Yes indeed, the consumers got nothing in return for accepting DRM, for accepting the side-stepping the term "buy" - the ebooks are still way too expensive and it can be argued the popularity of eReaders and eBook buying has come at a time after DRM became viable, unlike music piracy - which came before DRM and DMCA even existed. eBooks, readers and stores, all began with DRM, and the prices have only gone up - despite the consumers giving up their ownership.
It looks almost like DRM is designed to empower a few at the expense of the many.
The biggest proponent of EME/DRM is microsoft. And they are the first who have put it into their desktop browser (IE11).
Microsoft was also the party most eager to stiffle dissent in the encrypted media working group by the likes of me, EFF, etc. and who aggressively boxed this "standard" trough with almost daily telephone conferences they held with apple, google, bbc, netflix etc.
DRM is designed to put up barriers against competitors. It's designed to stiffle innovation and to vendor-lock in users and authors.
Why do you think Microsoft is all over EME like flies over cowdung? Microsoft has lost tremendous amounts of browser market share, and here comes EME/DRM, and they finally see a credible chance to lock "the web" back into their platform.
I don't fundamentally understand why this rant is relevant towards a discussion of _standardized_ DRM. IMO the debate is not "standardized DRM vs no DRM" but "standardized DRM vs ad-hoc DRM".
Well, for starters, they're not standardizing the DRM. They're standardizing the way you talk to the DRM, but your fully compliant standard browser will not show you Netflix until Netflix has shipped their ad-hoc DRM solution on your platform.
That doesn't really address the question Tyler was asking, though. The question is, how does standardizing the way you talk to the DRM make the situation worse than one where they didn't standardize the way you talk to the DRM?
"So the argument "Oh Apple and Microsoft are just gonna profit off EME" is moot, they're gonna pull their vendor-lock in and non-standard web fraud anyway, but now they get to say "waaaat? we're not evil! see, it's a standard!!!""
EME was proposed and designed by Google & netflix and implemented in chrome book long before ie had it. the biggest proponents by far are Google and Netflix.
But hey you don't see anybody talking about how Google wants to kill the open web, its simply the big bad WC3.
You seem to have your facts regularly wrong. And your pronouncements of the future don't seem terribly informed. What qualifies you make these assertion? Given your love of incorrect facts, I wonder what are your credentials.
Really the simplest solution would be to ban the use of the word "buy" in commerce with regard to DRM entities.
Rent. Lease. Those are the proper words.
If customers are faced with the choice of buying content from one entity, and renting it from another, I think they'll vote with their wallets and most DRM will disappear. But as long as corporations are allowed to use the words "buy" and "sale" for transactions which are not purchases or sales, the deceit will continue.
However, as that does not seem to be the case, and law-enforcement is lax on what is a buy-sell transaction, lets make that kickstarter-alike project but instead of donating the users actually "BUY" ownership of a company or idea they want to support. Now the ownership can be restricted as much as a donation or an ebook "purchase" is, but it would still be a competitor to kickstarter and other projects who are not allowed to use the term Buy for their marketing purposes but are forced to accept donations only.
Meh, in exchange for DRM I get Netflix and Hulu content streamed to my house for dirt cheap pricing. Now I might DISAGREE that DRM was necessary or even useful, but the content providers simply would not have made that content available without DRM. So that's what I got in exchange, content.
EME has a proprietary part, the CDM (content decryption module).
In order for the browser (its compositor etc.) to work, the browser needs access to the plain (unencrypted) content, to do things like layering (alpha blending) elements on top of each other, CSS transformations, CSS shading and putting things into WebGL.
If the CDM would give the browser access to the plain content, then the browser (or any program) could just dump the plain content to disk, exactly what EME/CDM is designed to prevent. In that scenario only proprietary browsers would be able to implement EME.
In above scenario, if EME was adopted across major web properties (like netflix, amazon, youtube, vimeo, dailymotion, bbc, facebook etc.) then it would mean that Open Source/community browsers would be regarded as "the browsers that don't work" and would loose substantial market share and couldn't gain traction. This would be very bad for the Web as it would revert the Web back to a browser monoculture (of the kind we already had with IE6). Innovation would stall.
I suspect that the existing EME/CDM implementation in IE11 and Chromebooks is based on the CDM sharing plain content with the browser (for reasons I'll get to below).
If the CDM does not share the plain content with the browser, and the browser just gets to instruct the CDM to "draw there", then that means that: You cannot layer stuff on top of the content (customized playback controls, user annotations, closed captions, advertising, other informational/navigational elements, branding etc.). You couldn't CSS transform the container with the content. You couldn't CSS shade/filter the content. You couldn't control its CSS opacity and you can't put the content into WebGL. You couldn't easily implement tab-switching (or alternative schemes of tabbing).
