This DRM proposition definitely needs all the resistance it can get. We cannot allow DRM into our wonderful, open standards. This is not an option. Not at any price.
I'm honestly surprised that Mozilla haven't been more vocal about this issue. Have they issued any statements what so ever?
Seeing what amazing things the web have enabled the last few decades, purely by being open, who are we to deny the future the same possibilities by locking it all down now? What sort of short-sighted asshole would propose such a thing?
To those who yammer on about Netflix: Allow me to paraphrase Benjamin Franklin. He who gives up freedom for comfort deserves neither.
If this goes through though, what I see others are calling out for is a new consortium. If the W3C is hellbent on forking and fragmenting the web, then lets have it. But let's have it on our terms: By creating a new open web standards consortium.
"Open standards" are about documenting interfaces in such a way as that any person could develop a compatible implementation, nothing more.
There is already a massive amount of proprietary tech running the web. From internet explorer to the secret algorithms used by google. Pretending that the web is some hippy utopia is not accurate.
This proposal simply describes a standard protocol for a DRM system to be able to talk to a web browser. If you don't want to use it, simply choose a browser that ships with it disabled or disable it yourself.
You're not going to lose access to your favorite sites because of this.
The sites that would want to do this are already implementing paywalls or existing DRM systems.
There is already a massive amount of proprietary tech running the web. From internet explorer to the secret algorithms used by google. Pretending that the web is some hippy utopia is not accurate.
That's a bogus argument and misses the point completely.
That you have closed source systems deployed on the open web is completely OK. That you have closed sourced browsers interpeting markeup is also completely OK. As long as the markup and code produced and published is compliant to the open standards we have all agreed upon.
Because then anyone with the specification can interact with that content. That means that anyone, of any size, can sit down and implement a fully valid and compliant web-browser.
This latest proposal from W3C means an end to that. Having the HTML specification will not be enough to create software able to render all the content on the web. Your browser will need to be "sanctioned" and "supported" by the DRM-vendors in order to work on the web.
New platforms (FirefoxOS, Tizen, etc), new browsers, any new players at all and all open source endeavours are effectively shut out from this new web the W3C is drafting. That is unacceptable.
This is a disastrous departure from any former W3C specification and directly in opposition to the W3C's own mission statement.
We are only left to guess what sort of corruption has lead to W3C sinking this low. Whatever happened to allow this rot, a new consortium seems like a good way to solve it.
The proposal is to have a standard for a way the browser communicates with non-standards compliant DRM encumbered (essentially encrypted) video.
Anyone is still free to write a client which consumes the standards-compliant parts of the page, but will be unable to consume the non-standards compliant DRM encrypted video.
In this way, it is similar to existing non-standards compliant web plugins like flash. For a long time nobody could just sit down and write a client which consumed flash animations (they were bound by the flash license, which prohibited mobile flash runtimes for example).
I don't agree with this inclustion by the w3c myself, but your argument isn't a powerful argument against it. My objections to it revolve around the w3c overstepping their responsibility (why is it THEIR job to cater to one specific plugin family - is it being driven by political pressure), the futility of its inclusion (they expect an open source implementation, which probably isn't possible for this kind of technology), and the self contradictory statements in the original w3c announcement.
PS.
Calling an argument bogus and leaving it at that isn't helpful. If you see flaws in an argument you have to identify them point by point.
Not at all, your browser does not need to be sanctioned.
Anybody can build a browser that speaks HTTP and can send HTML pages around.
There is no mandate that you integrate DRM to be standards compliant, it's perfectly valid to write a browser that simply says "no" to any requests to perform DRM functions.
You are free to support whichever content protection systems you want to support. The only DRM mechanism which is part of the standard is clearkey which is DRM in the same way that SSL is DRM, i.e not at all.
You are free to implement whatever content protection systems the developers of the content protection systems allow you to implement, so long as it doesn't conflict with their contracts with content providers (which it probably will in many cases).
The HTML5 ECE spec is intended to make sure it's a criminal offence to implement any "content protection" scheme without permission. In the eyes of both W3C and its proponents, that's a non-negotiable feature.
Because if you don't have a permission to do so, you're basically 'circumventing' DRM which is illegal under copyright laws in many countries around the world.
This proposal only defines how the browser communicates with the module. It does not define, how the module communicates with OS and hardware. These modules will use OS facilities like Vista's protected path. If your OS does not support it (and free software OS like Linux cannot support it by definition), good luck getting it. And even if it supported anti-features like that, the owner may not bother with porting ("not enough market share for you").
> Pretending that the web is some hippy utopia is not accurate.
A typical example of when a comment deserve a downvote. Calling the refusal of adding DRM to an open standard, a standard that is about a network of cooperating nodes that any standard compliant software can parse, is not an hippy utopia.
> The sites that would want to do this are already implementing paywalls or existing DRM systems.
The methods used by such systems are very limited. The same web functionality that DRM wants are the exact same ones constantly being limited to reduce malware. Even flash, which wants to allow arbitrary code are being phased out in favor of more precise html 5 functionality. DRM in the standard would be a direct step backward and open up more maleware, more arbitrary code execution, and more control by third-party of the computation of users devices.
"This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the simple clear key system is required to be implemented as a common baseline."
"The "org.w3.clearkey" Key System indicates a plain-text clear (unencrypted) key will be used to decrypt the source. No additional client-side content protection is required. "
The fact that you can build a browser which doesn't support DRM doesn't alter that fact that if we allow this in, W3C has officially sanctioned that the web, one bit and one platform at a time, can and shall be DRMed.
So sure. You can build a browser which only supports clear key. And that browser will not be a fully supported browser on this new encrypted and DRMed web. No FOSS-based platform will be a viable option to consume the web.
Now you can say that we have the same situation today, with Flash and Silverlight, so what's worse about this? Well: The fact that it has W3C's seal of "standard" approval written on it.
Congratulations: You just fragmented the WWW and to top it of you claim its a standard.
If we let this pass, in a year or two we will be having the same debate for <audio> and for <img> and for <script>. This is the beginning of the close-down on the web, and the only reasonable place to stop it, is at its root: No DRM, no EME and no CDMs in HTML5.
You can belittle those who disagree with you, saying they don't know what they are talking about. But it may just be that they are not so short-sighted about where this is heading as you seemingly are.
Right now Hollywood needs the web, more than the web needs Hollywood. Hollywood cannot afford not to be on this train. If we say "no DRM" enough times, they will come eventually. The music industry did. Everyone else did. Hollywood will.
Hollywood doesn't need nor care about the web or the w3c apart from as a marketing avenue. They would be just as happy delivering all content through a standalone application, as they are doing currently.
Most likely the new generation of games consoles provides a more compelling platform for them to send content to you than a web browser.
There are no "CDMs in HTML5" , this is a nonesense statement.
There is no part of the proposal that advocates for any website to integrate any DRM solution, it is entirely a matter for individual site owners, the majority of whom do not want to put up hurdles for people to view their sites. The web will continue to work as it always has.
> Hollywood doesn't need nor care about the web or the w3c apart from as a marketing avenue. They would be just as happy delivering all content through a standalone application, as they are doing currently.
If they do not care, why are they pushing for getting a W3C stamp on their DRM system?
> There are no "CDMs in HTML5" , this is a nonesense statement.
To accept EME because proprietary CDM are outside of the spec is pure hypocrisy. To say that EME is okay because it would be working with clear-key systems too is complete BS, because such systems already exist and do not need EME. Hence the EME spec is only here to get standardised API for proprietary CDMs, which is why no one else but Hollywood, Netflix and Google & al. are pushing for this.
I would not care about EME, if they were not trying to integrate that into the W3C, which should stand for an open web, where free technologies are on equal footing with proprietary ones. EME would de facto force web users to have proprietary software installed in the form of CDM (which is DRM). Unacceptable.
The spec without CDM does not do anything at all. This spec goes hand-in-hand with having a proprietary CDM. So ultimately, standardising this at the W3C means having all open web users install a proprietary CDM.
Again, if this whole debate was outside discussing open web standards, this would be valid. But what we're discussing here is inclusion or not in open web standards.
Why are you so vocal about DRM any way? I know why people are against it and I can imagine why others are for it, so yeah, why do _you_ personally favor DRM?
Such API will encourage more DRM to be access through the browser, which in turn lets malware exploit such vectors in similar way that Java applets, active X and flash has been plagued by remote code exploits. The amount of money and greif caused by such malware is very high, and was a major incentive for moving to HTML 5. The draft in question would rather move so we had 10-20 more such lovely (in)secure plugins all being accessed through the API provided by the standard.
But you can believe that anyone objecting to that just hasn't read the draft if that makes your life easier.
Thats a horrible solution to suggest. It's like suggesting that people go buy body armor to deal with crime. It non-scaling, do not address the issue, and leaves those most vulnerable exposed.
Malware like to target those that are willing to spend money online. That mean those people who are most targeted are also those who won't disable the plugins that makes them vulnerable to attack in the first place. W3C should focus on making people safer, rather than encourage a environment that consumer, producers and even publishers will be hurt by in the long run.
For whatever reason Big Media aren't going to allow you access to their content without the DRM. Not adding support for this standard will not change that.
