W3C green-lights adding DRM to the Web's standards(boingboing.net) |
W3C green-lights adding DRM to the Web's standards(boingboing.net) |
It won't stop piracy, even if it means holding a camera up to the screen to capture the data.
However locking down the browser itself is simply ridiculous. it reminds me of snopes.com disabling right click.
I mean, look at what Steam has done to the video game industry; or iOS/Android app stores. When it's easier to buy the copy pretty much nobody is going to bother stealing it.
With a digital good you can copy over and over, and never subtract the original author of its own copy..
The industry itself tried to implant this wrong concept on the peoples mind so they would think its the same.. only its not..
i think the best approach from them would be to accept that new reality in the digital age.. and try to collect money from good customers, the buyers, and try to collect from the people that have made copies of the work by stating they have obligations, and expenses to do that work, and ask for the users the support..
i think thats pretty much what microsoft did with windows.. trying to fight with a possible customer treating him as the enemy, will only hurt them in the long term..
They need to think with a new perspective, not with the same ideas as the XX century.. it will only cause them more damage than good.. people will see them as the enemy, much like we are seeing now
This is doomed before being born (or I missed something).
'By contrast, W3C has now put its weight behind a restrictive future: let's call it "DRM-HTML".'
That's money and time they will not spend doing something useful for their interests.
DRM is a non-starter, for me. Keep your shit out of my peanut butter.
They would be better off having some sort of plugin archetecture that allows this kind of development for specific platforms...
How does this standard prevent that?
You can still get the entire page, it comes in over the wire. If they do this, I would assume we can just capture the raw data, and new apps that decode that raw data and give the same tools as the browser developer tools offer.
If not, hopefully there are browsers who refuse to implement, and hopefully it takes less time than it took Adobe to learn their lesson.
Doesnt change anything for the client.
The providers will swap an object tag for a video one ,that's what it is all about.
It's basically a Flash or Silverlight for video and sound only.
I think I threw up a little in my mouth when I read that.
"A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the "Web" technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."
They suggest the W3C may be digging itself into another hole like the one that led to the formation of WHATWG. A good read.
[1] https://www.eff.org/deeplinks/2013/10/lowering-your-standard...
I may be totally naive here, but I'm not really sure why this matters. That there is a WC3 standard does not imply that browsers have to adhere to it. If they didn't they simply wouldn't be able to access DRM protected content. From a UX perspective this seems no different from Netflix putting their content behind a login. Maybe I am being an idiot, if so please correct me, but this doesn't really seem like anything to worry about. The threats implied by EFF, that massive corporations will control content on the internet, seems only true for content published by those massive corporations (and thus are already happening now, with 3rd party DRM ie: Netflix's Silverlight player). It doesn't stop people from publishing non DRM protected content.
I would agree this doesn't belong in the spec on technical level, but it seems to be inclusive not exclusive.
1 - We'll lose the W3C. We'll have to either create another standards body, or go back to the 90's situation when nobody agreed on anything.
2 - There are a few places where actualy reading the data somebody sent to you is a crime. Despite the drawbacks on those kinds of law, some of those places are still very importantly economically, and we can't just ignore them, at least for now. If you create a code for "don't read this data" to be sent over the web, disobeying it will become a crime there.
What the hell are they even talking about here? Since when has ANY browser been "Fully, 100% W3C Compliant"?? Answer: None. Ever. Seriously.
There are rafts of non-compliant features, both legacy and newly introduced, in every single one of the most popular modern web browsers. (Even Opera!!) Certainly, with the last decade of popular support pushing Browser Vendors towards W3C compliance, the web has been more standards-based than ever before.
But this is just a silly argument. I agree with the political aim of the EFF here. But let's not just invent things or misrepresent things. It makes them lose credibility in my eyes.
It's the equivalent of standardizing the object or embed tags: it's a standard way of getting at non-standard functionality, and sites then depend on specific implementations of that non-standard functionality, the same way they depend on the Flash plugin today in ways that knowing how to implement the object tag doesn't help with.
Standardizing a single fully-specified mechanism for DRM might actually be useful (debatably), but that would break the current model in which DRM is completely unsound and relies on security-through-obscurity. "Standardizing" a means of getting at the myriad non-standard DRM implementations and their non-standard APIs is worse than worthless: it's actively harmful, and it prolongs the death of those technologies.
Right now, content providers have to choose whether to support the open web or DRM. They should continue to have to make that choice, with supporters of the open web reaching a larger audience, until eventually all the holdouts either switch or lose. This is a major step backward for that goal, and the W3C has no business claiming EME has anything to do with the open web.
Pretty much like Firefox and IE6 activeX sites, or iPhones / android and flash. DRM simply restricts playback devices.
That depends on where you think UX ends. That login will work fine from within an open source browser and/or OS you compiled (and possibly wrote or tweaked) yourself.
I haven't read the article, but if that DRM works, it wouldn't run in your browser on your OS, as content providers would not trust them. Chances are that your Chrome, Firefox, or Safari extensions wouldn't even work with the DRM (at best, they would get disabled on protected (from you) pages.)
The W3 proposals suggested do not in fact mandate browser vendors implement any DRM scheme to remain 100% standards compliant. This is myth that gets repeated on HN surprisingly often.
The issue is that some big name content providers don't want to sell you content unless they can also install things on your computer. This fact remains regardless of the technological implementation details.
The overwhelming majority of content on the web is DRM free. These proposals do not mandate nor give any incentive for that content to be protected if it is not already.