This would be a serious drawback for EME, and it would make it practically unusable on most web properties that might want to use it (every web property adds its own social features, playback, branding and advertising to the content it serves up).
That means that the only two choices to make EME work are either seriously crippling the Web altogether by remaking it into a proprietary monoculture, or crippling EME so much that nobody would want to use it.
Most people who put content on the web want it to be shared and viewed by as many people as possible, so it is not in their interest to use DRM and most do not use it now.
The only exception seems to be holywood style content which must be distributed by DRM by edict of the media companies. Whether or not this standard goes through doesn't change either of these incentives.
Let encrypted be false.
Detect whether the frame is encrypted.
If the frame is encrypted
Run the steps above.
Otherwise
Continue.
Decode the frame.
Provide the frame for rendering.
Which indicates that the frame is still going through the current playback method, and thus the results would be instantly dumpable if you had source access.
> If the CDM does not share the plain content with the browser, and the browser just gets to instruct the CDM to "draw there", then that means that: You cannot layer stuff on top of the content (customized playback controls, user annotations, closed captions, advertising, other informational/navigational elements, branding etc.). You couldn't CSS transform the container with the content. You couldn't CSS shade/filter the content. You couldn't control its CSS opacity and you can't put the content into WebGL. You couldn't easily implement tab-switching (or alternative schemes of tabbing).
Almost none of this is true if the operating system allows you to provide a write-only layer – you'd be limited to the operations which the GPU can perform without the browser seeing the bits but that would address the needs of most sites at or better than the current plugin situation.
That said, millions of people seem to be perfectly happy with all of those restrictions as evidenced by the continued use of plugins which provide DRM with exactly the same tradeoffs — currently you could save frames from Flash/Silverlight but the content providers seem to have accepted that risk and nobody bothers because there are easier options available.
The real question here isn't an endless rehash of the DRM debates but how to change public opinion. We have a preponderance of evidence that most computer users are happy to accept DRM if that's how they get convenient access to things they want to see. The W3C is reacting to the strong, growing trend away from web technologies so it's a bit pointless to criticize that unless you have a viable plan to either get content providers to adopt less invasive but equally effective technologies like watermarking or get the public to stop paying for them.
Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft? Apple doesn't need EME because they're selling billions of dollars of movies through the iTunes store. Google will put EME or the equivalent into Chrome for anything they can't sell through their store.
This places Firefox in a really unpleasant situation: Mozilla will either be forced to license something, hope something changes before the plugin vendors drop out, or lose market-share because users are more likely to switch to IE / Safari / Chrome if something doesn't work in Firefox rather than not pay for DRMed content.
> Almost none of this is true if the operating system allows you to provide a write-only layer – you'd be limited to the operations which the GPU can perform without the browser seeing the bits but that would address the needs of most sites at or better than the current plugin situation.
The EME language indicates that the aim is to provide raw frames to the browser. Regardless, Adobe (with flash) has moved on from the idea to draw everything on top and not interact with the browsers compositor a long time ago. It turned out to be just extremely unworkable for a lot of flash usecases. These days, flash provides a filled framebuffer for the browser, and the browser composits it with the page in software or hardware.
The step back to the model that the proprietary blob draws directly on screen will turn out to be non usable for most web properties (like netflix, youtube, amazon, bbc, vimeo etc.) because they all place custom branding, advertising, user annotations, closed captions, player controls and other navigational/informational elements on top of the content.
> Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft? Apple doesn't need EME because they're selling billions of dollars of movies through the iTunes store. Google will put EME or the equivalent into Chrome for anything they can't sell through their store.
Microsoft has been one of the staunchest and most feeverish proponents of DRM. Initially launched by Google and Netflix, to a mounting opposition from the EFF, Cory Doctorow, me and many, many other people, Microsoft stepped in and agressively stiffled dissent in the discussion on the standards body and held almost daily telephone conferences with netflix to push EME trough as fast as possible.
The reason Microsoft is all hot&bothered about EME is because for the first time, in a long time, they see a credible chance to lock the web back into only their own platform (and certain tollerated proprietary small-bit players).
The question isn't who is going to benefit if you oppose EME. The question is who is going to benefit even more if you don't oppose it (which is Microsoft).
So the argument "Oh Apple and Microsoft are just gonna profit off EME" is moot, they're gonna pull their vendor-lock in and non-standard web fraud anyway, but now they get to say "waaaat? we're not evil! see, it's a standard!!!"
> This places Firefox in a really unpleasant situation: Mozilla will either be forced to license something, hope something changes before the plugin vendors drop out, or lose market-share because users are more likely to switch to IE / Safari / Chrome if something doesn't work in Firefox rather than not pay for DRMed content.
