Tim Berners-Lee Endorses DRM In HTML5, Offers Depressingly Weak Defense Of His Decision

from the welcome-to-the-locked-down-web dept

For the last four years, the Web has had to live with a festering wound: the threat of DRM being added to the HTML 5 standard in the form of Encrypted Media Extensions (EME). Here on Techdirt, we've written numerous posts explaining why this is a really stupid idea, as have many, many other people. Despite the clear evidence that EME will be harmful to just about everyone -- except the copyright companies, of course -- the inventor of the Web, and director of the W3C (World Wide Web Consortium), Sir Tim Berners-Lee, has just given his blessing to the idea:

The question which has been debated around the net is whether W3C should endorse the Encrypted Media Extensions (EME) standard which allows a web page to include encrypted content, by connecting an existing underlying Digital Rights Management (DRM) system in the underlying platform. Some people have protested "no", but in fact I decided the actual logical answer is "yes". As many people have been so fervent in their demonstrations, I feel I owe it to them to explain the logic.

He does so in a long, rather rambling post that signally fails to convince. Its main argument is defeatism: DRM exists, the DMCA exists, copyright exists, so we'll just have to go along with them:

could W3C make a stand and just because DRM is a bad thing for users, could just refuse to work on DRM and push back wherever they could on it? Well, that would again not have any effect, because the W3C is not a court or an enforcement agency. W3C is a place for people to talk, and forge consensus over great new technology for the web. Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited.

But there's a world of difference between recognizing that DRM exists, and giving it W3C's endorsement. Refusing to incorporate DRM in HTML5 would send a strong signal that it has no place in an open Internet, which would help other efforts to get rid of it completely. That's a realistic aim, for reasons that Berners-Lee himself mentions:

we have seen [the music] industry move consciously from a DRM-based model to an unencrypted model, where often the buyer's email address may be put in a watermark, but there is no DRM.

In other words, an industry that hitherto claimed that DRM was indispensable, has now moved to another approach that does not require it. The video industry could do exactly the same, and refusing to include EME in HTML5 would be a great way of encouraging them to do so. Instead, by making DRM an official part of the Web, Berners-Lee has almost guaranteed that companies will stick with it.

Aside from a fatalistic acceptance of DRM's inevitability, Berners-Lee's main argument seems to be that EME allows the user's privacy to be protected better than other approaches. That's a noble aim, but his reasoning doesn't stand up to scrutiny. He says:

If [video companies] put it on the web using EME, they will get to record that the user unlocked the movie. The browser though, in the EME system, can limit the amount of access the DRM code has, and can prevent it "phoning home" with more details. (The web page may also monitor and report on the user, but that can be detected and monitored as that code is not part of the "DRM blob")

In fact there are various ways that a Web page can identify and track a user. And if the content is being streamed, the company will inevitably know exactly what is being watched when, so Berners-Lee's argument that EME is better than a closed-source app, which could be used to profile a user, is not true. Moreover, harping on about the disadvantages of closed-source systems is disingenuous, since the DRM modules used with EME are all closed source.

Also deeply disappointing is Berners-Lee's failure to recognize the seriousness of the threat that EME represents to security researchers. The problem is that once DRM enters the equation, the DMCA comes into play, with heavy penalties for those who dare to reveal flaws, as the EFF explained two years ago. The EFF came up with a simple solution that would at least have limited the damage the DMCA inflicts here:

a binding promise that W3C members would have to sign as a condition of continuing the DRM work at the W3C, and once they do, they not be able to use the DMCA or laws like it to threaten security researchers.

Berners-Lee's support for this idea is feeble:

There is currently (2017-02) a related effort at W3C to encourage companies to set up "bug bounty" programs to the extent that at least they guarantee immunity from prosecution to security researchers who find and report bugs in their systems. While W3C can encourage this, it can only provide guidelines, and cannot change the law. I encourage those who think this is important to help find a common set of best practice guidelines which companies will agree to.

One of the biggest problems with the defense of his position is that Berners-Lee acknowledges only in passing one of the most serious threats that DRM in HTML5 represents to the open Web. Talking about concerns that DRM for videos could spread to text, he writes:

For books, yes this could be a problem, because there have been a large number of closed non-web devices which people are used to, and for which the publishers are used to using DRM. For many the physical devices have been replaced by apps, including DRM, on general purpose devices like closed phones or open computers. We can hope that the industry, in moving to a web model, will also give up DRM, but it isn't clear.

