Everyone who is ignorant towards the standard DRM in web browsers does not see the forest behind the trees.
It does not stop with movies or music.
If DRM is deeply integrated into the web then everything will get affected by it. Already today some publisher go to great lengths to try to disturb people from copying simple text and images. It will get only worse.
Currently the openness of the web has been very beneficial to the people willing to make an effort to learn the web technologies. I think that this has opened the field for many talented people. You can just inspect the page and try to learn how it is made by reverse engineering it. This will go away and you will get the inaccessible binary blob instead.
This is all true, but what has it got to do with the W3C approving the standard or not?
The content publishers and the browser makers are severely intermingled and often the same company. (Google, Apple, "Netflix HD only on Edge") We don't even need to pretend Firefox has any relevance in this particular space.
If Google wants to push SPDY or HTTP2 or a DRM technology through, they can just do so through combined browser and YouTube/Gmail/Google Play/Android/Google Docs marketshare. Similar things apply to the iOS and Windows ecosystems.
The W3C exists as place for these companies to work out interoperability standards. They have no other incentive to attend. If the W3C gets in the way of that, what does it matter? They can interoperate or not. There can be a standard or not.
DRM will be there anyway. Be it Flash, be it something else.
> DRM will be there anyway. Be it Flash, be it something else.
Then let it be Flash, so it can die with Flash. Let's not perpetuate it, or make it any easier. Let a hundred competing "standards" bloom so media companies have more work to do, and might decide that DRM seems like too much trouble and decreases their target audience. Let browsers prune away support for DRM with their outdated plugin interfaces.
Don't give any one "standard" the blessing of any standards organization. And don't accept something inherently non-standard as a standard. Don't accept as a standard something completely unimplementable in a fully Open Source browser. Don't accept a standard interface to custom binary DRM implementations.
There aren't going to be a hundred competing standards, because the production tool ecosystem has its own working groups who will settle on a small set of standards, with or without the input of the browser vendors. The browser vendors only have a say in DRM formats insofar as providing universal support for a format entices the production-tool ecosystem to provide export-compatibility for it. If the browser-vendors refuse to provide such a standard, they're really just refusing to sit at the table where the standard is decided.
In the end, there'll be a standard DRM multimedia format whether it's "endorsed" by Open Web people or not; if browsers don't build in support for it, then it'll just build support for itself, via the APIs that do exist: WebGL, WebRTC, ASM.js, etc. Consumers will get their media; they'll just be running an opaque blob of Javascript in the browser to get it, instead of the browser doing the job—cleanly—itself.
Designed. Many designs fail to achieve their goals. Has there been much research into 0-days in the GPU firmware itself? Or the closed blobs that get loaded into kernel space?
Yes, quite a bit actually, and you also need to understand that you aren't hitting the GPU directly by any means you are going through several layers of API's each with it's own security controls, then hitting a restricted end point in a usermode driver.
This is not to say that there aren't vulnerabilities in the drivers, that said the only 3 PE/CE vulnerabilities in the NVIDIA driver in the past 4+ years were not exploitable through any vectors you are suggesting since they involved NVAPI, AMD doesn't discloses vulnerabilities openly IIRC.
To exploit a vulnerability in the manner you suggest you need to break through the sandboxing and security model of the browser, break the sandboxing and security model of the web API you are using e.g. WebGL break through the security model and sandboxing of the actual API e.g. DirectX on Windows, break through the sandboxing and security model of the user mode driver, and then exploit a vulnerability in a kernel mode driver that might have actual access to something you might care about.
And even then it's not that simple in WDDM for example even in pure kernel mode you'll have issues accessing memory out of the bounds of your application due to how GPU resource are managed, pinned and translated.
To put it simply every process accesses a "virtual GPU" through it's own endpoint, there is a zero-out process which is invoked on both the GPU and system memory when any buffer is allocated or accessed, and there is an out-of-bounds behaviour control running on the GPU independent of the driver, basically once you access (read or write) out of bound memory the GPU would terminate the loaded kernel which would crash your application and the driver would be cycled (restarted).
The out of bound memory is a real annoyance anyone who's worked with GPGPU especially CUDA is pretty familiar with, it's the #1 app killer (as far as code errors go) and for good reasons, even a privileged kernel running natively on the GPU is protected from abusing it's own rights.
What does that mean in regards to parent's comment? If it renders, it went through both a graphics driver and GPU. Therefore they're in attack surface for malicious data designed to take over privileged code and/or DMA engines.
Except that's not what's going to happen. This problem is not going away. And if you create more "work", they'll just do what they need to to capture the majority of the market and leave a lot of users in the cold.
The people this hurts aren't going to be the media companies or the normal users. The people it will hurt will be us crazies that do stuff like run Unix on the desktop or try and run unlocked Chinese Android phones, because they just won't be supported because there's no financial case for it.
> Except that's not what's going to happen. This problem is not going away. And if you create more "work", they'll just do what they need to to capture the majority of the market and leave a lot of users in the cold.
And then that'll leave a market for someone else to come along and serve.
If the company that owns the distribution rights to a piece of content doesn't want to support the last few percent of the market then they just won't and there's nothing anyone else can (legally) do about it unless they start further up the food chain, making their own content. And if there were enough money in those outliers for that to be profitable, then the existing content creators would probably be serving them.
DRM is going to happen one way or another, and in my mind ensuring that at the very least the DRM itself has a defined interface for everyone to work against results in a more "open" ecosystem than leaving it up to backroom deals between content creators and DRM vendors who create hacky hodge-podge software.
It's not going to be Flash precisely because Flash is dying. It doesn't matter whether the W3C is involved or not, the companies that want this are going to make it happen. The idea that stopping a W3C standard is somehow going to stop the entire media industry getting its way on this is nothing but a fantasy.
Unfortunately, many people who could bring some moderation to the discussions about DRM are still stuck in fantasy land where none of this is happening.
We don't even need to pretend Firefox has any relevance
And this is a collective fault of many ignorant persons also in this forum who more than often have suggest people to use Chrome. I think that Chrome has gained much support thanks to the wide spread ignorance about the implications.
I wouldn't say those people were "ignorant". Things like YouTube, Google Docs, most Google properties work better in Chrome. This isn't always intentional, even.
Google can control both ends of the pipe, which means whenever they make big changes Chrome users will have a better experience. They pushed ahead there with MSE, codec support (VP9), SPDY, HTTP/2, etc and other browsers had to catch up. If other browsers were ahead in some areas, it didn't matter, because the content side didn't support it. Sites are designed and optimized in Chrome first and foremost, so Chrome never risks looking slow.
Similar things apply to Safari on iOS, or Edge on Windows.
The problem in my mind is that by having the same parties sit on both ends of this story, it's inevitable the middle man (that could be a leverage against DRM) gets pushed out. It's very, very hard to explain to the majority of users that they have to accept short term pain to avoid an outcome that is much worse for them. Ask any politician.
But we don't even need to kill the web to get there (pushing out any middlemen). We have native apps! Nobody is complaining their Android or iOS phone has DRM, do they?
> Things like [Google] YouTube, Google Docs, most Google [projects] work better in Chrome.
I wonder why that is.
> This isn't always intentional, even.
I don't think everyone at Google is evil. There are many passionate engineers and hackers like you and me. However, if a Youtube developer has an issue with something running extraordinarily slowly, it's a much shorter call to the Chrome department than it would be to Apple's Safari or Mozilla's Firefox. So while developers might not be actively hindering other browsers, they are developing for Chrome. That it technically works on other browsers is a requirement but optimizing for the competition's browsers is not something I imagine management allocates hours for.
The end result is that they are hindering competition in the browser market, and quite a few people saw that coming. Still, even more people (vastly more people) either did not care or know and recommended Chrome anyway.
> Nobody is complaining their Android or iOS phone has DRM, do they?