As I've said before, Firefox is in more than an unpleasant situation, because either EME is totally crippled and unusable for everybody, or the CDM will only be available to proprietary browsers. Either way, Mozilla/Firefox loses. But allowing EME/CDM/DRM is the worse choice, because it attaches all the legal headaches of DRM with a standard bodies blessing.
> The step back to the model that the proprietary blob draws directly on screen will turn out to be non usable for most web properties (like netflix, youtube, amazon, bbc, vimeo etc.)
Again, the fact that this works with Silverlight and Flash disproves your argument. I don't like DRM, I wish people would refuse to give up control of their devices but it's time to stop pretending that most of the computer users on the planet haven't decided the deal is acceptable.
> The reason Microsoft is all hot&bothered about EME is because for the first time, in a long time, they see a credible chance to lock the web back into only their own platform
You need to back up that claim about Microsoft - the only thing they stand to gain is not spending the effort supporting the other parts of Silverlight. The companies which have most vocally supported EME (Netflix and Google) both have significantly more to gain because it makes them less beholden to Microsoft and reduces the amount of non-web development they do.
In any case, how exactly is is worse if one of the 30 million Netflix subscribers watches video using EME rather than Silverlight? Either way, the content is restricted to a proprietary decoder. Either way, the user won't care unless it prevents them from watching a movie. Whether or not that has a standard interface won't change any part of that process any more than, say, the lack of a W3C standard for eBook encryption has prevented millions of sales of HTML5+CSS+JS inside a DRMed ePub 3 wrapper.
The real question here isn't a contest of technical minutiae but how to convince the millions of reasonably satisfied customers to stop paying for DRMed content. The only thing which has shown any signs of that happening was when incompatible DRM tanked home AV sales because early HDTVs weren't compatible with BluRay players; at the iTunes/Netflix-level it's clear that most people don't care enough to stop paying for it. If you care about actually changing this the real question is figuring out how to change the market.
> Again, the fact that this works with Silverlight and Flash disproves your argument. I don't like DRM, I wish people would refuse to give up control of their devices but it's time to stop pretending that most of the computer users on the planet haven't decided the deal is acceptable.
It doesn't work with flash. Because Adobe has given up trying to do that, because it turned out to be unusable. Flash shares a framebuffer with the browser compositor, and that's why it's been used for everything under the sun, because it became usable enough by that simple measure of not drawing directly on screen bypassing the browsers compositor.
> Almost none of this is true if the operating system allows you to provide a write-only layer
What kind of operating system should provide non trustworthy, malware prone security minefield, which is a "write only" layer? You'd think no sane OS should, but wait! Windows does, since Vista times.
That's the whole point. DRM is by nature incompatible with openness. Therefore EME is by nature incompatible neither with any open systems and browsers, nor with the open Web.
> Therefore EME is by nature incompatible neither with any open systems and browsers, nor with the open Web.
If you were right, millions of people would not be able to use Flash/Silverlight daily. I might not like that but I'm not willing to pretend most users have accepted that deal.
How exactly does Flash prevent you from recording anything (audio / video) on Linux let's say, by capturing corresponding audio / video devices? There is no Silverlight for Linux by the way.
It doesn't – any more than, say, Flash on Windows really does. Clearly preventing casual efforts is enough for most of the content vendors, which is why I'd really like to see a credible player offer something like per-user watermarking without the pretense of offering more than a casual barrier to copying.
> Clearly preventing casual efforts is enough for most of the content vendors
Which is stupid. Those "casual efforts" won't be spent on trying to capture anything by those who pirate. They'll just casually get that through file sharing networks, while those who originally upload things can go way beyond "casual" methods to break DRM. The bottom line always is - that there is no technical or business reason to use DRM.
Whether or not it's effective, most content providers demand it and most customers don't care. Rather than repeating what everyone already knows, we should be talking about how to change that. Making the case to content owners that DRM gives companies like Apple too much leverage is one way; making the case to consumers that DRMed content is worth less is another.
Wasting time on purity tests, though, doesn't seem to be worth the time.
> Whether or not it's effective, most content providers demand it
They can demand to give them the Moon. We are talking about W3C bending to these crazy demands. Instead of that, W3C could simply ignore this lunacy which has no valid reason to be heeded to whatsoever. To change that, standards should be governed by those who really put users first.
The idea of a 'write-only layer' in the browser scenarios described is ridiculous. It simply doesn't exist.
In the days of DVDs, GPU acceleration exposed the concept of 'overlays' that you could dump YUV or RGB video content into, and those overlays would be presented directly to the display - the RAMDAC overlaid them onto your framebuffer when producing VGA/DVI/etc signals. This, at least, made it possible to make such a mechanism 'write only', if you sufficiently secured the output (via negotiation, or something) to ensure it wasn't being fed to a capture device - you only had to deal with the analog hole.
