United Airlines Requires You To Install Special Brand Of DRM To Watch Movies On Flights
from the yeah,-that's-not-happening dept
On Twitter yesterday, Brian Fitzpatrick, a tech entrepreneur, noted that while trying to enjoy the in-flight entertainment on the United Airlines flight he was taking, the in-flight Wi-Fi system told him he need to install its special brand of DRM. They didn't even try to sugarcoat it with some fancy confusing name. It's literally called the DRM plugin:Today in NOPE News: it's not "Okay" for @United to install DRM on my laptop. pic.twitter.com/kzUL2RqNDO
— Brian Fitzpatrick (@therealfitz) July 21, 2015Click 'Okay' to download the latest DRM Plugin.Fitzpatrick kindly sent me a bunch more screenshots and details. That little error message pops up -- along with other error messages -- when you go to watch a movie:
After installation playback should resume immediately,
if it doesn't then you may need to restart your browser.
Fitzpatrick also realized that if you don't have Flash (which is actually a good security practice) United will helpfully offer to install it for you as well:
At this point, United will provide lots of detailed instructions on how to install the DRM-you-never-wanted on your machine:
So, not only is United trying to install unnecessary and annoying DRM on your computer, it's also doing so in a way that it is recognized as being a security nightmare. That's encouraging.
In the interest of science, Fitzpatrick dug a little deeper and discovered that the "DRM plugin" in question is actually Panasonic's Marlin DRM -- something we actually wrote about years ago, as an attempt to create an "open source" DRM. Though, amusingly, Fitzpatrick notes that the DRM comes with strong copyright warnings itself:
This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Panasonic Avionics Corporation or its subsidiaries, affiliates, ad suppliers (collectively "PAC") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").How sweet. You need to abide by Panasonic's rules when you install its security nightmare of a DRM you didn't want, just to watch an in-flight movie.
And, really, after all this, people should be asking but why? What "threat" model requires United to force dangerous malware onto your computer? And the answer is likely that Hollywood requires it, because to Hollywood everything is a threat, and the idea that someone might be paying hundreds of dollars for flights and they might also then make a copy of a movie... well, that's just too much to handle, and they have to first ask you to break your computer and put all your data at risk. Isn't that sweet of Hollywood? Oh wait, no I didn't mean sweet. I meant insane.
I'm sure that United Airlines didn't think through much of this and the details when it agreed to these ridiculous terms. It just thought it was adding an option that sounded nice. Letting people have access to more entertainment options, including on their own devices sure sounds like a nice option for some passengers. But if it comes with forcing people to put their computers and information at risk, it gets problematic fast.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: drm, flash, in flight entertainment, marlin, marlin drm
Companies: united airlines
Reader Comments
The First Word
“You know there's a problem...
... when a website has to give the user detailed instructions on how to and disable the browser's security settings to watch a movie.Really, there's nothing wrong with our plug-in. Trust us, turn off your security settings.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Why I no longer fly United...
Also, United charges for each checked bag. Southwest? 2 free. Yes, each additional is $75USD extra, but heck, 2 check-in bags for free? Works for me!
[ link to this | view in chronology ]
Re: Why I no longer fly United...
To watch a movie during a Southwest, they made me install an app on my android device directly from their site (an APK file i'm supposed to simply trust) - and that app refused to run on my Cyanogenmod-laden android device.
Sounds like DRM to me.
All of this happened *AFTER* I entered the coupon code for a free in-flight movie that I received in the mail... and I wasn't able to use that coupon again.
At that point, I decided it was pointless to even bother complaining about it... now I just bring my own pre-ripped movies with me on my device so I can watch them at leisure.
I fly Southwest at least once every couple months, and sometimes twice a month.
[ link to this | view in chronology ]
Taking a page from the wrong book...
[ link to this | view in chronology ]
A nice distraction
That, and if you get hacked, it makes our ceo feel better about us getting hacked, since it happens to everyone. And we'd hat to make our ceo cry.
Thank you for helping us keep you safe!