My Android phone does not have DRM beyond what it in the SIM and I am complaining about people whose phones do. Many friends and peers share my view on this, so it's at least not "nobody".
I suppose you might be right. I actually realized after posting that there is probably something somewhere in my phone that still contains some kind of DRM. Assuming this is still in Cyanogenmod, you're probably right.
Then again, I'm not sure I have any apps that use this.
I use Firefox over any other browser precisely because I can "hack" it. I've changed so much under about:config that I have to document it for the next install. Firefox allows so many useful hacks that are truly in favor of the user. Chrome not so much. I don't use anything other than macOS or *nix, so I cannot speak to IE or other platforms.
> That it technically works on other browsers is a requirement but optimizing for the competition's browsers is not something I imagine management allocates hours for.
Youtube exists to sell ads, and a slow browsing experience on any device or browser does not serve that goal. So while Chrome may be their default testing environment, there's a very strong incentive to have it work well across the board.
Say in the YouTube app you perform a search for a song. The results come back very quickly and the first result is what you want so you tap it. An ad starts to play. Except its not an ad. Its a video from the advertised spot above your search results - wait a minute you didn't click that. So you go back and realize, it loads 1 second after your search results and pushes them downwards, so your tap ends up on the advertisement that wasn't even rendered yet. Hm.
That might drive short term revenue but would drive down their CPM/CPC rates and user engagement longer term. I don't think Google's culture is conducive to playing those sorts of tricks.
> Things like YouTube, Google Docs, most Google properties work better in Chrome.
As someone who has never used Chrome, I'd love to understand what exactly "works better" means. I've never had problems with any of those sites using Firefox and Safari.
Google Docs is more responsive and faster in Chrome (it improves in Firefox if you fake the Chrome UA, hah). YouTube relied on Flash much longer in Firefox, while Mozilla was working to make their MSE implementation compatible with Chrome.
Google broke YouTube for Firefox users right before the last Christmas holidays. Mozilla pushed out Firefox updates over the holidays that faked the UA as a workaround.
Google Inbox didn't work on Firefox initially, because Google claimed Firefox was too slow. When reported to Mozilla, it was fixed in a few hours, and they found that Chrome's implementation of the "thing that was too slow" was actually broken and not spec compliant.
Hangouts (used to?) require a plugin in Firefox, and just uses WebRTC in Chrome.
For more backstory, here's the Firefox bug report with the fix for Google Inbox being "too slow" due to JS array slice being faster in Chrome than Firefox due to a V8 bug:
When you change the user agent in Docs, the JS app tries to use a webkit-specific selection API and just crashes. The timing results for that test seem bogus.
Google deployed SPDY on Google sites when only Chrome supports it. YouTube deployed streaming with QUIC when only Chrome supports it. I'm not saying Google sites are sabotaging other browsers, just that these are examples of Google sites the work best in Chrome because Google teams can work closely together.
Google Hangouts uses WebRTC and NaCl without plugins in Chrome, but requires an NPAPI plugin or ActiveX Control (confusingly called the "Google Talk Plugin") in other browsers. Support for any browser other than Chrome is not listed on the Hangouts home page. You must search their KB to find the plugin installer.
Is this classical or quantum prisoner's dilemma? Which variation?
Because the knowledge of the prisoner is deeply intertwined with the optimal strategy in quantum prisoner's dilemmas. And quantum prisoner's dilemmas have at times been shown to more accurately match human behavior than classical ones.
Or it could be that FF is perceptibly slower and currently has very weak dev tools. I personally use Chromium, which IMO, is the best of both worlds and actually, the only one of the three browsers that doesn't have EME (so you could argue it's better than FF in this regard). You also get a clear picture of the sites that stream with DRM (looking at you Vimeo).
I don't think the person you're arguing with is even necessarily denying this. He is pointing out that the trade-off of using the "perceptibly" faster browser has very bad long term consequences.
The W3C standard is not about whether the DRM will exist - to some extent it will exist regardless of what decisions the W3C makes.
The W3C standard is not about making DRM supported by all browsers and other tools - even if included in the standard, many makers of web technology will be locked out of DRM support.
The W3C standard is simply about whether we (the "tech guys") ENDORSE the use of DRM. And it DOES make a difference: if approved, DRM will be more common than if not approved.
That's why I wrote 'feature complete standards'. Anybody can come up with half finished standards that are only there to serve some proprietary technology.
An interface to an unspecified DRM module is not a useful web standard. And due to the nature of DRM, a fully specified DRM standard is also completely useless. DRM is just not compatible with open.
Which means you can't actually ship any useful implementation, since it won't have a backend to talk to. And an Open Source implementation would inherently be non-functional.
You can implement EME in open source (the part that W3C standardized), and then throw a closed source CDM module on top of it. You don't even have to provide the CDM, third parties can provide multiple ones.
This is in fact how it works in Firefox. There's no part of Firefox that is closed source, including EME support or even the CDM sandbox. The CDM is loaded at runtime from an external server.
Focusing on the W3C and/or it's relation with open source is completely and utterly missing the point, but it's explained enough throughout this thread that I see no point in repeating it once again here.
> You can implement EME in open source (the part that W3C standardized), and then throw a closed source CDM module on top of it.
Which means the whole thing doesn't work in a fully Open Source browser. EME is non-functional without a proprietary CDM.
It's like standardizing the <object> or <applet> tags: yes, they're a standard, but they're a standard way to talk to completely non-standard bits. But worse, because you could use <object> or <applet> to talk to an Open Source plugin, but a CDM completely loses what little function it has if open.
(That includes hardware-backed CDMs, since signed software you can't replace isn't Open Source either.)
>>>The W3C exists as place for these companies to work out interoperability standards.
Web for All
The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability.
Web on Everything
The number of different kinds of devices that can access the Web has grown immensely. Mobile phones, smart phones, personal digital assistants, interactive television systems, voice response systems, kiosks and even certain domestic appliances can all access the Web.
> We don't even need to pretend Firefox has any relevance in this particular space.
Browser market share changes widely depending on which capabilities browsers have. Firefox went from 0 to web dominance in a few years because it had a more compelling offering than IE. Then Chrome beat it to its own game. Then IE was kept alive on Windows in parts because Netflix' use of Silverlight. If DRM is kept at the add-on level in some browsers, then those browsers will succeed as DRM restrictions invade the web slowly, and publishers will not be able to ignore those browsers.
Even if Firefox came on board and publishers really started cracking down, I could see a DRM-free fork take hold. It could be called Firefork, actually. :)
Openness is not something one actor decrees. It is something promoted by a whole ecosystem. If W3C is the only opponent to DRMs, yes, it won't amount to enough resistance. If Firefox alone refuses to implement W3C-approved DRM standards, yes, it won't amount to enough resistance.
But if Apple does a DRM tech in Safari, that it is not approved by W3C, that it is not implemented in Firefox, how do you think they will get it into Chrome and IE? Heh, they'll have to pay a lot of money to Google and MS, or to accept reciprocal agreements, segmenting their markets, complicating the development of their tech.
It will slow them down, like it has so far. And if it slows them enough that they move slower than the tech they want to regulate, we win.
So yes, the W3C is just a stone thrown in the middle of the stream, trying to slow it down. It won't make much by itself. But at least it knows it wants to be a part of the dam.
We should make DRM as expensive, difficult, and unwieldy to use as possible. We need not and should not standardize the use of things that are detrimental.
"Oh, hackers will always be able to break into systems. So instead of making them do it ad-hoc, let's just create a standardized backdoor on every system. It will be less work for everyone."
Then only big medias companies will be the only ones able to reach as many users as possible. You have no idea of how expensive it's right now to target just browsers. Small producers will be constrained to only publishing trough their channels/platforms.