But once you're trying to composite protected content into a webpage, you've already lost the game. The content can be clipped, scaled, rotated, sheared, faded, masked, filtered, and so on - all without writing any JS. All those transformations would somehow have to be baked directly into this 'protected rendering' pipeline and implemented cross-platform in such a way that none of that data was accessible at any point in its myriad trips between the CPU and GPU. You'd have to access-control all the cache textures on the GPU, all the buffers on the CPU, all the intermediate information. You'd also have to access-control the resulting framebuffer for the browser tab, and any other intermediate framebuffers, along with the actual output from the GPU that's sent to your display - and most displays these days are connected digitally, so now you're dependent on your end-users having HDCP compliant displays (which many do not).
It's a complete joke. EME cannot work. Period. Modern GPU/CPU configurations are basically general-purpose compute hardware with mutually accessible memory and the ability to do computations and read/write operations from inside rendering routines (i.e. pixel shaders).
> The idea of a 'write-only layer' in the browser scenarios described is ridiculous. It simply doesn't exist.
I'm sure that will be quite a surprise to Microsoft as they shipped it years ago.
You couldn't push every possible operation out to the GPU but there's no technical reason why the subset of operations which a browser would use to playback a video couldn't be supported, similar to the way a modern desktop can be GPU accelerated but e.g. screen captures don't include windows where restricted content is playing.
The problem is not technical – that ship sailed years ago – but business: the content providers and consumers have accepted the current status quo with plugins rendering the subset of paid content which isn't playing in a native app. The businesses don't need perfection – they're already making truckloads of cash. As I stated above, we really need to figure out how to disrupt that if you want to see any change. Pretending that technical perfection is necessary or that the public isn't willing to tolerate a billion dollar a year status quo is just delaying that discussion.
> the content providers and consumers have accepted the current status quo with plugins rendering the subset of paid content which isn't playing in a native app.
This completely misses the point. Many users didn't accept any of that and simply pirate all that content DRM free. If publishers care about increasing the number of paying customers, they can stop using DRM, and then some part of former pirates will start paying them. They are usually greedy for more money, so "already making trackloads of cash" doesn't sound like an argument.
> Almost none of this is true if the operating system allows you to provide a write-only layer – you'd be limited to the operations which the GPU can perform without the browser seeing the bits but that would address the needs of most sites at or better than the current plugin situation.
Leaving aside the other fundamental problems of having a required proprietary component, this still isn't true. Browsers don't currently allow sites to use third-party images as WebGL textures without permission from those sites, because there are any number of ways to run transformations on those textures that will reveal information about them.
Exactly the same issue would apply to rendering DRMed content: if the site can composite that content, it can analyze that content and figure out what it contains.
> Browsers don't currently allow sites to use third-party images as WebGL textures
The quote included specifically addressed that point: “you'd be limited to the operations which the GPU can perform without the browser seeing the bits”
Just as browsers have limits about how plugins interact with the rest of the page, it's quite easy to imagine analogous restrictions on how a restricted layer could be composited or tainting the rest of the page to prevent read-back operations.
Again, the fact that everyone from users to content providers seems to be satisifed with the Silverlight status quo shows that this is not technically impossible because it's already in daily use by millions of people.
> The quote included specifically addressed that point: “you'd be limited to the operations which the GPU can perform without the browser seeing the bits”
It doesn't matter if the browser can see the bits directly. If the browser can supply GPU operations that manipulate the bits, the browser can infer the contents of the bits in umpteen different ways.
Bah, fork the W3C standards, strip out the DRM bullshit, and support an open, community maintained browser that's focused on the users, not sucking at the teet of Google.
I can kind of see what the supporters of this in the W3C are thinking: we want Netflix/BBC etc. to be using 90% of our stack (and 10% in some binary CDM blob), rather than 10% of our stack (and doing the rest in Silverlight or Flash).
Google for example want to build Chromebooks. They want it to be built around web technologies, with no plugins, but that means no Netflix (and Netflix in turn are forced into this by Hollywood). No Netflix et al, makes Chromebooks much less appealing in the market.
Overall I'm torn. I'd like to see Chromebooks replace Windows XP, and HTML5 replace Flash and Silverlight.
Maybe it'll make it all much clearer: You can't watch this video, not because we haven't made Flash or Silverlight available but simply because we can't trust your computer to keep things from you and obey our instructions instead.
It's fairly charitable to think they are thinking "we want Netflix/BBC etc. to be using 90% of our stack (and 10% in some binary CDM blob), rather than 10% of our stack (and doing the rest in Silverlight or Flash)" without knowing what the benefit of that would be. The proprietary component is no less closed, vulnerable, and otherwise unclean than a browser plugin.
It will be: "You can't watch this video because you don't have IE11 or Chrome" because Firefox will be legally barred from accessing the CDM.
