Tim Berners-Lee Sells Out His Creation: Officially Supports DRM In HTML
from the this-is-bad dept
For years now, we've discussed the various problems with the push (led by the MPAA, but with some help from Netflix) to officially add DRM to the HTML 5 standard. Now, some will quibble with even that description, as supporters of this proposal insist that it's not actually adding DRM, but rather this "Encrypted Media Extensions" (EME) is merely just a system by which DRM might be implemented, but that's a bunch of semantic hogwash. EME is bringing DRM directly into HTML and killing the dream of a truly open internet. Instead, we get a functionally broken internet. Despite widespread protests and concerns about this, W3C boss (and inventor of the Web), Tim Berners-Lee, has signed off on the proposal. Of course, given the years of criticism over this, that signoff has come with a long and detailed defense of the decision... along with a tiny opening to stop it.
There are many issues underlying this decision, but there are two key ones that we want to discuss here: whether EME is necessary at all and whether or not the W3C should have included a special protection for security researchers.
First, the question of whether or not EME even needs to be in HTML at all. Many -- even those who dislike DRM -- have argued that it was kind of necessary. The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5. However, this argument rests on the assumption that the web needs those content producers more than those content producers need the web -- and I'm not convinced that's an accurate portrayal of reality. It is fair to note that, especially with the rise of smart devices from phones to tablets to TVs, you could envision a world in which the big content producers "abandoned" the web and only put their content in proprietary DRM'd apps. And maybe that does happen. But my response to that is... so what? Let them make that decision and perhaps the web itself is a better place. And plenty of other, smarter, more innovative content producers can jump in and fill the gaps, providing all sorts of cool content that doesn't require DRM, until those with outdated views realize they're missing out. Separately, I tend to agree with Cory Doctorow's long-held view that DRM is an attack on basic computing principles -- one that sets up the user as a threat, rather than the person who owns the computer in question. That twisted setup leads to bad outcomes that create harm. That view, however, is clearly not in the majority, and many people admitted it was a foregone conclusion that some form of EME would move forward.
The second issue is much more problematic. A bunch of W3C members had made a clear proposal that if EME is included, there should be a covenant that W3C members will not sue security researchers under Section 1201 of the DMCA should they crack any DRM. There is no reason not to support this. Security researchers should be encouraged to be searching for vulnerabilities in DRM and encryption in order to better protect us all. And, yet, for reasons that no one can quite understand, the W3C has rejected multiple versions of this proposal, often with little discussion or explanation. The final decision from Tim Berners-Lee on this is basically "sure a covenant not to sue would have been nice, and we think companies shouldn't sue, but... since this wasn't raised at the very beginning, we're not supporting it":
We recommend organizations involved in DRM and EME implementations ensure proper security and privacy protection of their users. We also recommend that such organizations not use the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) and similar laws around the world to prevent security and privacy research on the specification or on implementations. We invite them to adopt the proposed best practices for security guidelines [7] (or some variation), intended to protect security and privacy researchers. Others might advocate for protection in public policy fora – an area that is outside the scope of W3C which is a technical standards organization. In addition, the prohibition on "circumvention" of technical measures to protect copyright is broader than copyright law's protections against infringement, and it is not our intent to provide a technical hook for those paracopyright provisions.
Given that there was strong support to initially charter this work (without any mention of a covenant) and continued support to successfully provide a specification that meets the technical requirements that were presented, the Director did not feel it appropriate that the request for a covenant from a minority of Members should block the work the Working Group did to develop the specification that they were chartered to develop. Accordingly the Director overruled these objections.
This is unfortunate. What's bizarre is that the supporters of DRM basically refuse to discuss any of this. Even just a few days ago, the Center for Democracy and Technology proposed a last-ditch "very narrow" compromise to protect a limited set of security and privacy researchers (just those examining implementations of w3C specifications for privacy and security flaws.) Netflix flat out rejected this compromise saying that it's "similar to the proposal" that was made a year ago. Even though it's not. It was more narrowly focused and designed to respond to whatever concerns Netflix and others had.
The problem here seemed to be that Netflix and the MPAA realized that they had enough power to push this through without needing to protect security researchers, and just decided "we can do it, so fuck it, let's do it." And Tim Berners-Lee -- who had the ability to block it -- caved in and let it happen. The whole thing is a travesty.