If you have Silverlight installed or play big budget games from Steam/Origin etc the odds are that your system is already full of DRM crap.
Ultimately either consumers need to reject DRM or the media companies have to decide not to use it. However at the moment people seem quite happy to install it, so W3C are just making their lives marginally easier.
> For whatever reason Big Media aren't going to allow you access to their content without the DRM
What is "Big Media"? This is just pure speculation not based on facts.
There is plenty of high quality, paid-for content on the web already which does not require DRM.
IIRC, there are no more DRM on music on iTunes either.
It's just a matter of negotiating. If a company's better at negotiationg DRM-free content than Netflix, then too bad for Netflix. There's no reason why web users should support these costs.
EME doesn't describe an interoperable standard. It's only a tiny JS interface for invoking proprietary, deliberately unspecified CDM plug-ins (that are protected by DMCA, so you can't use them even if you knew how).
It's as if you wrote spec for `<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000'/>` tag and said Silverlight is now a W3C Recommendation.
That's even a step back from Silverlight today, because at least it has de-facto NPAPI standard interface that CDMs don't.
Beyond that, it doesn't even define the plugin API side of it, only the JS side. Defining the plugin API would make the proposal less bad (!= good) as then at least the plugins wouldn't be browser specific (though I suspect quickly enough a de-facto standard will appear)
I mean, at least something like NPAPI is (somewhat) documented, so that one can support all NPAPI plugins in any browser (say, Flash, Silverlight on OS X, etc.), even if what the plugins do themselves it totally undocumented…
By allowing DRM to become a standard, it will actually help the open web, because Linux users can then watch stuff like Netflix, HBO Nordic, etc which all use some closed source for displaying content, eg. Silverlight(Netflix) and Widevine (HBO). Currently its either a total hacky solution or impossible to use this on linux. Better have it standardized than a closed source restricted solution.
What you are saying is completely untrue. Please, read the EME proposal. It is a specification for interop between Javascript and closed-source, proprietary CDMs.
If there is one thing I wish that HN would understand from this entire discussion: EME will not get you Netflix on Linux!
I've made this point already on the W3C CEO's blog, but it bears repeating here:
DRM removes control of certain aspects of a device that I own, and places it in the hands of another. It does so in a manner that could not be less trustworthy: most DRM solutions are proprietary, closed-source applications.
This means that I can't rely on others to audit it for me (as with FOSS) and I can't audit it myself.
Some DRM implementations in the past have been so aggressive in their usurpation of control that they have qualified as malware; the Sony rootkit is a particularly egregious example of this.
DRM actively reduces the trustworthiness and security of all machines on which it is installed. It has to by design: its stated purpose is to restrict the capabilities of a general purpose computer.
DRM allows you to volontarily give up whatever control of your machine you're talking about.
As painful as it is, one part of living in a capitalist society is to exercise your right/power as a consumer. Don't like it? Don't use it.
To me, DRM is not something that infringes on your freedom, though I'm very glad we have the EFF when they spend their time combatting things like surveillance, that are not opt-in.
> As painful as it is, one part of living in a capitalist
> society is to exercise your right/power as a consumer.
> Don't like it? Don't use it.
I agree, but there's more to it than that. From the W3C site:
"The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web."
... and ...
"One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability."
Therefore it's perfectly reasonable, in the context of a capitalist society, to lobby the W3C to refuse the addition of EME. It is inimical to their own stated goals (there are other conflicts too; see http://www.w3.org/Consortium/mission.html for details).
To be clear, I'm not arguing for the initiation of force. Companies should be free to build their own DRM systems, and others to use or not use them as they choose.
But the W3C should have no part of that, and the HTML5 standard should not be crippled by the inclusion of DRM.
Another angle to consider is our cultural heritage. More and more of that is moving to the Web; if we tie it up with DRM, bitrot will mean that in a generation or two most of it will be inaccessible.
I don't see how DRM is incompatible with their goals. Of course one might argue that DRM might be platform specific. However, I very much doubt this standard will make DRM more platform specific than it already is.
> Of course one might argue that DRM might be platform specific. However, I very much doubt this standard will make DRM more platform specific than it already is.
It is in fact quite possible that it will. DRM, right now, is mainly Flash. For all its faults, Flash runs on all browsers and OSes. However, EME CDM modules may only work in Chrome and Internet Explorer - the two browser vendors pushing the EME spec, and that have their own DRM solutions that they are building as CDMs.
Why would Google or Microsoft create CDMs that work in browsers or OSes that they do not own? If not them, then who would create a CDM that works on all browsers and OSes? Possibly no one.
> However, I very much doubt this standard will make DRM more platform specific than it already is.
Of course not! In fact, due to the nature of the web, it will make DRM in general less platform-specific! The problem is that HTML will become more platform-specific.
> Of course not! In fact, due to the nature of the web, it
> will make DRM in general less platform-specific!
Why do you think the inclusion of an EME standard in HTML5 will induce CDM producers to support operating systems that they wouldn't have supported without EME?
I suspect most DRM today exists for Windows only. Thanks to Android, there are now a ton of consumer devices powered by Linux that can browse the web. If publishers started using EME, they would probably be encouraged to compile Windows and Linux blobs for this reason.
There's already a Linux-based HTML5 EME decryption module that's used for Netflix on Chromebooks. In practice, it's actually less useful to Linux users than the current, nominally Windows-only options. It's locked to Google-approved hardware that is locked down to prevent you running your own software; if you enable developer mode it won't run. Meanwhile the traditional Netflix DRM can apparently run under Wine.
I disagree. The CEO of the W3C thinks this unlikely, and there's already the example of Netflix. They are one of the primary agitators behind EME, and they refuse to make their system available on Linux.
> So you want to demand that Netflix provide at their expense a solution for every possible OS out there?
>
> Don't like it, don't partake. I can't understand this mentality...
What mentality? Perhaps you should read my other posts. To summarise, my position is:
- if Netflix wants to build their own DRM system, fine
- if they don't want to include my chosen operating system, that's their perogative, they just lose out on my money
- what is _not_ okay is for Netflix to lobby the W3C to include DRM in HTML5
The point I'm trying to make is that having a DRM standard in HTML5 does not mean that Netflix will suddenly start to support Linux. Several posters have expressed this idea, and it's just plain incorrect.
>So you want to demand that Netflix provide at their expense a solution for every possible OS out there?
Who says it has to be made by Netflix or at their expense? I'm sure there are open source developers (e.g. Mozilla) who would be happy to create a multiplatform open source Netflix client. Netflix are the ones who make that impossible, and having done that their remaining alternatives are a) provide the client themselves, or b) incur the wrath of angry users. They've decided to go with (b), so here we are.
>DRM allows you to volontarily give up whatever control of your machine you're talking about.
DRM doesn't allow you to do anything. It only restricts. Your argument is really that DRM would "allow" you to enter into arrangements you wouldn't otherwise be able to because Hollywood wouldn't be willing to take your money without it, which you have not proven. And you could say the same thing about a shock collar. If someone suggested it would be a good idea to fit everyone with a shock collar that would shock you if you did anything Hollywood didn't like, and (at first) you could opt out of the shock, but not the collar, and only by opting out of popular culture (or breaking the law), I hope you can imagine why the idea might not see a particularly warm reception regardless of how many movies Hollywood alleges they'll provide in exchange.
> I don't see how DRM is incompatible with their goals.
From my post on their blog (I'd link there, but their anchors are broken):
DRM is software that is designed to restrict a user from playing content on certain devices, in certain ways, and in certain locations. I think that is the very definition of a walled garden. I genuinely do not understand how you believe that supporting DRM will elminate walled gardens.
In the best case we will have moved from an ad-hoc collection of walled gardens, to an ad-hoc collection of walled gardens with the support and moral endorsement of the W3C.
If your concern is genuinely to eliminate the need for apps, and the enclosue of content in walled gardens, why not use your considerable influence in opposition of DRM altogether?
"Frankly, I don't understand the question about insisting that compliant implementation respect geographic location. As a general rule, we don't provide conformance testing and have no way of insisting what people implement."
That was my point :). The W3Cs mission states that:
"One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability."
Breaking down that list, we see that DRM is inimical to several goals:
* hardware: DRM implementations are known for being hardware-locked; Netflix is the most prominent recent example, re. the ARM-based Chromebook
* software: existing DRM implementations are tied to specific browsers and operating systems
* geographical location: many (most?) DRM implementations implement geographical segregation (a.k.a. region encoding)
That is, by lending support to DRM, the W3C is helping to ensure that at least some web content is restricted by hardware, software, and geopgraphical location. This is in direct opposition to several of your stated goals.
...and also feel free to complain about it. ...which is what he is doing.
I have never understood responses such as yours. No part of being able to vote with your money means that you should only vote with your money. Capitalism does not mean that people shouldn't complain.
Just saying that DRM doesn't concern me. I don't feel it infringes on my rights, so no need to complain.
It's an (my) opinion, feel free to complain as much as you prefer.
Of course I also feel that businesses need a legitimate means of getting paid, and I prefer them using DRM over convincing congress to let them spy on us.
> I don't feel it infringes on my rights, so no need to complain.
That's a pretty narrow criterion for complaint.