So he admits that EME may well be used for locking down e-book texts online. But there is no difference between an e-book text and a Web page, so Berners-Lee is tacitly admitting that DRM could be applied to basic Web pages. An EFF post spelt out what that would mean in practice:

A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today.

It's also totally different from the Web that Berners-Lee invented in 1989, and then generously gave away for the world to enjoy and develop. It's truly sad to see him acquiescing in a move that could destroy the very thing that made the Web such a wonderfully rich and universal medium -- its openness.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: drm, eme, html, html5, tim berners-lee
Companies: w3c

Why Won't W3C Carve Security Research Out Of Its DRM-In-HTML 5 Proposal?

from the questions-to-ponder dept

A few years back, we wrote a few stories about the unfortunate move by the W3C to embrace DRM as a part of the official HTML5 standard. It was doubly disappointing to then see Tim Berners-Lee defending this decision as well. All along this was nothing more than a focus by the legacy content providers to try to hinder perfectly legal uses and competition on the web by baking in damaging DRM systems. Even Mozilla, which held out the longest, eventually admitted that it had no choice but to support DRM, even if it felt bad about doing so.

There are, of course, many problems with DRM, and baking it directly into HTML5 raises a number of concerns. A major one: since the part of the DMCA (Section 1201) makes it infringing to merely get around any technological protection measure -- even if for perfectly legal reasons -- it creates massive chilling effects on security research. To try to deal with this, Cory Doctorow and the EFF offered up something of a compromise, asking the W3C to adopt a "non-aggression covenant," such that the W3C still gets its lame DRM, but that W3C members agree not to go after security researchers.

Who could possibly object to that? But, for whatever reason, the W3C still won't agree to it. Cory and the EFF are looking for security researchers to sign on to tell the W3C to get with the program and to protect security research. They've already got some great names signed on, but if you're in the security research field, please consider signing on as well. Or if you know people in the field, please send them to the EFF asking them to sign on as well.

Filed Under: drm, html5, security research
Companies: w3c

And Here We Go: Mozilla Felt Pressured Into Adopting DRM In HTML5

from the a-broken-system dept

We've written a few times about the unfortunate decision by the W3C to adopt DRM in HTML5 in an effort to keep Hollywood happy. While Tim Berners-Lee and others at W3C have tried to defend their reasons for doing so, they're all based on the faulty premise that somehow the internet needs Hollywood more than Hollywood needs the internet. The reverse is true, but Hollywood has convinced too many people of its own importance to the internet. Because of that -- along with the agreed-upon fact that today's plugin/extension system is a complete disaster from technological and security standpoints -- the W3C, pressured by a bunch of big companies, agreed to put DRM into the next generation of HTML (and don't buy their argument that it's not actually DRM -- the only purpose that Encrypted Media Extensions (EME) serves is to enable DRM).

Today there's a lot of discussion because Mozilla, makers of the popular (and open source) Firefox browser, have posted two separate blog posts about how they feel forced to adopt this DRM even though they hate basically everything about it. Mozilla's argument is not crazy. They're worried that by not adopting these standards, while all other browsers do, people will just shift to those other browsers. And beyond just losing market share, Mozilla has a point in noting that the way other browsers implement EME will be less secure than the way that Mozilla is doing it.

We have designed an implementation of the W3C EME specification that satisfies the requirements of the content industry while attempting to give users as much control and transparency as possible. Due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well. Mozilla selected Adobe to supply this CDM for Firefox because Adobe has contracts with major content providers that will allow Firefox to play restricted content via the Adobe CDM.

Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

Traditionally, to implement node-locking DRM systems collect identifiable information about the user's device and will refuse to play back the content if the content or the CDM are moved to a different device.

By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user's device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user's device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.

Mozilla is also making it opt-in -- so that everyone will have the choice to choose whether or not to activate the DRM implementation. Also, kudos to Mozilla for not taking the W3C path of pretending that EME isn't DRM. Mozilla is quite upfront that this is DRM and that they're uncomfortable with this. As Andreas Gal says:

we would much prefer a world and a Web without DRM...