Sure, but we don't have to aid them in their quest
>The overwhelming majority of content on the web is DRM free. These proposals do not mandate nor give any incentive for that content to be protected if it is not already.
The practical effect of being able to deliver DRM'd content to every non-technical web user, without first having to get that user to download and install your proprietary software, is just massive. This is one of the biggest falloff points in the conversion funnel, so it makes this new delivery method highly attractive. As it is now, businesses have to balance the cost of losing customers against the cost of not being able to DRM their content. Take that dilemma away and I think you certainly have a new incentive. The practical effects of this are far reaching imo.
If anything this is worse than proprietary plugins because those used documented APIs that any browser could support, whereas this is integrated into the web browser itself.
But more importantly the idea of HTML5 was to get rid of proprietary closed source plugins like Flash. Adding DRM to HTML5 will make it rely on proprietary closed source plugins.
I hope the W3C reconsiders. If somebody feels the need for DRM then they should implement their own stuff outside of the open web.
What this standard actually specifies however, is only that the browser will respond to a certain tag by looking for some proprietary-ware to play whatever audio and/or video someone wants to restrict.
This is a disappointing move on the part of w3c, because it lends some air of legitimacy to DRM, and because it revives the otherwise dying plugin system under a new name. But it doesn't actually force DRM on anyone or restrict the ability to do anything on the web.
The best case would be that users are unwilling to install the black-box-ware in order to see videos or whatever, and the feature is little used and the copyright exploiters have to either unlock the content or go away with it. None of which would be bad.
I dislike DRM as much as the next person, but if it's implemented reasonably (think Steam or Netflix), then many consumers are willing to deal with it. EME was what enabled Netflix on ARM-based Chromebooks, for example; and I prefer EME to not being able to legally access media at all.
It is certainly the case that several individuals editing specs under the WHATWG banner have set out their opposition to DRM. It seems unlikely that Hixie will include it the HTML spec he edits unless, of course, we end up with something implemented in browsers that is both interoperable and open. Since "open" rather defeats the point of DRM, it's difficult to imagine that happening, however.
It's a tragic comedy that everyone's yelling at the W3C for losing their way yet again... the WHATWG, weren't they great. Yet the WHATWG is basically a proxy for Google, Apple and Microsoft. And they have driven the W3C agenda for a long while.
When you repeatedly shit on the hippies, academics, and non-browser makers that had more sway in the past at the W3C, and replace them by corporate browser makers, you weaken the antibodies that were in place. The WHATWG's presence has marginalizing other voices within the W3C and forced it to listen to its primary members - i.e. corporate, pay-to-play ones.
Makers of Flash and Silverlight were a 3rd party in the DRM battle. They had to worry about their plugins' marketshare and could not implement too user-hostile DRM. They had to balance pleasing media corporations and users.
Now there won't be anything stopping MPAA's CEOs wet dreams running in your OS's kernel. Media corps have Netflix and Google (Play Store) in their pockets and can force them to ship all kinds of nastiness — under W3C's brand name.
But they're just voices in a large game: Microsoft and Google are co-editors with Netflix of the new DRM spec.
But the moment the MPAA muscles their way into the debate, suddenly we're all about DRM.
If you want DRM, you use a plug-in or a separate application. There's no reason that an app like Netflix or whatever can't use pure-HTML for everything but the video-stream and use a plug-in based object for the stream.
Keep HTML free.
That's exactly what this standard would allow.
For example, 12 years ago W3C attempting to push "RAND" patent licensing into HTML:
http://lists.w3.org/Archives/Public/www-patentpolicy-comment...
This was 100% against the concept of a free, open web, and it took a huge effort to stop it happening. It's crazy that it even got that far.
So it's no surprise that they're pushing industry interests again today. I lost all confidence in that group safeguarding HTML a long time ago, and it looks like the they haven't changed.
It would be great if anyone opposed to this would contact an organization on this list, ask them why they're endorsing and funding DRM and the end of the free Web, and if not, when they will be resigning from the W3C.
Every name you can get stricken from the list is up to around $70,000 per year defunded from what is now most effective driver of DRM in the world. [1] Getting some public statements from the membership would be educational, if nothing else.
[1] http://www.w3.org/Consortium/fees?countryCode=US&quarter=10-...
It's not bad or good for consumers, at best, it's about the same. It's very simple, studios will not allow you to rent their movies without DRM. Netflix will not be able to function without DRM. Neither can steam. It's not up to them, it's up to the content providers, not companies like Netflix.
Is it stupid? Yes. My high school teacher, with no technical knowledge what so ever had a way to brake almost any video DRM. He would play the video on his TV, and record the image with his HD Cam. Stupid? Yes. Effective? Also yes.
The point is, as long as its a plugin type of architecture, not part of the browser binary, what's the big deal. How is it different from Flash or Silverlight?
Oh, and to everyone that proclaims that DRM is bad. Many of you are developers for startups. Is your startup all open source? Why not? Isn't compiling code or running it only on your servers just another type of DRM? Ask your self, would you have a job if your company was forced to share all the code you write? All of it, even the stuff that you write from scratch and only run on your servers.
I think many people hate DRM because of how bad it's implemented, not because of the fact that its there in the first place. Well implemented DRM should be completely transparent to the end user who paid for the content. Steam and Netflix do a pretty good job of it.
Right now we have Flash and Silverlight everywhere and it's a PITA. How open are those two? This adds the option of moving this stuff out of plugins. If you want to live in some everything-is-free utopia, just never visit netflix.com.
Are the people pushing for this hoping it's just too much hassle?