How about the fact that the purpose of the W3C is to oppose everything that DRM enables?
How about the fact that blind, deaf or otherwise-handicapped people have real trouble accessing DRM-crippled content?
What of the fact that DRM bit-rot causes massive cultural content loss?
Are you concerned by the fact that DRM remains the single biggest obstacle to widespread adoption of FOSS operating systems?
Part of rational self-interest is maintaining a benevolent society in which to live. By only considering rights violations, and in particular only violations of _your_ rights, you're failing to do that.
I strongly agree with you in general. However, can you provide a pointer to more information about the accessibility problem? One might argue that integrating DRM with HTML5 media playback would actually improve accessibility, since it would separate the DRM from the generally inaccessible Flash-based UIs of current players.
There is no difference between the proposal and existing closed-source, proprietary blobs like Flash.
All the W3C is talking about here is standardising the interface between Javascript and those blobs. There is no way in which the presence of EME support in a browser will improve accessibility.
Consider an example. Before EME, content is rendered in an accessibility-invisible Flash plugin. After EME, the exact same thing is true, only there is now a standard way for the browser to control the plugin.
> DRM allows you to voluntarily give up whatever control of your machine you're talking about.
Of course, and I think it is also fair for consumers to voluntarily protest DRM before it is placed on our devices by expressing our concerns, as opposed to afterward when we have to do so by voting with our wallets. I don't think its "my right" to have DRM-less devices, but I think all the criticisms about freedom and security are valid as long as they are meant to appeal to the producers by signaling our desires as consumers (this as opposed to for example suggesting there should be a law against DRM which I would be against). In theory the ideal would be for everyone to be on the same page before these decisions get made.
>> DRM allows you to volontarily give up whatever control of your machine you're talking about.
Sometimes excluding an option creates better outcomes.
Example: you cannot become someone's lifelong slave in America, even if you voluntarily agree to it; The agreement is not legal. Not allowing you this option also protects you: if you could do it voluntarily, you could be coerced into volunteering ("well, I see you can't pay your bank loan...").
Here's a possible scenario with DRM: If media companies can easily DRM video on the web, they will. Soon nearly all video on the web will have it. Goodbye, video options.
Also, new browsers who can't make the business agreements to use the DRM will effectively not support video on the web. Which means nobody will use them. Goodbye, browser options.
Cutting off the DRM option preserves video and browser options. I say we voluntarily give up the possibility of DRM to preserve other possibilities.
>> Don't like it? Don't use it.
Exactly the message I'd give to media companies concerning the open web.
Why aren't all videos on the Internet already protected by it? Why is a standardized API worse than the existing proprietary ones?
Here's an alternative scenario: widespread protection of content rights leads to a shift of entertainment programming to the web and a revitalization of the market. Hundreds of small produces, previously unable to deliver content because of crippling piracy are able to monetize production beyond hoping enough people click on ads. Any production company will be able to produce a cheap or free pilot and be able to sell the next season for $5, delivered safely worldwide. Greater safety of IP leads to greater investment.
A "long tail effect" of TV programming, much like Kindle, means large amounts of old esoteric become available on the Internet. Someone scouring Pirate Bay for some obscure old movie or TV show will now be able to easily get it from the rightful content owner.
> Why is a standardized API worse than the existing proprietary ones?
Because, as I've explained elsewhere on this thread, DRM is inimical to the stated goals of the W3C. They shouldn't be in the business of standardising DRM interfaces, they should be actively opposing DRM.
> widespread protection of content rights
Why do you suppose that the EME proposal will lead to that? Web DRM is already widespread. Are you suggesting that EME will lead to DRM plugins becoming available for non-mainstream OSs like Linux? There's no evidence to back you up there, and quite a bit of evidence to the contrary.
> Greater safety of IP leads to greater investment.
There is NO stopping people from recording what's on their screen (with a cell phone camera among other devices).
What we've seen is:
A) The more barriers you put in front of legitimate use, the more you see illegitimate use grow.
B) The EFF is rock solid in standing up & protecting our rights & values in the modern, internet, connected age. Please help fund them.
Meaning: DRM all you want. Make it so that you can ONLY see Game of Thrones if you pay $100,000!!! Great! And, imagine how long it'd take for a copy (lower fidelity, sure) to get in the hands of a larger audience that you can't control, who doesn't like you, who you collect no $ from.
Or: Drop DRM, & go for "iTunes or Netflix" or other distribution methods that are EASY & fair. Watch your revenue boom, while you collect user stats to make your next content even more appealing & marketable.
DRM isn't about stopping piracy and it never was. Don't get confused, it's not about consumers of content -- it's about distributors of content. It's to maintain control over who distributes what content, for how long, to whom, and at what price.
The laws restricting consumption of content are few and far, however the laws restricting distribution of content are many and broad-sweeping.
HBO should have a Kickstarter campaign for each episode of Game of Thrones. Donate any amount you want, and if the total funds raised is $75 million (or whatever HBO determines is the expected sales figure of the one episode for the next 25 years), HBO releases the DRM-free episode for free to everyone who wants a copy.
If the amount isn't reached, then the episode is never released. Repeat the process for each successive episode in each season.
I've really been disillusioned by EFF lately. It seems like they're more of a black hole of activist's dollars than anything productive. When I donate, I like my dollars to go to more productive and practical use (like FSF) than to support libertarian ideals wrapped in a feel good presentation.
Yes, that's a shame. But: Netflix makes it easy & convenient. They are not the bad guy. They are really stuck between a rock & a hard place. (Between old school distributors of content (Hollywood), squeezing them for money to make sure they have no margin), and ISP's (Comcast, AT&T) who are saying, "Hey, Netflix is popular, >50% of bandwidth, so let's shake them down" (net neutrality needs to keep them from doing this).
Don't blame Netflix for that DRM behavior. They are the early innovator & they look after their customers. They are just squeezed so badly. If you support net neutrality & ban DRM, you'll see more convenient, customer-friendly companies thrive in that ecosystem. If you don't, you'll see only bad players (DRM+$$$$+inconvenience) playing content you like.
"Good guys" and "bad guys" are such comforting terms, however they're hardly applicable. Do you honestly see no evil in Netflix, or good in MPAA/RIAA/etc?
The market problem is that people want to consume expensive art. There is billions of dollars of interest in making this market clear. The market will not go away because a bunch of hackers find it unethical. As the war on drugs has demonstrated, the market interprets censorship as damage, and routes around it.
I see a lot of opposition to DRM on principle. These principles will go nowhere. The interesting question to me is whether DRM is part of an standard s.t. required permissions are visible and minimizable and the platform is open, opt-in and extensible... or whether it will take over your devices with God-knows-what secret solutions, which is the situation today. I think the W3C standard is problematic (having read it) but represents a small step in the direction that is less wrong. The third option, an imaginary free-information utopia, is directly against the economic will of the people in general.
The Internet has shifted a huge amount of that power back to consumers (especially technically savvy ones), so it's understandable that something needs to change. It's also obvious that producers can't create decent content if they don't get paid, but giving them full control of the pipe will end up harming everyone (producers included).
I see people often saying to vote with your wallet and then go illegally download whatever movie, TV show, videogame or piece of software—which I find kind of funny. Why don't people vote with their time? Don't watch something, for example.
I suppose the main thing I find funny is how outrageous people become when something isn't provided which seems trivial to life. I live in Australia where it seems we are one of the nations the pirates the most. People here, and elsewhere, act as if having a TV show is a basic human right and necessity. Who cares if you can't watch a TV show? I think both sides are in the wrong. Another thing with the horse-riders yelling at some large fat cats is that they often pretend to speak for the masses; the non-hackers, -geeks, or whatever labels are necessary to delineate these two groups. They say they would buy everything if it was available in a way that jives with them and postulate that the masses will run out and buy everything.. and maybe they will, but as one of the 'computer guys' when most people ask about how to use torrents and you ask them why they want to know usually they just want to get something without paying for it. This goes back to Napster too.
This isn't so much directed at you, jobu, these thoughts just came to mind again after looking at the image you posted. I do agree with what's presented in the image in that it is a horrible user-experience.
Why don't people vote with their time? Don't watch something, for example.
I'm not quite sure you understand the idea of voting. It's about making your preference known, and it doesn't quite work when your action has no impact on anyone else.
100% Correct. The only way a boycott works is by people taking a stand, and then letting everyone know about it. Same goes for canceling subscriptions, vegetarians boycotting MC-donalds, people staying home and not voting in elections, or hunger striking in a prison.
So the alternative to pay for an movie, TV show or videogame is to organize a movement to let people know about the issue. This happens. Remember people voting down Simcity on Amazon? Remember people producing jailbreaks? Remember people picketing outside studios or shops? All those are the alternatives to buying and supporting a broken businesses model. Pressing or not pressing a download button in silence has in contrast zero impact.
I disagree. If you don't like the policies of a studio, boycott their content. This is not a new concept by any means[1][2]. If a content provider lacks an audience, it's going to hurt them financially. It doesn't matter if its paid media like a movie or ad based media like a TV show.
