Translation: Netflix successfully lobied DRM into what is supposed to be the OPEN web standard, to the point where even Firefox couldn't afford not to support it. Dark days for the free exchange of information enabled by the web.
Sorry, but as someone who spent nearly a decade founding and building a premium content VOD service, and 6 of those years fighting fiercely against DRM and making great content available without DRM, I have both the knowledge and moral authority to say that you're living in a fantasy world. You might as well say that anyone who is not living an RMS-sanctioned ascetic technology lifestyle is hurting the cause of free software everywhere. Technically that might be true, but a few true believers martyring themselves is not going to change the social and political forces that drive software over time.
Here's the bottom line: browser makers have absolutely zero leverage over DRM. Firefox refusing to implement DRM would have been 1000 times more likely to lead to Firefox's irrelevance and death than it would lead to rightsholders caving on DRM requirements. Even if all browsers banded together and refused, all that would mean is that premium content would not be available in browsers, and that would lead to a significant devaluation of the web in favor of proprietary apps. It is a techno-centric fantasy to think that browser makers have even a modicum of leverage here. The fact is content producers would restrict themselves to licensed devices in a heartbeat, and they would get away with it to, because at the end of the day, people want to watch what they want to watch.
EME is a ideological compromise, sure, but it's a net benefit to the open web since its scope is small and it maintains the overall schema of web standards. It shouldn't be considered worse than proprietary plugins with arbitrary scope.
People have been recording the things they watch since the invention of the VCR.
DRM will not have any impact on that. Someone will come along, and make a video-grabbing utility that bypasses the DRM. Also, many of the content is already available via bittorrent.
DRM is pointless. But perhaps you are right about "browser vendors refusing to cooperate" not being the best possible approach. However, do you know what is?
We somehow got away from DRM on audio. I was wondering how to do this for video too. What worked for audio, was that you had one vendor (Apple) that had a large enough market share. In order to sell DRMd media that worked on Ipods, the media companies had to sell through Apple. Or they could sell non-DRMd files that would still work on Ipods. They did the calculation, and figured they would make more money going non-DRM so they can pick other distributors such as Amazon.
For video, people don't download it and take it with them (typically), they either play from their computer or from a set top box or smart TV. So there is no market forces that would give the movie studios any incentive to do non-DRM.
Yes but in Netflix case and html5 we are precisely talking about streaming service.
Download should be DRM free for free for vidéo that's true but don't blame Netflix for using DRM on a streaming service as every music streaming service does that too.
Indeed I think studios could reduce pirating to baseline (people who can't afford anyway) in a split second should they understand that people are willing to pay for a fair priced streaming service like Netflix. They just need to open up their catalogs like music majors finally did as an average wallet can hardly sustain a dozen different subscriptions in order to have a decent movie catalog.
I think the entire Plex userbase would disagree. There's also a reason Google Play Music lets you upload your own music: Not all music can be found in "regular" streaming catalogs.
Technicalities aside: Also I like to think that buying albums (even if I stream them later on) makes the artist more money. And I want to support the artists I appreciate as much as I can.
I meant "normal" as in mass-market, not "normal for HN". I, probably like you, of course have a unix fileserver in my residence (as well as a metric ass-ton of vinyl, because it seems we are similar types of nerd).
How else would a subscription service work? If you bought your music instead of renting it you'd truly own it without DRM or any other strings attached.
As a very frequent music buyer, I'd say the situation is very comfortable and user-friendly and I'd wish to see the same for video content.
> What worked for audio, was that you had one vendor (Apple) that had a large enough market share. In order to sell DRMd media that worked on Ipods, the media companies had to sell through Apple. Or they could sell non-DRMd files that would still work on Ipods.
Ironically, this scenario just got more unlikely, thanks to EME now being a standard and thus available for everyone... Hooray for web standards!
We got away from it with audio in part because a typical audio product such as a music single or short audiobook can viably be produced and sold DRM-free at a price so low that it's hardly worth anyone looking for it elsewhere even if they could find it literally for free. Unfortunately, the same economics don't work in most other markets.
Guess which industry watched how that happened REALLY REALLY closely?