These questions aren't rhetorical: I'm interested in what exactly the DRM people are pushing and how they expect it to work. Just not interested enough to read about it myself :D. (Also, I think this makes for a great conversation topic.)
If you ask me, the only reason DRM has worked up to now, is because code/file formats/protocols were secret. People didn't have access to the source. But now they do, in the open source browsers.
But PLEASE enlighten me. I wants to know.
Everything we've spent the last 20 years building and standardising. Now ruined. Tainted.
They have now lost all legitimacy among anyone who calls themselves a proponent of the open web. We need a new leadership as the old one can't be trusted. We need an open web action group to start over.
Thanks for fragmenting the web, W3C. Thanks for nothing, assholes.
The W3C was always a pay-for-play organization led by corporate interests. The full time staff of the W3C were MIT academics trying to foster conversation so that the openness of the web could be preserved among the reality that most funding for browsers was between competitors looking to make a buck. It took enormous pressure and nearly a decade (1994-2004) to foster web standards to the competent mediocrity they are today.
The WHATWG only solidified the corporate interests, by making browser makers The Only Ones Who Matter: Google (who also funds Mozilla), Microsoft, and Apple.
You can claim you want new leadership, but who has the credibility and legitimacy you claim has been lost? Students? Government workers? All competent engineers are working for for-profit companies (or are funded by them) that want to monetize your eyeballs. You could look to academia and government-funding, I suppose, like the original web. But the web is here, now. It's likely not going to be replaced.
Starting over is a loser's game.
In the end what browser vendors do matters the most, not what w3c thinks. Just look at the history of WHATWG.
OTOH, with a little help from the OS to guard the path through to the HDMI spigot (which is probably already in place) I may be able to see all my Amazon Instant Prime content via my browser in HD. :-)
There's an upside to the downside. Some things will be closed by this and some things will be opened. The impact on the non-pirating media consumer will mostly be positive.
The impact on the cable companies and other parasitic channels through which content must now pass will, to our benefit, be negative since content producers will need them for nothing to maximize the returns on their investment. Many hands that dip into the revenue stream between the producer and the consumer to merely protect the stream can be easily eliminated. The same is true of all the various music channels from the labels through iTunes to Spotify.
I like this because artists and producers will be able to negotiate with us directly which will lower the cost and the motivation to pirate. I'm all for artists and producers making money on their work, but not all the various middle men this can remove from the picture.
I'm very concerned, however, about the possibly negative effect on things other than media content like the general flow of news and information. Any item of information can now easily carry a price for internet access independent of the channels through which it moves.
Verdict: mixed bag.
What a bizarre discussion. Should have been laughed out from the first proposal.
And yet it wasn't. Can certainly make you wonder about the health of the W3C as a whole.
All i see now is the corporate internet.. people may not remember this but AOL and the like tried to create privates corporate internet's and lose in the long term.. the world was too big to be contained.. to be controlled..
This is the beginning of the end of what internet was supposed to be?
The intent was to recognize the Web world for what it was: filled with competitive interests with no interest on the integrity of the architecture that had been created. The W3C was a way to bring their engineers together to save the Web from the various marketing departments that were escalating an arms race of proprietary browser features. It was to create a legitimate channel to drive agreements across competitors without antitrust concerns.
It didn't entirely succeed, only somewhat. But this decision is consistent with its history. The W3C is only a reflection of its members.
EME is not DRM. It's a standard spec for plugins that provide DRM. Essentially it means that someone like Netflix could still use the HTML5 video element for playback while interacting with a browser plugin just to handle the DRM aspect of things.
with video DRM having a foot inside, who dares to venture a guess at what the next victim will be? DRMed js? DRMed html?
Yes, it would be a travesty if those things actually happened. Yes, I think DRM is ultimately pointless and silly. Keep in mind, though, that this is just a transition from one method of DRM playback to another, not a leap to DRM for things that didn't previously have it.
I really think allowing this to happen in the first place is just like opening the Pandora box. You give these guys an inch, they never stop demanding for more censorship.
Building a browser that ignores EME would be functionally equivalent to building a browser that can't use Flash.
Edit: How can it be DRM if the algorithms/formats/protocols are open? Or aren't they open?
They're not. IIRC, the only open parts are the hooks the actual DRM plugin (but we're not calling it a plugin!) will utilize.
If you really want to undermine DRM in an honest and ethical manner, you should leave those DRM'd properties to their owners and support non-DRM media.
How many of you listen to itunes media and are raging about this...
I seem to remember reports that iTunes sales increased quite a bit as they removed the DRM, indicating that removing DRM does indeed make the most business sense, not just the most moral sense or whatever. The best source I've been able to come up with quickly is this: http://www.theinquirer.net/inquirer/news/1022890/emi-drm-fre...
CLOSED SOURCE
icon
on top so that we know we are about to visit a site where we can't see the source of the javascript that is being run on our computer.
The idea is to develop a culture for people to prefer OPEN SOURCED site vs a CLOSED SOURCED one.
Time to fork HTML5.
Edit: The interface between the DRM servers and your backend code isn't standardized either, so content providers still have to do a bunch of DRM-scheme-specific development work. Basically, they standardized just enough to allow sites with DRM to claim they're 100% HTML5, it barely improves interoperability at all.
There are issues to come when consumers only have access to encumbered media, but at the moment, they pretty clearly benefit from the access.
We'll make a new W3C. One that can't be bought so easily.
I doubt they'd even try again, seeing as they've already seen this movie and know how it will end.
It'd make no sense to let people roll their own browsers that circumvent DRM.