You're talking about the very people who build the systems here, not hackers. Standards bodies facilitate the work of implementers, they are not regulatory agencies.
"some publisher go to great lengths to try to disturb people from copying simple text and images"
Genuine question: why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all? I ask as an amateur photographer who doesn't want people to use their images without permission, especially for commercial gain. I choose to license my work as CC BY-NC-ND 4.0, but that doesn't mean others will necessarily honour my wishes. How can this be policed on a network as vast as the Internet? I get why DRM is almost assuredly not be the answer, but what are the other options (excluding CC licensing)? My issue here is that we make a lot of noise as to why DRM is bad, but the other solutions that I've seen are as bad, or offer little real protection to the content creator.
One problem is the unreasonable level of control over "second party" use - ie, people viewing it on the web as intended, but in a way that the publisher doesn't like. Whether they're using Linux or screen readers or adblockers or "non-standard" browsers. Even if they're just trying to fix usability problems in the site.
Example: streaming video on the Raspberry Pi; the hardware is quite capable of it but if it requires an x86-only plugin to do so you're out of luck.
Example: "readability mode" in browsers relies on the fact that currently text is not wrapped in DRM and can just be presented how you like it.
Trivial, petty example: currently on Twitter there's no sensible way to view images full size or save them without going via the DOM explorer.
The answer is that it's technologically impossible to prevent third parties from using your work if you publish it. DRM doesn't solve this problem, but claims to do so. As a result, genuine users suffer from DRM.
There was a post on Reddit recently which is a great example of this. Somebody said that Netflix didn't support their monitor as it was too old (i.e. didn't support HDCP). One of the comments suggested to get a HDCP stripper, a simple device for $10, which will disable the DRM.
Yes, all DRM is easy to bypass right now, but it works as a way to get studios on board with digital distribution. This brings up an interesting point. The main argument against DRM is that it is a slippery slope which will lead to more violations of freedom. But the problem with slippery slope arugments is that they're often unsubstantiated. We often don't know what the long-term effects of something will be.
What if DRM is actually serving the opposite purpose? By appeasing studios with weak protections, it may be preventing stronger digital locks from being developed. It could be that if the FSF and other anti-DRM organizations are effective in removing current standards, the industry will respond by developing something even worse, leading to an ever-stronger DRM arms race.
I'm not saying that I know this will be the result either, just that we don't really know what the effects of defeating standard DRM interfaces will be. The only real solution I can imagine would be to get content distributers not to want DRM, which is a very hard proposition. They have the money and the power, and they won't stop until they get what they want.
That's because DRM isn't and never has been about preventing copying. The intent has always been to transfer power from consumers to the studios and tech manufacturers. It doesn't matter if the DRM can be defeated by some subset of consumers as long as the idea that you don't have the right to us your purchases as you see fit. As long as this erosion of property rights and the doctrine of first sale becomes normalized and you start believing in artificial scarcity, DRM will have served it's purpose.
This is why it's so important to never compromise and accept any form of DRM. Compromise only shifts the Overton window[1] making change harder in the future.
> it may be preventing stronger digital locks from being developed
Even if "stronger digital locks" was the goal, you don't prevent future locks by allowing them today.
> the industry will respond by developing something even worse
They already do that.
> They have the money and the power
So they can use some of that money to develop their own players if they want to push DRM. There isn't any reason browser authors and the public in general should subsidize selfish businesses.
I'm not so sure that haivng a standard way to connect DRM to a browser is changing the Overton Window. It's a technical standard that no users are actually looking at. What percenage of the population would even know the difference between a NPAPI plugin and a HTML5 interface for DRM? If you went on the streets and asked people if they feel less in control of their media because the W3C approved a standard replacement for NPAPI in browsers, would anyone even understand what you're talking about?
There are historical examples where weak DRM became standard and never got replaced. Look at CSS for DVDs. It was broken early on, but nobody bothered to replace it because it was already standard and the hardware was out there for it. Yes, there's different copy protection on Blu-Ray, etc., but a lot of people still use DVDs, and they can easily back them up because of weak encryption.
There's definitely a lot of benefits to creating a culture that values personal control, but I'm just not sure this is working. I want a DRM-free world as much as anyone, but the message is muddled and people just want their Netflix. If Mozilla and the W3C both came out against it, Chrome, Safari, and Edge would still support it, and I think all it would do would make Firefox lose even more market share. I would love to see some evidence that it would come out another way.
Yes. That was my point. The goal is to change public attitudes, not practical enforcement of copyright. This has always been about shifting public discourse.
> It's a technical standard that no users are actually looking at.
Of course users aren't looking at the standard. The shift happened with the technically-minded people that eventually make recommendations to their friends and family. Just look at this very thread where people like you already accept the premise that DRM is anything other than malware that gives control over your hardware to some other party. The fact that you are making arguments that use language such as calling DRM a "digital lock" demonstrates how far the Overton window has already moved.
> If you went on the streets and asked people if they feel less in control of their media because the W3C approved a standard replacement for NPAPI in browsers, would anyone even understand what you're talking about?
You're trying to frame that question to get the answer you want. Of course most people are not familiar with NPAPI. However, if skip the technical jargon and actually ask people about their experiences, you will get very clear answers. I've literally never met anybody that wasn't directly profiting from DRM that thinks crippled video players are fine. Many have mentioned the things they would like to do but can't because of DRM.
> standard replacement for NPAPI
EME is not a replacement for NPAPI. At best it's a replacement for the DRM in Flash.
> weak DRM became standard and never got replaced. Look at CSS for DVDs.
Except it did get replaced - which you admit - in the next version of the hardware (Blu-Ray). The only reason DVD wasn't affected is the large amount of existing hardware. It's simply not possible to update all of the existing hardware players.
However, web browsers are software that updates regularly.
I'm not a good representative of public discourse. I've read Richard Stallman's blog for over fifteen years.
What you're talking about with hardware is exactly my point. We're talking about encryption, which I'm sure you support for individuals. Public Key Encryption is great for when you want to send a secret message to someone you trust to keep it secret. But what if you don't trust them? You have to convince them to trust you to have some control over their system, even if in a jail or a restricted VM. DRM is sender-controlled encryption employed by software.
So what happens if you tell the sender you refuse to run software you don't control and they still don't trust you? Their only other option is to convince you to use hardware they control. So rejecting broadcaster-controlled software might just lead to a demand for more broadcaster-controlled hardware. It's been done for years, but now we're moving from a full hardware solution to a more software-based solution, something you can contain and easily run with whatever restrictions you want.
I'm not saying it's good, but I'm not saying it's definitely not progress either.
I work on the video streaming sector and we get the shivers when a client wants a web application. And if anyone thinks media producers will allow their content to be streamed over a DRM free channel they're either naïve or stupid.
What Google, Netflix and others want is to stop the mess this is currently on browsers.
Exactly that. I have issues watching copy protected dvds on my playstation where if I pause the film for a short while the copy protection kicks in and I can't watch the film, instead have to restart and fast forward to when I'd paused.
That's content protection preventing me - a purchaser - using it properly.
True, it's likely a bug from either the disc or the player but if they weren't attempting DRM I wouldn't have the issue. Inconveniencing legitimate users because you can't implement the protections without it breaking isn't the way to go.
I know I can download a copy of a film, push play/pause and it will just work. I know if I buy a dvd I'll have to sit through unskippable piracy messages and ads and not be sure the film will play after pausing.
Even if it's not the DRM fault here there are plenty of other examples. E.g. You can't copy/backup a DVD on your computer/stick/cloud so once the DVD format is deprecated(i.e. Macs no longer have a DVD-drive) or the DVD is lost you can't play it anymore. Not to mention the convenience. The latest wonder from the DRM promoters is the HDCP: People with 4K TVs can't play 4K TV content anymore because of this new "feature"[0]. Apparently the only sane solution is to hack the HDMI cable.
