Ask HN: Will the new W3C EME DRM standard make pirates' jobs easier?

1 points by whitehat2k9 9 years ago | 1 comment

The W3C is expected to ratify the EME (Encrypted Media Extensions) standard for DRM'ed video on the web. This will essentially provide content creators with a uniform, standardized way to protect their content as it's delivered to consumers over the web.

However, wouldn't standardization actually make it easier for pirates (as well as legitimate consumers who wish to download a copy) to capture content? For example, what prevents someone with a penchant for reverse engineering from interfacing with and/or intercepting the media stream from the DRM module? What prevents someone from developing a modified web browser with the ability to directly download DRMed streams?

Mindwipe 9 years ago |

EME isn't a DRM standard. It's an API for passing over the keys to a DRM system. So no, it doesn't make things any easier than the object tag ever did.

The DRM module doesn't necessarily pass the content back to the browser if it's an OS component (which it often is) - there may be a secure video path. Heck, in the case of Netflix's 4K service, it appears the OS itself doesn't even see the content, it's entirely kept within the GPU in a secure area.

If the DRM system does pass back the content to the browser then you could stream rip it from the video path, but 'twas ever thus. And it's worth noting in those scenarios content providers only seem to allow non-full HD content to be shown.

There's nothing in the EME specification that defines how a DRM CDM module works, so there's nothing to help compromise one in the specification, and generally speaking for the last few years DRM systems have actually got pretty good at protecting their keys to prevent impersonation.