What exactly do you think will prevent them from building their already-existing in-house DRM (three different systems, note!) into their own browsers?
Would that somehow lead to Hacker News or Facebook encrypting their site's source code with that DRM? I sort of doubt it. They could do that now with Flash if they wanted to, but no one thinks Flash websites are a good idea.
Why should we care? The web is not supposed to restrict users. If Universal does not like it, they can go somewhere else -- they have the cable TV system with all its restrictions and anti-freedom design.
I assume you mean that the browser shouldn't restrict users? Like, if I stream a movie from Netflix, I should be able to also save it locally so I can take parts of it to use in my fair use arts project? Sorry. Never going to happen. Forcing this use case that _people want_ off into plugins isn't going to make anything more "free".
That's like selling a Roku box that can only play Ted and Youtube videos and saying that it's better because it's totally free, and open, and doesn't restrict its users. Well, sure, that is the best kind of correct. But only because you yanked everything that wasn't free. You didn't actually add any value over the standard Roku box that plays Netflix and Amazon.
You don't complain when you can't decrypt PGP, even though PGP implementations are open source. This is the same thing.
They should be. Because I'm going to continue getting my DRM free video from the Pirate Bay until they do. They might have a chance at revenue if they'd just get over themselves. Dinosaurs.
Simply put, the movie/television is much more diverse than the music industry and won't see its lunch eaten.
The biggest hurdle in getting DRM content in the contract games that are being played with all the major providers right now (remember the TWC/CBS dispute). In these contracts are clauses for all content to be DRM'd. Even if everyone understood that DRM is bad UX, no one gives a shit about fighting those clauses when TWC is removing CBS over contract disputes. It just currently doesn't make sense to risk hundreds of millions of dollars for a moral issue that 99% of users simply don't care about.
Hence a browser developer or OS developer or developer of whatever software is in question wouldn't be permitted (by the DRM system's inventor or administrator) to get decryption keys if they didn't promise to implement these restrictions.
Some of the people who invented the modern DRM business ecology called this "the intersection of technology, law, and commercial licensing" (the title of a 1996 article by Dean Marks and Bruce Turnbull). Here, the "technology" is DRM implementations -- including software obfuscation and other measures; the "law" is anticircumvention laws like the DMCA §1201 that make it risky for people to use the decryption keys in ways that industry dislikes; and "commercial licensing" is the permission from a DRM developer to interoperate with that DRM, including "compliance" rules (about the functionality of the technology product) and "robustness" rules (about tamper-resistance), that result in the licensee being issued decryption keys.
In my view (I worked on EFF's objection) this is a deliberate attack on software interoperability: the whole point is to allow someone to try to prevent interoperability with software that hasn't been "approved". And it's also in extreme tension with the idea of having browsers that end-users can modify (their individual instances of).
If a proper open source system has a component that enforces DRM, and is functional when I download it, then it includes those keys; but gives me an unconditional right to use and modify it. And I am physically able to modify it, un-implementing those restrictions.
If part of the system cannot be modified by me, then the whole is not open source, and any open source system such as Firefox shouldn't include that part or standard.
Excellent!
Probably with a client-side file (or binary?) that gets delivered to the browser from the server and accessed locally in a sandboxed environment. This handles keys, auth, etc natively with the browser. This might be seamless to the end user.
Probably easily crackable like, say SteamWorks, but good enough to keep low-hanging fruit safe and copyright holders happy as we begin to retire flash entirely. Joe User won't be able to 'right-click and saveas' but he'll be able to view HTML5 video.
I think TBL is stuck between a rock and a hard place, just like Gabe Newell was with Steam. Users hate DRM, but he can't sell games without it. Some crowd-happy DRM scheme that's unobtrusive might be the only winning move here.
I'm quite surprised to see Tim Berners-Lee approve this in fact, I wonder what made him say yes to this.
Ten years from now (I know it will happen by then; probably sooner), if I grab my Apple smartphone and press "record video" and point it at a piece of DRM-protected content playing on my computer, it will not record. Will not record. There will just be a black spot in your recording. The recording audio will cut out as well, if an audio watermark is detected.
It's an ANALOG hole. Film cameras will always be able to record your screen. Cassette recorders will work fine. But your digital equipment? No.
As far as I can tell DRM has only ever punished, and still only punishes, legitimate users.
Imagine a browser refuse playback video or audio clip based on Cinavia DRM plugin, and also a website requiring such plugin -- via the DRM API -- to provide any content.
So I just make a media player that ignores the watermark, based on the open source code I found in the browser... DRM hacked.
[0] http://www.engadget.com/2010/09/14/hdcp-master-key-supposedl... [1] Key: http://pastebin.com/kCA3dFDv
If you want to implement a DRM binary blob with EME, you're going to have to negotiate a compliance contract of some kind with the DRM vendor, probably connected to some hook IP. (See http://en.wikipedia.org/wiki/Compliance_and_Robustness )
https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...
Chrome and IE are the ones pushing this - so yes, the opinion of browser makers matter, but sadly the 2 biggest ones, Google and Microsoft, do not just support EME but are the ones driving it.
Speaking of access, make sure you have the SonyⓇ RootKit™ Updater installed.
You: Sure!
Me: No way!
Which means that your ad vendors actually about HTML5 support. They just do not know it yet.
This is obtuse. The HTTP and HTML specs provide standards for interoperation. Some modes of operation are forbidden for some users, and the specification provides a way for that to be communicated. It sounds like you're taking a whole-system approach to freedom, which is certainly valid (see the AGPL for a "free" response). But it's orthogonal to the issue at hand, which is interoperability. Any client can still implement the specification.