*notice: unless you happen to have any sensitive information of your computer, and only until you get home anyway, at least we hope, really. But we are sure you don't and will be fine, just fine.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Not that the DRM scheme is of any use to the user.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Response to: Anonymous Coward on Jul 22nd, 2015 @ 10:05am
Malware: software that is intended to damage or disable computers and computer systems.
DRM is software that is intended to (unnecessarily) disable features on your computer. Therfore DRM = Malware.
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Jul 22nd, 2015 @ 10:05am
DRM is built on the idea of not trusting you (the user). I.e. it uses presumption of guilt to deploy some "measures" on your system (presumably to "protect" something from you, but in reality for who knows what). Since it's overstepping acceptable bounds by its nature with its policing approach (it violates your privacy since it runs on your personal computer and system), it should be treated as a security / privacy threat.
I.e. since it doesn't trust you and goes out of its way to mess up your system based on that, you should not trust it in return, since trust should depend on mutuality.Thus it can be called malware.
[ link to this | view in chronology ]
Re:
It requires you to install Flash, such a widely recognized security nightmare that Firefox blocks it and even Facebook's security chief wants Adobe to kill it off.
It's plugin uses NPAPI, "which is a security nightmare and is no longer supported in Chrome for security reasons."
In what way is "malware" not justified?
[ link to this | view in chronology ]
Re: Re:
All software has similar flaws--even Firefox.
[ link to this | view in chronology ]
Re: Re: Re:
It's that this is happening every few weeks for Flash. Yes, other software has flaws. But not like this. A new OS, maybe, but not an animation player.
[ link to this | view in chronology ]
Re: Re: Re:
The entire infrastructure and method of distributing these kinds of plugins (NPAPI) being used has been recognized as a security nightmare for years.
What NPAPI does is allow any random website that has something embedded that requires a plugin to point to any random location the website wants as a source to get that plugin. Depending on browser settings, it may download and install the plugin automatically, or pop up a window like what is described. The large majority of users will just click accept on the window. This is why Chrome does not allow it. Mozilla has greatly modified how it works in Firefox to only point to Mozilla's trusted plugin library. I believe Opera does not allow it either (they use something similar to Chrome).
United's solution to how to play video on someone's device looks identical to one of the most popular ways to spread malware from a decade ago - the "video codec plugin" scam.
[ link to this | view in chronology ]
Re: Re: Re:
...which was how long after Adobe was first aware of the issue? Which was major security issue number.. what... in the last few years? People are losing count. Add the resource hog nature and the fact that modern browsers have an alternative solution built in - why is this a necessary product to have? Regardless of the risk, it's an unnecessary one.
"All software has similar flaws--even Firefox."
Indeed. But nobody's ever tried demanding I have Firefox installed in order to do something - if I'm unhappy with the quality of the software, I use the solution I'm happy with.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
If you are presented with mystery-meat software like this, considering it malware by default is the correct thing to do.
[ link to this | view in chronology ]
Re: Re:
leaves open doors for malware from other sources. .pdf and flash both are common vectors for malware infection.
[ link to this | view in chronology ]
Really, Hollywood moans about piracy but they make a huge effort to turn anything other than pirating an incredibly annoying, intrusive and potentially expensive experience.
[ link to this | view in chronology ]
Re:
It's okay though, because they only do it to their valued, non-infringing, paid up customers who're doing what they can to comply with rightsholders' wishes. Anyone who tells them to go piss up a rope doesn't need to worry about it.
It's like they have the corporate version of suicidal tendencies.
[ link to this | view in chronology ]
I really like how the Chrome team is so concerned security and unwanted software, but yet Chrome itself comes with a forced installation of Google Updater, a program that installs without user permission, without even informing the user that it will be installed, which runs all the time in the background, which installs two new services, which makes about 200+ registry entries and which is a royal pain in the ass to get rid of.
Google claims that it will uninstall itself when you have no more Google software on your system. It was installed on my system when I mistakenly neglected to uncheck the option to install Chrome while updating my anti-virus (If Chrome is so great, why do so many other program try to trick you into installing it?). Although my firewall blocked the download and installation of Chrome, the updater was installer and I discovered it still happily running a month later. After manually removing the services, the files, running a registry cleaner and deleting a bunch of missed entries by hand, I still have two Google entries that I can't remove.