The music industry was falling apart by the time they gave up on DRM, the video industry is still very strong and had time to learn where all the mistakes were made that lead to DRM free content.
The end of DRM for purchased music downloads was primarily driven by the need to break what the record industry perceived as a monopoly.
They got in bed with Apple, and at first they were happy with that -- Apple showed that offering a legal way to download music would succeed, so long as it was A) convenient, B) had a suitably large catalog and C) was priced in a way customers saw as fair.
And the result was Apple became a major player in the market, to the point that the record labels started getting scared of what Apple could now force them to do. So they needed to give Apple a competitor. Except... Apple wasn't about to license its Apple-specific DRM scheme to that competitor, and wasn't going to install the competitor's DRM scheme on Apple devices. Which left them with no way to introduce a serious competitor other than to go DRM-free so purchased music would be playable on all the popular devices, including Apple's. Thus, Amazon got to start selling DRM-free music (and eventually Apple got to sell it too).
I suspect sooner or later the book industry will have to go DRM-free to break Amazon's ebook stranglehold, in much the same way.
But video... is different. There isn't a monopolish player in the online video market. There are multiple competing services, some doing purchase and some doing temporary rental and some doing streaming and some doing combinations of multiple options, and there's nobody emerging with power to dictate to movie/TV studios the way Apple emerged in music or Amazon did in ebooks. Which suggests DRM on video is going to be with us for a while no matter what.
And video is one area where I have some sympathy for attempts to control access: the video market is quite young compared to music or books, and has had the short-term rental as a key segment of its market for roughly as long as it's existed. And this makes some sense, as video content tends to have less long-term re-use value: listening to a song multiple times, and re-reading a book multiple times, both seem to be much more common than watching a movie multiple times. So providing a reduced-price option which limits the number of times or amount of time of watching makes business sense. I'm unsure how to reconcile that with hardcore anti-DRM positions, since some type of access control is necessary to enable a rental market.
> I suspect sooner or later the book industry will have to go DRM-free to break Amazon's ebook stranglehold, in much the same way.
I wonder about this, because the fact is that I really LIKE Amazon's system. It doesn't matter where music comes from, I listen to it over and over and usually listen to each song totally.
But with books, it takes more than 3 minutes to read. The fact that all my stuff (Kindle App, Kindle, website) know my place and sync all that stuff is very handy. It's the main reason I use Kindle over physical books.
If you load non-DRMed eBooks onto Kindle my understanding is you don't get that functionality for them and I'm guessing no one would have the power to force Amazon to implement that feature. The end result is that Amazon's DRMed books may be more appealing to me than DRM free options from other places.
As for breaking their monopoly.... Apple tried and the government smacked them down for it.
That's assuming people are going watch things multiple times. Most people, including myself, are one and done.
I've always rented the movies I've watched because I know I won't watch them again, so the savings is win on the whole.
I guess there's something to be said for TV shows, as people often watch those over. I generally don't watch TV series, the exception being a couple Netflix series that friends have begged me to watch, so I don't have too much of an opinion there.
I think this could be rephrased as people don't consciously download things to keep forever. Whatever device you're watching on will cache anything you've viewed for a while so it doesn't need downloading again, and I at least make quite heavy use of the ability to save things for offline viewing on train journeys.
What I don't do anymore is to download video or music and then just keep it around on a hard disk just in case I want to watch it again. At least in my case storage is actually far more expensive than bandwidth, both in monetary value and time spent maintaining things.
I'd say this is false. I'd love to watch more videos when I commute. My Pay TV provider even offers a download option for their streaming sub service(DRMed and self destructing after X days I think, never tried it) which would indicate that there's certainly market demand for it.
Download as in "cache this title within this app for viewing in an environment where Internet connectivity doesn't work well yet" is very different from download as in "here's an .mp4/.webm file for you to hold onto for ever--have fun taking backups and figuring out which third party player can handle the subtitles.
Fun story:
Not very long ago, I bought a copy of a documentary using the latter model.
Another person with whom I was going to watch the documentary had visited their site and seen what movie services it was on. I trusted that info at first without checking the documentary's own site. I got very annoyed about the movie services having the title geoblocked in my country (even when a movie service had presence here and in a neighboring country and the rights for both countries are typically sold as a bundle and the neighboring country had it available!).