Well, perhaps I don't. The reasoning was similar to that of money. People have indicated that if you stop paying for things (DRM-laded goods and services, for example) the companies will notice the lack of sales and change their behaviour accordingly. Now, for not watching, perhaps if they noticed that torrents that previously had tens of thousands of people downloading only had a handful—or better yet, the different warez groups/whatever stopped their releases—the companies would notice that people are making a stand by not even watching. Popularity of TV show x would go down and what happens when TV shows aren't popular? They're killed. Also, supposedly people pirate things, come to like them, and then buy them so limiting watching also leads to making your preference known.
I think that not watching could be even more powerful than not voting with your wallet. It shows greater self-control, dedication, etc. It says "Screw you guys, we won't even watch it!" Though, as mentioned in my previous post, I doubt many people would do that as they simply want something for free nor are they so invested in the whole anti-DRM thing.
Even if I don't understand voting, I would still love to hear why the hell people are so up in arms about not being able to watch a TV show especially so when their complaint is that it's released a week later. It would be fantastic to see the pirates look at themselves and what they're doing wrong. A last thing I would like too is an answer to a question: If I create something and will only sell it for $1000 and it is not a human right/basic necessity, if I ask or tell you to not acquire it and use it without paying, would you follow what I've said or ignore it? -- you here isn't meaning you, icebraining.
>People here, and elsewhere, act as if having a TV show is a basic human right and necessity. Who cares if you can't watch a TV show?
Maybe your friendships and interests are such that you don't feel you need to. Good for you. But that's not true for everyone, and flippant solutions like "get better friends" aren't always practical or desirable.
>They say they would buy everything if it was available in a way that jives with them and postulate that the masses will run out and buy everything.. and maybe they will, but as one of the 'computer guys' when most people ask about how to use torrents and you ask them why they want to know usually they just want to get something without paying for it.
So your anecdote disagrees with other people's anecdotes. That happens. Is there any actual evidence in either direction?
> the market interprets censorship as damage, and routes around it.
You said it. DRM is close to censorship in its core idea - it's preemptive policing. The market will find routes around it.
> I see a lot of opposition to DRM on principle. These principles will go nowhere.
Not true. There is a lot of opposition in principle to the totalitarian approach (which DRM embodies). If there would be no opposition, then it will work as "they take as much as you give them". I.e. if you don't value your own freedom, they for sure won't do that for you.
It's true that people are routing around existing DRM solutions. It's not true that this represents any threat to DRM. As the Steam platform has demonstrated, if you make paying the easy solution and piracy the hard one, the target audience (viz. people willing to pay money) will choose the easy one.
The average consumer will not try to route around unfree information as long as it shows up when they click play. Policing content is not the sort of "market censorship" they care about.
As the Steam platform has demonstrated, if you make paying the easy solution and piracy the hard one, the target audience (viz. people willing to pay money) will choose the easy one.
Steam is still DRMed and can be annoying enough. Try to get Loom there to play on your Scummvm and good luck with that. I don't use Steam since I don't want to support DRMed approach. I use GOG and other DRM free distributors for gaming. If DRM isn't very obvious and disruptive it doesn't mean it's not there and it doesn't make it any more ethical than a hidden camera which you are unaware of. I'd say it's better when it's noticeable, at least you can be aware of its risks.
> Policing content is not the sort of "market censorship" they care about.
Tell them about it when their distributor will pull the plug and go out business, informing them that their DRMed content will be lost forever. I'm sure they'll appreciate the view that they shouldn't care about it in such situation.
> It's not true that this represents any threat to DRM.
You don't need to technically threaten something that's already broken. Most DRM is broken in short time. However DRM needs to be threatened on practical and legal levels. Practically by byocotting the DRMed content, and legally by repealing DMCA 1201 and similar laws created to back up DRM.
My opinion is that Steam's DRM is as ethical as it can be, and the only thing wrong about it is accepting other additional schemes like GfWL on top of it.
I will oppose other forms of DRM, like everything Sony has done, but I think companies like Valve have to be rewarded for doing something good for game studios and players alike.
I see your stance the same as I see the RMS stance on software licenses. Too extreme to be practical for all purposes.
If you want to grade what's worse, DRM or closed source software, I'd say that the first one is worse. While closed source software restricts user's freedom for modification and redistribution, DRM goes way beyond that and violates much more.
I'd say it's practical, reasonable and not extreme to be opposed to any forms of DRM. There is simply no excuse for it to exist.
Unlike Valve, other distributors (GOG/CDPR) proved that DRM free gaming distribution is practical. So I don't see Valve as a best example in the gaming industry. Music is DRM free. Digital books publishing offers more and more DRM free options. It's the video industry which lingers behind the most.
Piracy exists not only because people don't like to pay. It also exists because of... generosity, and human nature in general. Pirates get warm fuzzy feeling when they share something.
Netflix also has a big and arguably loyal user base, same goes for Xbox, PlayStation and other heavily DRMed platforms. Does it indicate that DRM approach is ethical or that simply many people are oblivious to its potential problems? As often, many ignore it until they are bitten. If that happens, people learn about DRM the hard way.
About Steam going DRM free - I'd like that, and I'd subscribe to their service if they'd do it. But they are heavily involved with DRM addicted gaming companies, and unlike GOG don't put any effort into convincing them to publish their games DRM free. GOG invests a lot of time and effort to do it. For Steam it would either mean an enormous amount of reworking their contracts, or simply cutting off a significant part of their catalog. They aren't as principled as GOG to do that.
Steam is kind of the least worst DRM, why: it has more advantages !
- Easy installation, no hassle with CD's: Check
- Automatic updates: Check
- Price: Sales from time to time: Check
- Does it get in the way ?: Only slightly.
However there are quite a few bad risks attached:
- Need internet ? Yes :(
- Can the block your account and screw you over ? Yes :(
- What if they go bankrupt ?
So all in all I don't prefer steam, but for Linux atm it brings in a few games :)
Exactly. If your time has no value then all is free. Most people value their time, the system does not have to be perfect. People who claim there should be no copyright because the future is inevitable probably still go to the doctor.
"Copyright not existing" and "concessions to DRM not being included in standards" are wildly different things, as are "copyright not existing" and "DRM not existing".
Ten years ago, would you tell people to go to the doctor if they asserted that the music industry could and would survive selling their music without DRM?
The music industry has been selling music without DRM since recorded music was invented. I don't think there's any surprise that they survived by continuing to sell without DRM.
9 years ago Sony was panicking, realizing what they had done, and began infecting users PCs with malware in a desperate attempt to undo the "harm" they thought the CDs lack of DRM was causing them.
And of course the movie industry was surviving without DRM for some time too. Both thought that lossy analog copying was DRM enough.
DRM model will die. But such proposals like this one with putting DRM into HTML standard will only prolong its lingering and it's another serious reason to oppose them.
That's the thing, though. It's not at the average user's expense. It's only at the technological idealist's expense. The average user is in fact benefited greatly by having an open, standardized approach, because it increases the likelihood that things will Just Work™.
Well, no standard at all makes any guarantees about the availability of something on a particular operating system. HTML as a whole makes no guarantees that a web browser will even exist for your OS.
But a standard makes it a heck of a lot more likely that someone will have written something that works on your platform.
But this standard - EME - isn't for CDMs, it's for the interface between CDMs and Javascript. So yes, your Linux-based browser might well have EME support. But if the company who makes the DRM CDM doesn't support Linux, you're out of luck.
The existence of the EME standard does not in any way increase the likelihood of DRM vendors supporting any more platforms than they do now.
It does make it easier to add support to new platforms, though. If Linux support is just a recompile with a different compiler away (supposing the browser/plugin interface is a simple C API with no GUI), it's more likely to happen.
Please, have a read of the proposal. You'll see that a browser implementing EME does not make it any easier to compile a DRM plugin on a different operating system. The proposed standard has nothing to do with that whatsoever.
All the EME spec specifies is a way to interact with the plugin using Javascript.
The point of HTML5 ECE is to tie into OS-level and hardware-level DRM facilities, so in practice it's going to be far harder to port than existing solutions.
In fact we can see this happening already. Netflix supports multiple DRM schemes, one of which is based on the draft HTML5 ECE standard and is used on ChromeOS. Apparently, both the Silverlight-based player and the Android-based player can be used to watch Netflix on ordinary desktop Linux. The ChromeOS one, on the other hand, only runs on authorised Google-provided hardware and only if you don't enable developer mode; no-one's managed to bypass this yet.
I disagree. At the moment, companies have a point of competition on their licensing agreement with customers - exactly what license they allow, and how exactly they choose to enforce it.
That there is competition (and that the market cares) is evident in the fact that iTunes have removed FairPlay DRM from music tracks.
To have an open standard for DRM removes some of this competition point: a win for big incumbents and a loss for consumers.
The enthusiasm against DRM is mostly based on principle because the technological argument is so uninteresting. "DRM is part of an standard s.t. required permissions are visible and minimizable and the platform is open, opt-in and extensible" isn't possible and this is non-controversial among anyone not in the business of trying to sell it to someone who doesn't know that.
DRM is just a math problem (encryption) coupled with a hardware problem (retaining control of the results). The industry in, say, video games has settled on an equilibrium of making it very hard but not impossible to crack the hardware. But uncrackable encryption hardware already exists, it would just be inconvenient to make it uncrackable inside an XBox.