If the Chrome team is so dedicated to preventing malware installation, why don't they start with the malware that's included with Chrome itself?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
So it's OK to try and trick users into installing software that they may not want if it's in the name of protecting them?
[ link to this | view in chronology ]
Re: Re:
What's not OK, ever, is to sneakily install software.
[ link to this | view in chronology ]
Re: Re: Re:
Which is why I hate the practice of making the extra software opt-out and often making the options themselves quite small at the bottom of the page so that people can easily overlook them.
Many years ago, when the official DivX codec was actually still being used by people, their site originally provided a codec-only download. Then they started bundling it with the DivX player, which wasn't optional and which they forced users to install over many objections.
Finally, they started bundling the Google Toolbar with the download. Several people, myself included, had the toolbar install without ever seeing any notice that this would happen. The developers swore up and down that this was impossible. One user eventually figured out that the page in the installer that contained the Google Toolbar options didn't show up immediately when the Next button was clicked. Instead the previous page remained displayed for an additional five seconds or so, leading people to think that the click hadn't registered and so they would click again "agreeing" to the Toolbar page without ever having seen it. Of course the next page came up immediately. This was all posted to the official DivX forum. I personally verified that this is what was happening and also posted this on the forum. The only response was silence.
After a month or two and many more complaints of the Toolbar being installed without permission, one of the DivX developers "discovered" a "rare" condition that could result in the Google Toolbar options not being displayed for a "tiny percentage" of users. When I pointed out that this problem had already been documented by a user in their forum months ago and confirmed by others, I was told that THAT problem didn't exist and that THIS problem was completely different!
When I asked why they were even including the Google Toolbar (bundling third party software was a new idea at the time) in the first place, the developers insisted that it was just because they thought it was such a great piece of software that everyone should have it. I made a royal pain in the ass out of myself (hard to believe, I know!) over this and finally after a lot of nagging and arguing, they admitted that they were getting paid to include the Toolbar.
I've been against bundled software ever since. When I download a program I only want that program and nothing else. I won't even use a "download manager" as is required by many formerly respectable download sites. They promote such programs as being more reliable and faster than using the browser's download option. I already have a generic download manager/accelerator. Theirs is just a way to push advertising and other crap on the user.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The Chrome installer was included as part of the Avast antivirus update, which was obtained directly from Avast itself. It seems it's now perfectly OK for anti-virus companies to bundle unwanted software with their programs. I'd say it would be enough to make me switch, but pretty much everyone is doing this now. It's rare that you can download any piece of freeware today without it trying to get you to install something else.
Normally I'm careful to uncheck all such options, but in this particular case I was in a bit of a hurry and I neglected to uncheck the options for Google Chrome which were located at the bottom of the window and which were very unobtrusive so as to not be easily noticed. As soon as I clicked the Continue button, my firewall alerted me that the Chrome installer was trying to access the internet. I told it to block the installer and after several attempts, it finally gave up. I figured that the entire install had been averted, but about a month later I was looking in the Task Manager and I noticed that there was Google Updater process running.
Google doesn't provide any kind of removal tool for the updater and obviously the self-removal mechanism doesn't always work since it was still running even though I have absolutely no Google software on my system. I wasn't about to download and install Chrome just in the hope that uninstalling it would properly remove the Updater.
When Chrome first came out, I considered it just another browser that I might one day try. However after seeing how half the freeware programs on the net try to trick you into installing Chrome and how the Updater installed itself even when the main installation was blocked and continued to run for a month even though there was nothing on my system to update, I've vowed that no piece of Google software will ever touch my system.
[ link to this | view in chronology ]
Ummm
[ link to this | view in chronology ]
Re: Ummm
Firefox was the latest holdout on making this rendition official as part of HTML5, but eventually they gave in
https://blog.mozilla.org/blog/2015/05/12/update-on-digital-rights-management-and-firefox/
[ link to this | view in chronology ]
Re: Ummm
[ link to this | view in chronology ]
Strange marketing
[ link to this | view in chronology ]
To give them the benefit of the doubt, I'm sure someone at Universal realized this was problematic. Just maybe not someone in a decision-making role. Alternatively, someone in a decision-making role DID realize the problem here and thought "OK, so a few copyright wonks and security people on the Internet will freak out but 99% of our customers won't give a shit. They'll install whatever we ask and leave with fond memories of being able to watch Agents of SHIELD on their laptop on the flight".