Corry Doctorow has a thorough and detailed response to the W3C's decision that pushes back on many of the claims that the W3C and Berners-Lee have made in support of this decision. Here's just part of it:
We're dismayed to see the W3C literally overrule the concerns of its public interest members, security experts, accessibility members and innovative startup members, putting the institution's thumb on the scales for the large incumbents that dominate the web, ensuring that dominance lasts forever.
This will break people, companies, and projects, and it will be technologists and their lawyers, including the EFF, who will be the ones who'll have to pick up the pieces. We've seen what happens when people and small startups face the wrath of giant corporations whose ire they've aroused. We've seen those people bankrupted, jailed, and personally destroyed.
This was a bad decision done badly, and Tim Berners-Lee, the MPAA and Netflix should be ashamed. The MPAA breaking the open internet I can understand. It's what that organization has wanted to do for over a decade. But Netflix should be a supporter of the open internet, rather than an out and out detractor.
As Cory notes in his post, there is an appeals process, but it's never been used before. The EFF and others are exploring it now, but it's a hail mary process at this point. What a shame.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: circumvention, copyright, dmca, drm, eme, html, html 5, research, security, tim berners-lee
Companies: mpaa, netflix, w3c
Reader Comments
The First Word
“Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
When has any form of DRM ever not had bugs? When has any form of DRM ever worked 100% consistently? When has any form of DRM never been cracked?
DRM cedes control of some part of your device to an outside party. It opens up your device to whatever holes can be exploited by malicious actors who have cracked the DRM and weaponized whatever holes they can create. I fail to see how opening up your device to that sort of security risk outweighs the benefits of being able to watch Netflix—especially since you can already watch Netflix without any extra DRM.
Subscribe: RSS
View by: Time | Thread
Disappointing, but unfortunately entirely expected.
Of course, the ideal solution is to fix this as a matter of law, which EFF is also working on.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
What I've seen from them has been purely "defensive". It's good, but we could use some offense too--like a proposal to make it a crime to interfere with fair use. Leave DRM technically legal, as long as the implementors figure out the "magic" way to block only illegal uses of the copyrighted material.
[ link to this | view in chronology ]
Re:
1) Laws are not global, while the web is. At best you'll end up with competing laws all over the place which is already a mess with existing standards. Adding another layer won't make that better.
2) Lawmakers in many -- perhaps most -- countries seem to be firmly in the pockets of the people pushing DRM. That is, you're more likely to see "DMCAv2.0 now with even more consumer rights destruction!" than you are to see a pro-consumer law. Not that the latter _couldn't_ happen, but its not the most likely outcome should politicians start digging their hands into the situation.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: Stealing?
If I want to convert a file so it can play on a device of mine I should be allowed to do so, I don't see why I should be beholden to using a set of approved devices just so I can do that.
DRM has been shown time and time again not to work and if anything have a bigger impact for legimate customers where as pirates get a better experience. (https://arstechnica.co.uk/gaming/2017/06/rime-denuvo-cracked-faster/)
Also as has been said elsewhere DRM will section off a part of your system which you will no longer have control over, part of which will be your browser, given the issues with browser exploits being used to turn machines in to drones for botnets, take over the brower experience or do download more nefarious things such as Cryptoware I would rather these not be locked in to a DRM safe zone where I can't remove them or prevent them in the first place, just for a minute, think of the damage that could be done if some malicious code were to be in some advert as they are now, but this time it's protected by DRM so your AV, Malware protection or whatever can't see or stop it, just think of the damage this could do wide scale.
[ link to this | view in chronology ]
Convert what file?
There certainly ARE arguments against web-based DRM, but the "I want control in perpetuity over the content I paid for" isn't one of them.
[ link to this | view in chronology ]
Re: Convert what file?
The other things I mentioned about the likes of the brower being in a DRM enviroment where code is downloaded and run without your control or intervention opens you up to many many risks.
[ link to this | view in chronology ]
time to go make another browser and give freely and opensourced to everyone
VERY DISAPPOINTED
[ link to this | view in chronology ]
Re: time to go make another browser and give freely and opensourced to everyone
[ link to this | view in chronology ]
Re: time to go make another browser and give freely and opensourced to everyone
And as someone who uses the descendant of communicator, i thank you and everyone else who helped make that code open source.