That said, I'm completely at a loss as to how you believe SSL "restricts users".
> I assume you mean that the browser shouldn't restrict users? Like, if I stream a movie from Netflix, I should be able to also save it locally so I can take parts of it to use in my fair use arts project?
The browser should implement an interoperable standard. That standard should be accessible to everyone. Any browser vendor should be able to, once they have properly implemented the specification, stream a movie from Netflix (this is the very thing that EME makes impossible).
> Sorry. Never going to happen. Forcing this use case that _people want_ off into plugins isn't going to make anything more "free".
This does not have to be reality, no matter what vendors say. There's a reason digital restriction management was forced out of the music space: it's ineffective, it's consumer-hostile, and it hinders innovation. Many of us are mad precisely because the vendors played hardball in their negotiations, and the W3C wimped out. Vendors need the web more than the web needs the vendors, but the W3C didn't take an equally hard line back and we're left with a decision that screws everyone but media companies.
> That's like selling a Roku box that can only play Ted and Youtube videos and saying that it's better because it's totally free, and open, and doesn't restrict its users. Well, sure, that is the best kind of correct. But only because you yanked everything that wasn't free. You didn't actually add any value over the standard Roku box that plays Netflix and Amazon.
The problem is, this decision hinders innovation. It is now much harder for a Roku competitor to exist, because before they can get off the ground they have to comply with byzantine demands of old media companies. "totally free, and open, and doesn't restrict its users" is the future of communication and computing (at least technically, politically is a different story). This decision is mired in the past.
Let's circle back to this:
> Forcing this use case that _people want_ off into plugins isn't going to make anything more "free".
This is exactly what EME does. The digital restriction management "extensions" are plugins. They are binary blobs, tied to specific hardware implementations. This regresses the web back to the "best viewed on Windows in IE 2.3" days, where interoperation is dead and cross-platform compatibility is a hippy dream.
And that's why people are mad at the W3C for no longer representing what the web is supposed to be.
1) EME as currently proposed is video only, but will the W3C try to do the same for images? For text? There are certainly constituencies who would live simple turnkey DRM for those on the web. And they don't do it in Flash _precisely_ because Flash websites are not a good idea.
2) If the above happens, there is no incentive for Netflix, say, to try come up with a setup that works with open-source browsers and still satisfies the rightsholders for the content they distribute. If people complain they'll just be told the spec says browsers need to implement DRM, and if that means no open-source browsers tough luck.
Copyright is something that is granted to someone by society for a purpose. Encumbering a creation with DRM defeats that purpose.
Sure, anyone has the "right and freedom" to add DRM to anything. But in that case anyone should also have the right and freedom to break the DRM and redistribute the content.
We do this with physical goods through laws around theft, and police to enforce those laws. Information goods however, are non-rival, thus aren't subject to theft, just copying. So, generally, society doesn't enforce "excludability breaking" with information as stringently as we would with a rival good. Sometimes it does go completely, and inexcusably overboard: see Aaron Swartz.
We haven't had a lot of time to think through what we really want as a society here. Information economics concepts like transparency, excludability and rivalry are still very new to people. The nature of information goods is not a market economy, it's a gift exchange economy. Yet we've built 300 years of progress on a market economy. So we're evolved to a hybrid of market-gift economies in the information sector, but no one really knows where it will end up in the long run.
Amusingly, the most free country on breaking and redistributing digital content is China. I remember the old saw that Adobe Photoshop used to cost $0 in China, but $300 for the manuals. Almost every other country frowns upon such behaviour and tries in some way to make it illegal.
You're also assuming that consumers give a crap about DRM. They generally don't, if they get the content they want is available at a good price (i.e. mostly free w/ advertising if it's low-engagement, or at cost if it's high-engagement), and good a user experience (i.e. I can consume it on my chosen device platform, in my chosen setting, without having to stand on my head).
DRM became a detractor for consumers in the music industry because they went to war with their own customers. Music has a multi-decade long culture of sharing and trading. Then the industry retroactively tries to state that all of this is illegal. You couldn't easily copy purchased files across devices due to their paranoia. Even iPods could only be sync'd to one library at a time (part of their settlement with Apple in the early 00's). They even tried to claim CD ripping was illegal (that didn't fly). This is why Apple advocated to get DRM removed altogether from iTunes and eventually won - it was just a crappy experience all around.
The TV/movie industry thus far has avoided the fate of the music industry through a mix of low-barrier access to content within the US (Hulu, iTunes, Netflix TV station websites, etc.) and DRM to erect some exclusionary barriers to the content. DRM in this sector is more like a horse race that doesn't quell piracy but keeps it at least somewhat inconvenient. They also didn't go to war with their customers, and were more selective of how they chose to use legal avenues.
I don't foresee death in their future, just winner-take-all competition if they don't keep up with what their customers want.
Ultimately, the nature of most information goods being non-excludable is changing the game in ALL industries that make and sell information from one of distributing the information to a hybrid market-gift-economy. You can have previews, clips, etc. to experience my stuff, perhaps even stream it for free for a limited time, but to get the best overall experience, they'll gate the access... i.e. you can't have my stuff unless you line up and pay a ticket. This is even how RedHat works (you need to pay to get into RHN, or their cloud... which are the best experiences of maintaining a RedHat server, even though the software itself is free).
Or they focus on something that is excludable: a consumer's time and attention... i.e. free TV streaming, or Facebook surfing time. And make money on the content with advertising.
