And Here We Go: Mozilla Felt Pressured Into Adopting DRM In HTML5
from the a-broken-system dept
We've written a few times about the unfortunate decision by the W3C to adopt DRM in HTML5 in an effort to keep Hollywood happy. While Tim Berners-Lee and others at W3C have tried to defend their reasons for doing so, they're all based on the faulty premise that somehow the internet needs Hollywood more than Hollywood needs the internet. The reverse is true, but Hollywood has convinced too many people of its own importance to the internet. Because of that -- along with the agreed-upon fact that today's plugin/extension system is a complete disaster from technological and security standpoints -- the W3C, pressured by a bunch of big companies, agreed to put DRM into the next generation of HTML (and don't buy their argument that it's not actually DRM -- the only purpose that Encrypted Media Extensions (EME) serves is to enable DRM).Today there's a lot of discussion because Mozilla, makers of the popular (and open source) Firefox browser, have posted two separate blog posts about how they feel forced to adopt this DRM even though they hate basically everything about it. Mozilla's argument is not crazy. They're worried that by not adopting these standards, while all other browsers do, people will just shift to those other browsers. And beyond just losing market share, Mozilla has a point in noting that the way other browsers implement EME will be less secure than the way that Mozilla is doing it.
We have designed an implementation of the W3C EME specification that satisfies the requirements of the content industry while attempting to give users as much control and transparency as possible. Due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well. Mozilla selected Adobe to supply this CDM for Firefox because Adobe has contracts with major content providers that will allow Firefox to play restricted content via the Adobe CDM.Mozilla is also making it opt-in -- so that everyone will have the choice to choose whether or not to activate the DRM implementation. Also, kudos to Mozilla for not taking the W3C path of pretending that EME isn't DRM. Mozilla is quite upfront that this is DRM and that they're uncomfortable with this. As Andreas Gal says:
Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.
Traditionally, to implement node-locking DRM systems collect identifiable information about the user's device and will refuse to play back the content if the content or the CDM are moved to a different device.
By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user's device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user's device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.
we would much prefer a world and a Web without DRM...But, Mozilla feels that users "need it to access content they want." Mitchell Baker similarly notes:
The new version of DRM uses the acronyms “EME” and “CDM.” At Mozilla we think this new implementation contains the same deep flaws as the old system. It doesn’t strike the correct balance between protecting individual people and protecting digital content. The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach.Unfortunately, it appears that even though this is the case, Mozilla still believes that the internet needs Hollywood's locked up content more than Hollywood needs to adapt to the internet. That's too bad. Cory Doctorow has a very detailed discussion of why he thinks Mozilla made a mistake, while acknowledging all of the reasons why they did what they did. More importantly, he lists a number of additional things that Mozilla should do to improve the situation. I'll summarize those four things, because I agree wholeheartedly:
- Protect security researchers: Thanks to the anti-circumvention provision of the DMCA, any security research into Adobe's DRM may be a form of infringement. As Cory notes, Mozilla should demand that Adobe issue a covenant not to sue security researchers or developers who find vulnerabilities.
- Educate users: Teach everyone (including Hollywood, but mainly the public) why DRM is dangerous and harms security and privacy online. Personally, I'd add that Mozilla could also teach people why DRM is simply not necessary.
- Research and publish the case for DRM: This goes back to the question of who really needs it. Hollywood thinks they do, but I don't think that's really true. As Cory says, Mozilla should look at the actual data to see if there truly is a use case for DRM.
- Formulate and articulate a DRM policy: Basically don't make these kinds of decisions ad hoc -- but have a clear policy on how and when decisions like this get made.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: drm, eme, firefox, hollywood, html5
Companies: mozilla
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Even if you only sip the cool aid...
Make the browser switchable so that there is no DRM entirely until you decide to watch Hollywood DRM garbage, when when you switch to it... be sure to come up with a name for this mode that makes it clear what is going on.
Title it...
"Hollywood DRM Mode"
-or-
Shut up and put up if your only going to cry and moan, but actually do nothing.
[ link to this | view in thread ]
EME...
I guess I was right.
[ link to this | view in thread ]
Mozilla just committed suicide
Get your attorneys ready.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
if [HTMLver=5 & DRM=active] then run isntthatspecial
start 'isntthatspecial'
sleep=100
end
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: EME...
How?