But whether the methods of DRM are open or closed is an implementation detail. Nobody thinks that TLS being open makes it crackable. But if users and programmers know the capabilities and requirements of DRM solutions, they can sequester them from the rest of the computer.
All of the crypto in the world is worthless for a DRM system if a user can easily circumvent the system by replacing one of the components between the black-box DRM module and the hardware in order to get a perfect digital copy of the "protected" stream. This is why "content protection" systems, like the one introduced in Windows Vista, tend to be so over-reaching; they want to create a leak-proof pipe between the "protected" media and our senses.
That's a last mile problem the industry doesn't need to solve. How many people would rather hack hardware than pay money to watch TV and play video games? Of course, if it becomes cost-effective to hardware encrypt the entire stream, I don't think the lack of a W3C standard will make any difference in stopping it.
> How many people would rather hack hardware than pay money to watch TV and play video games?
It only takes one. Everyone else just uses that cracked copy.
I'm not worried about DRM working, I'm worried about it not working in a way that gets in my way as someone whose time is generally worth more than the hassle of finding movies on bittorrent.
This has an expedient solution of only making devices which are able to play DRMed media (perhaps with permissive flags), and having all authoring tools use a per-user content creator key. Then the same broadcast encryption keying that allows players to be selectively disable also allows the cracked transcoder to be disabled.
Of course, this isn't terribly compatible with general purpose computing but operating systems intended for the public have been moving away from general purpose computing for some time and tables and mobile devices are pretty close to that now.
If we go far enough down that path the makers of these handicapped devices can even get legislative help in preventing competition from more user friendly devices by outlawing their sale as was the case for macrovision.
If the DRM system is sequestered from the rest of our computers, then what I described is far from a last-mile problem. It's not a last-mile problem unless support for a "protected" playback path is baked right into the OS kernel, in a way that users would have some difficulty modifying or disabling (e.g. mandatory driver signing and Secure Boot). As long as the playback path is not secured by the kernel, there's always a way to intercept a perfect digital copy of the output in software. And the user doesn't have to know anything about user-space API hijacking, LD_PRELOAD, custom driver development, or whatever it takes, as long as there's some software they can conveniently install that does the job.
So it seems to me that the proponents of DRM would never accept a DRM system that is sequestered from the rest of the computer.
An open DRM system would die in minutes, because we would just hack it to return its secret key to the user. In any DRM system, something needs to be closed.
The enthusiasm against DRM is mostly based on principle because the technological argument is so uninteresting.
It's also based on the philosophical aspects of DRM.
Everything which digital technologies enables, DRM takes away. Every improvement enabled by new technology, DRM hinders. Everything which digital opens, DRM closes down.
DRM is artificially retro-fitting the limitations of the past into the future for no other sake than benefiting the already rich, with an added cost of taking control away from the people and handing it to the few.
DRM is digital ass backwards and has no place anywhere in this new century.
So the options you are suggesting we have today is either a small number of solutions that take over your devices with God-knows-what but which are using browser plugin system, or solutions that take over your devices with God-knows-what but are using the W3C standard as an API, which leads to a larger number of God-knows-what solutions that do God-knows-what to your computer or has God-knows-what security issues that other form of malware can use.
How is that an improvement, and what does this have to do with a open network with cooperating nodes that any standard compliant software can parse and use?
Does this proposed W3C standard really get us any further away from taking over our devices with god-knows-what secret solutions? After all, the CDM plugins themselves are still proprietary.
I think it's a case of pushing at the margin; exposing more details of the CDM plugins than would otherwise be exposed. Opening the CDM spec is also a design win for reasons that should be obvious to people who've worked on software.
It's been the general trend in web browsers to minimize the permissions you need to give to plugins--I would expect CDM plugins to evolve the same way.
You may be right about minimizing the permissions given to CDM plugins. In the current Chrome dev build, the Widevine CDM plugin is a Pepper plugin, which suggests that it might be sandboxed.
However, DRM has sometimes been very over-reaching. Perhaps the most infamous example of this was the content protection introduced in Windows Vista, which went very deep into the OS. [1] After that, can we really expect that DRM proponents would be satisfied with letting their content "protection" system be a well-behaved, harmless little program inside a sandbox?
Being a Pepper plugin doesn't help at all. It's still a black box. It still has full access to your machine. It can not be sandboxed because it's up to the CDM to decide how to validate and how deep to connect to the machine. The CDM will want to control the bits from the time they get delivered to the CDM from the browser, all the way to the monitor with whatever tech the CDM author feels like employing.
Chrome can not validate the code nor the inputs to the code. It's a giant security hole. For all you know some CDM will just implement the blu-ray standard, Java and all. Yep, unsecured code execution.
> It's been the general trend in web browsers to minimize the permissions you need to give to plugins--I would expect CDM plugins to evolve the same way.
DRM need control over the computer for it to ever do anything. Trying to sandbox DRM, is like trying to sandbox anti-virus software. It can't happen, and has never happened before.
The real danger, from the W3C's perspective is that people will route around an HTML5 standard that includes DRM. What's the point of writing a standard that is built to fail?
I hear lots of objection to DRM in HTML but no alternatives. If EME is rejected and not added to the HTML spec, lets consider some alternatives:
1. Leave things as they are, so Flash and Silverlight limp along to serve DRMed content, and native apps are required to watch on devices which don't support plugins. Verdict: Not great, but hey it's how it is now.
2. Lobby the media owners to drop DRM. Verdict: Highly improbable
3. Lobby the media distributers (Netflix etc) to boycott media owners who won't drop DRM. Verdict: Highly improbable
4. Ask end-users to boycott purchase of un-DRMed content (and no pirate it, as they will only encourage the media owners to use more DRM). Verdict: Highly improbable. Us nerds may do it, but regular folk don't really care about DRM.
5. EME is implemented as a convention, but not in the official spec. Verdict: Possible, I think EME will be implemented in IE and Chrome with or without it being in the spec. Mozilla wouldn't I presume.
We leave things as they are. If content distributors refuse to play without DRM, let them stick to inconvenient existing plugins. The DRM-insisting gatekeepers will ultimately need the web more than the web needs them, so they'll have to concede eventually, even if it takes a good while before it happens.
Why do they need the web?
If the only way to watch Game of Thrones is to install a standalone application then people will simply install the standalone application.
I think this is the crux of the issue - should the web be a general purpose platform? Or do we draw a line somewhere and say some tasks, like watching protected video isn't something it should be doing. Personally I think all video consumption is a good fit for the web, it's seem awkward to split protected and unprotected video.
Ask browser vendors to include an authorization dialog before installing a CDM which describes what the CDM can do so that they can make an informed choice.
"The site xxx.com wants to install a module on your computer, this module has been signed by acme inc. Installing this module may be a requirement for consuming protected media from xxx.com.
In order to prevent you from circumventing policy; this module needs to make modifications to your computer as detailed in the license agreement (read here). These modifications will allow acme inc to read files on your computer, disable parts of your computer's functionality as specified by policy Z and may send personal information gathered to Acme Inc or selected partners
I think that option #5 is ideal. I don't believe that DRM belongs in the HTML spec. I see the spec as more of a toolkit to support whatever it is you need done (video/audio APIs, canvas, etc). DRM features should exist at the user level, preferably in the browser (as you have pointed out) or as it currently stands in an external plugin.
> I hear lots of objection to DRM in HTML but no alternatives.
To quote Thomas Sowell:
"No matter how disastrously some policy has turned out, anyone who criticizes it can expect to hear: “But what would you replace it with?” When you put out a fire, what do you replace it with?"
when I first heard of DRM in HTML5, the first thing that came to mind was that web apps would be encrypted, and that the only interface people would have would be mouse or touch. This would essentially make the web like blue-ray: great for consuming content and playing scripted games, and not-so-great for everyone else. Also, how long before "safe" browsers only allowed drm-encrypted web apps, to "protect consumers"?
I agree with the EFF that DRM should not be in HTML5.
That's the only natural evolution; for example the news sites will say:
"Why the movie industry have protection but we don't? We need HTML5 DRM in our writings, is our copyright less important than theirs? I say no sir!"
And slowly an internet where you can't use browser extensions, where you can't copy anything you read, where you depend on the existence of a company, a functional internet connection to play (just once) the content you bought, but a content that you certainly don't own.
Create sites which you can't leave or close? Easy, use drm and prevent any action that would closing the tab or give access to the url bar.
DRM is code with the intention to take full control over a device after sale. With that, any action is possible. Installing tool-bars, sending browser history, stealing information. The only protection is the letter of the law, and any hacker brave enough to reverse engineer the drm to identify what it actually do (under the threat of DMCA and jail time of course).
I wish I had your naivety; but I already sow things like a media center that counts heads and will stop the movie if the amount of people exceeds the number allowed by the purchased licence...
That was my point: someone claimed that a special, DRM-enabled "safe browser" would never happen as long as there is open source, and I am saying that no, in fact, open source is not going to save us here. The problem is that there is almost no chance of an open source CDM, and a near-guarantee that proprietary CDMs will dominate. Open source browsers will either capitulate and include DRM, or fail to do so and languish in obscurity as their users find themselves increasingly unable to use the web.