> DRM doesn't solve this problem, but claims to do so.
If you actually listen to any of the arguments being made on the W3C mailing lists, none of the pro-DRM sides have actually argued such an absolute stance, because they're not stupid and can see DRM regularly getting broken. The argument primarily centres on "casual piracy"—some technically illiterate user sending a copy of "something fun" to their friends—and not on eliminating piracy or preventing third parties from using your work.
Such "casual piracy" is legal in my country, at least when it comes to music (and we pay for the priviledge, unfortunately). Publishers shouldn't mess with my rights.
It sounds like they believe there are more potential sales there than there are from other forms of pirates. (Whether that's true or not is anyone's guess!)
If you're a photographer, I can always make a screenshot, or record the video from my HDMI/DVI cable to the monitor or take a very precise photo of my screen, and I WILL get the photo from your website or app.
There is plenty of evidence that DRM doesn't stop copying: millions of torrents ripped from crunchyroll/hulu/netflix/Blu-Rays, all of those have some sort of DRM, all of them were circumvented. There are people who think that DRM is not designed to stop copying, but it's designed to control how legitimate users consume your product (see: DVD ads).
Edit: Please don't assume that this is the only argument I have, it's just the most obvious argument from the top of my head. There are plenty of people who explain the negative sides of DRM and reasons it doesn't solve the problem you described. They do it in a very eloquent way with rigorous arguments, and I don't believe that I need to repeat those arguments. I'd like you to listen to Cory Doctorow: https://www.youtube.com/watch?v=HUEvRyemKSg
Thanks. It's an iteresting discussion that needs to be had. As I said, I often see things along the lines of 'It's just bad, m'kay' without any reason. Your explanation is reasoned and cogent. Again, Thanks!
Producers don't watch BitTorrent statistics. They send a document asking stuff like: will my product be DRM protected?
If you answer no, then farewell pal, they won't allow their content to be on your platform.
Because it's literally impossible. If you want someone to be able to read your text or view your image, in the end the light has to reach the viewer's eyes, and that means it can be recorded. At best, DRM can be an annoyance. It can never stop unauthorized redistribution of material.
Perfect example from the 80's, an arms race to prevent copying of software, which ended up doing what ?
Software still got copied while increasing the publishers cost.
Now 30 years later, efforts to preserve are stymied by copy protection on failing hardware. In an ironic twist, the protection broken by the pirates is salvageable.
How can you expect anyone without a time machine to explain what it ended up doing?
For example, we live in a world where companies like Adobe or Autodesk can sell software licenses for thousands of dollars. Would that be true if software piracy became the norm decades ago? Would we be better off one way or the other? Who can say?
What if piracy was never invented and we all just paid our dues. What a happy little libertarian utopia.
>Would that be true if software piracy became the norm decades ago?
How many decades ago? I built my first computer and installed pirate Windows and Photoshop versions back in 97. Warcraft had questions you had to answer during installation that were answers from the lore in the manual. Do you think people in the 80s with the first personal computers would see their friend use a new software and then wait 4-6 weeks for their own floppy disk to arrive in the mail?
Not to detract from your argument, but most libertarians support either substantially scaling back or entirely eliminating IP law, including copyright law.
Internet piracy in general seems to be culturally quite left-libertarian.
They didn't anyway. But all of that is irrelevant. The point is that questions like the one I originally responded to are fundamentally unanswerable. Don't get too caught up in the specific example. It could just as easily be "maybe walking across the street on a different day causes RMS to be hit by a bus". Or Microsoft taking a different path delays the Gates foundation from eradicating polio by 30 years.
Because it works in a similar way to general security - it's reactive to the state of the art of those looking to get around it. Once someone has dedicated time to getting around it, those wanting to get around it have a free pass with that content to use it in the ways they want, whereas those who have no intention to are restricted in their use (which is usually more locked down than it needs to be for genuine users, thus more inconvenient).
I liked to see the image as the whole. Had it been made not directly viewable by the publisher I would have had great pain to make it happen. Now I just opened it on another tab.
SnapChat became popular because it restricts what people can do with a post. Its users don't seem to be suffering. So it seems that there is demand for this sort of thing from many users.
> why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all?
Because whether they are allowed to do that is a determination that has to be made by the law, not the company.
Imagine someone is using your work for commercial gain and you want to sue them. If DRM is a thing and breaking it is illegal, you can't -- you need to make a copy of what's on their website to use as evidence against them, they put DRM on it that says you can't. (In practice this rarely happens because all the DRM is broken anyway, but what does that tell you?)
And the same situation plays out in a hundred different ways. Imagine politicians owned all the clips of them speaking and could throw anything that discredits them down the memory hole. Or evil companies could prevent the press from publishing incriminating documents.
It isn't a matter of whether there is some alternative. That is a thing that cannot be allowed to happen.
> but the other solutions that I've seen are as bad, or offer little real protection to the content creator.
Frankly, "then don't put your content on the Internet" would have been the response 20 years ago. But that conflicted with making money over an ultra-low-cost, global, distribution medium so something had to give-way.
The early days of the Web had a real new-frontier feel, as if the common man had finally found a platform for communicating with the World. It was heady and thrilling.
But DRM, and content restrictions in general[0], is a rude reminder that the Web nowadays is primarily commercial and centralised and is run for profit, not enlightenment or sharing, and that creates an emotional response in many people. Perhaps that response is irrational, but it's widespread and deeply-set.
A closing question: why do you want to put photographs on the Internet but also want to control what people do with them? Why not just keep them on your NAS, nice and safe?
[0] I consider anything like -NC-ND to be content restrictions.
No argument to your points, but the quoted sentence deserves a response: It is not irrational to expect a product/service that is, and has always been, advertised as open & shared to be open & shared. False advertising, data sequestration and shady patterns are antonymous to the claims.
> why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all?
Because they do some really stupid and awful things with js and css. For example, some websites try to hijack the clipboard so that if you highlight a piece of text, no matter how small (and small is allowed by fair use), it'll replace your clipboard contents with an attribution to the website or completely forbid you from copying the text.
Some websites try to disable highlighting text via css or js. This one tries to hide its HTML source code, try looking at it without the DOM inspector:
Fuck off, the data is on my computer, my home, my personal affairs. Don't try to hijack control away from my computer. Your perceived and exaggerated sense of author's rights or copyrights do not trump my right to use my clipboard or browser the way it was meant to be used.
If we have a problem with how data is being handled, we take it to court. Letting people take data enforcement into their own hands by letting them subvert laws via technical means is vigilantism and a breach of rule of law.
> why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all?
Because it often breaks accessibility tools used by the blind, for instance.
It also has a potential to break the social contract that copyright is based on. Copyright doesn't last forever, but most DRM schemes that I know of don't suddenly go away when the copyright term ends.
> Genuine question: why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all?
Suppose the publisher's content consists of slander or government propaganda. They use DRM to prevent copying or archiving or citing it properly, and revise it as they wish, denying that older versions were ever published.
In the print days, you'd still have the old copy. Today, you can point to the internet archive. What if the text was DRM'd?
What the publisher wants to permit is one consideration. What the reader has a right to do with what they're reading is another.
"why is this a problem if the publisher doesn't want a third party to use their work without their permission, or at all?"
This misses the point. People when given a choice about something they don't fully understand will generally be conservative and protective. It would be very easy for the default to become locked-down for resources that haven't really had this fully considered for them. Which, if we're being honest, will be most of the web.
It's also not so much about using a third party's work - the more valuable thing is being able to see how something works.
If you want to share something, then share it. If you don't want to, then don't. Nothing is forcing people to share their content.
DRM is saying you want to have your cake and eat it too. It's sort of like they're sharing content with you, but not really. You have to consume it the way they want to you to consume it. That's trying to control the experience, not the content, and I don't see any reason content creators have that right.
