connect to users with the app, but even that requires a centralized signaling solution which is prone to downtime. To mitigate this, users can also directly connect to an IP address with the appropriate ports forwarded. Listening on a socket is not supported by a web extension at this time.
Additionally, some actions on the web require a "user gesture" to be performed such as fullscreening a video. I created an auto-fullscreen feature by simulating a user gestured mouse click. It also only fullscreens within the frame of the window instead of the entire screen. [1]
Other features not possible with a web extension/app include local file reading (potential future feature) and Discord Rich Presence (currently implemented).
That makes sense and it's interesting to see the limitations of the "web extension" framework.
The following isn't meant to try to convince you to use any particular solution (I don't have any skin in the game), just some ideas in case you get fed up even more by the problems with implementing DRM in your own browser.
Listening to a socket and reading local files is possible with "Native messaging"[1]. In brief you have a small application running in the background, outside the browser, which can listen to sockets or read local files, and your browser extension communicates with it. This does bring added complexity and might (haven't tested) bring additional latency, possibly making it unacceptable.
This. I’m currently working on a project to do what OP is doing, and this is almost certainly the most painful route to go down. All of this could be done with WebRTC, and you get the bonus that it’s even p2p so you don’t even have to handle video content yourself if you don’t want to (if you do, you can mix in media servers like Kurento or Janus if you want). To further sell this approach, I built v1 of the streaming pipeline in like 2 weeks.
The blame for this sits squarely on the w3c for their efforts in trying to replace flash by letting the content companies dictate standards for encrypted playback.
If they had held fast, we could have forced the companies to do their key management in something like WebAssembly and avoided this gatekeeping mess.
The W3C isn't to blame. No one is to blame, really.
We have DRM, we hate it but it's there, and it serves a purpose. If it is your intellectual property, you get to decide how it is used. And if you don't want to make copying too easy because you think that it will get you more money, that's your right.
The goal of the W3C is not to make to make a political statement about the rightness or wrongness of DRM. They are here to create standards that respond to use cases. And unfortunately, copyrighted content diffusion is one use case, and content owners want DRM.
And if you read the standard they came up with, it is not that bad. They managed to isolate the "evil DRM" part well enough without completely destroying its effectiveness. They also didn't require any proprietary component, though services can require them (that's what happened in the article).
Using WebAssembly (which is essentially optimized JS) for DRM is a terrible idea IMHO. DRM, to be effective, usually requires access to protected system components. It means that to make an effective enough DRM to be accepted by content providers (which is the entire point of the standard), we would need to give WebAssembly way to much power.
>And if you don't want to make copying too easy because you think that it will get you more money, that's your right.
They seem to think that but is there any truth to it? I do pirate some series/movies from time to time (mostly out of convenience) and you can get high quality rips of pretty much anything mere hours after it's available on streaming sites anyway.
So what is this DRM supposed to achieve? Prevent the average non-technical user from saving the stream? I mean I'm sure they wouldn't even know where to start, there's no "Save As" button on Netflix for instance. Simple client-side limitations would do the trick for 99.9% of the population. On the other hand the few technically-savvy stream rippers seem to have no issue bypassing these protections.
DRM works better for interactive content like games because it's not just about ripping the output.
How many decades do we have to suffer through this broken scheme and this technical debt until the right owners realize that they're wasting their time and their resources to push a system that only serves to make it harder for legit clients to consume their contents?
When iTunes got rid of DRM on music files I thought it would be the tipping point where right owners would realize that this scheme was ineffective and counter-productive, but apparently it's still an industry standard for some reason. Have legit users on unsupported systems stream low-res video while the pirates can watch it in 4k for free. Ridiculous.
It's a good point, but I believe DRM isn't just about piracy. It's also about control. I read a good article about this once, but I can't find it anywhere right now so I'll summarize what I remember.
As long as DRM exists, if you want to make a Blu-ray player you have to go and ask the Advanced Access Content System Licensing Administrator for their blessing, so that you can decrypt and play (for example) AACS-protected media. It doesn't really matter that AACS has been broken since early 2007 and that pirates can easily circumvent it - as long as you want to sell a player above-board and not risk potential lawsuits, you still have to go and license it.
(This might not be true for AACS in particular, but AFAIK it is generally true of more recent content protection systems.)
That's when the control part kicks in. Good luck getting that Blu-ray player approved for content decryption if it allows the user to skip commercials, or make small clips of movies and send them to your friends, or other such features. I do believe there would be some amount of demand for those features - well, mostly the first one. However, I don't see the AACS LA ever approving such features while having Disney and Warner Bros as founding members[0].
I'll try to find the original article I got those ideas from. I'll reply again if I ever find it.
That makes a lot of sense actually, I guess my take was a bit naive. I hadn't considered that it wasn't just about preventing piracy, it's about controlling how the content is consumed. Thank you for this insight.
>How many decades do we have to suffer through this broken scheme and this technical debt until the right owners realize that they're wasting their time and their resources to push a system that only serves to make it harder for legit clients to consume their contents?
Where did you get the impression that this isn't what they actually want? The goal is control over users, not acquiring non-users (pirates).
I think DRM in general was never really designed to completely thwart piracy.
The goal is actually to delay the pirated version as much as possible and to raise the barrier to entry when pirated versions are eventually released into the wild.
Instead of that, it's turned pirates into heroes of the common person. After all, why pay and be limited in the way you can watch the thing you paid for when unlimited access exists for free?
> why pay and be limited in the way you can watch the thing you paid for when unlimited access exists for free?
Oh I dunno... have you tried asking one of Netflix's 140M subscribers? Or the 26M people who use Amazon prime video?
The point of DRM isn't to make it impossible to pirate things -- it's to make it difficult enough to get pirated content that most people would prefer to pay a few bucks a month to watch things via a channel where rights holders are compensated. And by that measure, it seems to be working pretty well.
I'm not sure for how much longer it will keep working though. With the increased fragmentation of streaming services (and geoblocking), pirating content is starting to feel more convenient yet again.
When it comes to music, I can most of the time listen to it legally via Spotify or Google Play Music/YouTube Music. When it comes to movies (and especially for older movies), the rights holders give me no choice but to pirate because they simply don't make it available for me to obtain in a legal way.
As an extreme example: I was looking up an old childhood movie "Hugo: Djungeldjuret". The rights holder have stopped distributing the movie and they no longer sell it, but they do issue copyright claims and take-down requests towards anyone who hosts it. How am I supposed to watch a movie like that in a legal way when the only distributor has stopped distributing it?
My point was that, for movies and TV shows at least, this simply doesn't work. The delay is small enough that it's usually negligible (a few hours in my experience). For live events (especially sporting events) of course that's enough to make pirating impractical, but for the new episode of Game of Thrones it's really not much.
Furthermore I assume that most of that latency is not due to the time required for pirates to break the DRM but rather the time for the original riper to encode the file and share it through the pirate food chain until it reaches the public trackers that I use. You'd still have to wait a little while to get your pirate file if you don't have a subscription to the official streaming service.
> For live events (especially sporting events) of course that's enough to make pirating impractical, but for the new episode of Game of Thrones it's really not much.
I think you underestimate how many people prefer to watch the latest episode as it airs.
> not due to the time required for pirates to break the DRM
Even if the DRM is already broken, you can't just ignore the initial time spent to break it.
> until it reaches the public trackers that I use
Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means? And of those who do, how many do you think would actually be able to download a movie through a public tracker?
This is why Popcorn Time was such a huge hit: it provided effortless access to movie torrents for the masses. Obviously, this also explains the rapid response by content publishers to crush the project.
>I think you underestimate how many people prefer to watch the latest episode as it airs.
I don't, but even without any DRM you still have the delay between the moment the ripper manages to get the file and the moment it's available for download. DRM doesn't really change anything here. It's not like for games where DRM can delay the release of cracked version by days or even sometimes weeks.
>Even if the DRM is already broken, you can't just ignore the initial time spent to break it.
For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack. I have yet to see the release of a good quality movie or TV show because they couldn't crack the DRM.
>Let's say you stopped 100 random people on a busy street and asked them what a "public torrent tracker" is. How many do you think would know what that even means?
I honestly don't know, but I do know that streaming solutions and direct download websites are pretty mainstream in my experience. Megaupload was huge for instance.
But even if you're right and it's obscure, doesn't that make DRM even more pointless? If people don't pirate because they don't know how why would they start ripping Netflix streams? Technically speaking it's even more involved.
> I don't, but even without any DRM you still have the delay between the moment the ripper manages to get the file and the moment it's available for download.
You're missing the streaming option. But alas, watermarking + ContentID + DRM have essentially conquered that realm. Acestream and IPTV are two surviving options, but the barrier to entry is not low for these.
> For movies and TV shows I think I can. It's just so full of holes and broken implementations that it's usually trivial to crack.
I don't know enough about current media DRM solutions to comment here. What I do know is that will likely change once TEEs/enclaves become more widespread on consumer devices.
> If people don't pirate because they don't know how why would they start ripping Netflix streams?
"Right-click > Download" versus, at the very least:
1. Finding a reliable torrent tracker
2. Downloading and installing a torrent client (viruses galore!)
3. Finding a torrent with enough seeders
4. Figuring out which version of the movie/show to download (what's a "nuke"? what's up with the quality (cam)? why is this movie split into 37 .rar files? where are the subtitles? why is the audio out of sync? etc. etc.)
You and I have already gone through all of this the hard way, but it's important to realize that it's not intuitive at all.
If it is your intellectual property, you get to decide how it is used.
Another poster here made an interesting point, that this wasn't true until the 90s. Deciding "how it is used" is different from (and broader than) deciding "who gets to distribute it".
> Another poster here made an interesting point, that this wasn't true until the 90s.
This was always true. Most copyright traditions recognise Droit Moral, and the right for the author to determine the integrity and treatment of the work, and have for, in some cases, literally hundreds of years.
The problem is that pretty much the only way to satisfy those obligations is to turn the internet into a huge walled garden (as is currently happening). So we'll either have to accept the consequences of that, decide that some of the rightsholders' claims described above are not in the public interest or find some kind of middle ground.
The W3C, Google, Apple and MS and the TV manufacturers could have said "OK then, keep your content to yourself, let's see how your business does without us providing ways to deliver your crippled content to the eyes and ears of your customers."
But of course they didn't say that, because most of them got some direct or indirect interest in DRM, enough so that the few remaining players did have no choice than to hop on board, too.
