52 comments

[ 3.4 ms ] story [ 105 ms ] thread
This is fascinating. How does the DRM work?
This is probably what the plugin is for. It wasn't clear to me whether this is a normal Chrome extension, or a "full" plugin on the order of Flash or Java. In either case, it's likely not pure W3C HTML/JS.
My thoughts exactly. How will they make HTML5 DRM friendly? I thought it was designed to be an open vehicle...
According to the byline, this article was posted well over a month ago. While it might still happen, it would be really hard to pin a time frame on it, considering that Google I/O has come and passed.

Still would be looking forward to this though.

Netflix has already used HTML 5 for the movie browsing interface on the PS3 (with a custom webkit build IIRC). I highly doubt that they are using <video>, they wouldn't stream the video without some kind of DRM. Unless perhaps the plugin allows use of <video> with DRM content. My guess is that the plugin handles all of the video playback with some kind of <object>.
This means I can finally get rid of the part of my laptop I call a Netflix player...aka Windows 7.
Excellent! I've been holding off on renewing my Netflix subscription for just this reason. Maybe it's time to reactivate?
This doesn't make any sense. Netflix will not (cannot) stream anything without DRM protection due to licensing agreements. The video element from HTML5 obviously doesn't have any mechanisms for content protection. Perhaps Netflix is producing a NPAPI video player plugin for Linux browsers but that would mean they are not using the HTML5 video element.
Agreed. I'm guessing they are using the term HTML5 rather loosely here. They may have incorporated some other aspects of HTML5, but I don't see how <video> could be part of what they are planning to deliver.
Couldn't they be developing a plugin that adds support for whatever DRM/Video solution they are using, so that the browser can play the video via the <video> element?
(comment deleted)
Might not be that easy. The DRM should essentially provide protection from the content distributor all they way to the hardware. If they are just play it via the <video> element, users can just scrape that content. With Silverlight or other proprietary drivers on proprietary OSes, they can have an agreement with those company to guarantee the DRM protection gets enforced. Now with open sourced drivers, that is not going to happen easily, as users can just recompile the driver with the DRM check commented out.
Meh, there are commercial products out there that will rip the video from netflix on windows, so that level of DRM is really a myth anyway.
That's essentially Flash / ActiveX / Silverlight.
I wonder if it's feasible (legally and technically) to encrypt the stream between their servers and the plugin, but have the plugin send a local, unencrypted version to the built-in HTML5 plumbing.
That is no more secure than just sendimg a plain stream, as a sufficiently inclined user could man-in-the-middle that stream.
No, it's too easy to extract media content from audio/video elements.
What if they downgrade the quality enough? Say the stream it at 486 lines + degraded sound. Perhaps OK for many customers (since it might be equivalent to a degraded quality due to network throughput and latency) but if they can guarantee the quality is low, the owners of the content won't mind relaxing their distribution agreements.

At some point, even they have to realize that if someone really wants to get a pirated version of the content, they probably will, and probably much faster than bothering to setup buffer capture from Netflix.

Another thing they could do is to apply (or at least convince the users) that they applied a user-identifying watermark so if the video is leaked, they would know the source....? I've heard academy award disks have that.

They're competing against full-HD Blu-ray rips on torrents. Cutting off their nose to spite their face (by degrading quality) isn't going to be to their own advantage.
They may have developed a plugin/extension that wraps HTML5 video element and gives them streaming capabilities, probably with no data accessible as plaintext.

The work on streaming for HTML5 is already being done, for example: http://goo.gl/9OJSc.

The justification for doing the work mentioned in the article doesn't make any sense, either. They make it sound like users had to go and download a "Netflix Plugin" with their current system and then deal with updates, when in fact Silverlight already works exactly like they describe in the article, with the control getting retrieved from their servers each time (unless it's cached and there's no newer version available).
This is most likely the same idea as the PS3 Netflix player -- the entire UI is done in HTML5, but the actual playback is handled through proprietary software. Requiring a "plugin" suggests this will be the case.
Why could the NPAPI not expose a stream that could be consumed by the HTML5 video tag? What if it's part of the new AV proposal Google released?
What's the point of the DRM? Every movie they have has already been pirated. I can't imagine anyone bothering to capture the stream when they could get it so much easier in many other ways.
obviously they've written a DRM system in Javascript :) j/k
This will be great, I won't have to downshift to Windows to watch a Netflix movie.

Hopefully the quality will be better in HTML5 than Netflix's current offering. While the price is right, dark scenes are pixelated in NF movies over cable internet.

I have recently watched a few movies over Google's Youtube movie service, and Amazon's. Both use flash, and both have much better quality, at least on my laptop. As I watch a movie on flash I wonder why NF can't figure out how to get equivalent quality.

And there's also Silverlight, which freezes up my laptop on about 10-20% of attempts to watch a NF movie. Be good to have that gone.

Their iPad app is also clearly HTML5. Sadly this means the UX is pretty crappy.
My guess is this is using NativeClient to manage the DRM.

You don't need Silverlight to implement the DRM stack for PlayReady. Once you license it, you can implement the DRM stack any way you want, be it hardware, software, etc... otherwise this wouldn't work on iPhone either.