And the businesses (Hollywood) with the content that Web users want have done that math and decided that DRM through plug-ins and native apps is an EXCELLENT system and they're happy to keep mandating it forever. If Plug-ins go away, as they're slowly but surely doing, then native apps will be the only place to get this content.
Hacker News types, myself included, will cringe at this truth, but most consumers don't give a shit about the Web. They care about the content the Web gives them. If the Web cannot give them the content they want, they'll get it elsewhere, probably from silo'd App Stores where things "just work."
And in this scenario (i.e., the way things are now), someone like me, who doesn't give a shit about "content" but does care about the Web itself, can still avoid DRM by not installing the plugins, not using the silo'd App Stores, etc. But if my browser is the silo'd plugin/App Store, I'm SOL. That is why all this matters: it makes DRM and all of the closed source nastiness that goes with it the default, instead of something people have to choose. I think that's a very, very bad idea.
EME is not strictly DRM in your browser: it's a standardised interface to allow your browser to talk to DRM modules.
I don't cringe at that, it's just the way it is. But I promise you no-install browser delivery of DRM'd content which "just works" is very valuable to those businesses. People grab the thing within arm's reach. Sure, if there isn't anything in arm's reach a decent amount of them will still walk across the room for what they want, but I think that's besides the point.
> get it elsewhere, probably from silo'd App Stores where
> things "just work."
That's entirely reasonable. Silo'd 'app stores' are where things like DRM belong, not the World Wide Web.
Perhaps there exists a class of people who wanted to implement DRM on all of their content but were just waiting for the W3s blessing but such a class will be extremely small.
Most of the DRM you see comes from mandates from big content firms, most other people could give less of a shit.
Try exercising your fair-use rights on those DRM'd bits for example.
In other words, you are willing to give up freedom to get--what, exactly? Movies? Music? Eye candy?
I confess I simply can't understand this point of view. People are willing to hand over the Internet to DRM and the media corporations because they can't live without the "entertainment" that Hollywood provides? People are willing to have their computers pwned just so they can watch Netflix? That appalls me.
EME is not new. There are already devices shipping with implementations, like mine. If EME is standardized, what it means for me is that there's a chance that my device will work with all DRMed content I want to access, and not on a per-service basis.
We're not talking about giving "big bad media companies" full control of the Ring 0 Hypervisor; I am still perfectly capable of flipping the virtual developer switch on my device and booting a pure version of Linux at any time. If I buy a device ships like that, I hope that future me will have the good sense to return it to the store.
Yes. Why? (I don't have a Chromebook, and don't use Chrome OS, for this very reason.)
But we do, and so just as you say there are "legitimate reasons" why someone may wish to save a video, there are too "legitimate reasons" someone may want to share their work in a protected manner. It's a product. If you don't like it don't buy it.
There is no part of this that forces the user to view only DRM protected websites. As far as I can tell this only increases the rights of copyright holders, which, again, I think is stupid, but seems completely legal and a reasonable thing to do under our existing legal framework. Edit: it also does not seem like it will fundamentally change the user experience of the web since the things that it allows are mostly already doable, just not with an HTML standard.
Seriously though, everyone should go just read the spec. Or at the least, take a looksee at this: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-med...
Which is why you have TPM and the various Microsoft/Apple/Google DRM schemes: Hollywood wants to lock down the full stack, and they're getting there one piece at the time.
For TPM, their enabler was Microsoft and their desire to lock down the boot process to enforce licensing. For this spec, it's Google and Netflix because they think it's the only way their media services will survive in the long run.
Insert here smart quote about expert frog-boiling.
The idea was that HTML5 gets rid of Flash and similar plugins and not that HTML5 turns into a vehicle for "yet another Flash".
Next thing we are adding a spy module feature because advertisers and the NSA demand it? Well at least the spy module could be free software unlike the proprietary closed source binary blobs needed for Digital Restrictions Management.
Although it seems the word "copyright" is also a bit of doublespeak these days. In general it doesn't go out of its way to give authors the right to control how publishers distribute copies any more, it's been co-opted as a system for publishers to deny every individual the the ability to make their own copies for any reason. If you ask me they should call it a copy-block instead of a copy-right.
IMO, this is a very dumb approach. This would not be OK anywhere else. Feel free to enforce your copyright, but don't expect me to bear your burden without kicking and screaming.
If I had my way we wouldn't have copyright
at all. It seems idiotic to me for the same
reasons patents are.
Edit: I'm obviously not serious.
To your question, is it "ok," I couldn't provide the answer as I don't own the copyright.
My statement was that I wish we lived in a world without copyright. The rules would be very different, and thus we would act and compete differently. As is, brand is an important asset for a company. I think you know all this.
I also think your argument is a bit sophomoric and I find it obnoxious that you are calling out my employer's name.
I completely disagree. You are the guardian. Every one of us is the guardian.
"Guarding the web" isn't in the W3C's mission at all: http://www.w3.org/Consortium/mission.html They design standards used internationally. That's it.
At least they were.
In fact it's not clear that anyone can use a standardized, open API for decryption modules and meet content providers' security demands. While some of them were historically willing to use Flash which did use standard browser APIs, they've taken this as an opportunity to demand more.
It looks like the idea is to implement a system where encrypted content is passed to the browser. The key is then sent through the browser to the CDM, the CDM can take the content and hand back decrypted frames.
It's entirely possible for content vendors to support multiple CDMs for different browser or OS combinations. The advantage of this is that the CDM is a smaller dependency than something like silverlight, so you can have a standard HTML5 video player interface across platforms and just swap out CDMs.