But, Mozilla feels that users "need it to access content they want." Mitchell Baker similarly notes:

The new version of DRM uses the acronyms “EME” and “CDM.” At Mozilla we think this new implementation contains the same deep flaws as the old system. It doesn’t strike the correct balance between protecting individual people and protecting digital content. The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach.

Unfortunately, it appears that even though this is the case, Mozilla still believes that the internet needs Hollywood's locked up content more than Hollywood needs to adapt to the internet. That's too bad. Cory Doctorow has a very detailed discussion of why he thinks Mozilla made a mistake, while acknowledging all of the reasons why they did what they did. More importantly, he lists a number of additional things that Mozilla should do to improve the situation. I'll summarize those four things, because I agree wholeheartedly:

1. Protect security researchers: Thanks to the anti-circumvention provision of the DMCA, any security research into Adobe's DRM may be a form of infringement. As Cory notes, Mozilla should demand that Adobe issue a covenant not to sue security researchers or developers who find vulnerabilities.
2. Educate users: Teach everyone (including Hollywood, but mainly the public) why DRM is dangerous and harms security and privacy online. Personally, I'd add that Mozilla could also teach people why DRM is simply not necessary.
3. Research and publish the case for DRM: This goes back to the question of who really needs it. Hollywood thinks they do, but I don't think that's really true. As Cory says, Mozilla should look at the actual data to see if there truly is a use case for DRM.
4. Formulate and articulate a DRM policy: Basically don't make these kinds of decisions ad hoc -- but have a clear policy on how and when decisions like this get made.

For years, the music industry insisted it needed DRM, and folks like Apple catered to them -- and that actually just helped Apple have more power over the music industry. Finally, the music industry shed DRM and it had almost no impact. Today, the book industry has the same issue, demanding DRM... and basically handing market power to Amazon in providing that DRM. It's amazing that Hollywood still insists it needs DRM. It does not. Unfortunately, it by agreeing to implement DRM here, it means it will take much longer for Hollywood to learn this lesson.

Filed Under: drm, eme, firefox, hollywood, html5
Companies: mozilla

DRM In HTML5: What Is Tim Berners-Lee Thinking?

from the what-about-the-users? dept

Back in January, we reported on a truly stupid idea: making DRM an official aspect of HTML5. Things then went quiet, until a couple of weeks ago a post on a W3C mailing announced that the work was "in scope". An excellent post on the EFF's blog explains:

This means the controversial Encrypted Media Extensions (EME) proposal will continue to be part of that group's work product, and may be included in the W3C's HTML5.1 standard. If EME goes through to become part of a W3C recommendation, you can expect to hear DRM vendors, DRM-locked content providers like Netflix, and browser makers like Microsoft, Opera, and Google stating that they can now offer W3C standards compliant "content protection" for Web video.

The same post offers a chilling glimpse of where EME could take us:

A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's a Web where user agents – browsers -- must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the "Web" technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable.

Rather ironically, given the fact that EME may well lead to the official closing-down of much of the open Web, Tim Berners-Lee has recently written an article entitled "The many meanings of Open", which included the following section:

The W3C community is currently exploring Web technology that will strike a balance between the rights of creators and the rights of consumers. In this space in particular, W3C seeks to lower the overall proprietary footprint and increase overall interoperability, currently lacking in this area.

Techdirt readers will immediately recognize the framing here: people who use the Web are either active "creators" or passive "consumers". Since the needs and desires of those groups are in opposition, somehow they have to be "balanced". It's exactly how the copyright industry tries to present the online world as it demands rights there that can be used against the public as part of that "balance". It's curious to see Berners-Lee adopt this formulation to justify putting DRM into HTML5. The same thinking came up in a W3C blog post that Berners-Lee wrote around the same time:

So we put the user first, but different users have different preferences. Putting the user first doesn't help us to satisfy users' possibly incompatible wants: some Web users like to watch big-budget movies at home, some Web users like to experiment with code. The best solution will be one that satisfies all of them, and we're still looking for that. If we can't find that, we're looking for the solutions that do least harm to these and other expressed wants from users, authors, implementers, and others in the ecosystem.