Blame Google and Microsoft. They were the people who created the specification, and pushed for it, when Netflix came begging for a solution to their DRM conundrum. Even if the W3C hadn't approved it, that's two of the big four browser vendors who are committing to implementing it anyways, which is enough to guarantee a de facto standard anyways.
No, blame the movie studios, record labels etc. They're the one which require asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe want to support media content, but to do so requires towing the line with the media companies otherwise they refuse to license the content (at least in HD+).
Having worked with various DRM teams I know that they have to treat their code as if its the most secret code in the world, if they don't the media companies can swoop in and ban them and then no Netflix for your users. This is why Widevine code isn't open source (other than the glue EME code) and is almost certainly the reason for the refusal to work with a small open-source form of Chromium. If for example the project was used to "steal" content the media companies would be mad at Widevine, with lasting repercussions for all Chrome users.
It's worth noting that typically all DRM teams work as if the hosting environment is an adversary. For example Widevine don't trust anything Chrome says as someone could recompile it and lie about the security. The only times this is relaxed is where the platform is deemed secure, such as CrOS or iOS.
> No, blame the movie studios, record labels etc. They're the one which require asinine DRM support for web browsers. Google/Microsoft/Apple/Adobe want to support media content, but to do so requires towing the line with the media companies otherwise they refuse to license the content (at least in HD+).
Let's say Google, Microsoft and Apple announce that they will be removing any DRM from their browsers on 2020-01-01. They will also remove any DRM playback app from their App Stores. So no Netflix on PCs, Macs, iPhones, iPads or any Android device (including stuff like Android TV).
Media companies would rejoice. Since such a coordinated move from Google, Microsoft and Apple would destroy streaming for everyone indiscriminately, it would re-level the playing field and enable everyone to start competing anew. Disney, HBO and others would fork Chromium and add DRM support back, then market the shit out of it. They'd start signing deals with phone and TV manufacturers to get their DRM back, each preferably in a way that excludes the others. There'd be a lot of churn as whole media space gets re-balkanized, but that's all good, since churn means they make money.
A lot of smaller companies would die, and a lot of users would suffer - but none of the parties involved actually cares about the users; we're just a natural resource to be stripmined.
The internet before streaming (when downloading postage stamp clips took 3 hours) was close to that described state, and people just exchanged burned CDRs right and left.
Even elderly people were using and watching pirated stuff installed by their kids as they just couldn’t bother.
No DRM support in major browsers would mean pirating becomes the #1 way to see anything again.
Just as the only browser with DRM would have a huge advantage in that scenario, the one streaming service without DRM would have, too. I honestly think Netflix would take that chance for their own content.
This is the most plausible outcome. Netflix wouldn't just leave that money on the table and the most obvious thing to do would be to provide the support they want from browsers themselves.
Users follow use cases and would not be averse to spending 30 seconds installing something in order to watch their favorite content.
There's also sort of a game theory situation with the removal of DRM, as it would be a competitive advantage being the only one that supports it.
All Netflix movies are on PirateBay already, in spite of their DRM. I’ve seen movies pop up on PirateBay the day they are released. They wouldn’t leave any money on the table.
People paying for Netflix are paying for convenience. That wouldn’t change in absence of DRM.
I think you're greatly underestimating how much more cumbersome torrenting is even compared to a plugin, especially for "normal" users who are not necessarily tech-savvy.
This argument is repeated ad nauseam but it’s false, all it takes is a torrenting app installed, that’s the only threshold.
But back to the point, if Netflix wouldn’t use DRM, it would change absolutely nothing since copyright infringement is still illegal and those DRM protections are completely useless.
Can my torrenting app stream my video, or do I have to wait for a full assembly of the pieces from torrent hosts and enough downloaded to watch it?
If the latter, torrenting is plenty cumbersome enough that if the studios are pushing movie-viewing to "Pay us money or you have to torrent it," they're winning.
Yes, and this functionality has been built into many of the largest torrenting programs out-of-the-box for quite some time now. In the case of µTorrent, it was added in version 3.0 all the way back in 2010.
Obviously, how quickly the stream will buffer depends entirely on the state of the swarm. Popular items will work almost immediately, while particularly unpopular items won't be streamable at all.
Anecdotally, I have personally witnessed my (very nontechnical) friends streaming 4+ GB 1080p ...popular cat videos... that weren't available from Netflix. They did not struggle with the process in the slightest.
I don't think it would, unless it begins playing within thirty seconds of the user choosing a video and provides an uninterrupted streaming experience?
Last I checked, the BitTorrent protocol didn't provide packet sorting that would allow for this behavior (by forcing the beginning of the movie's bytestream to be the first data downloaded), so my mistake if the protocol has improved and I was unaware it provided this service.
How easily, and how much setup is necessary? Remember, we're talking about competing with a service that doesn't even make the end-user consider whether that is a problem that needs to be solved (just plug in a credit card and off you go).
A coder spent an hour changing the code, once, and now it requires zero effort for users. They never know the difference. Open popcorn time and wait for it to quickly buffer.
This would be an authoritarian action, compared to just opting out of supporting something. There's a huge difference and I think these organizations' supposed interest in ethics precludes that sort of move.
DRM is not illegitimate. It just sucks and operates in a way that is immune to free market competition - the reasons for that immunity are the true thing to fix. Users should have alternatives as there is a clear market there. If DRM is so bad, then that's what should kill it.
This is the correct solution. The big tech companies control the distribution channels. Currently, they bend to the requirements of large content producers. If they leaned the other way, toward open source and DRM-free distribution, the producers would have no choice but to comply.
Of course, content producers could run back to the state for more protection (as they always do) and get legislation forcing browser makers to comply. And around and around it goes.
> Of course, content producers could run back to the state for more protection (as they always do) and get legislation forcing browser makers to comply.
Implementations of such forced-by-court features tend to be buggy. ;-) The implementation bugs might differ in subtle ways in each new browser release. ;-)
Consumers will have to purchase or rent horrible and overpriced hardware supplied by broadcasters. Like they were doing for decades with satellites, and early IPTV.
Piracy will raise a lot. Many users don’t want to pay, or can’t pay for that custom hardware. I was using Netflix service for some time without major issues, but they don’t have anything in my country, too small one, they won’t be selling and supporting their set top boxes any time soon. Unlike accepting credit cards and broadcasting videos, physical retail doesn’t scale that easily.
Why would they need to remove the DRM playback app in your scenario?
If they would only remove it from the browsers, they would start pushing their native applications like Netflix for Linux, Netflix for Windows, Netflix for Mac. And browsers would be free of their DRM which causes all this.
Torrent is something that I have nothing to complain about. It's decentralised. No big corporation is trying to control it. It's truly by the people for the people.
I wonder if more protocols like this will get invented and become mainstream. Or those glorious days are already behind us? Since every big corporation is just trying to grab market share by creating walled gardens for everything.
I assume that policing of torrent networks by the authorities will continue to increase. As a result, I'm hopeful that darknet (ie social connection based) solutions might emerge at some point. Why use a VPN and a tracker (private or otherwise) if I could request things via (anonymized) friend-of-friend-of-friend in a straightforward manner? That way you only trust your immediate network.
No, I think you’ve missed my point. A technology that prevents generally honest people from slipping casually into dishonesty sounds valuable. Battling people who are determined to be dishonest sounds much less valuable.
Making a personal copy of a video you've paid for is in no way dishonest, and the user downloading it from a pirate site without paying is in no way impeded by DRM.
The only thing it could even arguably be doing is preventing users from uploading videos to pirate sites, but that is empirically a massive failure given that all of the videos are already on the pirate sites.
So all you're doing is battling the honest people who have paid and then want to make a copy for format shifting or some other fair use. And the legitimate value of battling that is a negative number.
I suppose in the case of Netflix and the like, it stops me from getting some lossless downloader browser extension that would surely exist but for the DRM and... what? Getting stuff to watch after I let the subscription lapse? Giving copies to my friends?
The former is about the same effort as torrenting and about as obviously dishonest. The latter is mostly possible using Netflix as intended as long as I don't mind sharing my password with them.
I'm pretty sure some method Netflix uses is broken anyway. People don't seem to have trouble uploading 4k rips to Usenet. (Though I haven't actually checked recently.)
We were sold DRM as "the evil legacy studios are evil and make us use DRM". Well, now that Netflix produces their own content and it's still DRM'd... I guess that isn't really the reasoning.
Netflix doesn’t make most of their content. They just have exclusive license to show it. The studio that makes it still demands DRM.
In the rare case of content that is actually made by Netflix, it’s easier to just put DRM on it, because otherwise every system dedicated to encoding and playback would have to have a code branch that was special for non-DRM content. It would be a maintenance nightmare. It’s a lot easier to push all content through the same pipelines.
It’s very rare. I’ll bet you can’t name a single show that Netflix produces. Remember all those big name shows are produced by other people and then sold exclusively to Netflix.
DRM does not benefit Netflix. It’s complicated and takes a lot of resources to run. They’d much rather not have to deal with it at all. Having DRM does not gain them any customers — in fact it loses them some. But it’s the only way they can get content.
Come on, that can't possibly be right. If they can get shows sold "exclusively" to them, why can't they get shows sold to them without DRM requirements?
(The closest I can get to an explanation is that the "exclusivity" deal might be limited to online streaming platforms only, and whoever is selling the content still worries about everything else. But streaming is a significant and growing portion of all media consumption (and could be even more so, were it not for that pesky DRM), so I'm extremely skeptical that this would be a real issue.)
They probably did negotiate DRM free licenses. But the cost for implementing a separate DRM free pipeline is very high, and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any, especially given that this whole argument only applies to web streaming anyway.
> ...and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any...
This is where your narrative is strategically short-sighted. It would be a very significant leverage point for their own proprietary content over the traditional media companies' - the kind of thing that 'disruption' is built on!
If Netflix is paying for shows that are produced, and they have exclusive rights, they can attach any distribution terms they want to them.
You can't tell me with a straight face that somehow they don't have this power.
DRM absolutely benefits them because it ensures that only parties they permit are allowed to access content, for the same reason it benefits other media companies.
> DRM absolutely benefits them because it ensures that only parties they permit are allowed to access content, for the same reason it benefits other media companies
The fact that every pi8ece of Netflix content is on the pirate sites within hours of release would prove otherwise. Netflix is well aware of the uselessness of DRM.