EME is steering full steam ahead into a new proprietary browser monopoly with either Microsoft or Google coming out on top and having their position cemented by DRM, forever, thanks to the DMCA (because when have meaningful copyright reforms happened, ever?)
So what's at stake here is the future of the web, as we know it, as a platform. And if you want to know how that future under EME looks like, go no further than look back at the 6 years of utter stagnation when IE6 held that monopoly.
"'You can't watch this video because you don't have IE11 or Chrome" because Firefox will be legally barred from accessing the CDM."
pyalot2, why do you think Firefox will be legally barred from accessing the CDM. Adobe and Microsoft and Google have had no problems making plug-ins for Firefox in the past, why would they stop now?
> It will be: "You can't watch this video because you don't have IE11 or Chrome" because Firefox will be legally barred from accessing the CDM.
This is not in evidence. You might be right, but since there is no obvious reason to believe it, surely you can see why others don't make that assumption.
> And if you want to know how that future under EME looks like, go no further than look back at the 6 years of utter stagnation when IE6 held that monopoly.
I can't understand what parallel you're trying to draw here. The IE 6 monopoly did not arise because of a DRM standard; it arose because Microsoft killed its competition by giving its browser away for free with Windows.
> I can't understand what parallel you're trying to draw here. The IE 6 monopoly did not arise because of a DRM standard; it arose because Microsoft killed its competition by giving its browser away for free with Windows.
That's correct on the cause. But the cause of why a monopoly comes into being doesn't matter. The effect is what matters, those years spent with the web standing still technology wise.
Just like microsoft managed to kill other browsers because they bundled it with their OS, they're now trying to kill other browsers by bundling them with the one and only DRM that will make Netflix work.
Netflix supports a particular CDM (Widevine). That CDM isn't supported (yet) in chrome for desktops. It is supported on IE11 for desktops and on Chrome for chromebooks.
The CDM provider (Widevine) has not made the CDM runtime available to other parties. And they aren't planing on making them available to open source projects. I know this because I asked them for a runtime and documentation, insistently, and every single integration partner refused to deliver one.
Just like I will be unable to obtain a CDM and documentation, Mozilla will be unable to. Not because Mozilla is so much bigger than I am, but because Widevine does not make their CDM available for open source use.
They don't make it available, because it would mean that you could circumvent the DRM in it really easy (you just tell the CDM to give you the plain content you want to dump to disk).
That means that Mozilla has no avenue open to obtain CDM that works with Netflix, and they can't reverse engineer the one found in IE11 and Chrome on Chromebooks, because that would be a violation of the DMCAs anti DRM circumvention clauses.
Improvements to a general-purpose plug-in interface rather than using the old Netscape one would make more sense than specifically targeting video plug-ins.
"After acknowledging that, however, he goes on to define
an open web as a marketplace, something that is “universal
in that it can contain anything”, rather than being
universal in that its content can be read by anyone."
That's a very naïve view and one that I wouldn't expect from TBL. The open web, as a marketplace, is already universal in that it can contain anything. Every single one of the things that DRM is meant to protect can already exist on the open web. The problem is that the publishers are too stubborn to allow content without DRM. That's either a legal problem or bureaucratic problem, but it is certainly not a technical problem.
The W3C should only be standardizing technical solutions to technical problems, not technical solutions to social or legal problems.
47 comments
[ 0.20 ms ] story [ 995 ms ] threadIt looks almost like DRM is designed to empower a few at the expense of the many.
Microsoft was also the party most eager to stiffle dissent in the encrypted media working group by the likes of me, EFF, etc. and who aggressively boxed this "standard" trough with almost daily telephone conferences they held with apple, google, bbc, netflix etc.
DRM is designed to put up barriers against competitors. It's designed to stiffle innovation and to vendor-lock in users and authors.
Why do you think Microsoft is all over EME like flies over cowdung? Microsoft has lost tremendous amounts of browser market share, and here comes EME/DRM, and they finally see a credible chance to lock "the web" back into their platform.
But hey you don't see anybody talking about how Google wants to kill the open web, its simply the big bad WC3.
Rent. Lease. Those are the proper words.
If customers are faced with the choice of buying content from one entity, and renting it from another, I think they'll vote with their wallets and most DRM will disappear. But as long as corporations are allowed to use the words "buy" and "sale" for transactions which are not purchases or sales, the deceit will continue.
However, as that does not seem to be the case, and law-enforcement is lax on what is a buy-sell transaction, lets make that kickstarter-alike project but instead of donating the users actually "BUY" ownership of a company or idea they want to support. Now the ownership can be restricted as much as a donation or an ebook "purchase" is, but it would still be a competitor to kickstarter and other projects who are not allowed to use the term Buy for their marketing purposes but are forced to accept donations only.
In order for the browser (its compositor etc.) to work, the browser needs access to the plain (unencrypted) content, to do things like layering (alpha blending) elements on top of each other, CSS transformations, CSS shading and putting things into WebGL.