[ link to this | view in chronology ]
Time to Freeze Out the w3c
We need an early 2000s Mozilla to shake up the web and rescue it from this time the w3c and their corporate overlords (Hollywood).
[ link to this | view in chronology ]
Re: Time to Freeze Out the w3c
http://www.zdnet.com/article/mozilla-strikes-firefox-search-deal-with-yahoo-ending-long-partners hip-with-google/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Betting pool time
[ link to this | view in chronology ]
Re: Betting pool time
Essentially, the "breakable" parts are still proprietary and not part of the standard. The only required "encryption" scheme the standard outlines is cleartext, which doesn't really take a lot of work to crack. Beyond that, its still up to each DRM provider to come up with their own actual encryption method -- they just have to build it in a way that works with the newly defined protocol/APIs.
[ link to this | view in chronology ]
What part of "if they want to control what you can access, they benefit more than you" still isn't clear?
It is difficult to get a man to understand something, when his salary depends upon his not understanding it! - U Sinclair
[ link to this | view in chronology ]
Re:
But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.
[ link to this | view in chronology ]
Re: Re:
In any case, even if DRM is incorporated into HTML standards, it doesn't mean I will use it. If the content I wish to consume isn't around where I can consume it as I would like, I'll do without it.
Worse in my opinion, are licensed text books. One I was needing for a refresher cost $2,000 for a 1 year license. After that, you couldn't read the book without purchasing another license.
[ link to this | view in chronology ]
Re: Re: Re:
His words strike me more as "Oh, well, do what you want. You will anyway." than a full voiced roar of approval.
If he was really against it and thought that his opposition wouldn't have mattered then he should have been openly against it anyway. 'You might be able to push this through despite me, but you won't get my approval or agreement while you do it.'
That I imagine people could have respected, but his current stance of, if not agreement with the proposed inclusion of EME then at the very least an indifferent position towards it? Not so much.
[ link to this | view in chronology ]
Re: Re: Re:
The problem is that unless your browser does not incorporate support, or that support can be turned off, you have no choice in whether or not a module is loaded and run on your computer. Also, unfortunately I can see advertisers jumping on this to 'protect' their adds by increasing their ability to track people around the Internet.
[ link to this | view in chronology ]
Re: Re: Re: Re:
If you're using a browser where it can't be turned off, and whose source code you can't modify, you've already agreed to give up control. As long as source is available, someone will release a non-DRM version. Many Linux distributions like Debian and Fedora have policies against non-free software, so they'll pretty much have to disable it if they're going to ship the browser.
[ link to this | view in chronology ]
Re: Re:
But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.
To be fair... there have been some quiet murmurs and rumblings and rumors that... his salary kinda does depend on this. That is, the W3C, as currently structured costs a fair bit of money and at times it's been a bit hard up in finding enough support. Along come the likes of the MPAA, willing to be paying members... and things are more stable magically. So... without EME in DRM, the W3C might lose paying members like the MPAA and that might make it more difficult for it to stay in operation (at least at its current levels).
That, at least, is the story I've heard from a few people, but it may be somewhat exaggerated.
[ link to this | view in chronology ]
Re: Re: Re:
If Tim were fired for taking a moral stand, it would be great for his reputation and potentially disastrous for the W3C's. He would have absolutely no trouble finding another well-paying job.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Tim doesn't have it in him.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The only question was "When?".
[ link to this | view in chronology ]
Looking for a leader
[ link to this | view in chronology ]
Re: Looking for a leader
There are plenty of other browsers. But nobody uses them.
[ link to this | view in chronology ]
Re: Re: Looking for a leader
I do understand that 'some equality' is possibly difficult or impossible to overcome. And for me, it has to run on Linux, yet another burden.
[ link to this | view in chronology ]
Re: Re: Re: Looking for a leader
If you want to use Icecat, my hat's off to you. But you're going to have trouble convincing most people to join you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Looking for a leader
I have my own sources for video and music and books (using OpenElec for video and music and Open Reader (Android) for reading), and have not violated any laws in my collecting these (recording off the air is not illegal). If I cannot get it legally, I don't view, listen, or read. At the same time I don't think there is anything wrong with torrents, there is nothing out there that I might want to watch, listen to, or read, that I cannot get from the library for the same cost to me. The hysteria of the copyright middlemen is out of control, but it hasn't stopped me, and won't, though I may miss out on some new content, again, so what.