And you're right, they probably did negotiate DRM free licenses. But you missed the other part of my post -- the cost for implementing a separate DRM free pipeline was very high, and there would be little ROI to the business. Not having DRM on just the Netflix content would get very few new customers, if any. How many people would say "man I would totally sign up for Netflix if only their own content was DRM free, even though I'd need a DRM enabled player to play everything else, and oh yeah this only applies to web streaming anyway."
I would argue the increased customer satisfaction from being able to stream 1080p/4K quality in more browsers with less esoteric hardware would be worth the extra implementation complexity (currently higher resolutions are disabled on browsers with weaker DRM or hardware without a pure HDCP path)
Netflix 4k streams are like 25Mbps at best. The US average broadband speed in 2017 was around 50Mbps. There is no problem getting 4k to consumers.
Whether or not they have a 4k display... that is probably the blocker. I have a 4k display but it's not my primary display (instead opting for a 165Hz 1440p panel) and I never bothered to buy a 4k TV, given how dirt-cheap high-end 1080p TVs are. Would much rather have the black blacks of a $500 1080p OLED TV than a $3000 washed-out 4k LCD.
That average broadband speed is deceptive, because it includes people who have gigabit at home. The more interesting number is the median speed. But even using averages, not a lot of countries yet have the speed to support 4K streaming[0], and like you said, even if they have the bandwidth, they need the equipment.
Both Amazon and Netflix make the most money and are best known for their excellent original shows. Why did they bother to setup DRM for them? If they opposed it, they could have made it a selling point that you could watch them in 4K on any device without hassle.
Then Google/Microsoft/Amazon and others who are being impacted by this issue should throw some non-trivial money at media creators who are willing to commit to DRM-free content. Like Creative Commons or the Blender Foundation, for starters. We had a comparable opportunity there when Netflix started offering streaming services, but they chose to go with DRM across the board. Fine, whatever. But unless the tech industry seriously gets behind this, Big Media will start to take their "content" hostage and mandate use of their own DRM 'solutions' to "protect it adequately" - with royalties for use set as high as the market will bear. Yeah, you can say that would be an antitrust violation, whatever. Legal processes take a long time, and Big Media have plenty of political support behind them. They don't have to care if they can make things crappy enough for everyone else.
What is the point of this "blame", especially stating it as if it were exclusive? All of these companies are past the startup/responsive/customerserving stage. They're immune to public opinion when you just keep on patronizing them.
Rather, focus on concrete steps you yourself can take:
1. Make sure the hostile black box is not available / disabled in your browser. So when you end up at a page that wants to use DRM and it doesn't work, you simply attribute the problem to the website being broken (which it is), and move on. If you do need to keep using the DRM crutch for now, then only use it on a separate dedicated browser or device.
2. Base your media setup around a DRM-free pipeline (eg Kodi). Make torrenting content your default. If you want to pay indie creators for DRM free downloads, feel free. But don't fund any studios that generally push DRM.
3. Share downloaded content with friends (eg USB drives), encouraging them to not fund Netflix et al developing and promulgating more DRM. This is especially relevant for "exclusive" releases that are meant to push people into signing up for yet another subscription.
As the OP explained in the backwards complaint, DRM support is NOT required for web browsers. You can make a web browser that does not render DRM content.
Google/Microsoft/Apple/Adobe want to support
media content, but to do so requires towing
the line with the media companies
Sounds like the problem is the web browser companies also deciding to be movie streaming companies. Thus giving movie producing companies leverage over web browser tech.
If it weren't for Google Play Movies and iTunes Movies they could have just told the MPAA companies to take a hike.
"when Netflix came begging for a solution to their DRM conundrum"
Does Netflix DRM even "work"? I've never personally seriously looked around for how to break it, but I note there are still plenty of people who seem to manage to review Netflix-based shows on YouTube with video clips of sufficient quality [1], and at least some of the reviewers in question I am fairly confident aren't getting any sort of privileged backdoor access or anything.
Is it "anyone can crack with a smidge of effort" or "it's really hard but it spreads once cracked"? I'm not asking for a lot of details of the crack per se, just general details of how successful it can be said to be in practice.
[1] I'm not claiming they aren't necessarily re-re-encoded by the time they get to me, but if they are, I can't tell for sure, so I'm going with "sufficient quality" as a description.
HDCP is broken, so people just get their captures from there I think. The Widevine stuff is also clearly not as trusted by publishers, which is why they only publish 720p streams on it IIRC. I think this is because it gets less help from the platform to prevent copying the frames.
No, this used to be the case, but isn't any more. Captures using lossless capture cards are called Webrips and generally disliked because they have to be reencoded (losing quality) and can only be ripped in realtime. For a long time now the better p2p groups (and even some scene) have figured out how to extract the encryption keys directly from the EME modules. So most of the Netflix rips you find on torrents these days are actually byte-for-byte copies of what you would view on Netflix.
Actually they should be byte-for-byte copies, but generally aren't, since Netflix makes you jump through half a dozen hoops to get the highest quality streams, so pirated copies are actually much better quality than what you can get on Netflix.
There are gazillion of 1:2 and 1:4 Chinese video splitters that strip HDCP from up to 4K sources letting any capture card rip anything that can be played on up to 4K TV.
A researcher on twitter recently cracked widevine level 1 quite quickly according to himself. No proof of concept was offered but he seemed to be claiming it was fairly simple. Netflix uses level 3.
The browser has to decrypt it somewhere along the line to play. Always was interested in tinkering around with it.
For a starting point I'd be going through chromium and checking out how they implement widevine.
For a while now there's been rumors in the torrent scene that a few people have broken it, but keep coy in case it gets patched. Then again it's trivial to screenrecord at the cost of time. Who knows?
Netflix only requires level 2 for HD streams, IIRC. SD streams can be level 1, I think.
Level 3 requires a secure path all the way to the display (so the decryption happens in a Trusted Execution Environment, the keys are stored in a Trusted Platform Module, and HDCP or similar to the display). Level 3 practically only exists on mobile currently, as Intel's SGX (their TEE) is typically disabled by default on what processors do support it.
I blame the OSS community that rolled out the red carpet for DRM. They are the only ones who really had a choice to make. I frankly don't blame the corporations pushing this, because they have been trying the whole time.
And they did it for the worst reasons. Vanity and pride. The corporations pushing DRM are merely motivated by greed.
But the players in the OSS community that opened the door for DRM were TERRIFIED of being labeled as "obsolete" or losing pretend "market share". They refused to take a stand against DRM, if it meant losing any users. Just look at the discussion thread where Mozilla decided to support DRM.
The arguments in favor of DRM by the OSS community are always the same:
- We need to support terrible DRM because it is popular (and being numerically popular is super important).
- We need to compromise against our users because if we don't then we won't have any leverage (which we are conceding we don't have anyway)
- "marketshare"
- "integrated branding"(?)
None of this makes sense, because Google, Apple, and Microsoft have completely different goals with building for-profit forms.
People who speak in slimey business sales marketing speak are making decisions about the direction of OSS software. And these people are obsessed with cargo-culting the big commercial platforms.
I have no sympathy for Netflix; not too long ago, Linux users had to jump a series of hurdles just to be able to play Netflix videos (including installing 32-bit Mono and Silverlight (yuck) and faking the User Agent string). As an end-user I'm happier now that it just works; as a FOSS fan, I blame the "content-owners" onerous demands for DRM.
It was never gonna happen; as soon as Intel introduced SGX, any DRM-producing company that wasn’t taking advantage of it would be seen as failing their shareholders. Even if Flash had died on schedule without browsers offering a native browser-DOM DRMed-content API, DRMed-content producers would just have jumped to another tech the DRM vendors sold them.
My guess is that, if browser vendors wouldn’t have played ball, the DRM vendors would have worked with one of the JRE vendors to optimize the Java applet runtime, and contributed to performance improvements on the browser side for all the open browsers, such that “Java applet” would no longer be a scary heavy-weight thing nobody wants their browser to launch. That would be (one of) the implicit threats hanging over browser vendors: if you don’t cooperate, we’ll take your control over innovation on the web away by refocusing it on an improved Java experience.
How is that "threat" a problem? That sounds like an Old Microsoft objection to cross-platform code, but the web is already cross-platform code, so that doesn't make any sense.
And if the browser vendors really didn't like it for unknown reasons then they could have just stopped supporting Java in the browser, as has largely already happened for various other reasons.
This is one of those "we all must hang together or we shall all hang separately" situations, and they apparently decided they'd prefer to hang separately.
No, if the Director had overridden the majority of the membership, the browser vendors would've shipped something anyway, and the YouTubes and Netflixes of the world would be using it anyway.
Essentially. The money gated behind a closed DRM solution is so large that the w3c ran the risk of becoming an irrelevant standards body for this space if they didn't comply with what their members wanted to do.
It's sub-optimal, but I don't think an optimal solution actually existed. A standards board divorced from reality is no better than no standard at all.
> No, if the Director had overridden the majority of the membership, the browser vendors would've shipped something anyway
That's fine. It's better that the burden for maintaining non-standard plugins be put on the sites and browsers that choose to do that, rather than be placed on everyone else.
It's funny how people try to make "standard" mean something magical when it's not. An Internet standard is just a document written by a committee of people who intend to do what it says. They then publicize it and try to get people to go along with it. You can't keep people from getting together to write a document or from doing what the document says. You can just choose whether to participate.
If W3C chose not to help write the DRM standard, the browser vendors could easily create a new organization and write a standard anyway (as happened with WHATWG).
Browser vendors and website authors could then read that document just as easily as anything published on the W3C website, so there is no "burden" for them. There would be no difference to the end user. The only burden we're talking about is the inconvenience of setting up an organization to do the writing. It's a minor speedbump at best.
The upshot is that there is no way to prevent browser vendors from standardizing anything they want. It only gets blocked if they disagree.
No one is implying that not infecting W3C with DRM is going to kill DRM. Of course anyone can agree to things in whatever organized way they want to.
The reason to keep it out of W3C is because it violates their core mission: https://www.w3.org/Consortium/mission#principles . Other organizations with a different mission are free to do as they wish, obviously.
How would that have improved the current situation? The videos that Metastream wants to play would still have been DRM'd and would still be playable in the mainstream browsers. What would the benefit have been? What burden is being placed on people now that wouldn't be placed on people in that scenario?
Making the user experience of DRM worse is better because then fewer people will use it. If the platforms all made it so that you have to solder a new chip into your phone before you can play DRM content, there would be a lot less DRM.