If the CDM would give the browser access to the plain content, then the browser (or any program) could just dump the plain content to disk, exactly what EME/CDM is designed to prevent. In that scenario only proprietary browsers would be able to implement EME.
In above scenario, if EME was adopted across major web properties (like netflix, amazon, youtube, vimeo, dailymotion, bbc, facebook etc.) then it would mean that Open Source/community browsers would be regarded as "the browsers that don't work" and would loose substantial market share and couldn't gain traction. This would be very bad for the Web as it would revert the Web back to a browser monoculture (of the kind we already had with IE6). Innovation would stall.
I suspect that the existing EME/CDM implementation in IE11 and Chromebooks is based on the CDM sharing plain content with the browser (for reasons I'll get to below).
If the CDM does not share the plain content with the browser, and the browser just gets to instruct the CDM to "draw there", then that means that: You cannot layer stuff on top of the content (customized playback controls, user annotations, closed captions, advertising, other informational/navigational elements, branding etc.). You couldn't CSS transform the container with the content. You couldn't CSS shade/filter the content. You couldn't control its CSS opacity and you can't put the content into WebGL. You couldn't easily implement tab-switching (or alternative schemes of tabbing).
This would be a serious drawback for EME, and it would make it practically unusable on most web properties that might want to use it (every web property adds its own social features, playback, branding and advertising to the content it serves up).
That means that the only two choices to make EME work are either seriously crippling the Web altogether by remaking it into a proprietary monoculture, or crippling EME so much that nobody would want to use it.
It's a very bad standard.
The only exception seems to be holywood style content which must be distributed by DRM by edict of the media companies. Whether or not this standard goes through doesn't change either of these incentives.
Which indicates that the frame is still going through the current playback method, and thus the results would be instantly dumpable if you had source access.
Almost none of this is true if the operating system allows you to provide a write-only layer – you'd be limited to the operations which the GPU can perform without the browser seeing the bits but that would address the needs of most sites at or better than the current plugin situation.
That said, millions of people seem to be perfectly happy with all of those restrictions as evidenced by the continued use of plugins which provide DRM with exactly the same tradeoffs — currently you could save frames from Flash/Silverlight but the content providers seem to have accepted that risk and nobody bothers because there are easier options available.
The real question here isn't an endless rehash of the DRM debates but how to change public opinion. We have a preponderance of evidence that most computer users are happy to accept DRM if that's how they get convenient access to things they want to see. The W3C is reacting to the strong, growing trend away from web technologies so it's a bit pointless to criticize that unless you have a viable plan to either get content providers to adopt less invasive but equally effective technologies like watermarking or get the public to stop paying for them.
Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft? Apple doesn't need EME because they're selling billions of dollars of movies through the iTunes store. Google will put EME or the equivalent into Chrome for anything they can't sell through their store.
This places Firefox in a really unpleasant situation: Mozilla will either be forced to license something, hope something changes before the plugin vendors drop out, or lose market-share because users are more likely to switch to IE / Safari / Chrome if something doesn't work in Firefox rather than not pay for DRMed content.
The EME language indicates that the aim is to provide raw frames to the browser. Regardless, Adobe (with flash) has moved on from the idea to draw everything on top and not interact with the browsers compositor a long time ago. It turned out to be just extremely unworkable for a lot of flash usecases. These days, flash provides a filled framebuffer for the browser, and the browser composits it with the page in software or hardware.
The step back to the model that the proprietary blob draws directly on screen will turn out to be non usable for most web properties (like netflix, youtube, amazon, bbc, vimeo etc.) because they all place custom branding, advertising, user annotations, closed captions, player controls and other navigational/informational elements on top of the content.
> Say we do draw a line and convince the W3C to drop EME — who benefits other than Adobe and Microsoft? Apple doesn't need EME because they're selling billions of dollars of movies through the iTunes store. Google will put EME or the equivalent into Chrome for anything they can't sell through their store.
Microsoft has been one of the staunchest and most feeverish proponents of DRM. Initially launched by Google and Netflix, to a mounting opposition from the EFF, Cory Doctorow, me and many, many other people, Microsoft stepped in and agressively stiffled dissent in the discussion on the standards body and held almost daily telephone conferences with netflix to push EME trough as fast as possible.
The reason Microsoft is all hot&bothered about EME is because for the first time, in a long time, they see a credible chance to lock the web back into only their own platform (and certain tollerated proprietary small-bit players).
The question isn't who is going to benefit if you oppose EME. The question is who is going to benefit even more if you don't oppose it (which is Microsoft).
So the argument "Oh Apple and Microsoft are just gonna profit off EME" is moot, they're gonna pull their vendor-lock in and non-standard web fraud anyway, but now they get to say "waaaat? we're not evil! see, it's a standard!!!"