Then I looked at the site of the documentary myself. And indeed, for the price of the Blu-Ray version, I could buy a full-HD .mp4 without DRM to download.
So I paid and downloaded the .mp4 plus .mp4s for all the Blu-Ray extras. And I downloaded a .srt file for the subtitles.
The Linux box I had connected to my TV couldn't do full HD well in software but could via VAAPI. However, the player that supported VAAPI was supposed to support .srt but didn't actually support at least this .srt file.
In the end, we watched it by pluggin in a more performant Windows laptop doing the whole thing in software.
Conclusion:
This is what we always said we wanted. However, when it was there, I didn't expect it to be there and assumed I had to find the title on one of the big-name services instead of navigating to the documentary's own site. The UX of getting stuff to work was less smooth than with the locked-down streaming services.
When digital music downloads started record companies demanded DRM. They agreed to a model with iTunes of $0.99 per song. They chafed against this model and wanted pricing tiers. Jobs was willing to give them this but the price was to go DRM free.
Jobs could get away with this for two reasons. First, he was Steve Jobs. Second, the record industry had unwittingly created a virtual music download monopoly in iTunes.
I personally use Spotify because streaming is incredibly convenient and there isn't much you can buy but can't stream. I use Netflix and Ahbo Now for the same reason.
I'd never "buy" DRMed content so music would be fine. Video not so much. I personally don't have as much of an issue with DRM on streaming content.
"The music industry didn't go DRM free because they hated DRM; they went DRM free because they were fearful of the leverage Apple was gaining with their iTunes + FairPlay + iPod combination. Apple’s DRM created this lock, and it became so successful that the music industry went with the lesser of two evils (songs locked to Apple’s iPod monopoly vs. the distribution of DRM-free music) and chose to distribute DRM-free music...
You say "Jobs was willing to give them this but the price was to go DRM free", but why would he do that if DRM was good for Apple, it's what locked this market to iPods? Doesn't make sense to me. The music industry had to go DRM free (with Amazon, for example) because that was the only alternative way to sell music that would play on iPods.
> You say "Jobs was willing to give them this but the price was to go DRM free", but why would he do that if DRM was good for Apple, it's what locked this market to iPods?
Here goes a ~10yo tidbit from SJ [0]. Whether you take it at face value, see it as a PR trick, or anything in between is up to you.
> Apple was able to negotiate landmark usage rights at the time, which include allowing users to play their DRM protected music on up to 5 computers and on an unlimited number of iPods. Obtaining such rights from the music companies was unprecedented at the time, and even today is unmatched by most other digital music services. However, a key provision of our agreements with the music companies is that if our DRM system is compromised and their music becomes playable on unauthorized devices, we have only a small number of weeks to fix the problem or they can withdraw their entire music catalog from our iTunes store.
> [...] only 22 out of 1000 songs, or under 3% of the music on the average iPod, is purchased from the iTunes store and protected with a DRM. The remaining 97% of the music is unprotected and playable on any player that can play the open formats. It’s hard to believe that just 3% of the music on the average iPod is enough to lock users into buying only iPods in the future. And since 97% of the music on the average iPod was not purchased from the iTunes store, iPod users are clearly not locked into the iTunes store to acquire their music.
> The third alternative is to abolish DRMs entirely. Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat.
> Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy. Though the big four music companies require that all their music sold online be protected with DRMs, these same music companies continue to sell billions of CDs a year which contain completely unprotected music.
Kinda of, but most labels find the big three for both production and distribution. There is independent distribution company within each of the big three to attract independent labels. Most labels come to the big three simply because they have the infrastructure in place for global distriubtion from marketing to production to music distriubtion to all the major DSP (digital service providers) such as Apple and Spotify, as well as ringtone. One interesting thing about music deal is that while the big three have the infrastructure and capability, for example WMG can sign a deal with Sony in terrority Y (a country or multiple countries) for the release of X there and they split the royality, and vice versa.
I said kinda of because not all sign with big three and further more there are so many independent artists out there releasing to YouTube or Apple iTune or Soundcloud on their own).
A lot of geeks are under the misapprehension that the studios don't know this. But actually they are not idiots, they are fully aware of the sisyphean nature and ultimate futility of DRM.