If they don't want to let the content loose on the world, then they don't have to.
There are perfectly legal things one can do with your work under "fair use" that involve being able to reproduce your content that your technological lock can never discriminate.
I think it's a crass mistake to bet on restricting content, there are so many nascent ways for people to go p2p today (images, videos, audio, files), unless rare cases, if they lock data, people will share information their way. Lots of news fed from twitter users photos, vine and periscope streams. Publishers have a pandora box in hands.
Exactly. Even -- and especially -- your precious ad-blocking.
About which I, as many, feel conflicted. But if it's going to infect my computer, or distract me to the point where I can't use the actual content, then hey.
And DRM isn't going to fix any of that.
P.S. My primary concern is for open protocols and data, I should add.
But even for the average user/consumer, it bodes ill.
> If DRM is deeply integrated into the web then everything will get affected by it. Already today some publisher go to great lengths to try to disturb people from copying simple text and images. It will get only worse.
The question is whether a paywall is actually worse that 4MB of malware ridden ads (which is how content is payed for currently).
Anecdotally, I often think "just let me pay you directly!" for content that is shrouded in ads. I also actively avoid apps that use ads for revenue. I suppose that the infrastructure to do that is hard vs serving ads, and I suppose targeted ads generate more revenue...
As others have pointed out, this amounts to nothing. At worst there'll be no standard, at best there'll be a standard not under W3C control.
That being said, Netflix was a big pusher for EME, as far as I know not because they wanted it, but because the studios they license from demand DRM. Yet, they seem to have lost most of their "movie studio" catalogue and are now focusing on originals.
Netflix guys, what about allowing us to see the originals even if we don't have a CDM installed? That would kill DRM/EME faster than hollow FSF & EFF victories. FSF/EFF guys, doesn't this sound like a more promising campaign to you?
> At worst there'll be no standard, at best there'll be a standard not under W3C control
Wrong way around. From the anti-DRM POV, the best case is no standard, since that likely turns DRM web content platforms into an ugly battleground where multiple competing proprietary companies use horrendous tactics to fight over user share and platform dominance. All sorts of third party browser plugins will be needed, with the resulting mess of upgrades and incompatibilities and platform dependencies, and the whole world just ends up hating the whole mess and goes back to the free internet. Think in terms of Flash vs Silverlight vs Java applets all being superceded by the considerably less awful HTML5.
The point is to make DRM-afflicted content into as bad a product as possible. Having a standard for DRM is only a good thing if those against it have already admitted defeat.
The worry is if the content providers get together and make a standard outside of the W3C, and DRM content becomes a usable product without any consortium input.
This is an interesting POV, which I hadn't considered.
There are more outcomes possible than the one you suggested though. It's possible for one DRM standard to win out over the others, thereby entrenching one single proprietary, closed, intrusive and potentially patented solution into something that just has to be supported.
15 years ago we called this Flash. We've still not gotten entirely rid of it.
Maybe it's prudent to avoid a repetition of that situation.
You should read up an understand the difference between EME and CDMs. You are confusing them. I can't blame you, because the EFF/FSF are often conflating the two.
EME specifies a protocol to establish communication between a webpage and a DRM module. The DRM module is called the CDM (content decryption module). EME is what the W3C was standardizing, and can be implemented in open source.
The CDM is not standardized and is a binary, closed source blob.
In the end that doesn't really matter as the result stays the same. Sure you can openly implement EME but not the CDM, but without the CDM EME is pointless.
If W3C doesn't make progress in the way that the browser makers want, they'll just go around them. This isn't a possibility - it's happened before with WHATWG. The W3C exists to serve the browser and content makers who want this.
That's the part I think a lot of people forget: Apple, Google, and Microsoft are also DRM vendors. There is no nefarious third party needed to put DRM into most of the browsers people use, and Mozilla doesn't have anywhere enough market-share to do more than slow that.
And the W3C is ultimately beholden to its membership, and in a number of countries (including some the W3C operates in!) the difference between an industrial consortium and a cartel is the former allows anyone willing to abide by the consortium's process and pay its membership fees and the latter does not.
This is what will happen and Firefox can kiss its ass goodbye when it comes to, at least, playing video. Not sure about Chrome, but Safari and Edge can easily ship with EME and CENC support. Giving this possibility to open source browsers is a sensible thing to do. Because DRM, at least for video streaming won't go away.
> Netflix was a big pusher for EME, as far as I know not because they wanted it, but because the studios they license from demand DRM.
This is what they would like for you to think, but as you said yourself, their own content also has DRM applied. If they were really being forced (!) to do this by the evil studios, their own stuff would not include DRM. Netflix clearly wants their facade of protection too, and the studios are a convenient bogeyman, like Ticketmaster in the live events industry.
Netflix doesn't really "own" their originals. All the Marvel stuff is still owned by Disney, they just have exclusive rights to distribute.
Also, from a technology perspective, it would actually be really hard to remove the DRM from just their own stuff.
The delivery and encoding pipelines are all standardized around the DRM requirements. It would require a whole bunch of exceptions to remove the DRM just from certain content, on both the server and client side.
Hmm, interesting. My reasoning was along the lines of (for the absolut minimal solution):
1) you were able to introduce support for additional DRM systems/CDMs
2) thus, you should at least be able to introduce some kind of clear key system, like the Clearkey example CDM from EME.
3) write a blogpost on how subscribers may use this and that the video data is encrypted for technical reasons only and that you don't consider it a copy protection scheme under the DMCA and similar laws. Encourage user agent developers to handle it like no DRM at all. This would allow for watching Netflix using open source software.
Now that you'd have an interim solution running, keep in mind the possibility of no DRM when making future infrastructure decisions.
> as far as I know not because they wanted it, but because the studios they license from demand DRM. Yet, they seem to have lost most of their "movie studio" catalogue and are now focusing on originals.
Many of Netflix's "original" productions are still subject to similar restrictions, and are still produced by those very same studios. All of their Marvel shows, for example, are produced by Disney and licensed to Netflix for digital distribution. Some of their "originals" are actually international co-productions, where they're still distributed traditionally via broadcast television in other countries, and DRM is a requirement of the license.
He did not not stop the DRMs by this single measure, he put a brake on it. A delay, he bought time, he made it more expensive for people to implement them.
Which is what everybody in this industry should do if we want to avoid a DRM future.
The goal is not to stop DRMs, the goal is to slow down enough so that their development efforts can't cope up with the rate of change in the tech.
> DRM's dark history — from the Sony rootkit malware to draconian anti-circumvention laws — demonstrates that integrating it into Web standards would be nothing but bad for Web users.
This is where I get scared. What if DRM does not become a web standard? What is the alternative that companies will want to use instead?
That is for me the only reason why standardization might potentially be a good thing. Not because DRM is good, but because the alternative might be worse.
Everything in the past has been broken anyway. From CSS to AACS to HDCP[1]. I was hoping Firefox (and perhaps Chromium, but Google would probably not be so kind as to open source that part of the code) would have the DRM code built in so that we can spoof the whole thing with simple modifications. Better than having to reverse engineer Sony malware.
The most important difference between Sony malware and an open-source crypto library is not that the former is more difficult to reverse-engineer. It is that the former is illegal to reverse-engineer, at least in some parts of the world. This is what gives content owners the illusion that their DRM protects them. They are not looking for bulletproof technical protection. Social and legal high ground is good enough for them and their propaganda machine.
If DRM becomes standardized, it becomes much harder for the rest of us to make a convincing argument that this crap is not what the web was meant to be. The next thing you know, users of DRM-free browsers will be shown error pages telling them upgrade to a more standards-compliant alternative.
Your post pretty much nails the importance of opposing this in a few words. The (not) standardization of DRM is first and foremost a very strong political move.