I am under the impression that this is not implemented yet. E.g.
"Gervase Markham wrote on May 14th, 2014 at 10:51:
The exact user experience is still to be decided, but it will definitely not activate and run without you explicitly agreeing. You will be able to say No. "
https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
And add another reason to the list...
Still, assuming every site out there doesn't for some reason go DRM crazy, I can actually see a silver lining with this, as it'll help people know which sites and services to avoid.
'So I need to enable the DRM crap in order to access the site? Well, that sounds fair, let me just- oh, right, there's more options out there than the major companies would like you to believe, I think instead I'll just go to a different site and forget this one exists.'
[ link to this | view in thread ]
Re: Re: EME...
[ link to this | view in thread ]
Drivel
I have no doubt that the people behind this industry know it. That they use DRM as a defense mechanism to salve their egos, and a means of pretending that what they produce is worth stealing, much less buying.
[ link to this | view in thread ]
Just saying...
[ link to this | view in thread ]
[ link to this | view in thread ]
Well, it could be worse
[ link to this | view in thread ]
Re: Re: Re: EME...
[ link to this | view in thread ]
Re: Re: Re: Re: EME...
[ link to this | view in thread ]
EME is not yet approved
If anything, Mozilla's announcement should embolden us in this area. We knew that W3C rejecting EME would not stop browser makers from implementing it anyway. Now that all the major ones have announced decision to do so, W3C should feel very able to reject EME to send a message that DRM is *not* part of the vision of the free and open Web.
[ link to this | view in thread ]
Re: EME is not yet approved
[ link to this | view in thread ]
Re: EME is not yet approved
The problem is that if the major browser implement it even if it's not adopted in the standard (as it appears they're doing), then that basically guarantees that it will have to be adopted in the next version of the standard in order to ensure that all the implementations are in sync with each other.
Mozilla's announcement, in other words, makes it more likely that we'll see widespread adoption even if it never gets the blessing of the W3C.
[ link to this | view in thread ]
Re: EME is not yet approved
[ link to this | view in thread ]
Re: Re: EME is not yet approved
Still disappointed that he sold out after all he espoused up to that point.
[ link to this | view in thread ]
Re: Re: Re: EME is not yet approved
For the first, corruption, the second, incompetence and gullibility, neither are very flattering possibilities.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Saddest part of this?
[ link to this | view in thread ]
ditch them
[ link to this | view in thread ]
Adios Firefox!
All useful browsers now internally track you to some degree. I moved to Chrome. Chrome is faster. Although it is (yuck) Google, one of the reasons that I believe that the Chrome browser is faster is because it does not incorporate all the user tracking features that the other browsers have. Since Google has effectively become the Internet, Google does not need to have its browser internally laden with internal profiling user reporting tracking code. Whatever you surf to on the Internet, Google is already there on the server end to to collect your computer identifiable metadata.
Google's Chrome browser allows the end-user to access the Internet, but the Internet itself is Google's in-house browser.
[ link to this | view in thread ]
Re:
as for the DRM structure, well being sandboxed means it will be removable, analysed (no matter what the USA DMCA states - ie: not analysed in the USA) and routed around probably a day or so after implementation.
[ link to this | view in thread ]
But if we don't, our competitors might and gain more users.
"BUT MOOOOM ALL OF THE COOL KIDS ARE DOING IT!!!"
Seriously.
If all of the other browsers jumped off a bridge...
Perhaps having the balls to tell Hollywood NO, might have pushed the others to opt to not support it. Cause like there was this set of really fucking stupid laws and a buncha people got together to stop it... but it took someone to say No first.
Idiots.
[ link to this | view in thread ]
[ link to this | view in thread ]
YOU ARE ALL WRONG
Yes, it will also be used for access to video and used to lock down some websites unless people pay, but even then if it is used to block pirate sites or news sites that do not join the middlemen and pay up there will be a way very soon to hack into the drum structure and create an internet that has absolutely no payment systems,
I would advise the hackers not to release the hacks immediately, wait until Hollywood has created a few sites where there is content that can be downloaded and then once they have spent millions on releasing drum content break it open for everyone to access these sites with absolutely no payment, damn, I am sure just a simple few changes will break this drm just as every other form of drm has been broken , including the supposedly unbreakable Blu Ray DRM which was broken within days of it being released.