> This places Firefox in a really unpleasant situation: Mozilla will either be forced to license something, hope something changes before the plugin vendors drop out, or lose market-share because users are more likely to switch to IE / Safari / Chrome if something doesn't work in Firefox rather than not pay for DRMed content.
As I've said before, Firefox is in more than an unpleasant situation, because either EME is totally crippled and unusable for everybody, or the CDM will only be available to proprietary browsers. Either way, Mozilla/Firefox loses. But allowing EME/CDM/DRM is the worse choice, because it attaches all the legal headaches of DRM with a standard bodies blessing.
Again, the fact that this works with Silverlight and Flash disproves your argument. I don't like DRM, I wish people would refuse to give up control of their devices but it's time to stop pretending that most of the computer users on the planet haven't decided the deal is acceptable.
> The reason Microsoft is all hot&bothered about EME is because for the first time, in a long time, they see a credible chance to lock the web back into only their own platform
You need to back up that claim about Microsoft - the only thing they stand to gain is not spending the effort supporting the other parts of Silverlight. The companies which have most vocally supported EME (Netflix and Google) both have significantly more to gain because it makes them less beholden to Microsoft and reduces the amount of non-web development they do.
In any case, how exactly is is worse if one of the 30 million Netflix subscribers watches video using EME rather than Silverlight? Either way, the content is restricted to a proprietary decoder. Either way, the user won't care unless it prevents them from watching a movie. Whether or not that has a standard interface won't change any part of that process any more than, say, the lack of a W3C standard for eBook encryption has prevented millions of sales of HTML5+CSS+JS inside a DRMed ePub 3 wrapper.
The real question here isn't a contest of technical minutiae but how to convince the millions of reasonably satisfied customers to stop paying for DRMed content. The only thing which has shown any signs of that happening was when incompatible DRM tanked home AV sales because early HDTVs weren't compatible with BluRay players; at the iTunes/Netflix-level it's clear that most people don't care enough to stop paying for it. If you care about actually changing this the real question is figuring out how to change the market.
It doesn't work with flash. Because Adobe has given up trying to do that, because it turned out to be unusable. Flash shares a framebuffer with the browser compositor, and that's why it's been used for everything under the sun, because it became usable enough by that simple measure of not drawing directly on screen bypassing the browsers compositor.
What kind of operating system should provide non trustworthy, malware prone security minefield, which is a "write only" layer? You'd think no sane OS should, but wait! Windows does, since Vista times.
That's the whole point. DRM is by nature incompatible with openness. Therefore EME is by nature incompatible neither with any open systems and browsers, nor with the open Web.
If you were right, millions of people would not be able to use Flash/Silverlight daily. I might not like that but I'm not willing to pretend most users have accepted that deal.
https://www.schneier.com/blog/archives/2007/02/drm_in_window...
> Clearly preventing casual efforts is enough for most of the content vendors
Which is stupid. Those "casual efforts" won't be spent on trying to capture anything by those who pirate. They'll just casually get that through file sharing networks, while those who originally upload things can go way beyond "casual" methods to break DRM. The bottom line always is - that there is no technical or business reason to use DRM.
Wasting time on purity tests, though, doesn't seem to be worth the time.
They can demand to give them the Moon. We are talking about W3C bending to these crazy demands. Instead of that, W3C could simply ignore this lunacy which has no valid reason to be heeded to whatsoever. To change that, standards should be governed by those who really put users first.
In the days of DVDs, GPU acceleration exposed the concept of 'overlays' that you could dump YUV or RGB video content into, and those overlays would be presented directly to the display - the RAMDAC overlaid them onto your framebuffer when producing VGA/DVI/etc signals. This, at least, made it possible to make such a mechanism 'write only', if you sufficiently secured the output (via negotiation, or something) to ensure it wasn't being fed to a capture device - you only had to deal with the analog hole.
But once you're trying to composite protected content into a webpage, you've already lost the game. The content can be clipped, scaled, rotated, sheared, faded, masked, filtered, and so on - all without writing any JS. All those transformations would somehow have to be baked directly into this 'protected rendering' pipeline and implemented cross-platform in such a way that none of that data was accessible at any point in its myriad trips between the CPU and GPU. You'd have to access-control all the cache textures on the GPU, all the buffers on the CPU, all the intermediate information. You'd also have to access-control the resulting framebuffer for the browser tab, and any other intermediate framebuffers, along with the actual output from the GPU that's sent to your display - and most displays these days are connected digitally, so now you're dependent on your end-users having HDCP compliant displays (which many do not).
It's a complete joke. EME cannot work. Period. Modern GPU/CPU configurations are basically general-purpose compute hardware with mutually accessible memory and the ability to do computations and read/write operations from inside rendering routines (i.e. pixel shaders).