> From CSS to AACS to HDCP[1]. I was hoping Firefox (and perhaps Chromium, but Google would probably not be so kind as to open source that part of the code) would have the DRM code built in so that we can spoof the whole thing with simple modifications.
That fails to fulfil the requirements of pretty much any level of DRM, and hence such an implementation would be totally ignored and unused, and sites would continue to use Flash in preference to it.
(I wish I could find the document Google published last year about the different levels of DRM the industry has been concluded need to exist for them to use; alas, I cannot!)
Primarily to have a standard API to determine what DRM schemes the UA supports. A less important part of it is to avoid a different code-path for each different DRM scheme each with its own API.
EDIT: I'm not trying to bag on them, I just think they need to work on their messaging if they want to be effective:
That website seems about as in touch with people not of the same mindset as the back pages of norml's website (once you got past the parts written by a pr person). It's got a rotating banner to "cancel netflix" which links to a 2013 post about how netflix will make you use only certain browsers. Makes the site either seem disused... or "tinfoil" as I think most consumers love netflix.
(note I only used norml as an example because their site used to (and may still be) well articulated argument on the front which quickly devolves into what many people would see as weakly argued reasons for letting me get high. it's why, in any movement, you put your articulate people out front even if they're not the real driver).
Dishonest by design I'd say. Many many vendors do not provide security updates[1], lock down their platform physically[2] and digitally[3], do not provide customer service[4], or make things that are intended to break before you may expect. There is 2-year warranty for electronics in the EU, but good luck suing some big American corp for your 1 year 11 month old device.
[1] IoT & Android comes to mind.
[2] Funny new screws in every iPhone come to mind, but of course there are a thousand product categories where the same happens.
[3] DRM in any kind of way. I would personally count all closed source software in this category, but as a software engineer who might like to tweak a feature in the source, I have a different perspective on what "locked down software" means.
[4] Google for any product, Microsoft for Windows, and many other such companies. Either they have a big fortune to not care about the couple of customers that run into trouble (e.g. Google), or they think it's not their responsibility since they don't sell directly to customers (Microsoft).
Isn't this just an arms race that they can never win? Regardless of source, encryption, format, etc. If a frame of a movie eventually makes it to my video card's buffer, I can get at it, right? There is no end-to-end encryption from source into my brain.
I can only see this just being a colossal inconvenience for users, developers, and many many innocent applications.
The end game would be decrypting it in the display device (better have a movie conglomerate approved video card and display device so everything supports the drm!) + one of the many solutions lately that can cause recording devices to (voluntarily at the device level, not at the user level) turn off.
Then of course you just use a non-broken recording device and record it but it'd be potentially very hard to get a purely digital signal out of a system like that (unless they mess it up, which they will).
And in the end pirates will continue getting to it an alternative way or cracking the drm and as you say, users are the ones inconvenienced.
Vote with your money. Don't buy Apple or Google devices, don't pay for Netflix or similar DRM streaming systems, don't buy Kindle books, don't buy Steam games. Buy unlocked media only, and don't forget to create some of your own.
I wouldn't ever buy content I will own with DRM, but if you think you'll ever see streaming without DRM you're crazy. Personally I've done my fair share of pirating for various reasons, and I think streaming services are the ONLY reasonable use case for DRM. You aren't actually purchasing content.
I think DRM is anti culture. Human history has been about sharing. We are a product of the whole. Cultural wealth has been passed down hundreds of years. Now the story tellers and singers do not want you to repeat their stuff, which put in perspective is not a very cultural thing to do.
And the only reason they can do this is because interests can congregate and technology can be abused but it seems morally and ethically questionable. You are not stealing anything, you are watching or listening to a product of our culture. You do not take anything away from anyone.
Its just a small period of 70 years before the internet when mass media and content creators could colloborate to
'manufacture trends', hits and disproportionate wealth.
Before that artists went broke and risked everything just to get their stuff published and out to readers and viewers. Obviously this is not how it should be but the whole 'jetset star lifestyle' may not always be possible simply because you are an artist.
The problem is now that kind of 'trend manufacturing' is much harder to pull off. But the entire industry from studios to artists have got throughly spoilt, got used to those disproportionate returns and are now throwing all their toys out of the pram.
Artists create but the rest of the world is also busy creating stuff. Engineers, industrial designers, scientists, programmers, eveyone is creating stuff. Can anyone just be 'entitled' to extraordinary wealth just because they create. Maybe its their cost structures, business models and expectations that need to change.
DRM is just a tantrum backed by money, its rent seeking of the worst kind and our democractic institutions and systems are so compromised by special interests they will continue to get their way.
That's a bit disheartening. Instead of having a basic standard to start with, we will now have none.
The issue that FSF and others appears to have is with the Content Decryption Module which is a binary blob at the moment.
Standardising/opening up the CDM spec could have been done afterwards.
If the W3C were a bit sneakier they could have played a bait-and-switch game on the content providers and push for a standard/opensource CDM at some point.
Why couldn't there be an open-source CDM?
You could have an "open source" implementation. But you couldn't have an effective free software implementation, because it wouldn't be possible for it to be an effective DRM measure. If you have free software DRM, what stops a user from removing the DRM components (hint: nothing)?
Nothing will EVER stop it. DRM is a scam, nothing more, nothing less. As long as human beings have access to the data that they are (legally) allowed to have access to, unencrypted data will exist and will be pirated.
Steam solved the DRM issue eons ago: become the best place to get something, and people will flock to you to get it.
Arguably GOG solved it by not having it at all. Seems to be doing fine; outside of AAA studios, game devs don't seem to be going for it any more, giving GOG a healthy libary. And the AAA's have kinda lost enthusiasm for it outside of Ubisoft.
> Nothing will EVER stop it. DRM is a scam, nothing more, nothing less.
I'm very anti-DRM. My point to GP was that there's no point wishing for a free software DRM implementation -- because there's no way the people orchestrating the DRM conspiracy would allow for someone to remove their precious cashcow^Wdigital restrictions.
> As long as human beings have access to the data that they are (legally) allowed to have access to, unencrypted data will exist and will be pirated.
Yes, this is true. But I really wish we would solve the actual problem: corporations thinking that DRM is actually a benefit to anyone.
> Steam solved the DRM issue eons ago: become the best place to get something, and people will flock to you to get it.
Steam has DRM (the games are tied to Steam IIRC so if your account ever gets deleted you're fucked), so I don't know what you mean by "solved the DRM issue".
Steam has DRM (the games are tied to Steam IIRC so if your account ever gets deleted you're fucked), so I don't know what you mean by "solved the DRM issue".
I pointed out the same thing elsewhere in this thread. Steam didn't solve the DRM issue (it still has it) and it didn't solve the "piracy" issue (you can still pirate Steam games by ripping their DRM).
It solved the "lost sales" issue, by making it so extremely convenient to buy games legally that anyone who can afford to just isn't going to bother pirating stuff.
Do you have any stats on how many publishers use the DRM? I get the feeling that the numbers are quite high for AAA games. Also, the DRM being "trivially breakable" doesn't actually help anyone -- if you buy a game then break the DRM you're implicitly signalling that DRM is good to publishers.
.. of course, Steam is a closed source product serving a closed app store on two and a half platforms. It's not really the same thing as a video player implemented in multiple open source browsers.
(Steam also gains a lot of goodwill from discounts, which media companies are strangely unwilling to do)
Desura, I seem to remember, was buggy as hell and didn't support half the games that steam did. However, even with those problems, I think the problem of coming in late to a space that's already dominated did most of the damage to them though.
You could add to the first claim "offer a good product and pirating will stop", with "lower economic inequality", so despite Steam being nice and all - pirating exist where its still too expensive to access their games.
It would be nice if the pricing of Steam was adapted to the economic conditions of the country - but that then has problems of rich country users would probably find proxies in poor countries.