No worries everyone the pirates will keep the internet free from being locked down and content will only be more available than before.
[ link to this | view in thread ]
Nobody questions why the fuck it has to remain on a single device, no? Yet another reason for me to pirate the hell out of content I want to check out.
[ link to this | view in thread ]
Re: ditch them
[ link to this | view in thread ]
Re:
You're right about the justification for this, though you've spun it backwards, but I think they're probably right in their reasoning: if everyone else supports this and Firefox doesn't, then the vast majority of people who encounter a video they can't play in Firefox and can play in something else will just use something else, and Firefox gets weaker (giving it even less leverage for next time).
There are counterarguments to that; I saw one person already specifically state that the only reason he's stayed with Firefox over Chrome is Firefox's respect for his rights and his privacy, and that now with that dropped he will have no reason not to switch. It's very likely, however, that such people are by far in the minority.
I do think Mozilla is trapped between a rock and a hard place here. The decision to incorporate EME support at all is a bad one, yes, but it may very well be the least of the available evils - and given that they implement it, they seem to be taking most reasonable measures to limit or otherwise minimize its negative impact.
[ link to this | view in thread ]
Re:
Since the content industry are the ones who control whether and in what form to release the content, they get the veto.
[ link to this | view in thread ]
That should fix DRM...
[ link to this | view in thread ]
Re:
However, from what's said in the second of the two linked Mozilla blog posts, there appear to be claims that the black-box "Content Decryption Module" will in some way take steps to verify the "sandbox"; if it doesn't match what the CDM expects, the CDM will refuse to decrypt the stream.
It's not clear how the CDM will go about doing that, since allegedly the only information the CDM will have access to is what the "sandbox" provides it via the EME API, but I imagine the people behind the system would already have thought of that; if they're still confident that they can do it, they're probably right.
Even if that verification is as simple as a basic hash, it would be prohibitively difficult to modify the "sandbox" in a way that would do what we'd want but would still validate the same way as the unmodified one.
[ link to this | view in thread ]
Re: Re: Re:
And I might even vote with my boots against other of your products. Like not going to the cinema if you morons push DRM. Or not buying your book on paper because the ebook has DRM.
No, I'm not going to use that EME for anything. And unless I can redirect streams in cleartext to my harddisk, I won't subscribe to any service that requires it.
[ link to this | view in thread ]
Re:
I bet there's gigawatts wasted each year just for DRM.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: ditch them
[ link to this | view in thread ]
Re: Adios Firefox!
Firefox's tracking for those ads is entirely internal to your browser and machine. There are no plans to do the kind of tracking that web ads do. Moving to Chrome to avoid the Firefox ad plans is kindof dumb, as you're moving to a browser that does much more invasive tracking.
[ link to this | view in thread ]
Re: Adios Firefox!
This isn't just wrong -- it's crazy wrong.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Sad that they cite "market share" as a major concern...
- Australis
- Frequent UI "change for the sake of change" with no actual improvements
- Copy whatever Chrome did this week
- Add social networking as a core feature, but drop popular features with the justification that "you should just install an add on to put it back"
Also, obligatory since no one has mentioned it here (credit to LWN post by pabs for the link): http://ebb.org/bkuhn/blog/2014/05/14/to-serve-users.html
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
The other thing is that Mozilla is really trying to turn Firefox into something that it was never meant to be (and, in my opinion, shouldn't be): an operating system. Again, they're looking at Chrome and are trying to emulate Google's efforts in that direction.
It's truly sad to see Mozilla screwing things up as badly as they are. They used to be a leader and a real force for good on the internet. They have pretty much given up both of those things now.
[ link to this | view in thread ]
Re:
The better solution is for people to use browsers that don't implement EME or that let you turn it off, and to actually turn it off. For extra impact, don't pirate the stuff either. Screw the bastards demanding this abomination. They don't deserve your money.
[ link to this | view in thread ]
Re: Re:
People will just look for anything to try to rationalise content theft though.
[ link to this | view in thread ]
Re: Re: Re:
If that were true, then there would be no objection. It's not true, though. It doesn't prevent piracy, but it does prevent a lot of other perfectly legal and acceptable activities.
[ link to this | view in thread ]
Re: Adios Firefox!
Mozilla changed their minds about ads in firefox.
[ link to this | view in thread ]
Re: Re: Adios Firefox!