Could I live just re-reading Shakespeare or other public domain works for the rest of my life? It might just take me that long to actually understand all that was said. Much of it is quite deep. But I do look for entertainment, even if it is just background noise to some degree, and not nearly as deep.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Looking for a leader
I understand, and, like I said, my hat's off to you. I'm just saying that most people have a different set of priorities than you do, and I can't see a path to a browser advertising itself as EME-free and getting more pickup that way until some kind of crisis occurs -- some EME implementation has a major data leak, or there's a major security compromise, or becomes associated with major performance/stability/battery issues, or something along those lines.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Looking for a leader
I know since we're talking about DRM, it's really easy to support Firefox and Chrome ignoring EME, but if we leave it up to the browsers, we'll have another IE6 fiasco all over again. Protocols and standards (especially open ones) have been beneficial to the internet's growth and I support them wholeheartedly, but the browsers should not be deciding this. Otherwise, what's the point of having and agreeing to a protocol at all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Looking for a leader
[ link to this | view in chronology ]
Re: Re: Looking for a leader
"Speed thrills."
[bear in mind, my first browser was NCSA Mosaic on SCO V, before it became Netscape...]
[ link to this | view in chronology ]
Re: Looking for a leader
You can turn it off in Firefox, at least, though you'd still be using a browser written by people who sold you out.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Section 1201
I can see one: it's been said that strict enforcement of a law is the quickest way to turn people against it. If people know that DRM is going to fuck them, going to be insecure because security researchers would be sued into oblivion for looking at it, perhaps they'll be more likely to resist it. I say if the W3C is going to support DRM, let them support the most horrible user-hostile DRM imaginable.
Nope, let's not help the DRM purveyors "improve" their DRM. And since they're not acting in good faith with regards to the public—they're writing DRM after all—they shouldn't expect good faith from security researchers.
[ link to this | view in chronology ]
Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
But "free as in beer" or advertising supported as Youtube is pretty much proven to not work. Doesn't look as though even Youtube is actually gaining money, but is subsidized. And its "stars" are literally killing themselves off now, so the future of homemade looks bleak. Youtube would collapse without the underlying support of content stolen from major producers. One can only stand Youtube amateurs like "Stevie Ryan" (who recently committed suicide, only reason I know name), until wanting professional (meaning large high-skill, high-cost team) drama, or at least BIG 'splosions, robots, super-heroes, and car chases.
Anyhoo, you say that wider use of specialized DRM would be okay, so why quibble about it in the new telescreen -- I mean HTML5 spec?
Will everyone be required to use this DRM? No, don't see how. Surely still be able to take video from your own gadget while girlfriend shoots through a book with 50 cal from a Desert Eagle -- another Darwin award winner who was doing it for Youtube -- now, that's entertainment -- and put it where anyone can download.
This is another version of your usual outrage that someone who made content has ability to control it and exclusively them get money from it.
You've been writing this same schtick for how many years now? Aren't you the least little bit dismayed that exactly none of the changes you foresaw with Napster, of FREE as in beer content everywhere on the net, are in place?
[ link to this | view in chronology ]
Re:
So... anyone with a computer then. Judging from your ability to post here, that includes you.
How existential can you get?
[ link to this | view in chronology ]
Re:
By this logic, anyone who fancies themselves a “content producer” can refer to the hundreds of millions of people who own or operate a smartphone, DVR, tablet, or personal computer as “enemies”. How does that make any goddamn sense to you?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: "Any person having a gadget which can copy IS an enemy of those who produce content"
Wait, not "anyone who copies copyrighted works", but "anyone who has a device which could copy"?
[ link to this | view in chronology ]
Re: Re: "Any person having a gadget which can copy IS an enemy of those who produce content"
Yes, absolutely, if we're referring to the opinion of the "big copyright" content producers. See Sony v. Universal where they tried to kill the VCR, or Digital Audio Tape which they successfully killed.
Of course, essentially all "content" is copyrighted and nearly everyone produces it these days.
[ link to this | view in chronology ]
Research exemtpions
Also, I'm morbidly curious as to your thoughts on there being no exemption for security researchers which would ensure that they won't get sued.