The argument that platforms have to do this for competitive reasons is doublethink. If the experience is worse and that will cause customers to flee, how is it that they would only flee from the platforms that don't have DRM but not the content providers that require it? Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?
> If the platforms all made it so that you have to solder a new chip into your phone before you can play DRM content, there would be a lot less DRM.
I mean, yes, but why would they do that?
> Wouldn't that create a huge market opportunity for new DRM-free studios, who would then out-compete the traditional ones by being available on all platforms instead of only on Insecure Expensive Proprietary Slow Cableco Platform Nobody Likes?
You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.
Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.
So that they're not beholden to adversarial corporations.
> You're assuming that content is fungible. If I want to watch Game of Thrones, I want to watch Game of Thrones, not "Winter Dragon," and "Winter Dragon" being DRM-free won't incentivize me to watch it.
Except that it is fungible, it's just not universally fungible.
The reason Winter Dragon isn't fungible with Game of Thrones is that you don't like it as much. You'd rather watch Game of Thrones. But there are thousands of shows, and out of those there are hundreds you might want to watch, yet there is only time to watch dozens or fewer.
Nobody can actually watch all of the shows they might want to watch. Letting "lack of DRM" be the thing that chooses between the ones of equal desirability to you is as good a way of pruning the list as any.
> Furthermore, development of media content is expensive and requires a bunch of up-front capital / investment. So while there is a market opportunity, it isn't obvious that taking advantage of it without connections to the existing industry is a profitable strategy.
Who says it has to be someone without connections to the existing industry? New independent studios form all the time as existing talent strikes out on their own. All it takes is for one of them to prove the market before everybody is doing it.
> So that they're not beholden to adversarial corporations.
What is so adversarial about these corporations to the browser makers? What benefit, concretely, do Microsoft or Google or Apple get from being free of the shackles of Disney or CBS?
One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.
Only in the case of Firefox is it really third-party code; both Chrome, Edge, and Safari ship with the EME modules developed by the respective companies, but they still sandbox it.
Plugins like Flash, which are the historic answer for DRM on the web, have a huge surface space and can interact in the browser in all kinds of odd ways. These EME modules are much smaller, they are much less powerful (AFAIK they either return a frame to the browser to composite or directly to the OS compositor, so you don't need to worry about how they change layout and then change layout again as you reflow), and as a result of that can be put in stricter sandboxes. That's a clear win from a browser security and stability point-of-view, which is a concrete benefit for browser vendors in making it viable to drop Flash (and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash).
> Only in the case of Firefox is it really third-party code; both Chrome, Edge, and Safari ship with the EME modules developed by the respective companies, but they still sandbox it.
They still sandbox it because from the user's perspective it's still an unauditable black box, so at least the user can verify the sandbox. But that doesn't actually solve the problem, because the black box code is interacting with black box hardware. If there is a bug, you've done the opposite of sandboxing it -- you've prevented it from being traced and given it direct access to hardware.
> and dropping Flash without providing a replacement for encumbered video isn't an option: breaking websites like Netflix will cause users to use other/older browsers that do support Flash
The solution to Flash should have been to have someone reverse engineer it and publish a 100% open source implementation, including the DRM. Then let them keep publishing using Flash format as long as they like, but no more black box.
> What is so adversarial about these corporations to the browser makers? What benefit, concretely, do Microsoft or Google or Apple get from being free of the shackles of Disney or CBS?
These companies make Xbox, Chromecast/Stadia, Apple TV, etc. Things that could plausibly be a media center, given some latitude and open standards. You could upload your movie collection onto it, give it your streaming account credentials and it gives you a single interface to all your media.
DRM kills that. You can't make an interface that allows the user to watch a Disney movie they've paid for and then have it show the YouTube commentary on it. You can't have something that recommends Orange Is The New Black after you watch The Wire because one is Netflix and the other is HBO.
Because DRM allows the studios to assert rights that copyright doesn't give them. That's all it does -- that's why they want it. It clearly doesn't prevent piracy.
> One concrete benefit I see is less risk of the third-party code destabilizing your code because it has bugs and is running within your address space, but there's an easy solution there: sandbox the EME blob like Firefox (and other browsers too, I assume) does. Then its crashes and buffer overflows don't become your crashes and memory corruptions.
The problem with this is that it can't simultaneously have such low privileges that it can't do anything harmful even if totally compromised by malicious actors, while also having such high privileges that it's immune to interference by even the owner of the system with physical access to it. They're diametrically opposed objectives. And the second one systematically fails regardless, but having to pretend that that isn't the case compromises the ability to do the first.
Would it have made the user experience of DRM any worse than it currently is, though?
The DRM module would still ship with Chrome and Edge (and likely Safari too, given Apple became involved pretty quickly), you'd still need multiple different streaming formats (in the form of different DRM formats) as you do today, and maybe you'd need slightly different JS codepath per-browser too (but that's not a big difference to today with the different DRM formats).
It's very unclear to me that the W3C refusing to be involved from day one would've led to any outcome very more than subtly different than the one we ended at. At the point that the specification went to Recommendation, there were already multiple interoperable implementations, so objecting at that point was purely a matter of principle, it literally wouldn't have affected the outcome in any way.
If the W3C making the right decision would make them irrelevant then what has actually happened is that they're already irrelevant, and becoming a rubber stamp on bad ideas only serves to prove that and erode their credibility.
Moreover, such organizations are made up of their members, and it's up to the members to do the right thing as well. Nobody had to volunteer to be the first to add this gunk to their browser. It can't be a competitive disadvantage if nobody else has it either, and it can't be a competitive advantage if everybody else has it, and those are the two options so why not choose the first?
This is just the age old discussion of whether it's better to capitulate in small ways so you can steer a group away from bad behavior/decisions later or to make a stand on principle to draw attention to the current bad decisions.
As much as some people like to say one is better than the other, I think the answer is always "it depends". Unfortunately, it depends not only on the relative power and momentum behind the current problem when deciding, but also on unknowns such as what will happen in the future.
It's hard for me to find too much fault in them deciding that they would rather stay somewhat relevant to the process than become obviously irrelevant (if that was indeed the thought process), as there's still a lot they can affect in the future. Armchair quarterbacking about what they should have done isn't too useful in my eyes.
Except that there was no such trade off here. If they refuse to approve DRM and then some browsers unwisely implement it anyway, having their approval makes it worse, not better. The browsers doing the wrong thing can claim to be following a standard, even though the standard is useless garbage because the entire point of having a standard is so that anyone can implement it, which in this case they still can't.
The trade off is in relevancy. If the standards body doesn't force a confrontation it knows it can't win, then it retains some power that it can throw behind or against future proposals. If the major browsers have already decided to completely ignore them and create their own consensus, there's that much less reason to listen to them next time. Not only has a precedent been set, but coordination on features outside the control may have already been somewhat standardized behind the scenes (beyond what they already do), making it easier next time.
The downside is as you say that the browsers can point to the standard as for why they implemented it, but that's why it's a trade off, and not cut and dry (IMO)
You seem to be mistaking the fact that the W3C for Web Standards is just the browsers. The last time it wasn't, the browsers formed WHATWG and the W3C became irrelevant.
The existence of features in any piece of software is a burden on further development of said software. Every time we go to add some other new feature to the spec we have to take into account how it will affect EME. That's just how software works.
The W3C exists partly to take the blame off of its members for the decisions that they agree to unanimously. Blame the W3C members for their decision to screw the user.
The W3C membership nowhere near unanimously approved the advancement of the EME specification to Recommendation; that much has been said publicly by various people over the course of the past few years.
The majority of the membership was in favour, definitely, but it wasn't unanimous. Some members I think it's predictable how they voted (MPAA may have voted in favour, EFF may have voted against); others less so.
I don't suppose you remember, but they did their key management in native code plugins 10-15 years ago. Silverlight and Flash both had DRM capability, IIRC. I've worked with that and it was no joy at all.
Without W3C DRM they would have kept those plugins alive instead of deprecating them. I see no reason why they'd have migrated to webasm, webasm wouldn't provide the know-thy-customer aspect the DRM people want.
> The blame for this sits squarely on the w3c for their efforts in trying to replace flash by letting the content companies dictate standards for encrypted playback.
It really isn't. The W3C at the very least permits a solution whereby content companies liberally distribute binary blobs for every platform under the sun. Hell, it even permits an open source solution that e.g. speaks directly to the DRM hardware in graphics chips (don't know if that would be technically feasible, don't shoot me).
It doesn't have to be this way.
In this context it's really specifically Google being assholes about this. They can choose to not be assholes about this. The fact that the W3C allows them to be assholes about this doesn't change the fact that Google is choosing to be this way about it.
How would have that worked? If you do not sign every single file per user, there is no real way to get something secure if you do not controle the whole processing pipeline.
This is a truly out-of-touch comment. People want their content first and foremost.
Besides, any kind of large-scale user revolt that isn't basically just a mob-like reaction is usually the result of a top-down, coordinated campaign. See the protests against SOPA/PIPA for an example - big websites had to throw their weight behind the idea for it to take hold. The web is simply too diverse and quick moving of a place to expect some kind of people's revolution when it comes to DRM.
I can't speak for the person you're responding to, but it doesn't seem like much of a mystery why non-techies don't know about the specific details of why they can't save a streamed movie to watch it offline, or in a non-approved open source video player. That glib attitude of captive audiences is exactly what DRM vendors prey upon. They know exactly how much they can get away with at this point.
> I can't speak for the person you're responding to, but it doesn't seem like much of a mystery why non-techies don't know about the specific details of why they can't save a streamed movie to watch it offline, or in a non-approved open source video player.
To me, the mystery is not that the people don't know about these details (these details are indeed somewhat complicated - I agree), but how much they don't care.
Non-tech users generally don't have the necessary knowledge and mental models to place technology the market is offering in context of what is possible. They think what's available, even if it's annoying, is the best that's possible. It always looks new and shiny, so it must be the limit of what could be. They don't realize that modern tech could be much more capable, and much more empowering, if not for constant shitty, greedy and people-hostile decisions made by those who make and sell it.
Of course they don't care, why would they be given a chance to? The anti-features, inconveniences and limitations are not advertised and are downplayed whenever anyone mentions them.
That's like saying the blame for pollution caused by burning coal lies squarely on the shoulders of anyone who uses electricity. Decisions are made, 99% of people have no clue what's going, and it's unreasonable to expect them to.
If there's nothing but coal powered electricity generation then vote to change it.
If the company you buy electric from uses more coal than others, then change company.