The point of enforcing DRM is not to prevent piracy, but rather to flex their market clout and demonstrate control. As long as they put up moderate barriers to ripping, and as long as they have legal sanction to suppress productized piracy, the steady stream of new must-have content allows them to throw their weight around. Licensing streaming without DRM is a slippery slope that decreases the perceived value of their content. Small distributors will do it because they need to make whatever money they can, big distributors will never do it because it damages their brand.
1. People who have access to the content can usually see it over and over again (when they have a subscription to a service like Netflix). DRM will do nothing here.
2. People who don't have access to the content can't even see the DRM'ed version of the file, so DRM will do nothing here either.
3. People who want to pirate (illegally distribute) the content have advanced tools and knowledge to circumvent DRM, so DRM is of no use here again.
> Whether you have access to content isn't an immutable fact of your genetics. People can freely move between groups 1 and 2. That's the whole point.
So you're saying people could move to another jurisdiction to be able to watch their favorite show on Netflix? Yeah, that truly sounds like freedom to me. Or am I misinterpretating you?
You're misinterpretating me. Some people already live in jurisdictions to which Netflix permits distribution of their favorite show. Those people can decide to pay for access or not.
It's also true that some people don't live in such places. But that doesn't matter. You said that DRM serves no purpose. For some it may not. But for some people it does.
Yes, you are misrepresentating(sic!) him. The "move between groups 1 and 2" was meant as decision to start paying for a service, or to stop paying for a service, not a physical move. In other words, voting with your wallet.
1. People who have access to the content can usually see it over and over again (when they have a subscription to a service like Netflix). DRM will do nothing here.
Sure it will. It will stop people writing a script to download as much as they can get away with in a single month and then cancelling since they have enough content to keep them going for several more months without paying for them.
3. People who want to pirate (illegally distribute) the content have advanced tools and knowledge to circumvent DRM, so DRM is of no use here again.
That is a big assumption, and in many cases not a correct one. The major online DRM systems today are fairly robust, and if anyone has a crack for some of them, they're keeping their cards very close to their chests. The leaks of major movies that you find on torrent sites and the like are usually from other sources.
If you're supplying digital content as a business, then usually that isn't your real problem. They weren't going to give you any more money anyway, and with the legal framework being as it is in most places today, it's frustrating to see your content ripped off but not actually worth doing much about it. Meanwhile, your real problem is probably people who will casually copy and share your content, because even if the multiplication is relatively small, those are potentially still reaching people who would otherwise pay for a legitimate copy.
Of course, but typically quality suffers significantly, so what you get isn't as good as the original and that in itself is a deterrent for a lot of people.
Also, some modern watermarking techniques can survive conversions like this, so if anyone is making a habit of recording content from a service using watermarking and redistributing it on a scale that justifies taking serious action, it'll be pretty easy to prove who it was when the lawsuit comes up.
> it'll be pretty easy to prove who it was when the lawsuit comes up
Perhaps. But this person can always claim that it was done by an external hacker. In fact, it can be done by an "external" hacker, and it will be if these guys are smart.
I'm sure that's an appealing argument if you don't like DRM, but the reality is that someone who ripped content marked to their personal account, which server logs show did access the content in question from their usual IP address etc., is going to have a tough time convincing any court on the balance of probabilities that some unidentified bogeyman actually did it.
> Also, some modern watermarking techniques can survive conversions like this, so if anyone is making a habit of recording content from a service using watermarking and redistributing it on a scale that justifies taking serious action, it'll be pretty easy to prove who it was when the lawsuit comes up.
How many compromised netflix accounts do you think are floating around? At some point the bits have to actually go to a display device as well, which can always be tapped.
If a compromised account was used, presumably the server logs will show an unusual access pattern on that account, in particular involving the content that has leaked being accessed from an unusual location. And then presumably the person whose account was used will have to make a convincing case that they shouldn't be held responsible for access using their credentials anyway.
Ok, what if a machine is compromised (there are millions of zombie boxes out there)? Someone can gain access, do their stuff and then upload the result. Are they going to start suing grandmas with weak wifi passwords? That worked so well for the RIAA last time.