[ link to this | view in chronology ]
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
[ link to this | view in chronology ]
Re: Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
[ link to this | view in chronology ]
Re: Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
[ link to this | view in chronology ]
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
[ link to this | view in chronology ]
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
You obviously do not understand how DRM will work, the DRM owner will be the publisher, and take control, via copyright assignment,or work for hire contracts, of creators works before wrapping them in DRM. In other words DRM is a means whereby the middlemen can gain control of works created by other to their great profit, with a few crumbs given to the selected creators that they publish.
[ link to this | view in chronology ]
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
it's the only schtick he has. Pretty sad, actually.
[ link to this | view in chronology ]
Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.
Also, on Youtube not gaining money and being subsidized, got a source for that? Pretty sure it wouldn't exist if it wasn't making money on its own.
[ link to this | view in chronology ]
"I'll take my ball and go home, you just watch me!"
The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5.
Definitely going to agree with the response to this in the article: So what?
If companies want to cut themselves off from such an amazing resource as the internet because they didn't get to have their DRM to 'protect' them baked into the core standard then let them leave, there are countless people and companies that would happily replace them. I imagine that much like those that threatened Google only to be de-listed as a result they'd come crawling back inside a month, after realizing that the only people they screwed over with their actions was them.
The proper response to someone throwing a tantrum and tossing out 'ultimatums' like that isn't to cave in, it's to call their bluff and refuse to give them what they want.
[ link to this | view in chronology ]
Re: "I'll take my ball and go home, you just watch me!"
It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.
But you're right that the correct response would have been to call their bluff. Or, at the very least, pass the compromise to protect security researchers.
[ link to this | view in chronology ]
Re: Re: "I'll take my ball and go home, you just watch me!"
[ link to this | view in chronology ]
Re: Re: Re: "I'll take my ball and go home, you just watch me!"
Still, if the browser vendors didn't give in, someone would have to write and maintain those apps. As DRM is basically pollution, the public shouldn't be paying the costs and helping them spread it; instead we should make them pay as much as possible, and hope they'll change their mind
[ link to this | view in chronology ]
Re: Re: "I'll take my ball and go home, you just watch me!"
It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.
And watch their user/customer numbers take a not-insignificant hit as suddenly people found themselves needing to deal with a half a dozen or more different things in order to get what they had before. Make it too big of a hassle and I imagine more than a few would decide that they don't actually care enough to jump through the hoops and went elsewhere.
[ link to this | view in chronology ]
Re: Re: Re: "I'll take my ball and go home, you just watch me!"
On the one hand, phones and tablets have proven that people are fine with downloading an app that's just a fucking browser with most of its features stripped out that can only visit one website. On the other hand, it's a mistake to assume that people are willing to accept the same behavior from their desktops that they are from their phones. (And that mistake is called Windows 8.)
[ link to this | view in chronology ]
Re: Re: "I'll take my ball and go home, you just watch me!"
You mean like how they're instead walling off their content behind the inappropriately endorsed DRM provided by EME? Either way, the content's not properly accessible. If it's going to be inaccessible either way, I'd rather my browser not be carrying around EME code that security researchers cannot legally investigate to see how badly written it is.
[ link to this | view in chronology ]
Re: It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.
Before the Internet, there were the proprietary dialup services, e.g. Compuserve, Prodigy etc. They had content available nowhere else, and they charged accordingly. Where are they now?
Gone.
Then in the early days of the Web, several companies scoffed at the crude nature of HTML at the time, and put a lot of effort into their own proprietary, “superior” alternatives: remember Quark Immedia, or Microsoft’s Project Blackbird?
No, nobody else does either.
The lesson of history is clear: when it comes to a showdown between content and connectivity, connectivity wins. The Internet is all about connectivity. That’s why it wins.
[ link to this | view in chronology ]
I say, Good Riddance! Let them leave. The vacuum will fill up quickly. There are a ton of creative people that will rise from it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Of course DRM is absolutely necessary!
How are we going to have robust, free, P2P file sharing sites if the media monopoly mafia suddenly makes their paid services as easy to use as a well-seeded torrent?
I have Amazon Prime, a streaming and DVD subscription to Netflix, and a cable-like internet-based TV service.
Yet often I will download something I see is available on my streaming services, because I had to watch it at 7:47 PM when it started but I was watching something else, or just want to make sure there are no annoying "buffering" interruptions ... thank you Comcast!
Or I want to make sure I can see it --or see some part of it-- away from Wi-Fi access, or just repeat a scene because I didn't hear it well (high-frequency hearing loss is a common side effect of the chemotherapy drug cisplatinum, but it beats the hell out of being dead).