Its just not fair for someone making/having enough cash to buy Steam games with pocket change, while another large group of people have to plan and save for months to get same access, of course they will find other methods.
>It would be nice if the pricing of Steam was adapted to the economic conditions of the country - but that then has problems of rich country users would probably find proxies in poor countries.
This is a thing. Steam games have different prices in different countries, and there is some amount of region locking going on. On websites selling steam keys you will often find Russian keys that can only be used through a proxy.
I think the bigger thing causing piracy is inequality in the same country. Steam sales are a good measure by giving patient people significant discounts, but apparently that's not enough to completely eradicate piracy.
Oh, not arguing Steam is an awesome tool in generating more revenue for the publishers. But it didn't "solve" the DRM problem. It mostly showed that it's a red herring.
(Steam itself is also DRM, but AFAIK easily broken so more perfunctory).
I guess it depends on what the DRM problem really is. If the problem is that companies don't make enough money because of pirating, then Steam did solve the problem, because they make enough money despite pirating.
> what stops a user from removing the DRM components
I think inertia and convenience. Casual users won't hack around trying to rip Netflix when they have already paid for it.
Also since services like Netflix are in the cloud they allow for viewing from multiple devices and other benefits (remembering where you left off, etc).
Sure, there might be some savvy developers out there that might put out a custom build of Chromium with a stream ripper plugin. But that still means that some users have to pay for content.
I'm talking about a free software DRM implementation -- where users have been explicitly given the freedom to remove the DRM. Sure, not everyone will modify their copy of Chromium but once a single developer does and creates a fork of it, that's all you need (and that's why freedoms #2 and #3 are so important).
The reason I pointed that out is because wishing for a "free software DRM implementation" is a bit silly, because having a free software implementation contradicts the whole purpose of DRM (which is why we should reject DRM as a concept, not barter with DRM proponents about what the licensing of the DRM binary blobs should be).
DRM as a concept is incompatible with free software. Having "a majority of the code path free" is not a meaningful or useful statement -- a piece of software that has proprietary components in it makes the entire piece of software proprietary, especially if removing the proprietary component removes critical features of the software.
What they should do is to create a standard open source license that all DRM must use. Instead, we now have none. Current DRM just pick their own license and that means many are incompatible. Some is binary blobs, some aren't. Wouldn't it be better for everyone involved if there were a standard?
There is a limit to what standards can and should do. At some point it will do more harm than good, and that point is basically reached when there is no common ground. DRM is as warmly welcomed in a free software ecosystem as forced open sourcing would be for drm producers.
> What they should do is to create a standard open source license that all DRM must use. Instead, we now have none.
There is a very simple reason for that: DRM and Free Software are fundamentally incompatible. So you cannot have a free software license that would allow for DRM software released under that license to restrict users (by definition: DRM violates freedom #0).
> Current DRM just pick their own license and that means many are incompatible. Some is binary blobs, some aren't. Wouldn't it be better for everyone involved if there were a standard?
No, it would be better if we stopped trying to play nice to the DRM conspiracy.
> DRM is as warmly welcomed in a free software ecosystem as forced open sourcing would be for DRM producers.
... I don't know what definition of free software you're using. But according to mine, DRM violates freedom #0 by definition. And the DMCA means that DRM also effectively violates freedom #1 (namely removing the DRM) too.
Some publishers just use flash to manage digital media, and there is free FLOSS version of flash. It is not very effective as copy protection, but drm is not the same as copy protection as Denuvo often points out.
If one look outside of the webrowser, there is also tools like tmp-tools, as linux have tpm support for quite a time now.
As copy protection they are either ineffective or, to use a security term, broken. Some companies care about that and will not use it, while others will (know several examples, like the Swedish national TV, which has broken copy protection but don't care/mind). This is why such standard would be a poor choice, and having no standard is better when there a well established understanding that a significant portion of implementation will be standard incompatible.
EME is bad because a significant portion of website will not work universally on all machines. The current system is better, and all EME is doing is causing is placing the DRM battlegrounds on W3C rather than making innovation for the web.
tmp-tools is libraries/tools to talk to TPM's on a linux system. Using them, one can implement concepts like trusted boot, and there were/is a patch to grub for that.
There seems to be lots of confusion of what EME is because people bring up images, text and games. First of all, EME is targeted to video and, to less extent, music streaming.
Streaming video content to web browsers is, currently, a mess. There are many DRM schemes and each does its own crazy shit to try and make it work on everyone's browser. It's also expensive. So expensive that only big companies will target big platforms.
Also, EME doesn't affect only web browsers, it also affects SmartTVs which are limited to a few DRM products.
What EME and CENC try to achieve is to add simplicity to this process and for open source products to be able to compete with closed source ones. Even small DRM products are moving on this direction because it's impossible for them to target all platforms. On this regard, even an open source DRM scheme could be achieved and compete.
DRM, EME and CENC will happen, and this only hurts open source products like Linux and Firefox. But it will happen.
Pardon my cynicism but there is no stopping this. Money talks, money is power, activists lack both the power and organisation of large corporations.
I foresee a near future where only a few in society will be able to use the internet safely. There will be subcultures, small segregated pockets of people who refuse the big corporate alternatives on the internet.
We're already seeing this today, think about it. I'm speaking from a Swedish perspective but when piracy on the www was relatively new in the 90s you'd go to "your guy" with the CD-burners and they would give you the movie, game, software you needed.
Only a few people knew enough to keep up with the trends, the BBS, the FTP sites and the newsgroups. Though there was little to none legal problems there were instead technical problems to piracy.
Then we had the piracy golden age, from about 98 to 2015, or today even. When everyone and their grandmother pirated. It was so easy, and torrents made it even easier.
But now the biggest ISP in Sweden has started handing over personal information of their subscribers to foreign companies who are sending monetary demands to the customers if their IP is found on trackers. So instead of being taken to court, just pay the money right?
That's just the start, it will only get worse because corporations have all the power.
But let's look at another example less sinister than piracy. Let's look at simple tracking and web security. Even there you have to be relatively computer savvy to keep up with the new tools, Adblock is out, uBlock is in, Noscript author is under fire, alternatives are often hosted on github.
See what I mean? Safe web browsing is being restricted to a few people savvy enough, or interested enough, to keep up with that scene.
So already, today we're seeing what the future holds for the internet. Any privacy conscious, safe browsing will be pushed to minority subcultures using different platforms, tools and networks than the rest of the population.
The internet will be just another TV or Radio, with indie broadcasters fighting to remain free in a vast sea of big corporations.
We'll most definitely always have open source browsers but the question is how well these browsers will support the new DRM internet that I foresee in our futures.
So pardon my cynicism when I see no positive outcome for DRM on the web. I see instead a majority of content under DRM protection, some of it being copied by a small minority in society and spread through other smaller networks of people who refuse the mainstream web standards.
How this is achieved is just a technicality. It is inevitable because there's money in it and as long as there's money in it corporations will pour money into lobbying to change the rules in their favor.
I kind of have a pet theory on this: We need to take away the money aspect from here. We've started entering a post-scarcity society, but our economic models don't account for that. It's free to distribute media, but our economic model demands that we have a paid gateway. I don't know how to solve this, but I do think that we'd be better off once we get it fixed.
Unfortunately, it's peoples very nature to avoid paying for things if they don't have to. Whereas I don't support the wholesale DRMing of everything, I do support the Content Creators right to be remunerated for their work.
Without DRM, people will steal stuff without regard for the creators survival. This was seen most visible in the Pop Music industry. Piracy was so rife, that indie musicians were considered too big a risk for the labels, who turned to low-risk-low-cost 'music factory' style churning out of the same low quality pap that the popular charts is now peppered with.