Again, there is the idea that the desires of people who want an open Web -- the ones that want to "experiment", by examining the underlying HTML code, say -- and those who want to watch "big-budget movies at home", are somehow in opposition, and have to be "balanced". That's nonsense. The standards currently underlying the Web are open, with no direct support for DRM -- although companies can and do add it in various non-standard ways. And people are already able to watch films at home, so there is no need to destroy the open Web in order to make the latter possible. Elsewhere in the same post we learn perhaps the real reason why the Berners-Lee and the W3C want to take this step:

if content protection of some kind has to be used for videos, it is better for it to be discussed in the open at W3C, better for everyone to use an interoperable open standard as much as possible, and better for it to be framed in a browser which can be open source, and available on a general purpose computer rather than a special purpose box. Those are key arguments for the decision that this topic is in scope.

Leaving aside the dubious initial premise -- there is no evidence that DRM is necessary, and Apple's decision to drop it for music indicates quite the contrary -- this suggests that going along with demands for adding DRM to HTML5 is about the W3C's fear of becoming marginalized by Hollywood studios as they make more of their films available online.

Perhaps the W3C should worry less about its own position and more about the users it claims to put first. After all, the net effect of creating an official standard for interoperable DRM will be to make it easier for copyright companies to adopt it -- there won't even be the present barriers and friction caused by incompatible ad-hoc systems that might make them think twice about adding it. Instead, it is likely to become the default on most online products, placing more obstacles in the way of fair-use rights of users, particularly those who are visually-impaired, who will find it harder to access these materials at all if such DRM becomes commonplace.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: drm, html5, open, openness, tim berners-lee
Companies: w3c

The Fight Over DRM In HTML5 Should Represent The Last Stand For DRM

from the time-to-get-past-a-bad-idea dept

Back in January, we noted our disappointment with the news that there was a proposal underway to add DRM to HTML5 (called "Encrypted Media Extensions" or EME), backed by Microsoft, Netflix and Google. It was further disappointing to see web creator Tim Berners-Lee defend the proposal, saying that it was necessary or "people will just go back to using Flash." While the W3C has tried to defend this position by saying that it's not really about DRM -- and has said it will convene a group to "investigate how to keep the Web maximally open" -- there are still pretty big concerns about this proposal. And it seems quite clear that DRM and locking up content is at the heart of it.

Netflix, perhaps the biggest supporter of the proposal, has noted that it cannot support HTML5 until such support is added, and made it clear that the DRM part is what matters.

The video content we stream to customers is protected with Digital Rights Management (DRM). This is a requirement for any premium subscription video service. The Encrypted Media Extensions allow us to play protected video content in the browser by providing a standardized way for DRM systems to be used with the media element. For example, the specification identifies an encrypted stream format (Common Encryption for the ISO file format, using AES-128 counter mode) and defines how the DRM license challenge/response is handled, both in ways that are independent of any particular DRM. We need to continue to use DRM whether we use a browser plugin or the HTML5 media element, and these extensions make it possible for us to integrate with a variety of DRM systems that may be used by the browser.

This seems disingenuous. While Netflix and its studio partners may like DRM, there is no reason that it actually "is a requirement for any premium subscription video service." Lots of professional content and marketplaces work without DRM. Yes, some will copy, but most don't seem to bother. There is no reason that this needs to be built in, and there are many consequences for doing so.

A variety of groups are now speaking out in response to all of this and hitting back against the plan. The EFF's Peter Eckersley and Seth Schoen penned a detailed explanation for why this is a bad idea:

In the past two decades, there has been an ongoing struggle between two views of how Internet technology should work. One philosophy has been that the Web needs to be a universal ecosystem that is based on open standards and fully implementable on equal terms by anyone, anywhere, without permission or negotiation. This is the technological tradition that gave us HTML and HTTP in the first place, and epoch-defining innovations like wikis, search engines, blogs, webmail, applications written in JavaScript, repurposable online maps, and a hundred million specific websites that this paragraph is too short to list.

The other view has been represented by corporations that have tried to seize control of the Web with their own proprietary extensions. It has been represented by technologies like Adobe's Flash, Microsoft's Silverlight, and pushes by Apple, phone companies, and others toward highly restrictive new platforms. These technologies are intended to be available from a single source or to require permission for new implementations. Whenever these technologies have become popular, they have inflicted damage on the open ecosystems around them. Websites that depend on Flash or Silverlight typically can't be linked to properly, can't be indexed, can't be translated by machine, can't be accessed by users with disabilities, don't work on all devices, and pose security and privacy risks to their users. Platforms and devices that restrict their users inevitably prevent important innovations and hamper marketplace competition.