It is not just about Hollywood. The New York Times will use DRM to try to enforce payments. Scientific journals will use DRM to stop people from sharing articles. Photos will be DRM'd by companies that want to force you to go online to view them, to pay extra for setting them as your background, etc. How long do you think Mozilla can hold out against the pressure to include DRM functionality?
What if netflix released its own browser, perhaps a fork of chromium, and all it could do was go to netflix and other such approved (read: drm-ready) sites that paid a fee to netflix?
And what if parents made that the default browser on the device? To protect the kids, of course.
The only true solution to the problem of DRM is to kill Hollywood. It's unlikely to happen, though. Many others have reiterated on this point, so I'm not going to waste my time iterating yet once more.
Economics will kill Hollywood if we resist their bribes to cripple open technology and they flounder into obscurity.
They currently control most of the chess board (from ISPs to copyright to the law in general) but we hold the key pieces (that are becoming more essential over time as the Internet becomes more global and pervasive).
I doubt killing Hollywood will be the solution. Industry will always try to gain unfair advantages through legislation as long as we let them. That is, as long as government is too large to really care about the little guy.
Harmful legislation is much more present in large legislative agencies such as the US government or (to some extent) the EU.
Decentralizing legislative authority to e.g. the states is the only way to get laws acted in your own best interest.
Having different laws in every state is exactly why most of the world can't watch Netflix. The EU is trying to consolidate things which gives incentives to negotiate contracts. The last thing the EU needs is more Balkanization as companies can't afford to comply with twenty different regulatory schemes.
If the most powerful nation conglomerate in the world has to appease a corporation and negotiate, you are already off the deep end.
The world can't get netflix because big studios want to release content where they want when they want, and instant data transmission over great distance impedes that if everyone can watch the latest show in their home country before they had 3 months to buy the box set in stores.
When I try to view video content, being told that I am not wanted as a user is more common than not. If I go on Hulu, ABC, NBC, and even many YouTube videos, I am not that the maker of the video did not figure out a profitable enough ad model for my country so I should just go away. This country ban is so common because Flash players make it trivial to do so. If you extend the same to all types of web content, I fear this DRM will be used for far more than just some random Hollywood movies.
And start demanding the member organizations to make a public statement as to exactly how far the EME DRM standardization is allowed to advance before they will withdraw from the W3C.
I am not sure of the official position, but I seriously doubt Mozilla will EVER implement this. They've been opposing H.264, which is a lesser evil (patents) than outright DRM.
They stopped opposing H.264 once they needed it for Firefox OS. I'd expect Mozilla to support the W3C DRM stuff as soon as someone makes Netflix a requirement for their Firefox OS phone. Maybe it won't be Mozilla but someone shipping Firefox OS will do the work. Then Mozilla will feel pressure to take the patch they provide. They're in a difficult position now that they're in the mobile phone OS market.
Or the very real possibility that Netflix (etc.) won't even be on the Firefox OS platform without EME.
Since Firefox OS builds on an Android userland there could be overlap in the hardware-mediated playback of protected content with Android devices based on the same SOC.
To be clear, after reading the EME spec it's primary a vehicle for transmitting the state of third-party module to Javascript, that module being permitted access to the media element backing a video or audio tag and to perform the final rendering of the content to an output device.
Those who are saying this spec precludes open implementations of a user agent (web browser) should probably read the spec. Some CDM vendors will restrict their plugin from working on open browsers, but there is no reason to do that as the CDM can be the unit processing the protected stream and rendering it. This means that open browsers can implement this spec and use CDMs that conform to an open ABI without compromising the protection of the content.
The CDM if used this way will be responsible for rendering a video or audio stream, not a shared graphics context like Flash or Java, and overlay graphics and UI will be implemented in standard HTML not in the closed CDM module.
I would never use a browser that implements DRM. As the EFF stated DRM is a back box with the intent of taking control from the user so why the hell should i allow it in my computer.
If their content is so important to them they can keep it just stay the hell out of my browser.
I value my privacy more then i covet their content.
OK, I am gonna catch hell for this, but there is one major reason for having DRM in HTML 5. NetFlix.
Streaming video sites are handcuffed to the media owners. Those media owners(Viacom, Time Warner, etc.) REQUIRE DRM in any contract with a streaming video provider. NetFlix uses Silverlight for this reason.
Without DRM, NetFlix can never move to HTML5 and VP9. It's sad, but true. The W3C is not just being a buncha dicks. They're listening to all sides.
Who cares if there's DRM in the spec, anyway? It doesn't mean people have to use it. And we all know it'll be cracked in a matter of SECONDS upon formal implementation.
Who cares if Netflix needs it? If Netflix wants to do DRM in the browser, then they can continue to do it the painful way with traditional proprietary plugins. Why should we oblige them and dirty the standard in the process?
> Who cares if Netflix needs it? If Netflix wants to do DRM in the browser, then they can continue to do it the painful way with traditional proprietary plugins.
I thought part of the reason for DRM-plugins-with-standardized-hooks-in-HTML is that it was the one particularly widely-used current use case for plugins that browser vendors weren't aiming to replace completely internally with HTML, CSS, and/or JS APIs, and switching to a standard mechanism for it would allow browser vendors to deprecate general purpose proprietary plugin mechanisms.
> Why do you think they want to switch away from the old general purpose proprietary plugin mechanisms, which are specific to the browser?
They (note that the people who want that I referred to in the post you responded to are the browser vendors, not the DRM-ed content suppliers) want to switch from that model because they want to narrow the interface to external software and encourage developers to do more with HTML and related technologies, to keep browsers more focussed and to provide more opportunities for HTML/CSS/JS-based extensions to interact with content.
They "want" to keep DRM available through a narrowed-, specifiic plugin interface because there is enough demand from major content sources that the alternative is either keeping general purpose plugin interfaces alive (which browser vendors mostly don't want) or driving certain major uses of the internet out of browser entirely (which browser vendors want even less) or sites that want to deliver content for which the owners demand DRM make their own browsers with propietary DRM baked in.
Because not doing so concedes this type of market to Microsoft. Open standards are a way to ensure no specific company has control over stuff like this.
> Because not doing so concedes this type of market to Microsoft.
Bullshit.
1) I am able to gleefully avoid it these days, but in the past flash worked with Linux. Furthermore, all relevant DRM systems work with Apple devices including OSX. Netflix works on Android, and on Google's ChromeOS.
2) Even if it did, who gives a shit? I'd rather have people who absolutely must watch netflix on their laptop do it with windows than have the standard dirtied with this shit.
3) Nothing about this shit being added to the standard will make Netflix work on Linux with open-source browsers anyway.
You are high if you think this will allow you to use Netflix on your GNU/Linux box. Netflix already has their shit working with google-chrome, on a Linux kernel, in ChromeOS (Linux, but not "GNUy", for lack of better terminology). They don't allow that to work with regular GNU/Linux because they don't trust the rest of the stack to keep their precious bits secret.
Netflix actually already "works" in Linux, or at least did back when I last looked it up, and most probably their CDM would as well. I'm of course speaking of using wine. (Having not actually tested the solution, I cannot verify it nor tell about its shortcomings.)
Or perhaps they would rely on secure/trusted path this time. I doubt that - the hardware simply isn't there for their customers.
Anyhow, I certainly wouldn't want W3C to endorse any type of DRM, or have them make it easier to abuse DRM. It's a good thing that Flash and Silverlight are restricted to PCs. It's a good thing that plugins annoy people; it makes them less desirable. We really shouldn't be building a new framework for plugins on all platforms.
Furthermore, I'd like to assure everyone reading this that DRM-free media is (still) thriving on the Internet. It's unfortunate that some people fail to play along; this only means that money doesn't go to the right people even if it's their media that's being exchanged.
Are you aware of any plan to standardize the API/ABI of the CDM modules. It would be possible to do this without exposing content as the current proposal (EME) just specifies the existence of an API for passing around CDM specific data, such as initialization data derived from streams.
It may actually make sense to specify this API/ABI outside of the EME spec, such as through WHATWG. Having a small footprint in the API/ABI might help assuage fears that this is a backdoor to general DRM in HTML5.
Are you aware of the argument for providing the simple clear key encryption or making it a requirement of the spec, or for optionally providing the clear form of the media stream back to the Javascript application? I would argue that the Clear Key scheme won't have applications in the content protection space as it's simple to bypass, but creates an opening for backdoor encryption of general content that has been encoded into a media stream which could be used to protect HTML documents and not just rendered media resources of a document.
Take this example, I'm a MooC with upstream providers that want protections on their textbooks. I choose to deliver my textbooks though HTML5 but not allow them to be copied, such as by intercepting mouse and key events which invoke the native copy and paste options on a web page. I also don't want someone to be able to save the content with a view source or save as command. My implementation is store the content in the media frames of a WebM file and require a certain CDM be installed. I then playback the stream and intercept the unencrypted packets, rendering them into the DOM as innerHTML. I have successfully implemented most of an HTML5 DRM system.
It might seem counter intuitive, but even RMS argued that software that violates ethics (the freedoms, etc.) should be contained in hardware with a clear interface with the rest of the system as preferable to a "blob" which can access the rest of the main CPUs software. In a similar vein, video processing offload chips such as the Crystal support open drivers because they have all of the patent-encumbered elements contained within the firmware of the chip. The chip itself processes MPEG transport streams.