That's an interesting idea, first time I've heard of using NativeClient for that.
This doesn't even work in Chrome unless you enable it. They are not using this, it would make them to dependent on an immature technology.
Netflix doesn't work in Chrome on Linux period, what makes you so sure they won't use it in the future when they are ready to release? Despite being immature, it's a very logical choice.
There are more Firefox/Windows users than there are Chrome/Linux users.
What's the point of DRM when I can just connect gdb to this process and suck the video right out of memory after it's been encrypted? Or, what's the point of DRM when I can just write my own video driver?

Wait, what's the point of DRM again? I can already get every movie ever made for free in HD on the Internet.

Exactly. The important part is on the "video driver" part.

People have asked us to implement DRM in VLC since a long time, over and over. At the end it is impossible, because when an code interface is know, you can always switch one part and dump the stream; the part being a filter, a video renderer or just a video driver.

This is why HDCP was implemented (and failed, btw) to have a chain of trust.

Right, but the lower down in the stack they go, the more they deter the "casual" hacker. I think they want to bring down the sheer number of pirates to a level where the vast majority of media won't be pirated.
This doesn't make sense, though. You can just share your account credentials and activate your friends' TVs. Then they can watch all the video they want.

Similarly, people don't pirate movies by having a close friend rip Netflix streams. They go on The Pirate Bay and download the torrent. Preventing piracy means you need to prevent people from ripping the disks or streams in the first place... but the people who do that aren't "casual hackers", they are as hardcore as priates get. And if just one person figures out how to do it, it's broken forever. (I assume there are plenty of programs available to rip Blu-Ray disks now, since the key for each disk is known and publicly available. It only takes one person to do that, and then the DRM is nothing but a waste of CPU cycles and engineering talent.)

I wouldn't go authorizing other people's devices with your Netflix account willy-nilly, because I'm pretty sure they'll cut you off pretty quick.

To your point about the security of DRM, that's an overly idealistic view of things. It's simply not true that the one person with expertise to break an almost-perfect DRM is going to rip every movie and torrent it. Hell it's trivial to rip any DVD and that's more than Netflix quality already. The studios are not the blundering idiots that the hacker community would like to believe; they realize all this, but they're not just going to roll over and go DRM-free just because of an absolutist argument. Instead they're going to keep pushing the envelope (and paying!) for ever-improved DRM to cut down on piracy as much as they can. It may be a losing battle, but if it is it's lose-lose for them so they'll keep fighting it.

How are the torrent videos made available in the first place? Are people just ripping DVDs?
Rips of DVDs and blu-rays are the most common (and high-quality) way for anything that has been put on a disc. Note that this may still be before commercial release, as screeners are made available for critics et. al.

For movies that are newly in the theater, the movie is captured with a video camera. This varies in quality from some guy pointing a cam-corder at the screen with a microphone (worst quality) goes up when they hook the audio directly in using the system for the hard-of hearing (often called a telesync, though it's a bit of a misnomer) and is even better when done from a tripod in the projection room.

Something that is still done, but is more rare, is to take the film and run it through a piece of dedicated equipment for converting from film to video, caled a telecine.

DVDs or Blu-Rays, or leaking DCP (Digital Cinema Packages) or just with rogue HDMI dongles that don't respect HDCP.
(First, I don't get what part is the low one of stack here...)

Then you just need one leak of a movie to have it on all pirates website. Most people don't rip, but only watch what's been ripped by other... And doing so, those days, is just a matter of having a rogue HDMI dongle :D

It's easy to bring it down to a level where the vast majority of media consumers won't break the DRM, but you only need one to do it for each unit of media.
Yeah, I really wish someone would point out to the content providers that they provided DRM-free analog streams for decades (via HBO, Cinemax, etc.) and they didn't suffer because people were taping those for later.

So long as Netflix is putting limits on its accounts -- one stream at a time, maybe X hours of streaming per day -- what's the problem again?

I'm just hoping that this article is accurate and Netflix is rolling out a true HTML5 platform.

They should come to Europe before they come to Linux ;)
Why don't they just use flash? Hulu uses it without a problem. It's obviously secure enough. It's available on most computers, including Chrome (and Chrome OS). What's the fuss about?
Maybe they don't want to pay for the flash media server license? With HTML5 you can also target mobile a lot easier (though I'm sure a downloadable application would be better).
HTML5 is a misnomer; it's only used for UI, actual playback is done via a plugin.

I read in the past that they chose Silverlight because it allows them to dynamically control video quality based on fluctuating connection speed. Has Adobe not built that into flash yet?

No, only for p2p streaming. You'd need a flash media server to get dynamic video quality from a server, so it's not built into flash.
On my netbook, hulu/flash uses 100% of the cpu to produce unwatchable video in full screen, while netflix (today) uses around 10% and looks just fine.

On my linux desktop, flash in full screen is even worse than my netbook.

Thank you for posting this. Linux Flash is insane, and it is crazy that Adobe can have any respect for putting it out the for download in the state it seems to be perpetually in. It is nuts specifically because Compiz can zoom into this video fullscreen without issue, but hitting a fullscreen button 9 out of 10 times is cause for flicker and tearing. The only two instances I've had some good success are 1) Google Video and surprisingly 2) Amazon Prime.