People say it's "stealing" but I've already paid to watch it. All I'm doing is time-shifting and creating a reasonable accommodation for my physical limitations, given that I survived cancer and have gotten so old I'm on Medicare.
My one difference with Tim Berners-Lee is that he shouldn't allow it in HTML, because soon enough people will break it and then all you've done is junked up the protocol with tech that will be deprecated before the year is out.
Much better to let the media mafia stream it in an encrypted stream, and that way you can charge people for using an app at the client end to decode it (sort of like a virtual cable box). That way you can pay the app rental every month to remind you how fortunate you are that this monopoly has condescended to let you be their customer.
Sp promote free (as in freedom, even if it's also free like free beer) video on the internet by letting the media mafiosi cut off their own heads and hold them up to show there are no brains in there.
[ link to this | view in chronology ]
That seems like a pretty clear message. The web browser horse is getting old. We need a fresh pony for the new race.
The only thing I can see that can cut deeply into this, media horror show, is to decentralize onto protocols that will enable you to regain control.
The Web is tough act to follow and, ho boy, good times, but we got to move on.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Consumers are paying them to.
[ link to this | view in chronology ]
Re:
There are a couple of reasons.
One is that they're lying about the purpose of DRM. It's not to prevent copyright infringement; it's to prop up middlemen, and allow them to use DRM -- its legal implications, not its technical ones -- to lock customers into a monopoly and wholesalers into a monopsony.
Another is best described in Cory Doctorow's 2012 article, With A Little Help: Digital Lysenkoism. Basically, the engineers who write and support DRM know that shit doesn't work, but the bosses want it so the bosses get it.
[ link to this | view in chronology ]
We need new OS's
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Answer me this (everyone except Thad)
How does adding the provision of DRM to the html standard suddenly "break" anything? Can't sites that choose not to use DRM just keep going as always?
It's a serious quesiton, because the claims of "breaking" the internet always seem to come off as "taking away our free lunch". So I am open to hearing the real reasons why (without insults, thanks, it's a serious question).
[ link to this | view in chronology ]
Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Re: Answer me this (everyone except Thad)
However, you didn't answer the question: What of the existing internet is suddenly "broken" with the addition of a DRM layer to html5? What suddenly will not work anymore?
[ link to this | view in chronology ]
Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Answer me this (everyone except Thad)
One thing i haven't seen mentioned, but another important one, never mind what those providing DRM might do: It's and increased bugload and an increased attack surface.
For something that does not belong in HTML standards at all, it is an awkward bolted-on thing from the start. The increased code in implementing the "standard" adds further complexity, and therefore, bugs and vulnerabilities. And this at a time when browser extensions are becoming less useful for anything serious because the API model is "too vulnerable". So square those two things. Add to that the exposure EME adds, never minding the horrible awful problems and security holes any actual DRM plugin provides. (And which may be installed or downloaded and installed silently.)
If I want to run your service, and you demand DRM, then provide me an installer or whatever. There is no particular use in it being a web "standard" - which will fluctuate and require constant fixes and updates, rendering previous browser versions (and probably OSes) "obsolete" by DRM standards, once they all figure out how crap their standard and implementations are in the real world. Whether it is because it breaks other things, introduces grave vulnerabilities, or because people will keep breaking their DRM. The EME spec will never be enough. Watch it "evolve" faster than any other part of W3C standards ever.
Also, you seem to think everyone who ever has a problem with any of these things does so because they want to infringe content. That's your problem. There are people with copyright concerns i can take seriously, and those who i cannot, and it is fairly clear why they have a concern: Either they want to have some comfort they will make a living from their hard work, or they are abusers or corporations that make an exorbitant living off other people's hard work while usually paying the creator little or nothing. That is, some have concerns in good faith, while others do not. Can you for a moment just imagine that at least some people who have issues with copyright and protections schemes have these concerns in good faith? People would engage more constructively with you. Unless you don't operate in good faith at all.
[ link to this | view in chronology ]
Re: Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Re: Re: Answer me this (everyone except Thad)
Much like disabling Flash, if you were to disable that DRM, you would disable everything that requires you to run said DRM. Disabling the DRM module that would allow you to watch Netflix, for example, would disable your access to Netflix. At that point you would have a rather hard decision to make: Run the DRM and watch Netflix in a compromised browser, or run a browser without any DRM modules installed and never watch Netflix again.