We can speak all we wish about "DRM-infested" systems like Windows Vista (also present in Windows 7 and most likely 8), but these are protections occurring at the same level as video codecs and not directly implemented in the browser. Anything supporting DirectShow codecs can support these DRM protected streams. The same is true for systems like Widevine and hardware offloaded video playback in devices like smartphones.
Personally, I'm still trying to understand where in the HTML5 spec it specifies how to render video and audio content on a page, such as what elements are supported in video streams, how macroblocks are decoded, etc. I don't believe it does.
But later, Stallman said something that I found very surprising. He said that he has no problem with the firmware being burned into the hardware (via a ROM chip or the like). He said that he wanted a “black box”, and it’s obvious that he has no problem with proprietary firmware as long as it’s permanently embedded in the hardware rather than being loaded into it at boot time.
]
> OK, I am gonna catch hell for this, but there is one major
> reason for having DRM in HTML 5. NetFlix.
The W3Cs proposal will not bring NetFlix to Linux. What they - the W3C and Netflix - are proposing is a standardised interface between Javascript and CDMs.
CDM vendors, like Netflix, will be under no compulsion to provide CDMs for other platforms. And they won't.
Now we can do this the easy way, with standards that are agreed upon across vendors -- or the hard way, with proprietary plug-ins that only work in Windows and Internet Explorer.
The Web has DRM, implemented in proprietary plugins: Flash (and to a lesser degree, Silverlight).
And this proposal involves DRM implemented with proprietary plugins (known as CDMs). There is no requirement that CDMs be available across platforms, on open operating systems, available to license by any vendor. The CDMs are the new proprietary plugins, they just happen to do less than Flash, leaving more of it up to the browser.
Is it really so much better to trade one proprietary form of DRM for another? What does that actually get us? More crappy services, where Hollywood decides on a month by month basis which particular services get to offer its content, so you need to sign up for 5 different services just to watch all of the content that you watch? And each one of them supports different set-top boxes, doesn't work on open platforms, and restricts you from backing up media that you have bought?
This isn't improvement; this is just wanting to get browser vendors to implement anti-features that users object to, instead of getting Adobe to do it.
The worst part is that Flash and Java aren't going to go away anytime soon either. You basically have to have both, and the web will be a lot harder to navigate on anything but a Windows machine.
Wrong. The Web already has DRM - Silverlight and other junk. The subject is about not dragging this garbage into the HTML standard.
> Now we can do this the easy way, with standards that are agreed upon across vendors -- or the hard way, with proprietary plug-ins that only work in Windows and Internet Explorer.
EME won't make DRM "easier" for users - it will still require closed source black box modules which will never work with open source browsers. It might make it easier for Netflix and co. who push this idiocy onto the web. But it's their problem, users and the Web should not oblige them with comfortable proliferation of unethical approaches. If anything it should be made harder, to give more incentives to avoid it.
You've hit it: standardization speeds proliferation, and there's no reason at all for the W3C to speed the proliferation of lock-in, effectively supporting a digital arms race.
There may be rationalizations for DRM by certain individuals or companies, just as there are "reasons" from warlords to expand their empires, but none of them necessarily benefit everyone justly. For that matter, there are straight-forward arguments that DRM cannot benefit everyone justly (for example, DRM prevents users from controlling their equipment, or it prevents innovation thereby distorting the market), and if it can't: why on earth is it worth promoting?
Saying DRM should be in HTML 5 is like saying the freedom to murder should be a human right. IMHO, both cross a line that make them (clearly) no longer objectively in the public interest.
The ability to embed plugins is as close to that line as necessary - and that has already been standardized. There is no reason to go farther than that and to proliferate a tool that is not in the public interest (for all intents and purposes a "weapon" against the public).
The DRM will change nothing about platform interoperability. If anything, it will probably make the situation worse.
For DRM to work, someone needs to control that DRM (which means plugins) - preferably as few people as possible. You can't really have "open DRM" or anything like that, which means "HTML5 DRM5" is completely inconsistent and conflictual with the values of the web, and what W3C is supposed to stand for.
The reason there even seems to be a side that is "pro HTML5 DRM" is because they think:
1) it will make Netflix and such really cross-platform
2) you won't have to use "nasty plugins" like Flash or Silverlight
But none of the two is really true. You will have plugins, they will just be at the OS level, and good luck getting Netflix to work on new operating systems such as Ubuntu Touch, Sailfish, FF OS, Tizen, and so on - unless the company behind them can make partnerships with the content companies or content distributors like Netflix.
We can NOT do this the easy way! Please read the W3C proposal. The proposal is NOT an alternative to proprietary plug-ins but rather a proposal to introduce proprietary plug-ins into HTML5. DRM can't be free software because you could simply change it to write the data to your disk and recompile it.
This proposal is turning HTML5 into "New Flash" because the CDM will have to do the decoding and rendering of frames. This is not only dangerous to freedom but this is dangerous to all the achievements and advances in HTML5 and the web stack.
Reminds me of this exchange between Dwight and Ryan on The Office:
---
Dwight: Okay, I’m going to need to search your car. Give me your keys.
Ryan: I am not giving you my keys.
Dwight: Don’t make me do this the hard way.
Ryan: What’s the hard way?
Dwight: I go down to the police station on my lunch break. I tell the police officer — I know several — what I suspect you may have in your car. He requests a hearing from a judge and obtains a search warrant. Once he has said warrant, he will drive over here and make you give him the keys to your car, and you will have to obey him.
Ryan: Yeah, let’s do it that way.
---
Note to Hollywood: Yeah, let's do it the hard way.
DRM: Software with the intent to take control with force over someones else computer.
Sorry but there is nothing intrinsic valuable about DRM in the web, in the exact same way that any other form of malware is not intrinsic valuable to the web. Just because its current legal to offer media products with malware embedded, doesn't make it a logical choice to include in a web standard that describes an open web of cooperating nodes.
So do I. That way will mean that I will probably never be able to use it on my (Linux) laptop, but that's fine, because I don't want to use something with DRM anyway. Torrents work just fine until the movie industry learns what the music industry learned the hard way.
The minute you suggest torrenting media is the minute you lose the moral high-ground. You aren't owed this stuff, neither are you entitled to it. If you don't agree with the way media is distributed, don't consume it. By torrenting the media, you are playing into the proponents of DRMs hands.
I still think it's irrelevant. DRM doesn't stop casual copyright infringement anyway. It's only ever used to control distributors (in this case the likes of Netflix), but that doesn't make much sense to me anyway, since they have expensive-to-breach contracts with them.
That'd be Argumentum ad logicam. The 'Torrents work just fine until the movie industry learns what the music industry learned the hard way.' approach is bordering on a two wrongs make a right fallacy itself.
You're the one who brought morals into the conversation. The original statement is 100% correct: torrents do work just fine. Their morality was not mentioned until your reply.
If we remove morals from the debate, then the whole F/LOSS movement is meaningless. By ending the statement "...until the movie industry learns what the music industry learned the hard way." implies a moral lesson and as such is an appeal to morals. The value being proffered, that DRM is fundamentally wrong and shouldn't be allowed as it affects the end users rights (a moral issue if ever there was one) is lost when work is taken without consent to teach that lesson. My point stands, irrespective of whether a trite fallacy is relied upon. So no, I didn't bring moral into the discussion. The discussion is fundamentally a moral issue. So please, drop the faux indignation and lecturing, it's not appreciated
The Free Software and Open Source movements have strong practical arguments in their favor; there's no need to invoke morality to promote F/LOSS. Arguments against DRM are similarly pragmatic; the cost to all computing simply isn't worth the tiny perceived benefit to a very few. The lesson to be learned by DRM proponents is not a moral one; it is the very practical lesson that people don't want it.
From the FSF "As our society grows more dependent on computers, the software we run is of critical importance to securing the future of a free society. Free software is about having control over the technology we use in our homes, schools and businesses, where computers work for our individual and communal benefit, not for proprietary software companies or governments who might seek to restrict and monitor us." A statement laced with moral reasoning. The whole 'about' page is a full of fallacies, no least appeal to emotion. Not for one minute do I with the FSF's raison d'être, I hasten to add, merely I use it point out how utterly poorly that logic is applied in these discussions.
"The cost to all computing simply isn't worth the tiny perceived benefit to a very few" So morally it's wrong. That pragmatism comes from the moral imperative or the perceived masses.
"...it is the very practical lesson that people don't want it." Why? Because it affects their perceived freedoms, ergo moral reasoning.
To glibly dismiss the moral imperative of F/LOSS simply wrong. Heck, Stallman, the EFF and the FSF rely heavily on argumentum ad consequentiam, argumentum ad metum and argumentum ad passiones in a not-insignificant amount of their literature and all of those to varing extent rely on moralising.
You seem to use a very loose definition of "moral." I don't see any morality inherent in logical statements of the form A->B, B is widely undesirable, therefore A is widely undesirable. If that's a moral argument, then by your definition, there's no such thing as pragmatism or logic.
> I don't see any morality inherent in logical statements of the form A->B, B is widely undesirable, therefore A is widely undesirable.