Now that I re-read this, both of those options actually make United look worse than they did under Mike's theory. So much for giving them the benefit of the doubt.
[ link to this | view in chronology ]
Remember Sony's Rootkit DRM
see: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
[ link to this | view in chronology ]
Re: Remember Sony's Rootkit DRM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This comment is protected by DRM
If you do not accept this agreement, please reformat your hard drive to prevent unauthorized distribution of this comment.
[ link to this | view in chronology ]
Flash Drive Forest
A 20 gig flash drive can store hours of movies to watch without having some corporate entity install questionable software on your machine.
[ link to this | view in chronology ]
Not a problem for me.
Guardians Of The Galaxy 2014 1080p IMAX BRRip x264 DTS-JYK.mkv
[ link to this | view in chronology ]
Re: Not a problem for me.
[ link to this | view in chronology ]
Re: Re: Not a problem for me.
Idiot.
My computer, my file, open source media player -- under my control.
You go ahead and play Russian roulette with dodgy proprietary software if you like.
[ link to this | view in chronology ]
Re: Re: Re: Not a problem for me.
idiot.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Charming. Did you get that "word" from Wired?
More DRM (malware) encumbered, not worth a plugged nickel trash from Hollyweird? Naa. I'll just read a book, bought second hand or obtained from a library so I won't be supporting your master (or consequently, you). Sold many buggy whips lately? Have you stopped beating your wife yet?
[ link to this | view in chronology ]
And they never clean up...
Do they prompt the user to remove the DRM-software after the movie played?
I guess a lot of people would like to remove that piece of crap from their system once they find out their son/daughter installed it during flight...
[ link to this | view in chronology ]
Re: And they never clean up...
Change "people" to "employers" and "son/daughter" to "employee/contractor" and you have me. It's always been amusing to me that I'd ask my prospective client if I could use my own laptop on their network, and they refused every time, not wanting my machine to have a chance to screw up their network. So, I had to use a work supplied box. I couldn't care less what happened to that box. I'd happily click yes until the sun goes down on anything.
If they'd have let me use my own, I would have cared about security. Using theirs, I could rely on their wipe and re-image procedures.
That "no BYOD" policy makes sense for non-techs, but the opposite is true for techs.
[ link to this | view in chronology ]
Sir... sir? Ah yes, I'd like to purchase a couple of Internets please.
[ link to this | view in chronology ]
Shoot the Messenger
These Panasonic Aero systems have ALWAYS been software pieces of shit. Virtually everyone has been on a flight when these systems were required to be "rebooted" - which takes 15 or 20 minutes. They are built on the usual Microsoft bullshit subsystem. So it's no wonder they're worried about threats to the system.
Go after Panasonic. United is getting screwed along with the rest of us for relying on such a poor vendor.
[ link to this | view in chronology ]
Re: Shoot the Messenger
[ link to this | view in chronology ]
You know there's a problem...
Really, there's nothing wrong with our plug-in. Trust us, turn off your security settings.
[ link to this | view in chronology ]
Inflight Entertainment
I understand everyone has different opinions and we all like to have the luxury at the cheapest price, but when I look at it sometimes overall, as a flyer for over 40+ years, I think we should appreciate the people who transport us from one place to another place safely. I understand that there are so many issues, but imagine, these few things should not be disturbing us, but we should be thankful that they try their best to take us to our destinations safe. Whichever airlines it is is, I am not worried, but we should really give them Kudos to those pilots, the stewardess, from the time we checkin and all those people. Just a little appreciation would be always good.
We can bitch and complaint about several things that airlines do not do or offer, but SAFETY should be the first concern.
Thank you all just felt like writing it
[ link to this | view in chronology ]
Almost makes me think of the moment where I was going to buy in-flight Wifi from these guys for $5. I ended up using Google cache and AMP to read articles instead. Fun stuff.
[ link to this | view in chronology ]