No, they have not. Look at what they're saying again: they're promising to experiment with the ads until they find a way to do it that they're happy with, then they will roll them out to everyone.
The only thing they've changed their mind about is that they're not rolling them out on their original timetable. They're still going to roll them out.
[ link to this | view in thread ]
Re: Well, it could be worse
They no longer share the ideals and goals of a free internet that I do. They are enabling just the opposite.
[ link to this | view in thread ]
There's an easy answer
Compile one with DRM and one without and give the users the choice. Call one FirefoxEME and the other just Firefox.
[ link to this | view in thread ]
Re:
DRM doesn't do squat to stop pirates, as it has to be cracked all of once before it's no longer an issue, the only people DRM actually affects is legitimate customers, so really, you can stop with the 'DRM is to stop piracy!' myth, no one's buying it.
[ link to this | view in thread ]
[ link to this | view in thread ]
Nothing new here
That being said, I can't really say that I care one way or the other about this issue. I'm not hostile to the concept of intellectual property, but neither do I believe it should be perpetual. The problem with DRM is not that it protects IP, but that it provides a technological means to make that IP defacto eternal, even after the copyright has expired.
[ link to this | view in thread ]
Re: There's an easy answer
But that doesn't address the two major problems with this: the betrayal of their own principles, and the fact that they're helping to guarantee that EME will be a part of the HTML standard.
[ link to this | view in thread ]
Book industry DRM
[ link to this | view in thread ]
Mozilla DRM
[ link to this | view in thread ]
Re:
It's understandable for a company that is in it to make a profit. Mozilla, however, is not supposed to be about that. They style themselves as defenders of a free and open internet. That they are willing to throw that under the bus to avoid taking a hit in terms of market share is just hypocrisy.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Actually, not all of the book industry is doing this. Baen has always offered DRM free content from authors who write excellent science fiction.
[ link to this | view in thread ]
Back to work.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
For everyone's sake, you need to take some English classes. Theft is not defined the way you seem to think it is. DRM only affects anyone with DRM-containing content. Believe it or not, kiddie, there are actually people who pay for things, then get the DRM-free version so they can actually use and enjoy what they paid for. Claiming that people of any given age have no clue what they're talking about, and then claiming that DRM doesn't prevent anything, simply makes it clear that you have no clue. Try harder.
[ link to this | view in thread ]
Re: Back to work.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
At some point consumers need to say enough, no more and mean it. Do you think Netflix would keep pursuing this system if a large portion of their subscriber base cancelled the service specifically because of this reason?
Everyone likes to talk about how this and that DRM are crap and horrible... but how many are willing to stop paying them money to make it clear it is not acceptable?
We are allowing 1 industry unheard of control over everything to appease them. No matter how much we give up and accept from them, it is never enough. They want the impossible, and we keep humoring them instead of saying enough we're done.
How much more are we willing to give up to appease groups who have expanded their rights well beyond what was ever imagined or intended? If a car maker demanded that we all had to use only 1 brand of tire to protect their "rights", there would be dramatic backlash... why are we so freaking meek to a group who create entertainment, gets the full price and still demands the right to control over how, where, when you are allowed to use what they sold you.
It is time to stop shielding them from the reality that what they are doing is unacceptable, and we will no longer pay them if they continue the same course. They understand when they stop making money, and we should use this to finally get their attention and get change.
[ link to this | view in thread ]
Re: Re: Well, it could be worse
[ link to this | view in thread ]
I imagine a similar situation would occur if Firefox were my main, I actually cared about Netflix and Netflix didn't work on Firefox; something not-Firefox for Netflix and Firefox for everything else.
[ link to this | view in thread ]
Re: Re: Back to work.
[ link to this | view in thread ]
Re: Anonymous Coward
There is, it's called Pale Moon.
I started using this web browser after Firefox started that crap with the ads in the tabs. It's based on Firefox and all of my add-ons transfered over. Been happy ever since.
[ link to this | view in thread ]
I need a new web browser
Now I'll have to find a new web browser that doesn't support DRM or HTML5, and get everyone to switch to it to protest DRM.
[ link to this | view in thread ]
Re:
It used to be. With this change, they can no longer honestly make that claim. That's too bad, because being open source is what made a lot of people choose it over other browsers. Firefox will no longer have that going for it.
[ link to this | view in thread ]
Fork
[ link to this | view in thread ]