IMO ordinary members of the public take more responsibility in that because it's relatively straightforward to understand: buy your electric from renewable generation and get less negative environmental impact.
Understanding the best sources of power is hard however, so consumers have to trust published government research for that.
The comment I responded to was quite clear about placing "all" of the blame on consumers, but sure; we all share some responsibility. The problem is that placing the blame on consumers will get you precisely nowhere.
>If there's nothing but coal powered electricity generation then vote to change it.
Most people are struggling just to get by. Expecting their votes to be driven by large, complex issues which on their surface do not seem to impact their lives directly or immediately (or actually don't at all) is wishful thinking. The vast majority of people don't understand these issues to begin with.
>If the company you buy electric from uses more coal than others, then change company
Where do you live where you have competing electrical companies? Of you're proposing that they spend money on e.g. solar or electric cars, well... I think you're a bit out of touch with the general populace. We don't live in a world where paycheck to paycheck workers can afford such things. It has to be cheap and easy or you're just not going to get anywhere. Same goes for something like DRM; until it causes huge problems with the way most people consume content, well, they won't care, and complaining about that is a waste of energy.
Problems like these require smaller groups of dedicated and informed individuals to help make change and educate others. It does actually work. The US has much better environmental policy than it did 50 years ago and people are more informed now then they we're then. It's just slow, and tech related issues are relatively new.
No. The owners of coal mines, and the owners of coal power plants, are to blame. That specific industry has come at a terrible cost of human life and the environment, which wasn't even news last century. The people with the money and power to get a coal plant built, are to blame. I don't have choice in where I get my power. Lobbyists pay politicians to decide where my electricity is generated.
If you started cooking meth tomorrow, and sold it on the market, do you blame the users who bought it? No, the origin of the problem is the industry built around pushing the product.
You're unfortunate if you don't have a choice of where you get your power - we do in the UK - and can readily take action, eg at the ballot box, to change that situation.
Meth isn't really a comparable need. However, suppose dodgy crack (cut with crap), or paracetamol, was available for treating headaches: you can choose the paracetamol which makes you partially responsible for keeping the dodgy crack producers/dealers in business if you choose their product.
> You're unfortunate if you don't have a choice of where you get your power - we do in the UK - and can readily take action, eg at the ballot box, to change that situation.
I live in a representative democracy with extremely limited and polarized choice of politicians, ALL of whom are taking money from big oil. Unfortunate, indeed -- my lack of choice harms the entire world.
And no, meth is a great analogy: sure increases productivity, damn the consequences
I wonder how much of this is simply cognitive overload. I mean, climate change, crispr, ocean acidification, asteroids... I would guess that most people prioritize dopamine first and foremost.
Software is arcane, so thinking about how it affects society probably seems irrelevant to them. Even if they do care, power dynamics make defeatism a logical and realistic mindset.
If you use Netflix as advertised, you don't need to know about DRM; it does its job without being noticeable. Netflix is a streaming service, not a movie store. There's no need for making backups. If you try to use Netflix outside the bounds of your agreement (like copying downloads to a different device), then the DRM becomes visible.
A blockbuster analogy seems adequate and explains why people are satisfied with the way Netflix and Spotify work. DRM isn't restricted to Netflix and Spotify though.
The user is to blame? Let's be realistic about how the average person handles technology in general, is aware of malware on their devices, or how many browser choices they have.
I disagree; good DRM is transparent and unnoticeable, and if that is the case then users do not care.
Who does care about DRM is pirates and content creators whose content is shown without them earning off of it.
Yes I am aware of fair use exceptions, but fair use should exempt a user from getting sued over using a fragment of copyrighted content; it does NOT force a content creator from offering their content open for downloading and republishing, even if it's for fair use.
I disagree; good DRM is transparent and unnoticeable
Yeah, until it isn't.
I can't start GTA V for days since the "Rockstar Social Club" won't connect and glibly informs me that "I need to be on-line"
I would have agreed with you until then. But not being able to play a game for which I paid full price and not being able to get meaningful support to resolve the issue rapidly changed my stance on DRM.
> You never truly own anything that has DRM, you're just licensing it.
The thing that I hate is that the marketing either explicitly says "you own it", or does it implicitly or indirectly, or in a way to make you think that you do.
They never, ever put in big bold letters "License this game for $69.95, today!"; not even when you actually "purchase" does it say "license". In fact, you see the words "purchase" or "buy" or similar; words that have always connotated "ownership".
Now granted, all software, and media in general, has always been a "license" - but there was always something physical around; that if the company or entity that licensed it to you disappeared tomorrow, you could still - theoretically - continue to use the license you had and enjoy the media as intended.
That all really changed with license keys. One would think that the whole DIVX debacle would have made this abundantly clear, but I guess it didn't (makes me wonder if the DivX media format or whatever it was actually wasn't created purposefully to muddy the waters; but that's just conspiracy theory on my part).
I don't even think people will "get it" if tomorrow everybody who "bought music" from iTunes or whatnot lost their licenses with no recourse. I really don't think there'd be anything done, except for some bawling at most.
If everything we have seen over the years, including the various massive data breaches that have occurred recently, hasn't woken anybody up to force reforms and changes that benefit the citizens and consumers, well - nothing will.
Society has basically said "we don't care if we or our children get slaughtered" - where that last word takes on a wide variety of meanings - up to and including its literal meaning.
Those of us out here being force down the chute screaming about the injustice, the wrongness, the reasons why, etc - we are all just so much noise that nobody cares about anymore.
Children getting slaughtered? Oh come on. The simple fact is that movies, music and video games are just not that important. That's why people don't get up in arms about restricted access.
Let's imagine a field. A holy place. People flock for miles, pay the land owner handsomely to visit the field.
A judge says that everyone has a right to take a single photo of this field for their collection - no more than that. The land owner disagrees.
We're not saying that the land owner should be forced to provide small organza bags for the visitors to carry their cameras around with them; but posting armed guards at all the entrances with metal detectors, automatedly initiating legal action on anything that looks like a camera and then trying to tell the user it's for their own good... well, this should at the very least be discouraged by the community, no?
> good DRM is transparent and unnoticeable, and if that is the case then users do not care.
Then there's no such thing as good DRM, since many users will want to make use of the content they've paid for (either monetarily, or perhaps indirectly via ads) in flexible and open ways that a proprietary DRM system will not allow. Fair use is part of this, but not the only issue.
Meanwhile I bet everyone here and /r/gaming uses Steam without thinking about it where you can't even click and drag an .exe to your buddy on a long flight and you need to log into it every X days for it to let you play offline.
To be clear, I'm definitely happy to support gog.com and thankful that they exist and are successful.
But look how many HNers will bring up Kindles and buying books for them on Amazon where you can only "lend" a book from kindle to kindle (forget drag and drop) through their proprietary system.
Every day 90%+ of people are happy with systems that use DRM and don't even notice it exists. Most people just don't ever go off the rails.
It's one of the worse things about DRM: trying to position your product as DRM-free and people just go "wtf is that? it never bothered me before."
No such thing as good DRM. All DRM is broken by design, and exists to take your rights away. Never make excuses for this garbage software. DRM must die.
Yes, you need Google's approval because now all major browsers have a black-box/binary blob which downloads other funky binary stuff so that it can decrypt video content. As you might figure out Google/Wildevine org gives the blackbox only to approved developers/devices/applications.
Bonus DRM: If your license is not "the most certified" your browser/player will play only shitty/low quality versions of the video. There are other goodies of course like not being able to play the content offline.
So how do open source browsers like Chromium and Firefox do this? Surely if they have access to the blackbox, then anyone does? And if they don't, it means you can't watch Netflix on some major browsers.
This is also the case for Brave browser, a dialog opens asking to download the binary. I suspect this is also the case with other Chromium browsers, they may do it without prompting though.
This depends on the agreement that the media distributor has with the media owner; there's no technical reason behind the 720p limitation.
Widevine is offered with different levels, depending on the length of the secure path. On mainline Linux, there is no secure path to the screen AFAIK, so you can always read the unencrypted video from a recompiled graphics driver, and as such it only is supported in Widevine's lowest level.
You can also find a link to the Chrome extension there. I'm not sure if there's a cat-and-mouse game here -- the first time I tried it, the Firefox extension didn't work. However, it started working a few months later.
Firefox on Ubuntu 16.04 NVIDIA proprietary driver here. I searched for 1080p on YouTube and the first result is this harmless video https://www.youtube.com/watch?v=DQuhA5ZCV9M
It started at 720p, then I switched it to 1080p and it started playing at that resolution. However I didn't count the lines and I don't know if this is the kind of streaming you're writing about. Maybe Netflix? I can't check that.
I'm pretty sure YouTube doesn't support DRM at all. Premium originals (e.g. Mind Field) play in 4K for me on FreeBSD (for which no one has ever compiled Widevine or anything like that)
The Widevine CDM is publicly available but you are not allowed to redistribute it. Firefox seems to have no problem downloading it at runtime. In worst case the user could manually download it.
> For the last 2 years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome, won’t allow DRM in an open source project.
It can too be completed, you're just not gonna have DRM'd content. I have a browser that has the same problem, and I just leave pages that can't do video playback (which doesn't include YouTube because they use WebM). There's still value in a non-DRM'd browser for most of the web, and hey, if enough of us use one maybe sites will start being more liberal in the licensing of their video (but let's be honest, probably not).
Yes - reading the post it appears OP's specific value proposition is keeping DRM'd videos in sync. This reminds me of watching Dawson's Creek with my girlfriend in 8th grade - we'd call eachother on the phone and watch the show at the same time. Anyway this would be the browser version of that, from what I understand.
I used Rabbit quite a bit but latency has gotten really bad lately. The hardware acceleration and my solid upload pipe makes parsec significantly better to use.
Google Play Movies & TV, which is also available from YouTube, uses Widevine DRM. However, freely available videos and even YouTube Premium Originals do not use DRM.
> ...the creators of the open source browser Chrome, ...
This assumption is a mistake the author is making. Chrome is, for all practical purposes, closed-source and proprietary. It's Chromium that is open-source. So far as I know, Chromium does not have Widevine included by default.
This is correct, I use chromium - netflix and amazon do not work... the rest of the web is perfectly fine though.
It may have been a stupid decision for W£C to include DRM in the spec, but frankly the rest of the internet doesn't give a shit - As far as OSS is concerned it's another 3rd party blob like flash and not a true part of the web. As far as I can tell the author is trying to use this third party blob specifically - not the rest of the browser for which no one has any authority in the creation of...