The moral (or, at least, subjective; whether the particular subjective distinction is "moral" or something else is somewhat of a an arbitrary distinction) part is "B is widely undesirable". Desirability is not a factual premise.
> If that's a moral argument, then by your definition, there's no such thing as pragmatism or logic.
Well, no; that is a moral argument (or at least, an argument that rests on a subjective premise), and it is also an application of logic. Logic doesn't provide premises, it applies based on premises which are either sensory observations (which are inherently subjective) or a priori postulates (which are often subjective moral/aesthetic/etc. value propositions.)
Logic exists, it just doesn't get you to any kind of conclusions about the way things should be or what things you should do without starting with premises that are about the way things should be or what you should do.
> "...until the movie industry learns what the music industry learned the hard way." implies a moral lesson and as such is an appeal to morals.
It implies no such thing. It merely implies that DRM is a net loss for the industry, and that the music industry has already learned this but the movie industry has not.
To be clear, EME is not really a standard agreed upon across vendors. It's more of a meta-standard. There will be no CDM that works in 90% of browsers, so EME would lead to fragmentation just as bad or worse than what we have today.
I want the way DRM gets onto the web to be the same vector malware gets onto computers. I want this to suck for DRM, it should suck. It should be painful to give up your rights. It SHOULD hurt.
I am skeptical of any value in having "standards" agreed for this for consumers which would be any different from having third party plugins.
If you want your content to be protected, fine, you can go back to using third party plugins. Then users will have a clear choice on whether to consume your content.
What exactly is DRM supposed to achieve? For it to work it seems to need to prevent 100% of all opportunities, worldwide, of duplicating copyrighted material. A single copy is all it takes to seed every single pirated copy. I can't see that the sales of DVDs and Blu-rays are going to dry up any time soon and given how easy it is to copy those how does DRM help at all?
This is sort of like Linux kernel supporting a fixed ABI for binary modules. There are those who say that it's a good thing and benefits are more than the costs. And then there are those who say that this would be bad and it prevents us from going through a temporary struggle that would eventually lead to a better solution for the long-term.
I tend to favor the second camp. Let's not compromise on our vision for the open web. We have gone through a lot and have achieved a lot. A short-term hassle is acceptable for the long-term win.
An argument in favour of the W3C policy is that DRM video plugins could be retired but what about all those sites that attempt to prevent right-click|save-as on photos, or on JavaScript, and why wouldn't they use DRM too? The EME draft doesn't just handle video, does it?
For now it does. But if we let it pass, you better believe that slippery slope we've went into is going to get a whole lot steeper.
The open web only has one option: Fighting DRM entirely and fundamentally. We don't need Netflix on the web, and definitely not at the cost of our fabulous, open standards' core values.
Not supporting it would be bad for Firefox OS. It would mean that platform is locked out from streaming video solutions (ie. Netflix). This would discourage carriers from supporting Firefox OS. On desktop it doesn't matter so much. They have a marketshare to make a difference when they take a stand. However now that they're in the phone market, if no carrier will take Firefox OS due to the streaming video issue then the OS is dead before it really begins.
I think you generalize the absurd US cellular carrier situation on to the world.
Most places in the world you have carriers which provides phone services, accessible by a SIM-card, and you have phones, which accepts SIM cards.
These are two entirely separate things which you choose entirely at your own bidding. You chose the carrier which provides you with a service matching your needs at a price you are willing to pay. And you use the SIM card they provide in the phone you have chosen entirely separate.
In a world like this a carrier doesn't "support" a phone. That would be like my ISP having to "support" my Dell PC, or me having to buy a PC from a limited selection offered by my ISP. It's an absurd position.
Most of the world does not work like the completely and fundamentally broken US cellphone market, and generalizing based on that is doomed to reap highly inaccurate results.
I may be generalizing incorrectly but given Mozilla's lack of comment either for or against the W3C DRM initiative I think they're not wanting to jeopardize partner arrangements by saying anything negative. Even if they have no deals requiring DRM, why turn off potential partners with statements that don't need to be made yet.
Usually they're publicly all over this sort of thing. I don't see any Mozilla people commenting in this thread about what they think either which is unusual but probably wise.
On the other hand I don't see statements from Opera either and they're usually pretty anti this sort of thing. Maybe they're both doing behind the scenes work to scuttle the DRM initiative and don't want to make it public yet.
Sure looks like it's getting closer to me. The amount of content I can view without a plugin has absolutely exploded over the past few years. Sure, big Hollywood names aren't in there yet, but it's not like they're the only ones who make videos worth watching.
What you mean by "big Hollywood" the mainstream population refers to as "TV" and "Movies". None of which we're able to watch without a plugin. I do all my TV watching online (95% on Netflix/Hulu), even most of the videos I watch on YouTube require flash, despite being opt-in to using the HTML5 video player.
Your statement was "closer". Even if the video watchable without plugins is only 1% of the total, your statement is still wrong if it was e.g. 0.1% a few years ago.
Regarding YouTube, I do most of my YouTubing on iOS devices, and it's very rare to find a video that doesn't work, so the non-plugin support is good. Why it doesn't work in your browser, I couldn't say, but at this point I suspect it's more about your setup than YouTube not supporting it at all.
You do realize that the proposed HTML5 DRM specification has nothing to do with being able to view DRM-protected videos without plugins, as it's mostly centered around specifying a platform for plugins, do you?
First of all, the DRM is proprietary. Those using open-source browsers like Firefox or Chromium won't be able to view any sites that push DRM at their will; especially if it's integrated INTO the web standard itself. It doesn't only affect web developers, it affects users, and the fact that you can't see that is astonishing. I don't know whether to be appalled or amazed, to be honest.
Normally, when DRM is implemented, it has been done so through plugins and other proprietary solutions, but the core technologies in the web -- HTML, CSS, and JavaScript -- have been open, and they should stay open. Implementing proprietary DRM in an open standard is a slap in the face for Mozilla and Google, who want an open Web. And everyone else wants an open Web too, not just the big organizations.
And third, let's just face it -- DRM fucking sucks.
Actually, Google isn't as innocent as you might think. They acquired a DRM company called Widevine, and the Widevine DRM system is now integrated with recent Google Chrome dev builds.
This is kind of like saying, "The DVD CSS system is fine! You are not forced to use this DRM when you make a video DVD!" Why should the users be forced to deal with more of this nonsense?
The issue is not about websites it is about us. I do not want DRM on my computer, and I do not want to be excluded from the web as a result of that choice.
They are not making anyone use DRM against their will yet.
And then one day there's a government form you have to fill out, or a training video you have to watch, and it's behind some crazy DRM solution that the makers thought would be good to use, which was accepted because it's "standard".
The way I see it is if DRM is going to be managed in Firefox and Chrome then it wouldn't necessarily block a determined person from circumventing it. Both browsers are open source. HTML5 DRM will only stop people from using regular copy/paste.
I have a feeling that the EFF is over-reacting, but only time will tell what the right action should have been.
That's why the W3C proposal is a proposal for an API which proprietary plug-ins would use. The plug-in will do the decoding and rendering. Therefore the EFF is absolutely not over-reacting.
I'm sorry but you're overlooking that this is already the case with Flash. Our other alternative to Flash is to use a native app. Both ways are not web friendly in that they both completely rely on closed standards. This is one of my gripes with Flash. It is a lock-in tool that is controlled by one company, namely Adobe, who isn't interested in my security and gives me a player for free to collect money from publishers. Native platforms, aka apps, on the other hand create a lock-in that completely ignores the browser.
This draft however helps create a common standard, albeit closed, but standardized in operation which means there will be competition on other many fronts: better encryption extensions, secure, respecting privacy, all of which don't describe Flash or even QuickTime or whatever pops to mind.
To point out the irony of labeling DRM as the ultimate evil: Do you use iOS/Android/Windows Phone/BlackBerry 10/Kindle?
The issue is that the CDMs with which the sites integrate simply won't be made available on certain platforms. E.g. Netflix isn't available on Linux, and there's no evidence that the availability of EME would change that.
I disagree with all of you previous commentators. DRM in the browser already exists and it is called Flash. This is also the reason why Adobe is still supporting Flash and wants to bring it to other platforms other than the browser.
As for Netflix on Linux, they want to make money and will have to make it available if they want Linux customers. Remember that nothing is going to stop Netflix or anybody else from making their media incompatible with your setup, so the keys are already in their hands.
On the other hand demanding freedom and openness from organizations that only want to make money is useless. Just ask for your platform to be supported and pay them when they do. Otherwise no one is going to take a second look at you no matter how loud you shout.
I'm honestly surprised that Mozilla haven't been more vocal about this issue. Have they issued any statements what so ever?
Seeing what amazing things the web have enabled the last few decades, purely by being open, who are we to deny the future the same possibilities by locking it all down now? What sort of short-sighted asshole would propose such a thing?
To those who yammer on about Netflix: Allow me to paraphrase Benjamin Franklin. He who gives up freedom for comfort deserves neither.
If this goes through though, what I see others are calling out for is a new consortium. If the W3C is hellbent on forking and fragmenting the web, then lets have it. But let's have it on our terms: By creating a new open web standards consortium.