I'm sure that will be quite a surprise to Microsoft as they shipped it years ago.
You couldn't push every possible operation out to the GPU but there's no technical reason why the subset of operations which a browser would use to playback a video couldn't be supported, similar to the way a modern desktop can be GPU accelerated but e.g. screen captures don't include windows where restricted content is playing.
The problem is not technical – that ship sailed years ago – but business: the content providers and consumers have accepted the current status quo with plugins rendering the subset of paid content which isn't playing in a native app. The businesses don't need perfection – they're already making truckloads of cash. As I stated above, we really need to figure out how to disrupt that if you want to see any change. Pretending that technical perfection is necessary or that the public isn't willing to tolerate a billion dollar a year status quo is just delaying that discussion.
This completely misses the point. Many users didn't accept any of that and simply pirate all that content DRM free. If publishers care about increasing the number of paying customers, they can stop using DRM, and then some part of former pirates will start paying them. They are usually greedy for more money, so "already making trackloads of cash" doesn't sound like an argument.
Leaving aside the other fundamental problems of having a required proprietary component, this still isn't true. Browsers don't currently allow sites to use third-party images as WebGL textures without permission from those sites, because there are any number of ways to run transformations on those textures that will reveal information about them.
Exactly the same issue would apply to rendering DRMed content: if the site can composite that content, it can analyze that content and figure out what it contains.
The quote included specifically addressed that point: “you'd be limited to the operations which the GPU can perform without the browser seeing the bits”
Just as browsers have limits about how plugins interact with the rest of the page, it's quite easy to imagine analogous restrictions on how a restricted layer could be composited or tainting the rest of the page to prevent read-back operations.
Again, the fact that everyone from users to content providers seems to be satisifed with the Silverlight status quo shows that this is not technically impossible because it's already in daily use by millions of people.
It doesn't matter if the browser can see the bits directly. If the browser can supply GPU operations that manipulate the bits, the browser can infer the contents of the bits in umpteen different ways.
Google for example want to build Chromebooks. They want it to be built around web technologies, with no plugins, but that means no Netflix (and Netflix in turn are forced into this by Hollywood). No Netflix et al, makes Chromebooks much less appealing in the market.
Overall I'm torn. I'd like to see Chromebooks replace Windows XP, and HTML5 replace Flash and Silverlight.
Maybe it'll make it all much clearer: You can't watch this video, not because we haven't made Flash or Silverlight available but simply because we can't trust your computer to keep things from you and obey our instructions instead.
EME is steering full steam ahead into a new proprietary browser monopoly with either Microsoft or Google coming out on top and having their position cemented by DRM, forever, thanks to the DMCA (because when have meaningful copyright reforms happened, ever?)
So what's at stake here is the future of the web, as we know it, as a platform. And if you want to know how that future under EME looks like, go no further than look back at the 6 years of utter stagnation when IE6 held that monopoly.
pyalot2, why do you think Firefox will be legally barred from accessing the CDM. Adobe and Microsoft and Google have had no problems making plug-ins for Firefox in the past, why would they stop now?
This is not in evidence. You might be right, but since there is no obvious reason to believe it, surely you can see why others don't make that assumption.
> And if you want to know how that future under EME looks like, go no further than look back at the 6 years of utter stagnation when IE6 held that monopoly.
I can't understand what parallel you're trying to draw here. The IE 6 monopoly did not arise because of a DRM standard; it arose because Microsoft killed its competition by giving its browser away for free with Windows.
That's correct on the cause. But the cause of why a monopoly comes into being doesn't matter. The effect is what matters, those years spent with the web standing still technology wise.
Just like microsoft managed to kill other browsers because they bundled it with their OS, they're now trying to kill other browsers by bundling them with the one and only DRM that will make Netflix work.
I sat in on a session on EME at the Mozilla summit this past weekend. If Firefox is going to be barred from accessing CDMs, that's news to Mozilla.
So maybe you could provide some actual facts and citations instead of fear-mongering?
The CDM provider (Widevine) has not made the CDM runtime available to other parties. And they aren't planing on making them available to open source projects. I know this because I asked them for a runtime and documentation, insistently, and every single integration partner refused to deliver one.
Just like I will be unable to obtain a CDM and documentation, Mozilla will be unable to. Not because Mozilla is so much bigger than I am, but because Widevine does not make their CDM available for open source use.
They don't make it available, because it would mean that you could circumvent the DRM in it really easy (you just tell the CDM to give you the plain content you want to dump to disk).
That means that Mozilla has no avenue open to obtain CDM that works with Netflix, and they can't reverse engineer the one found in IE11 and Chrome on Chromebooks, because that would be a violation of the DMCAs anti DRM circumvention clauses.
The W3C should only be standardizing technical solutions to technical problems, not technical solutions to social or legal problems.