Chromium, and other FOSS browsers including Firefox, do support Widevine. It is a giant proprietary binary blob, yes, but there's support for it. (And yes, I wish everyone would adopt and obey the tenants of free software, but alas.)
Did Metastream ask for a license to redistribute the binary?
We don't know anything about the conversation with Widevine other than that they wrote, "I'm sorry but we're not supporting an open source solution like this". They clearly are supporting an open source solution like Firefox. So what is the difference, and can Metastream be less "like this" and more like Firefox?
Including the same signing model as castLabs suggests, where the default release is only for UAT and you need to sign production builds (which are only generated on your infra) to decrypt production content? Or did you want to allow downstream open-source users to decrypt production content?
i.e., if they denied you, are there users of castLabs they would have allowed, and what's the distinction between you and them?
I'm not aware of Castlabs fork working without a production build [1]. I don't think there would be a way for open source users to be able to use a production signed release. Still waiting to hear back more from Widevine.
Right, I guess I'm asking what you mean by "open source users".
As far as I know, if you download a Firefox binary from firefox.org, you can use Widevine, and there's no source in that binary that's not open source, but the binary is signed in such a way that you can download the component. If you build Firefox on your own, Widevine won't work. Can you do the same thing with Metastream? Allow users of the Metastream binary from you to get Widevine, but not allow people who build it on their own to get the production EME codec? (I realize this is more frustrating for Metastream dev than Firefox dev because Metastream is primarily about playing videos, but it should still work.)
Or in other words, is Widevine permitting Firefox to do something they're not permitting you to do, or are you trying to be more open than Firefox?
(... That said, apparently Widevine works fine in e.g. Debian's build of Firefox? So what's different?)
I would guess, that they fear, that Metastream could implement a feature, where only one of the users has paid for the content and streams it to his peers.
Those were my initial thoughts, Google misunderstanding how Metastream works. It only sends playback information, no streaming of video/audio content. Each user needs to be logged into their own session on each web service.
They have complete access to the source to verify its function. They just don't because fuck you that's why. What are you going to do about it anyway, cry on HN and Twitter?
Mozilla is Mozilla and can mount a defense so they get a license deal.
This is why I break DRM when I can, treating its presence as advisory at best.
From a balancing test standpoint, if you want a technological solution to people copying your work then I think you should not be allowed to claim copyright protection of your work. Pick a legal or technical solution to unauthorized copying, not both.
What kind of argument is that? Do you choose to either prosecute a burgler or put a lock on your door but not both?
That said, the media industry as a whole has pushed more than what's necessary to protect its content (eg. DMCA, extending the copyright window) and a more fruitful course of action is to get Congress to change those laws.
>Do you choose to either prosecute a burgler or put a lock on your door but not both?
Physical property and intellectual property are not the same, so this analogy does not hold.
Copyright is fundamentally a balancing act between these two opposing interests:
- the right of a creator to make money of their creation for a limited time
- the right of the public "to promote the progress of science and useful arts"
There is no such duty for a physical property owner to allow others to access, view, or build upon his property.
If you choose to use technological means to deny society the second interest above you should not also be allowed to claim the protection of the first interest above.
All this content having DRM drives me totally crazy. I don’t have a windows machine or games console where I live that can output 4K, but I have a laptop and desktop running various Linux distros that both have very nice 4K monitors. It appears that the only places where I can get content that will play at native quality on them is through the usual illegitimate sources or through breaking BD drm. Anyone who says that this (Netflix, Amazon etc) is a smooth process doesn’t care about quality (or heaven forbid offline access). I’m sure Netflix likes the free reduction in bandwith for desktop users though...
Google is being blatantly anticompetitive here and it's definitely not fair to OP. But as an aside, I actually would prefer this functionality to be provided by a browser extension rather than a separate app, like the OP describes at the end of the article. Please pursue this option! I think it would be much more convenient than having to launch a separate app, even if the functionality is reduced.
There are some features which make a desktop application more appealing to me. One feature required changing browser behavior [1] which wouldn't otherwise be possible.
A WebExtension could work, but has potential to run into the same gatekeeping issue of being removed by Google from their Web Store. With Google having ~70% market share, this wouldn't be a good outcome.
This definitely looks like a convenient feature although it's something I would ideally have added right into Chrome. It is not really related to the streaming/syncing responsibilities of the app. Any site which plays video could benefit from this non-window-resize-fullscreen feature.
Another option could be creating two extensions: one for the video syncing, and one for the non-window-resize-fullscreen. That way if the latter gets rejected it wouldn't affect the former.
Note I'm sure some people definitely prefer the desktop app approach and I wish you all the best getting the approvals you need for that. This is just how I would prefer to use it.
This is sort of a ridiculous hack, but you could probably override Element.prototype.webkitRequestFullscreen, and manually resize the element to take up the whole browseer window rather than entering fullscreen.
At one point I did try this, but it ends up being a much more complex solution. It turns out it's fairly difficult to ensure the element appears above every other element. I was using 'position: fixed' with the maximum z-index value.
How does firefox manage to play drm content? Maybe OP could use firefox's approach? Someone mentioned below that redistributing is not allowed, but downloading at runtime is ok. Not sure about it, but if anyone knows about this, please explain it to the rest of us.
I would guess that Firefox's approach is only possible, because Mozilla made sure it is. I doubt that anyone else is allowed to "redistribute" the binary by automatically downloading it at runtime without getting a license.
> Waiting 4 months for a minimal response from a vendor with
> such a large percentage of the market is unacceptable.
Umm... expecting any kind of response from a vendor with such a large percentage of the market is... kinda arrogant.
Who are you to demand any kind of response from anyone? Big project or small? You'd probably be less offended if you had a better sense of self awareness about the nature of your relationship with Google.
Thinking that Google should kowtow to your desire to build a product is pretty foolish. You need to build a product and get some traction and then have some leverage. Widevine is evil. Google is evil.
... but so is Electron, and requiring your users to use a custom browser to use your product / feature. How about an Web Extension that coordinates playback in the browser, as opposed to a whole custom browser?
This line of thought is exactly how companies take over open markets and kill them. Google proposes:
A) "It's fine for DRM to be standardized, because anyone can just ask us to use implementations like Widevine."
then follows up with
B) "We can't possibly be expected to handle every single request that we're given! Give us a break, this is hard."
If Google wants to be the web's gatekeeper for who's allowed to stream video, then yes, they'd better be really stinking attentive to little hobby projects and startups. Because they chose to take on that responsibility.
If they don't want that responsibility, then all they have to do is stop gatekeeping. Distribute Widevine as a binary blob, but come up with some universal terms so that any browser can download and distribute it without asking permission.
He addresses this point specifically in his post ... developing it as an extension would reduce the features he can support, and further entrench it in google's walled garden (since he'd have to publish it on the chrome store).
I don't have much more context in this person's project than anyone else, but your response is kind of the point, one vendor has too much power because they can't be expected to support any kind of innovative ecosystem; yeah, that's not a great state of affairs, and begins to echo/suggest anti-competitive practices (whether on purpose, or just as a function of their size)
Worse still, if this offers an enhanced interface or "unwanted" options over YouTube, it's likely the extension itself may well not make it into the store. To make matters worse is side-loading of extensions is pretty much a non-starter for Chrome now that dev-mode is a nag screen on each start (at least last time I used it).
I had a couple side loaded extensions, and the nag got me to do what google wanted, stop using them altogether.
Wouldn't a WebExtensions get you further out of the walled garden? Electron you're stuck with Blink where WebExtensions work with Gecko and Webkit as well.
Yes, but he seems to be saying he wants the wide distribution that comes from being on the dominant browser without being in the "walled garden" of the Chrome store, since the other browsers have vanishing market share.
1. Why do you have to be so rude? Maybe this isn’t intentional, but your words are mocking and insulting. Do you actually think you could change someone’s mind spouting off like that? If so, you don’t understand humans. If not, that comment was a giant waste of time.
2. If the way you spoke to this person represents how you wish to conduct yourself, perhaps it would be wise to remove the ‘we’re hiring’ on your profile. I’m not looking, but if I was, I would avoid your company based on this comment.
That comment didn't really read as any more rude than your own, IMO. Maybe you're just responding to rudeness with rudeness, though, so I'll give you the benefit of the doubt there.
Yeah, you’re right, I wasn’t my usual self. I’d edit it to soften my words, but then your comment will lose its value and I’d rather not do that to you.
If I could point out one thing that separates our accounts, I don’t use this account to recruit or advertise. I have an email address in my profile because I mostly like talking to interesting people about interesting things. That’s not an excuse for my reply - my reply was complete bullshit. But, my reply might have been a little closer to my usual self if I used this account for something else.
Thanks for your comment. You’re right about me. I was wrong.
You're not necessarily wrong to evaluate the GP's company based on the GP's views. HN is one of those weird grey areas where lots of people implicitly represent the companies for which they work (and don't do the normal "the views expressed herein are not representative of $COMPANY") without necessarily realizing it. While I don't believe the comment was particularly out of line, I can see why others would disagree, and I do agree that caution is worthwhile in the absence of an explicit disconnect between one's own opinions and those of one's employer.
I will, of course, say right now that my own views are not representative of my employer's views (hell, my views tend to be the precise opposite of my employer's views at times ;) ).
I agree with hluska. I also found numbsafari's comment unnecessarily rude and flippant. I'm sure Bainbridge Health would not appreciate being represented like that in a public forum.
> Umm... expecting any kind of response from a vendor with such a large percentage of the market is... kinda arrogant.
How is expecting a response in less than 4 months arrogant? If anything, the OP has been extremely patient.
> Thinking that Google should kowtow to your desire to build a product is pretty foolish.
Is open and fair competition in the marketplace also foolish? Regardless of what current regulations are, I wouldn't describe open DRM as "kowtowing" to a competitor -- if we value open and fair marketplace competition, then DRM ought to be open.
> Who are you to demand any kind of response from anyone? Big project or small? You'd probably be less offended if you had a better sense of self awareness about the nature of your relationship with Google.
Your response seems to suggest that the OP should happily grovel at the feet of Google and be ever so thankful if Google manages to find the time to make a reply.
If Google wants to be a gatekeeper for DRM, then that's not how things should work.
This is such a silly comment repeated in every thread possible. Google and Amazon both have paid customer facing products with human support and advertising. They aren't remotely exclusive.