The EME proposal suffers from many of these problems because it explicitly abdicates responsibilty on compatibility issues and let web sites require specific proprietary third-party software or even special hardware and particular operating systems (all referred to under the generic name "content decryption modules", or CDMs, and none of them specified by EME). EME's authors keep saying that what CDMs are, and do, and where they come from is totally outside of the scope of EME, and that EME itself can't be thought of as DRM because not all CDMs are DRM systems. Yet if the client can't prove it's running the particular proprietary thing the site demands, and hence doesn't have an approved CDM, it can't render the site's content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place. W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. But EME is a proposal to bring exactly that dysfunctional dynamic into HTML5, even risking a return to the "bad old days, before the Web" of deliberately limited interoperability.

In response to all of this the Free Software Foundation and Defective by Design launched a campaign against DRM in HTML5, and last week delivered a petition to the W3C against the plan (though you can still sign the petition) and awarded the W3C "the best supporting role in The Hollyweb.

The simple fact is that DRM doesn't work and has tremendous unintended consequences that tend to harm legitimate buyers of works. It decreases their value while doing little to stop infringement. Lots of people have realized this for years, but it's true that many in copyright-heavy fields still live under the delusion that DRM actually does something useful. And, it might: the only thing that DRM effectively does is give legacy players a veto right on new and innovative technologies.

That's really not something the W3C should be supporting -- nor, frankly, is it something that Netflix, Google and Microsoft should be supporting.

Business models for content work just fine without DRM. It's time that the industries producing content finally recognize that. Music has mostly gotten there, but clearly the movie industry is still behind the times on this one. If HTML5 provides enough value without DRM, Netflix and others will figure out how to adopt it eventually. The benefits of using it will just be too powerful to avoid, even if some freak out about the lack of built-in DRM. The industry needs to get over its silly obsession with DRM and to move forward with more compelling technologies and innovation.

Filed Under: drm, html5
Companies: netflix

Disappointing: Tim Berners-Lee Defends DRM In HTML 5

from the he-should-know-better dept

We recently wrote about the truly stupid idea of building DRM into HTML5. At SXSW this week, web inventor Tim Berners-Lee was asked about this, and he surprisingly defended the decision, claiming that it was necessary to get companies to use HTML5:

During a post-talk Q&A, he defended proposals to add support for "digital rights management" usage restrictions to HTML5 as necessary to get more content on the open Web: "If we don't put the hooks for the use of DRM in, people will just go back to using Flash," he claimed.

Berners-Lee is so good on so many issues (most of his talk seemed to be about the importance of openness) that this response really stands out as not fitting with his general view of the world. Cory Doctorow has responded eloquently to TBL, explaining why he should be against the DRM proposal.

What's more, DRM is wholly ineffective at preventing copying. I suspect Berners-Lee knows this. When geeks downplay fears over DRM, they often say things like: "Well, I can get around it, and anyway, they'll come to their senses soon enough, since it doesn't work, right?" Whenever Berners-Lee tells the story of the Web's inception, he stresses that he was able to invent the Web without getting any permission. He uses this as a parable to explain the importance of an open and neutral Internet. But what he fails to understand is that DRM's entire purpose is to require permission to innovate.

For limiting copying is only the superficial reason for adding DRM to a technology. DRM fails completely at preventing copying, but it is brilliant at preventing innovation. That's because DRM is backstopped by anti-circumvention laws like the notorious US Digital Millennium Copyright Act of 1998 (DMCA) and the EU Copyright Directive of 2002 (EUCD), both of which make it a crime to compromise DRM, even if you're not breaking any other laws. Effectively, this means that you have to get permission from a DRM licensing authority to add any features, since all new features require removing DRM, and the DRM license terms prohibit adding any features not in the original agreement, and omitting any of the mandatory restrictions featured in that agreement.

Doctorow makes two other key points in this: (1) that the W3C (the standards setting body for HTML5) has an enormous role in keeping the web free and open -- and imposing DRM is abusing the trust it has built up and will backfire badly and (2) that the big content players who insist they "need" DRM are bluffing.