Then it'll be up to the person whose account was accessed to provide some evidence that something like this happened and that it wasn't their fault. That's how these things work. You go to court, you make your case and the other side makes theirs, and the court draws its conclusions and acts accordingly.
However, you don't just get to conveniently avoid taking any responsibility when there are videos being distributed that are specifically linked to an account you signed up for that clearly said you couldn't redistribute the content you got through it, just because there's some vaguely possible alternative that might have once happened somewhere maybe.
A compromised account is a vague possibility? I'm not amazing at these things, but I could probably access a WiFi network unconnected to me, mask my IP to a different location, and acquire a random Netflix account in a couple of hours. These things are likely, and wrongful lawsuits greatly damage the company while successful ones provide a minimal benefit.
I'm not amazing at these things, but I could probably access a WiFi network unconnected to me, mask my IP to a different location, and acquire a random Netflix account in a couple of hours.
Really? How would you do that, exactly?
If you're looking online and find camcorder copies of videos that were served to a specific customer at a specific time, as confirmed by the watermarking, and your server logs show that that stream was sent to the customer's usual IP address at the time in question, what are the odds that they were the victim of a carefully crafted hack of the kind you're implying, and not just someone who set up a camcorder to record from their own account?
Wireless isn't very secure, you're mileage may vary on the encryption mechanism but here is a guide to hacking WPA networks (with WEP it takes seconds):
From there you can try a range of known exploits and gain admin access to a PC, after that it's game over, they can run what they want, when the want. There is no careful crafting necessary, the process can be largely automated.
We aren't talking camcorder copies, but exact digital replicas from the netflix stream.
WPA2 is reasonably secure and has been the standard for home and business WiFi for years.
In any case, merely compromising WiFi won't get you someone's Netflix account. The Netflix data itself, including the credentials, are all encrypted.
As for taking over someone's PC, that's far beyond the average pirate, and you're talking about serious criminal offences on top of mere copyright infringement at that point.
And even then, we're not necessarily talking about being able to make exact copies of the stream. The whole point of hardware-backed DRM schemes is that just because you can run software on the PC, that doesn't mean you can access the unencrypted data stream.
So again, how exactly were you planning to do this? What you're talking about is far beyond the average script kiddie or casual pirate.
Remember, we were talking about convincing a court that it was more likely that someone did all of this and that was how a watermarked copy of protected content got out than that the person whose account was used to download that content then somehow shared it. A slight possibility that professional pirates who are also expert crackers chose that particular customer to pick on and left no evidence having done so isn't likely to be very convincing.
I can't figure out why you've added this ridiculous "need to use their computer" part, that would be necessary for a successful lawsuit but suing random Netflix users will look terrible even if the court clears them in the end. But OK...
WPA2 is reasonably secure, but most home instances aren't set up well. They often have WPS enabled or a guessable password. Plus weaker set ups are still easy to find. Once you're on, redirect Netflix to a site to grab their info, record the stream from a computer outside their house. This is needlessly complex for what is needed, find a compromised Netflix(+email?), record.
Netflix serves over HTTPS and uses HSTS. Under most circumstances, you aren't going to be able to MITM them and "grab their info" even if you've compromised their WiFi.
You keep coming up with these claims about how easy this is, yet you also keep missing basic technical points about the system actually works. As I've said before, if there is actual evidence that someone's account was compromised then they can produce that as part of their defence in court. However, if content that is watermarked to a specific account turns up all over the Internet, that is evidence suggesting that the person in question has infringed copyright, and that does need a real defence if the rightsholder chooses to take legal action accordingly.
Yes, and people are so great at making sure they access https addresses and never ignore a "this may not be secure" warning.
And you're still ignoring the major parts. What someone actually needs to do is much easier than all this, and Netflix has already lost if they end up in court with an innocent person.
If you want me to prove accounts have been compromised, look at all the account breaches over the past few years, think of how many reuse passwords.
> That's how these things work. You go to court, you make your case and the other side makes theirs, and the court draws its conclusions and acts accordingly.
Currently the burden of evidence is far too low. Something being done with my account, or even my machine is not evidence that I've done anything wrong.