I can still do this with closed source DRM blobs, but it will take much longer. And there will probably be pointless anti-debugger tricks, system wide hooks that break countless other software, kernel drivers that BSoD your system..
That is precisely why this proposal is such a terrible idea. It writes into a standard that it is okay to produce software that is actively hostile to its user, while having absolutely no security gain whatsoever (because the concept is fundamentally broken: if the data is being decrypted on my system, I will get it).
That is actually their plan.
2. An issue closer to home can be seen http://wiki.xbmc.org/?title=Raspberry_Pi/FAQ#Video_and_audio... .
3. Companies target audiences and not platforms. For example, Netflix on Linux.
All they can take away is the sources that actually bring them money.
The web's success has been extraordinary in the same terms of any monumental human achievement -- the discovery of anti-biotics, the moon landing, the Magna Carta.
Why would we cripple that set of features just to make a tiny group of people happy (relative to the world's population, the copyright "special interest" cartel is indeed microscopic.)
And I thought web sites screwing up keyboard shortcuts was annoying..
The only way it will work is if the restrictions module handles everything from decryption, decoding, to rendering. Probably even using a hardware DRM scheme and preventing any interaction of the video data with the JavaScript or any other website elements.
So the CDM isn't necessarily seperate from the browser itself - that's left totally as an implementation decision, and at least one widespread implementation (IE11) is integrating the CDM tightly into the browser. Also, even if the CDM is seperate it can render frames directly to the screen without passing through the browser. In particular, note that:
"Where media rendering is not performed by the UA, for example in the case of a hardware protected media pipeline, then the full set of HTML rendering capabilities, for example CSS Transforms, may not be available. One likely restriction is that video media may be constrained to appear only in rectangular regions with sides parallel to the edges of the window and with normal orientation."
So basically, just like with existing plugins, encrypted content is an opaque rectangle plonked on top of the web page that's not part of the browser's normal rendering pathway.
With this standardized, we will continue to be legally and/or practically blocked from native consumption of protected content on general purpose GNU/Linux distributions.
DRM just makes lawyers happy. I say, let them eat cake.
This issue reflects the way that people have had very different ideas about what the point or purpose of free and open source software is (in some ways, reflecting the split between people who preferred to say "free software" over "open source" and vice versa).
It's also a very concrete issue today in whether people call, say, the Chrome browser "open source". Most of their source code is downloadable, derived from the fully open-source Chromium project, but in Google's current practice, users never get the complete source code to the Chrome binaries that they run. If you're focused on the development process, it might almost make sense to call Chrome "open source" because almost all of its source code is distributed, licensed, and developed in an open source manner -- but if you're focused on what users can do with the software, it's obviously just a proprietary application (with a proprietary EULA, to boot).
Of course, if you do that you may as well just not release the source code at all, because there's no way for the user to tell that the binary does actually correspond to the source without also being able to extract the encryption key and break the DRM.
Some people think that publishing source code is first and foremost a way to get other people to collaborate on its development, not to ensure any particular rights or knowledge or safety for people who end up using the software. For example, you could imagine a consortium of people who each make a super-proprietary locked-down thing and they publish and collaborate on the code of some libraries that their respective locked-down things need. They actively do want other locked-down thing makers to comment on how to make the code better and contribute patches, but they actively don't want customers to use that knowledge to make the thing less locked-down (or to be able to verify what it does or doesn't do).
This is a situation that we often encounter in the real world, and in fact some of the locked-down thing makers are even surprised when people say the contrast in their behavior with respect to these audiences is strange or hypocritical, because they didn't know or didn't remember that other people think software freedom is partly or mainly meant to benefit users.
"Open Source" definition does not include any clauses that require hardware manufacturers to provide you encryption and/or signing keys, so you could run your code. GPLv3 and "Free Software" are what you're looking for.
As I said in another comment, people who usually say "free software" are more likely to think that preventing restrictive downstream products is an important goal than people who usually say "open source". But that doesn't mean it's part of the definition of what it means to be free software.
EDIT: I also think the comment the parent replied to was right to say "then the whole is not open source". BusyBox is both free and open source even though its license allows it to be included in the locked-down TiVo -- but the TiVo as a whole is not open source.
So would you say that firefox is open source now? If they implement this as a plugin, what makes it technically different from using Flash?
That's why they have to obfuscate things at the code level too.
Google copying Yahoo's front page code? Okay, that'll be in the news and everyone will have a good laugh.
Some Joe Schmoe Web Developer lifting CSS/HTML from an unknown client to sell to an unknown client? Eh, not so much. This probably happens often and goes undetected.
We already lost the W3C once for about 10 years. Remember XHTML and XHTML2? Those, and a bunch of special purpose not particularly interesting niche XML standards (P3P? XML-FO?) were pretty much all they worked on for a decade or so. It wasn't until the WHATWG was formed by some browser vendors who wanted to start working on a standard for features that users would actually want, rather than what architecture astronauts thought would be a nice design, and the W3C realized that's what people were actually interested in and so replaced XHTML2 with HTML5 based on the WHATWG spec that they actually became relevant again.
Now, I will have to give credit that there were still a few groups at the W3C doing work relevant to the actual open web, such as SVG and CSS. But given how the WHATWG took over work on the HTML standard and actually did work towards a standard that was useful and relevant to browser vendors when the W3C went off the rails the last time means that I'm not too worried if it goes off the rails again this time, you can always form another standards body if it becomes irrelevant. You just need to be sure to recognize this early on, so you don't waste too much time and effort waiting for the W3C to get its act together again.