Although you make some valid points it should not be main practice for companies to dominate the software scene, how else did the original great SW get made? It's almost impossible to start a garage band company and this is like large trees in the canopy shading out more light to the forest floor. Granted, it's not the best or only example of this interaction, but independent devs need equal representation against the Giants especially in starting new products.
Widevine does not come bundled with Firefox & Chrome.
Each installation has to download the Widevine binary.
You would be able to use the binary to implement DRM support, like Kodi did.
Stop using Google products. Should have used Firefox. Seriously. Stop allowing them to contain their control. As stated in the article, Google's browser has 70% market share. Firefox is the browser we need.
"Don't be evil" has been changed, remember? They now embrace evil, they love it.
Edit: downvote this all you want, I really don't care. You're going to be at fault for the destruction of the web in the future.
> “This is a prime example for why free as in beer is not enough. Small share browsers are at the mercy of Google, and Google is stalling us for no communicated-to-us reason.” - Brian Bondy, Co-founder & CTO of Brave
Open an EU anti-trust case. If you're not an EU citizen try finding someone who can take it to the EU who is, or look into whether you can get the EU to act on your behalf anyway.
DRM is just another extension of the lockup of information. Sadly, the information age ended up doing the opposite than I hoped. We should be pushing for a more free and open thinking society, instead we are capitalising all information while banning any dissenters.
Yes there are many more examples not widely known where Google is abusing their monopoly.
Firebase fcm push notification system is a good example.
If you want to implement your own push notification service on android phones. Well too bad. Only Google is allowed to have special privileges so that their firebase service on phones works even when a phone is in doze mode.
If you run into firebase quota issues like our company is having it is just too bad.
I didn't follow the extension workaround. Won't google block that as well, or are the different rules for extensions?
Also, thanks for pushing on them. I've seen numbers posts on HN recently about the opaque walls folks encounter on Google, Amazon and Facebook property monopolies. This is just another great example. Would it make sense to file this with the EFF? Someone has to be collecting all of these issues for the impending class-action suit?
I'm pretty sure there are options, none of which are efficient, but here they are:
1. Firefox consumes the Widevine as a plugin, and the way to load that may be a straightforward one, through an interface.
2. Support a different DRM scheme that has an open interface and is popular
3. Disassemble Widevine or talk to hackers who've understood it. Clean room disassembly is legal in many parts of the world.
4. Don't drop this project, but put up a placeholder and evangelise better DRM standards. Pretty sure that if it involves crypto and it's not open source, it is an attractive target with an exploit in the works. That's what it is going to lead to, and by then you'd already have a working implementation.
Widevine is the DRM component used in chromium based browsers. You need a license from them to run DRM based content in your browser. Widevine was purchased by Google in 2010
People seem to get surprised when Google acts like a for profit corporation... why? That's exactly what they are and have been for a very long time. I guess they have a good publicist. In reality, Google discourages competition in the browser, search engine, and email space by denying some of their many services (which you shouldn't depend on for open source software unless it has an open source license) and worse, blacklisting competitors. I've read posts from creators of search engines and email services on here that eventually were blacklisted by Google to squelch their growth.
It doesn't. It transmits playback state, but doesn't stream any video or audio content. Each user needs to be logged into web services on their own client.
The best implemented DRM makes it hardly any more inconvenient for people to use it, and people accept it most of the time, Steam for example. It always puts some people off, who end up pirating it when they wouldn't otherwise have, though.
Even the best DRM is always cracked by those that want to. There is no DRM system that has ever been created that will not be defeated, because it is trying to achieve the impossible. You have to give legal consumers access to the content to consume it, so they always have access to copy it. It will never work. If DRM didn't exist, piracy would be a lot less common.
Most people stopped pirating music when it became easily available without DRM.
Ultimately, all DRM gets cracked, and this is the only real response to it.
Annoyingly, DRM only doesn't hit sales harder because it is defeated. If it was impossible to defeat a particular piece of DRM, it would harm sales of content using it much more, but the harm to the content sellers is limited by the fact that it is always cracked early on and made available to consumers they have cut off. For example, I have a Netflix subscription, which I use in an otherwise open source browser, using the widevine plugin ripped out of Chrome. If this wasn't relatively easy, I would just not use Netflix. Netflix is only getting money from me because the DRM they use is easy to defeat illegally. If the DRM worked, I'd stop paying for Netflix, because I wouldn't be able to use it and it'd be much easier to watch the same content by downloading it from Usenet.
It took me four weeks to unblock me and I finally had a chance to re-publish to the MS app store and I'm waiting for their final approval of my app.
YES.. I can develop the app without being in an app store , but my distribution will be dramatically reduced.
Doesn't make sense to have an app with no users.
Google is probably not actually targeting this app specifically just that they've been insanely incompetent lately and screwing over developers ALL over the ecosystem including Android, Chrome Extensions, etc.
Our chrome extension continues to need approval every time we publish it EVEN if we just update the assets/images.
Google is really dropping the ball and pissing off developers left and right.
Over at /r/androiddev people are actually talking about protests at Google IO...
Basically Arch Linux Downloads Google Chrome, Extracts the *.so file and puts it into the chromium lib directory. (This could've been done in his own browser aswell.
It is in the AUR (arch-linux user repository). Packages in there are submitted by the community and there is deliberately some barrier to installing them, including requiring that you build them yourself (this is because the packages are not vetted before they are posted, and they could be malicious).
The title is totally and completely inaccurate. Google is NOT blocking the author from creating a web browser. Google is apparently unable to license the DRM code/binary to the author.
Just to set the record straight, the author's browser is based off Chromium, funded largely by Google. However, for whatever reasons (and I can see many legal ones for the inability to license a DRM module), Google cannot license the DRM module. The author is free to implement it himself, Google is not "blocking" him.
Another point of note - the author is NOT entitled to widevine, so this pitchforking of Google is simply uncalled for. If the author finds Google to be "blocking" him, maybe asking Apple or Mozilla for WideVine support in a browser that competes with their own offerings is a way to go, and to validate which company is actually willing to work with competing open source offerings
Out of curiosity, is there any reusable alternative for Google's Widevine module? It seems both Chromium and Firefox use this, and all other open source browsers are based on them. Safari and Internet Explorer DRM would be tied to specific platforms and also not reusable, I'm guessing?
How (re)usable is Adobe's Primetime DRM for something like this? Primetime was removed from Firefox in version 52 (pre-Quantum) in early 2017 [1]. Are there any others?
There might be potential for Microsoft's PlayReady DRM with their move to a Chromium-based browser. I contacted them while waiting to hear back from Widevine and got this response.
> For Windows Electron/Chromium will not work with PlayReady at this time. I have provided your feedback to the engineering team for future planning. Currently PlayReady can be integrated in a PWA/(Windows Store HTML/JS app) and there would be no royalties on Windows.
So google won't let you use there DRM. Firefox doesn't support this.
Don't allow DRM sources hulu/netflix otherwise make a deal with each company. Your problem is with the video providers not a third party who has a solution you want to use.
"Firefox for desktop supports the Google Widevine CDM for playing DRM-controlled content. Firefox downloads and enables the Google Widevine CDM by default to give users a smooth experience on sites that require DRM."
I wonder if you could fight DRM content in Japan. Last week there was a story on HN about a few people being prosecuted for spreading a virus which was actually just a javascript trick. DRM seems like it would fall under the same category.
The core functionality of Metastream (his browser), the ability to sync videos and watch them as a group is very cool and super useful in a classroom or study group environment.
Does anyone know if there is another way of going about doing this?
I'd be happy to use one browser for Netflix and another browser with better privacy/security/adblock/anti-track/bookmarking/speed for everything else. I'm already in this world: I use Brave for most things, except for a banking site where it doesn't work.\
The browser should explain clearly what's wrong and what to do when a site requires DRM. Don't be like QuickTime, where opening any unsupported file bounces you to a FAQ page where the question you most likely have ("how do I view this video") leads to a huge run-around.
So he tried to create a chromium based browser which sync the DRM protected video playback with other peer and blocked by Google. He totally deserved it. He was just wasting time to build software on top of evil DRM.
So the article is complaining that companies that chose to create a gated consortium to protect content are exhibiting gatekeeping behaviors and not representing open ideals.
Um, duh?
These entities have elected to participate in two communities - open where it commoditizes their competitors (e.g. Chromium, Netflix service infra) and closed where it protects their differentiation (e.g. Chrome, Netflix licensed content).
As an open community, instead of demanding access to the gated communities, and whining when companies innovate behind walls, we should be building better, richer solutions in the open.
What IS the point of video DRM anyway? I can't remember a single instance of a thing I wanted to watch not being available for torrenting over the years, maybe barring some really obscure television episodes I wouldn't find on Netflix anyway. I do pay for (most of) the content I watch these days (now that I can kinda-sorta afford it), but it's not because it's not available one thepiratebay search away. Mainstream stuff usually comes out within hours of the release.
This sucks, I know how bad if feels when you rely on a major vendor that can make or break your product. I was somewhat relieved that it happened when I already abandoned the project for a better one but had I invested more time into it I would have been furious.
The only thing I wonder here is that DRM was a thing when he started working on this project, didn't he see this coming? By this I mean that project research should start with the hardest part, at least that's what I usually do.
Maybe a solution for the problem in the post: one way to simulate Electron but using full Chrome instead of the DRM-less Chromium, is to make the app target Carlo[1] instead. It's basically what a Chrome app used to be (now deprecated), but run from a Node.js script.
I already use chromium for most streaming, and firefox as main browser that i spend 97% of my time on (with noscript of course). If your browser is better than firefox I will switch, but you're not helped by my factor of love for firefox.
As for DRM users, just post a version with the crack somewhere with a tor browser and fake identity and let the streisand effect be.
I hear you, it seems that technology is all about stonewalling these days...
I'm trying to bring to light a bug that allows to skip Ads in YouTube (no add-ons, extensions, etc.), but just can't get any attention: https://twitter.com/maketechfair
Sucks, I agree, but this shouldn't be surprising. No one wants to open source their DRM. The title made me think they blocked you from creating a browser, which clearly isn't the case, unless you really feel that Widevine support is necessary for a browser these days (is it? I have no idea...)
I would assume Google would not even be allowed to let third-party developers use their DRM implementation even if they wanted to. The real stakeholders would grumble a stern no. If this is true the real fix would be to patch the copyright law, IP licensing, and the contracts with content producers.
Building Chrome requires downloading proprietary binaries that they licensed. Chromium does not include these and does not include widevine by default, but it can be installed as a plugin.