If we don't protect artists (by this I mean, musicians, game designers, visual artists, program makers etc.) from the people trying to steal from them, there will be no quality content going forward, and the only form of entertainment will come from the mega-corps trying to peddle their wares in the guise of ad-laden media.
So, in my view, a standard cross-platform secure DRM model for the web is required. If you want to consume it, you should be prepared to pay for it.
> So, in my view, a standard cross-platform secure DRM model for the web is required. If you want to consume it, you should be prepared to pay for it.
These are completely orthogonal to one another. People pay for content when they can get a good service at a fair price. For the longest time it was much easier to torrent movies and shows than to try and navigate through the cesspool of TV scheduling, ads, etc. Netflix fixed that and now people pay for content. The same happened with music. DRM solves nothing as it only takes one determined person to break it and then everyone else gets a great experience. Meanwhile all your paying customers have to suffer through a poor experience thanks to DRM. It's self-defeating.
I can second this. For example one of my favourite artists' work was so rare at some point in the past that it was only possible to get my hands on his work is to torrent it. Now we have Spotify and bandcamp so I can listen to whatever I want wherever I want whenever I want and I'm willing to pay a nominal monthly fee for the service.
True. Spotify is also a leaky abstraction. For example there were all albums of Atrium Carceri on Spotify and 6 of them were removed more than a year ago. I asked AC what happened and he told me that they are "reprinting" the old albums. I don't know what does that have to do with Spotify but now I'm in the limbo of sometimes navigating to bandcamp to listen to an older album and then navigating back to Spofity...I won't buy his albums because of the promise that he will put them back sometime but it haven't happened yet.
> Meanwhile all your paying customers have to suffer through a poor experience thanks to DRM.
No, that's all thanks to rubbish DRM. You are confusing the concept of DRM with the implementation. Good DRM should be seamless and no-different (to the end user) to non-DRM content - it's this area that is failing, and why the current failure to settle on a good DRM standard is resulting in so many badly implemented proprietary systems.
>Good DRM should be seamless and no-different (to the end user) to non-DRM content
There is no such thing. DRM tries to do something that's fundamentally impossible. It wants to allow you to view content while at the same time not allow you to copy it but that's a distinction that only exists in intent not technically. It's also impossible in practice since at best it could aim to be as good as not existing at all but since it's not made of magic pixie dust but is actual hardware and software it will both fail open and fail closed. The fail open cases will be used to get the content out of it. The fail closed ones will frustrate users who just want to be able to view their content who will then grab the illegal copies and will soon figure out that they are paying for an inferior experience.
You are confusing the concept of DRM with the implementation
He's not confusing it. Due to its nature, it's not possible for DRM to be un-intruisive. The concept is broken, and consequently, the implementations too. It's not like smart people haven't looked at this problem!
Nope. That's the whole point. There isn't a good implementation of DRM (yet).
I think people are reading what I wrote and saw me championing the current DRM implementations we have (hence the down-votes). I wasn't. I was simply pointing out that DRM is necessary if we want people to continue to create quality work.
Not every is an Open-Source/FOSS advocate, and also starving artists need to eat.
At some point encrypted data has to be decrypted, image data has to be displayed through a monitor and sound data has to be played through a speaker.
It's impossible. The only "good" DRM is Steam because it pretends to be strong DRM when in reality it's just talking to the steam client and decrypting an executable with a key that is stored locally. All you need to do to bypass it is find the original entry point, set a breakpoint there, dump the unencrypted data and modify the dumped executable to start at the now unencrypted entry point.
Good DRM can be as unintrusive as possible, but it cannot be as good as a non-DRM solution because it has additional requirements. It needs to check that you've paid for the content and therefore you must log in to use the service. It needs to enforce regional licensing restrictions, etc.
See popcorn time vs netflix. Netflix is probably as usable as it can be given the requirements. But it's still not good enough.
Ha, but the thing is, DRM makes it harder to pay for content, because it adds inconvenience and hence makes the content less attractive. This is especially true if there are free alternatives (pirating, ad-supported services) that don't have the downsides of DRM. And all DRM is defeatable, so pirating is always an alternative.
The point is to make the acquisition and paying for content as smooth and buttery as possible, so it's easier to stream or buy from a legal service than it is to find a torrent with the right language and subtitles.
This is understood by a large part of the industry (you don't see "anti rip" CDs any more), and many game publishers are only doing perfunctory DRM. But not by the movie studios, it seems.
The most pleasant experience I've had paying for and consuming video in the past 15 years was Horace and Pete. Heard about it through an email subscription I voluntarily signed up for, bought the first episode for a few dollars (I used Amazon but there were several options including bitcoin), downloaded the DRM free MP4, watched it, liked it, bought the rest of the episodes, downloaded, watched, downloaded, watched... No previews, no ads, no proprietary viewer, no searching through huge lists of things I will never want to see. Even when there was an option to sign up for the newsletter, which I already had, it defaulted to something like "No, don't bother me ever again you fat looser". I have all the episodes on my main computer, backed up on an external drive and in Amazon Glacier (just in case of extreme loss). When my kids are older, I'm going to show it to them and I'll know right where to find it and what the experience will be like instead of wondering if it will still be available, ad free, through my mid-tier Disney Huflix subscription.
Edit: Forgot to mention, I say past 15 years, because there was a brief moment in history where DVDs had a similar experience, the worst thing was maybe having to hit "Play". That was before "Disney FastPlay" which just gets to the ads faster, right after the 30 second explanation of "FastPlay".
It is disingenuous to pretend DRM is about funding content creators, it's really about corporate revenue, which is not at all the same thing. Content creators are and will continue to be treated as a cost to be minimized by these distributors.
It is also disingenuous to suggest that DRM is equivalent to paying for content. They are related, but separate issues.
They are not separate in any meaningful way. From the perspective of content owners, they want DRM because they want to ensure people who consume their content have paid for it. From the perspective of consumers, those who want to circumvent DRM in order to avoid paying for content overwhelmingly outnumber those who oppose DRM on principle to the point that the voices, and more importantly, the money, of the latter are completely drowned out.
They absolutely are completely separable. DRM is one technological approach to enforcing a model on payment for content. There are other models, and other mechanisms to encourage payment or reduce non-payment.
To pretend that DRM is unique, or in some way the natural approach is folly.
DRM is not the implementation or the technology, necessarily.
Those who own copyright want to deny the ability to copy to others, because they fear it devalues what they have. That doesn't make it right, or natural, as if any of that even matters. It just means that a group of people exist who want to be able to enforce copyright. And the opposition to that is, by definition, those who want to be able to make copies of things without the blessing of copyright owners.
If DRM were perfect, there wouldn't even be a technology- or freedom- based argument against it.
You fund creators from corporate revenue, though. They aren't going to make any money if there is no DRM either. There also have been plenty of independent publishers and small studios that have been hurt by piracy and the lack of DRM, too.
Sort of, as there are other models. What I'm objecting to is the claim that a) DRM is just necessary and b) we are talking about it as a mechanism to fund content creators.
a) is simply not true
b) is mostly not true - DRM is used to prop up a desired business model for many layers between consumers and content creators - the content creators incidentally get a small part of the revenue, but that isn't really what the conversation is about
So if we are talking about these things, we should at least be honest about what we are talking about funding, and how.
Why does it matter if Netflix or others lock their content, when it is already available pirated elsewhere? People still pay for Netflix even though they could watch everything for free.
It does not stop with movies or music.
If DRM is deeply integrated into the web then everything will get affected by it. Already today some publisher go to great lengths to try to disturb people from copying simple text and images. It will get only worse.
Currently the openness of the web has been very beneficial to the people willing to make an effort to learn the web technologies. I think that this has opened the field for many talented people. You can just inspect the page and try to learn how it is made by reverse engineering it. This will go away and you will get the inaccessible binary blob instead.