[ link to this | view in chronology ]
Re: Re: Re: Re: Answer me this (everyone except Thad)
Its your choice.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
You would compromise your broswer every time you run the DRM. Which would you rather have: the most secure browser possible, or a browser that you personally open up to attack each time you want to watch some Netflix?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
You also make tge assumption that Netflix wants to sonehow infect your machine. Seems hopelessly paranoid.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Netflix would not be the problem. The DRM used by Netflix—DRM that might have security holes which could not be disclosed or even discovered by security researchers—would be the problem. And as others above have said, “apps” for services such as Netflix are actually one-site-only browsers customized for that service.
Which would you rather have: a browser that lessens your chances of a malware attack, or a browser that leaves your device open to malware by way of ineffective, shoddily-written, easily-cracked DRM that cedes control over part of your computer to the people who own and operate that DRM?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Not really useful.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
When has any form of DRM ever not had bugs? When has any form of DRM ever worked 100% consistently? When has any form of DRM never been cracked?
DRM cedes control of some part of your device to an outside party. It opens up your device to whatever holes can be exploited by malicious actors who have cracked the DRM and weaponized whatever holes they can create. I fail to see how opening up your device to that sort of security risk outweighs the benefits of being able to watch Netflix—especially since you can already watch Netflix without any extra DRM.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Thats just fear mongering.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
UNIX’s bugs can be researched and disclosed and fixed in a timely manner. No one has yet said the same about any DRM cooked into HTML5. And even if someone did, that assurance would still not explain why HTML5 needs DRM—especially when no DRM system has ever been effective in stopping piracy.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
UNIX’s bugs can be researched and disclosed and fixed in a timely manner. No one has yet said the same about any DRM cooked into HTML5.
Especially given the refusal to provide an exception to security researchers that might otherwise find bugs in the DRM so they can be fixed. Without that explicitly spelled out any researcher is risking legal action if they try to pick apart the DRM in order to look for any bugs or exploits that could cause problems and/or be used by more nefarious individuals.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Yes, and the framework will be built into every Internet browser possible so that they all keep up with the same HTML5 standard. Only a relative handful of total Internet users will ever use a “non-compliant” browser. The rest of the Internet will use a browser that has those standards built into the code.
And if the DRM framework can be exploited, it will be exploited. So on top of being ineffective at stopping piracy, it will also open up millions of devices to hostile attacks from malicious actors. Why would you think any browser developer would want to make their browser less safe?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Seriously, a single framework is generally a whole lot better than piecemeal creation and re-creation of unchecked and untested individual hacks to get DRM to "work". By your logic, everything beyond the basic html 1.0 tags is too exotic and risky to use.
To use the techdirt phrase, you appear to be freaking out over DRM.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
If you are worried about exploits, don't use the internet.
That's as nonsensical as saying 'If you're worried about car safety, don't drive'. It is entirely possible to point out that a planned change is unneeded and/or likely to be detrimental without jumping to the extreme of abandoning what's to be changed entirely.
The amount of code you have to use just to view this page, there is likely some bug in there somewhere that could delete your entire hard drive!
... And cause your car to explode, your house to catch fire, and a hurricane to flatten your town, don't forget those 'possible side-effects' too.
That there's already a lot of code involved in a 'simple' page does not mean adding more code, code designed to make it easier to add in additional code specifically designed to take away control of your browser to varying degrees magically becomes no big deal.
Seriously, a single framework is generally a whole lot better than piecemeal creation and re-creation of unchecked and untested individual hacks to get DRM to "work".
Well there's your problem/misconception: Unless your goal is to screw over paying customers and/or make things worse for them, DRM has not, and likely never will, 'work'. That browsers will have an easy way to add in any number of different takes on it is not likely to change that, but it is likely to result in even more companies/sites jumping on the 'let's screw our customers/visitors with DRM' bandwagon and spread the 'joy' of DRM even further.
By your logic, everything beyond the basic html 1.0 tags is too exotic and risky to use.
No, because his logic isn't 'code is code, and more is bad', that's all on you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
The truth is you consider DRM to be some sort of death sentence for the internet. Yet, I haven't seen or read anything here that explains it. Rather than going off on a soft of general "DRM sucks" rant, can you perhaps explain what specifically you think is suddenly going to break if DRM is (optionally) available to be supported in the HTML5 standards, no different from a whatever is currently replacing flash?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Why would adding DRM into the HTML5 standard be a good thing?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Your objections seem entirely based on the theory that adding support for any extension in the HTML5 standards is a bad idea.