I'm not sure I understand. Can't you have Chromium browser work with that software? And modified Chromium browser, e.g. Firefox? I don't remember I accept licenses at least as a user.
Any browser could be made from Chromium by sufficient modification.
I mean, if something open source works, anything else open source can also be made to work.
Even if something that works includes binary blobs, you can still modify open source parts while keeping that blob and keeping the system working. So I'm not sure what is the original problem.
Can someone explain to me why this project requires a DRM?
From my understanding the DRM is used to block people from taking the content itself, but if this has public/private/offline abilities what is the point of a DRM? it is supposed to be between peers.
Um... I think you can just re-use the widevine shared object that Google Chrome comes with. You can't distribute it, but you should be able to include instructions for those downloading your project on how to acquire it.
> I’m now only left with two options regarding the fate of Metastream: stop development of a desktop browser version, or pivot my project to a browser extension with reduced features.
Is there some reason you can't make a fork/distro of Firefox?
I think its logical step on the part of Google. They invested in integrating Widevine in Chrome and they want it to be a distinguishing feature of Chrome. Why do you expect a profit seeking company to help their own competition?
Chromium is open source, and Chrome may _look_ 99% identical, but we have no idea what hidden differences there are between Chromium and Chrome, because Chrome isn't open source.
A very misleading title. But the content is nothing to get upset about. Reasonable people can easily disagree:
* Google didn't can can't block a new web browser from working.
* OP is making an _opensource_ browser
* OP's browser is specifically made for showing videos in some kind of P2P architecture.
* OP is upset because he can't play some other peoples' videos in his new browser.
The R in DRM, standing for Rights is relevant: this isn't your content, OP. Thousands of creatives, artists, and investors put time, sweat and blood into these. They've chosen DRM as the way to get paid. You have no right to their content. If you don't like DRM then vote with your feet - watch others' content, and find another way to compensate them.
The real issue I see is that there is no commercial appetite for such a solution and that this world is so dominated by humongous corporations that things like this simply have no solution.
Are there grounds to sue someone like Netflix under the ADA if their content is not accessible in a standards-compliant browser that happens not to be allowed to access closed-source DRM?
Interestingly, Amazon prime didn't give me HD video on Ubuntu chrome, but worked and gave me 1080p if I changed the user agent to a recent windows one, in chrome.
Not completely legal for distribution, but you can embed the Chrome Widevine binary in a Chromium Embedded Framework application. I have done so myself in the past. Works great.
"Don't be evil" they said... Most people working at google might be nice people but the one in control are the they ass holes that you will find anywhere else :-(
I have lost all sympathy for the big media industry. Pirate it all. Paying you just gives me a worse experience and you more power to make things worse.
HI Please post this and bring to the attention of the DOJ.
Microsoft got broken up for anti-trust behavior that is PEANUTS relatively speaking today. Bill Gates was right, (proven overt time) - that the OS is not the competitive advantage - its the platform and ecosystem as a whole.
Google should be broken up, so should facebook and so should Apple.
Amazon? I don't know they seem fairly diversified and although are decimating e-commerce its a more difficult sell.
the size of this comments thread and the amount of information on it is directly proportional to the even bigger hole you are getting into. You either come with a well defined plan of revenue for a company, so you can fulfil their Legal statement or you will only transmit DRM free content.
I noticed that some video streaming services are using HTS, some weird tech that is not file based, which makes it quite difficult to download those files, even downloadvideohelper won't do it directly, you need some third party executable.
The web is mostly open, but there are still things out there built to explicitely prevent users from doing what they want, and it seems that even firefox supports this tech.
Sooo the author builds a browser with the assumption that he just can use DRM stuff?
Thats an assumption i would say is not given. If you build something like this and you expect to support DRM, do your homework on DRM before you start building stuff around it.
Can someone please give me a Tl;dr for this post ? Why would google have any say in someone making a web browser ? Where does their path have to cross ?
This certainly isn't short, but I don't know how to make it shorter, as I don't know what you don't know, and what you want to know.
You need a DRM "capable" video component to be allowed to play most internet video content that isn't directly user generated, or news.
The consequence is that the giants holding the rights to these components are effectively holding the keys to a decent chunk of the internet. For a browser specifically made for synced playback of movies, they essentially hold the keys to all of it. The big movie studios simply won't allow either streaming or download without you using one of these solutions on both ends of the stream.
The author applied for some form of license of the purportedly free and open Widevine DRM component which is used/approved by almost all big streaming sites. The request was rejected citing a somewhat odd reason: That the project was open source.
This is odd because https://github.com/castlabs/electron-releases is open source, apparently "blessed" by Google/Widevine, and available to use on the only condition you get a license from Widevine. Which should then be impossible?
Which leads us to several somewhat plausible conclusions. Either the author requested the wrong licence/needs a feature not available in previously mentioned projects, someone at Widevine made a mistake, or there is a lot of smoke and mirrors going on to either make it seem Widevine is accessible to anyone when it truly isn't.
My mistake, the repo linked apparently doesn't contain the source, it's closed. But apparently not because the current solution requires it, but because the repo contains older versions which contained proprietary code or data. The latter should be rather easy to fix.
Google got the authority from everyone here who accepted chrome and IE DRM by default, to the point that even Firefox was forced to give in, so you all could be sedated by Netflix and other DRMed content.
I work in this space and I think the EME path has been a fairly elegant solution for a lot of what was preventing us from being able to use HTML5 video, including DRM but also live streaming and its ilk with HLS/Dash and being able to quickly implement new codecs and transports. Having to fall back to a flash player was never ideal.
If you want to make an argument that DRM is bad, or, maybe more relevant, ineffective I'm not sure I'd argue with you. However I think the solution we have in place has made the video ecosystem in the browser better and did it quickly.
The issue here is about commercial use of a product and while we can blame Google as the owners of Widevine this really doesn't have anything to do with Chrome - outside of the fact that the author was able to quickly create his own browser based on open source components upon which Chrome was based.
> Google got the authority from everyone here who accepted chrome and IE DRM by default, to the point that even Firefox was forced to give in, so you all could be sedated by Netflix and other DRMed content.
Do you really, REALLY think that the very small number of people who are ever AWARE of this issue were enough to make a dent in it? So we could be sedated by Netflix? This attitude is intolerable and more harmful to the community of people who want a free web as using Chrome and watching Netflix is.
I never switched from Firefox in 10+ years and somehow, this still affects me. Blaming users isn't the solution. This is an issue of enforcing standards (in whichever way), you can't expect the entirety of internet users to suddenly become experts on DRM.
I suspect the issue is that Firefox uses Widevine in a straightforward manner (play the content to one browser), whereas OP’s scenario needs some sort of additional insight in what the plugin is doing.
It's not the web that needs to be open (or "more" open I guess). It's the legal teams at media companies that need to be educated on how FOSS works, what it can/can't do to/for your products, and the legal implications of it in your dependency graph and your vendors'.
If you walked into some of these offices and suggested making things more open, they would laugh in your face. They equate free and open software with making their IP free as in beer, and since they lost billions in revenue when the P2P sharing sites first popped up they have no interest in working to make anything easier for the smaller guys.
I certainly agree that overpowered Google folks are basically bunch of shady dweebs now, and DRM is garbage practice overall.
However I simply cannot empathize with you because you made another Webkit/chromium-based thing, and that is certainly not the thing we need right now. With Google monopoly in the web the thing we need is the actual good deviation of their w3c 'standards' realization, like Firefox.
Reskinning Chrome with arguably useful "multiplayer" play-pause feature is just meh.
The linux community took a little bit but was able to get the DRM stuff working through wine (I think it was firefox+silvervine or something)and I think they now have a native solution. I doubt there's any real reason you couldn't get it working, it's just the FreeBSD community is a lot smaller and you'll have to convince somebody to work on it unless you have the know-how to yourself.
Your only options are to videos from a DRM free source or remove the DRM. The later is prohibited in most jurisdictions. Just hope your vision and hearing stay unimpaired because DRM locks out all accessibility software.
I wont use browsers with widevine. I refused to include widevine in any browser I worked on. Widevine is clearly a backdoor and chrome is often installed setuid root
Since when HN started (up)voting items by their title?
The title is nothing but a textbook example of clickbait: it's sensational but worse, it's deceiving (Google's response is NOT at all related to your electron based browser with <0.001% market share, nor has Google "blocked" you in the first place...)
So he built an app that is a thin layer over someone else’s app, to play someone else’s content, and he’s upset he cannot get for free the nice things someone else paid for (in development time). My heart bleeds.
He said the browser cannot be completed because Google won't allow their stuff to be used in an OSS project. It's clear he never countenanced the possibility that * gasp * somebody could deny him access to their software. He might have offered to pay, but the substance is basically the same: he assumed he could get access to somebody else's stuff, when there was no such guarantee (if anything, Google carefully insulating it from Chromium should have been a big hint of things to come).
RTFA. Widevine is owned by Google. Google gives Firefox permission to use Widevine. Google took 4 months to give this individual a one-line rejection, ostensibly his only option for supporting DRM in a chromium-based solution like the one he is using (Electron). Now what?
I did RTFA did you? TFA has no mention of Firefox or Mozilla, nor why the download at runtime approach that Firefox uses is not viable for them. Firefox doesn't bundle widevine in their distribution. That changes things here. Maybe it's still not viable for some reason, but TFA certainly doesn't go into it at all.
You're drawing attention via hair splitting and pedantry. For most people who use their browser to stream content, it's not a browser if it can't use that content.
I feel like the op is missing technique and blaming Google with inflammatory title and preying on people's hated of DRM. If this was a more mundane technical problem it wouldn't be at the top of HN and it would be obvious that they just don't have the chops.
"Circumventing" is much more broadly defined than it should be.
It's not just illegal to redistribute copyrighted material. That's the point of copyright and has been the case for a long time. It's also illegal to watch/consume content yourself in any way that the copyright-holder didn't explicitly enable, even if you have a general right to watch/consume that content. You're not allowed to create a browser that can watch DRM-protected Netflix content. And if someone does create such a browser, it's illegal for you to use it, even if you pay for a Netflix subscription.
That's pretty new (circa 1996 or so).
In 2002 I went to see Lawrence Lessig argue the Supreme Court challenge of the Digital Millennium Copyright Act, which introduced these anti-circumvention concepts. Here are my notes: https://allafrica.com/staff/kwindla/eldred.txt