As the leading standards-setting body for the Web, the W3C has an enormous, sacred and significant trust. The future of the Web is the future of the world, because everything we do today involves the net and everything we'll do tomorrow will require it. Now it proposes to sell out that trust, on the grounds that Big Content will lock up its "content" in Flash if it doesn't get a veto over Web-innovation. That threat is a familiar one: the big studios promised to boycott US digital TV unless it got mandatory DRM. The US courts denied them this boon, and yet, digital TV continues (if only Ofcom and the BBC had heeded this example before they sold Britain out to the US studios on our own high-def digital TV standards).

Flash is already an also-ran. As Berners-Lee himself will tell you, the presence of open platforms where innovation requires no permission is the best way to entice the world to your door. The open Web creates and supplies so much value that everyone has come to it – leaving behind the controlled, Flash-like environs of AOL and other failed systems. The big studios need the Web more than the Web needs big studios.

The Big Content guys have been seeking to remake the web in their image (i.e., "TV") for over a decade now, still believing that they're the main reason people get online. They're not. There's room for them within the ecosystem, but professional broadcast-quality content is just a part of the system, not the whole thing. If the world moves to HTML5 without DRM, the content guys will whine about it... and then follow. Especially as the more knowledgeable and forward-looking content creators jump in and succeed.

Filed Under: cory doctorow, drm, html5, internet, openness, permission, tim berners-lee

Truly Stupid Ideas: Adding DRM To HTML5

from the it-burns dept

You would have thought by now that people would understand that DRM is not only a bad idea, but totally unnecessary: Apple dropped DRM from music downloads in 2009 and seems to be making ends meet. Despite these obvious truths, the stupidity that is DRM continues to spread. Here, for example, is a particularly stupid example of DRM stupidity, as revealed by Manu Sporny:

A few days ago, a new proposal was put forward in the HTML Working Group (HTML WG) by Microsoft, Netflix, and Google to take DRM in HTML5 to the next stage of standardization at W3C.

After all, this is exactly what Web users have been crying out for: "just give us DRM for the Web, and our lives will be complete...."

Sporny runs through some technical reasons why this is doomed to failure -- little things like sending decryption keys in the clear -- and points out the awful re-balkanization of the Web that it would cause:

The EME [Encrypted Media Extensions] specification does not specify a DRM scheme in the specification, rather it explains the architecture for a DRM plug-in mechanism. This will lead to plug-in proliferation on the Web. Plugins are something that are detrimental to inter-operability because it is inevitable that the DRM plugin vendors will not be able to support all platforms at all times. So, some people will be able to view content, others will not.

He also notes a fundamental problem with the following Use Case for the proposed technology:

What use cases does this support?

Everything from user-generated content to be shared with family (user is not an adversary) to online radio to feature-length movies.

That clearly implies that when people are not sharing their own content with family and friends, then they are indeed adversaries:

This "user is not an adversary" text can be found in the first question about use cases. It insinuates that people that listen to radio and watch movies online are potential adversaries. As a business owner, I think that’s a terrible way to frame your customers.

Thinking of the people that are using the technology that you’re specifying as "adversaries" is also largely wrong. 99.999% of people using DRM-based systems to view content are doing it legally. The folks that are pirating content are not sitting down and viewing the DRM stream, they have acquired a non-DRM stream from somewhere else, like Mega or The Pirate Bay, and are watching that.

This is the fundamental reason why DRM is doomed and should be discarded: the only people it annoys are the ones who have tried to support creators by acquiring legal copies. How stupid is that?

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: drm, html5

Oh Look, Microsoft Is De-Prioritizing Silverlight

from the who-coulda-guessed... dept

Back in August, we noted some online rumors that Microsoft was seriously cutting back on Silverlight, pushing internal folks to work on HTML5 instead. Our comments were filled with people saying that we were crazy and that Microsoft was betting more and more on Silverlight. So it's interesting to see that, after noticing barely any mention of Silverlight at Microsoft's Professional Developers Conference, Mary Jo Foley asked someone at Microsoft what's up, and was told that Microsoft's "strategy has shifted," and the company is betting on HTML5 for its cross-platform efforts. It's true that it's still pushing Silverlight in specific platforms -- with mobile being a big one (and, I'm sure, Netflix movie delivery remaining another), but it does seem like Microsoft is drastically scaling back what it plans for Silverlight.

Filed Under: html5, silverlight
Companies: microsoft