Again with that strawman? Seriously, if you're actually interested in a conversation stop strawmaning the positions of people that reply to you. Continuing to do so just indicates that you're not interested in an honest discussion, despite any claims to the contrary, and as such it's a waste of time to respond to you.
'Any' extension? No, if something is being added for a good reason, like to make things more secure, and it can be properly vetting by people to check that it is secure then I wouldn't really have a problem with it.
Built-in support for extensions that cannot be vetted, that by design are intended to take control away from the user to varying degrees and that historically have never worked and have screwed over legitimate customers while the ones intended to be hit carry on just fine? Yeah, that I have a problem with.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Ding ding ding.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
Yet he expects the only permitted solution for avoiding DRM exploits in HTML5 to be "don't use the Internet".
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Re: Answer me this (everyone except Thad)
I would also say that browsers, OSes, and various web serving platforms all have bugs and all need patching. You are way more likely to get a virus on your computer by opening a bad or fake PDF file. Should we ban PDFs?
Good faith means to me working with standards. Adding DRM in a standard implementation rather than a series of patches, installers, and bloatware that would work in an entirely different fashion for every website. The more variation you have at that level, the more likely that one or more of them will be a failure and will instead root kit your machine or open a back door so big... insert Ron Jeremy joke here.
So, beyond that, you still really didn't answer the question: What is suddenly "broken" if DRM is added to HTML? Remember, nobody is going to force web developers to use it. So what is suddenly magically broken?
[ link to this | view in chronology ]
Re: Re: Re: Answer me this (everyone except Thad)
The idea that everyone could agree to a single DRM standard.
[ link to this | view in chronology ]
Re: Re: Re: Re: Answer me this (everyone except Thad)
[ link to this | view in chronology ]
Re: Re: Re: Answer me this (everyone except Thad)
Besides which at heart DRM is incompatible with the user having any control over their own hardware, as otherwise screen recorders etc. will defeat it totally.
[ link to this | view in chronology ]
Re: Answer me this (everyone except Thad)
If it contributes nothing to the consumer's experience and actively makes it worse, it's called "breaking".
[ link to this | view in chronology ]
If you dont want unauthorised people viewing your shit, dont put it into the public stratosphere
Money dictating the privelaged few who can view every public arts if they so chose.......expanding the divide between those with a higher percentage of a nations/global wealth, and those that get by from paycheck to paycheck
Rich folk creating laws for rich folk, class systems havent gone away....they've just had a makeover
[ link to this | view in chronology ]
It's about time to start blocking port 80/443 and move to a new one.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
If he strongly opposed copyright I doubt he would support such a proposal.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
perhaps us guys that helped get communicator 5 out ought to gather up and SHOUT NO DRM
thing is of the 60 or so of us only like 20 were not companies or corporations....
funny part is i still ahve my complete copy of communicator 5
all way back the netscape 3 gold
firefox is getting less useful every day as i dont upgrade
g+ wont let me share my images no more
neither will facebook ( for people to download and use as they wish)
the entire web is walling itself off and im sick of it....
remember folks supporting facebook, google plus microsft and twitter are all now aligned with drm and the nsa and federal agencies that are dead set against anyone having freedom anymore on the net....they use the words terrorism when there are no cases terrorists use it(encryption) and in decade all the fun i had and friends i met will be walled off from me....and YOU.
I can see a time perhaps 5-10 after that when people jsut turn away form it cause its just the way everything in your commercials on cable are shoved at you that the promise of cable was there was not to be any....
i havent had cable tv since 96....
good luck everyone ....im old now and they want us all ot just die and go away ....
[ link to this | view in chronology ]
Re: perhaps us guys that helped get communicator 5 out ought to gather up and SHOUT NO DRM
[ link to this | view in chronology ]
Pragmatism, vs. folding up and crawling into a corner.
Others just want it to just work, and how much can we get from that?
I think they're both expecting more than they should be. Square pegs, round holes; nothing new here. If they wanted it to work their way, they should have built their own. They'll never be satisfied by a generic, provided, standards compliant version.
Dumbth.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]