So, with XHTML, the main thing is that people just wanted their web pages to work like they always had; they didn't want to deal with adding slashes to make their web pages XML and strict parsers and whatnot.
But with P3P, what people want is Netflix and Rdio on all their devices (such as ARM-based Samsung Chromebooks).
Frankly, I prefer the sound of standardized DRM to everyone rolling their own ala the 90s; with any luck it'll mean fewer formats/keys that need to be reverse engineered and whatnot.
Second, none of the proposals for EME that I've seen actually address the issue of being able to play the same content across devices. They aren't a standardized DRM scheme; they are merely hooks for proprietary DRM schemes, essentially a way to allow proprietary DRM schemes to hook into the HTML5 media player rather than having to use the plugin interface and implement the media player in Flash or Silverlight. It's basically just a plugin API for plugins that provide only DRM, leaving the rest up to the browser.
Don't think that this is meant to actually increase interoperability; a large portion of the "value" of DRM, for those who promote it, it the ability to have various lucrative exclusive contracts with particular cable networks, hardware vendors, and so on. You're just going to see more "Live NFL - a Samsung exclusive!", not actually be able to get Netflix on any device you want.
If it worked across any device, then it would need to work on open devices as well, but of course if the device is open you can bypass the DRM. So it's always going to be based on licenses, that only certain vendors can get if they promise to implement DRM securely and not give users full access to their own devices.
Browsers have plug-in architectures. DRM systems are inherently proprietary. Leave them to implement proprietary plug-ins.
In reality though these control freak moves only "work" (for them) if everybody is forced to adopt. Another site another plugin type situation will shift a lot of people to non-drm content providers, whether on principle or maybe just plain old apathy. I'm sure browser makers could streamline this process so that it's a minimal hurdle to install a plugin but if it's optional then we have the option to avoid it and that is exactly what those goddamn morons would like to stop.
2. Yes, like in the United States. Just like receiving stolen goods is a crime. No offense, but when you say things like "If you create a code for "don't read this data" to be sent over the web, disobeying it will become a crime there." I don't think you fully understand how DRM currently works and how it would work using this standard. It is simply a standard people can implement.
Edit: as some of you have pointed out, the phrase "copyright-compliant" is somewhat meaningless. I should've chosen my words more carefully. I meant "copyright-enforcement-enabling."
No, what he means is that, if we stop listening to the W3C because of this, the W3C will no longer matter. So either we won't have a standards body, or we will need a new one.
This is not about making a copyright-friendly web. This is about attacking the openness of the web.
Or are you also advocating for changes to trademark law?
This TED talk explains it quite well : http://www.ted.com/talks/johanna_blakley_lessons_from_fashio...
Exactly: its a specification for a constrained plugin API focussed DRM, so that browsers don't have to either maintain a common general purpose plugin API (e.g., NPAPI) or, alternatively, have browser-specific APIs in order to meet content-owners demand for a DRM-supporting delivery channel.
I agree with the rest of what you've said, but I don't think the typical end-user worries about "openness" until it's too late.
This scheme basically just creates a special class of plugins; these plugins clearly won't be OS-agnostic, because they can't -- that's the whole point of the exercise: to restrict playback to devices that are fully authorised/controlled from top to bottom, with the browser piping streams from the web to trusted plugins running on trusted OSes using trusted hardware (TPM etc).
If I want to watch netflix or play GTA5 on my haiku box I'm SOL as it is unless there is a business case to be made for doing the port.
This actually makes things easier. For example netflix currently uses silverlight for their streaming, this means that in order to watch netflix you need something that supports the entire silverlight stack.
With this proposal all you need is modern browser and a compatible CDM which is a much smaller chunk of code.
Technically speaking it's almost the same as the status quo, but a little bit of DRM principles have now been enshrined in the foundations of our web. Depending on what your view of DRM is, of course, this is good news or bad news; but from a technical point of view, it changes very, very little.
That's exactly the point, the case is NOT so with HTML and JavaScript. A webapp I write in HTML and JavaScript is OS agnostic!
Conversely, there are countless features introduced by Browser Vendors that do not exist in the W3C's specs. (And some of those are even eventually picked up by the W3c.)
I honestly don't think people understand how the Standards Body's work, and how their specs propagate into actual products that people use on a daily basis.
Many companies have cherry-picked what to implement and what not to. This is not new. If anything, it's the norm. Vendors will continue to do this as long as the W3C will exist, and can continue to do so in this case, without destroying the W3C or making it an invalid body.
This particular argument is totally bunk.
You wrote:
"I may be totally naive here, but I'm not really sure why this matters. That there is a WC3 standard does not imply that browsers have to adhere to it." - https://news.ycombinator.com/item?id=6491428
marcosdumay is responding to that by saying "It matters because ..."
And how many people will use it, apart from outliers like people who post here? The vast majority of people use one of the Big Three: Firefox, Internet Exploder [no, that's not a typo ;)], and Chrome.
Furthermore, if the Big Three implement a DRM standard, then web pages that want to "protect their content" will simply use the DRM standard, and it won't matter that Joe's Really Cool Browser doesn't implement it; that browser simply won't be able to view the pages. A few outliers like us will rant and rave; anyone else who tries it will say "Joe's Really Cool Browser Sucks" and go back to using one of the Big Three.
DRM's purpose is similar, but one of the endpoints is in the physical control of an untrusted entity: you. Since the point of DRM is to prevent the user at one of the endpoints from accessing the data, if you have the source and keys to the destination endpoint (e.g. TPM, HDCP-enabled GPU), the endpoint can't be trusted, you can get the data, and the DRM fails at its purpose.