> However, you don't just get to conveniently avoid taking any responsibility when there are videos being distributed that are specifically linked to an account you signed up for that clearly said you couldn't redistribute the content you got through it
How are we supposed to take responsibility for the actions of others? Should we be liable for crimes committed due to the insecurity of home networks? If so the computer industry has much bigger problems than DRM.
That's why we have laws to apply negative externalities like very large jail sentences if you're caught distributing a file that you created by taping a movie off-screen.
> It's about compromises to drive behavior and consumer spending with convenience.
You mean grabbing a DRM-free (i.e. pirated) copy so that I can watch it at my leasure and on devices of my choosing, even if I have access to it via other legit means?
Any free or low cost run-of-the-mill capture software renders DRM useless. If it's made out of bits, you can't ensure ownership after redistribution. In an environment like this people pay because it is quality content and access is easy. The publishers business model needs to get with the times, not strong arm browser vendors into adhering to their archaic requirements. I'm personally sick of hearing about this DRM war. There are so many more things to be concerned with. ◔̯◔
Browser makers have plenty leverage. A Firefox user watching Netflix will, and this is a tautology, be worse off if they cannot continue doing so. That may lead to people switching to other browsers more often than dropping Netflix subscriptions, but the costs for Netflix wouldn't be 0, and may even be substantial considering the population of people using Firefox is self-selected to those placing a high value on openness.
If Chrome were to ship without DRM, Netflix would cave faster than you can say "thepiratebay". See what happened to flash when it wasn't supported on the iPhone. There are millions of archived predictions of Apple's demised in forums such as this, but even though they had 20% of the market at peak, they easily killed flash.
Unfortunately, Google has an interest in DRM for its own sake. This may serve as a welcome reminder that the awesome job they have done with Chrome is a result of an alignment of interest between them and the web community: they need the open web to compete against iOS and the closed Facebook ecosystem. That situation may not last forever.
I'm quite happy to have had RMS and other true-believing ascetic martyrs shaping the techno-centric fantasy world we're living in. If your defeatist attitude had prevailed in the early years, we'd all be writing VBScript to animate the spinning gif on homepage.doc – yes, Microsoft once tried to push .doc to replace .html.
I also think the music industry has proven quite clearly that you'll have a lot more success with carrots than sticks. I honestly don't know what benefit they think they're getting from DRM, considering all their material somehow ends in a .torrent anyway.
Not only is it not true that Netflix would cave if they didn't have native browser support, but we know it's not true, because Netflix for years relied on plugins to deliver over browsers. Meanwhile, every year that passes, browsers have less leverage as more Netflix subscribers get their content either on set-top boxes or mobile devices (where Netflix has total end-to-end control), and fewer are stuck with browsers.
Have to say that this mirrors my experience. Netflix as an app is ubiquitous -- it's on virtually every electronic device I have, from smart TV to Chromecast to phone to tablet to Wii U and PS4. I believe I have Flash specifically updated and enabled for Netflix (or one of the video services, HBO maybe?). If Netflix required a specialized Mac OS X, I probably would install it. I imagine browsers have less leverage when it comes to the average non-technically inclined user.
So the response becomes "so what?". Oh no, proprietary videos will move to proprietary apps, and free videos would remain in the browser. People aren't going to stop using browsers for everything else just because they watch youtube vids on the youtube app. Browsers just aren't going to suffer if proprietary videos move elsewhere - it doesn't matter whether Netflix caves or not. It's not like the rest of the world-wide-web that doesn't rely on DRM'd electronic files is going to follow suit and leave the browser.
>> because Netflix for years relied on plugins to deliver over browsers.
They still do, you have to have the Widevine PLUGIN and the Open H264 PLUGIN to play content on netflix
It is a pure myth that eme does not have plugins
>browsers have less leverage as more Netflix subscribers get their content either on set-top boxes or mobile devices (where Netflix has total end-to-end control), and fewer are stuck with browsers.
I am fine with that, I would rather have that than an HTML5 standard that requires binary plugins to work. I would rather have that then the risk EME brings to extent beyond video content to start having entire pages plugin bases, fonts DRM encumbered, and 100's of other consequences to this move that are coming
>>HTML5 does not require binary plugins in order to work.
Yet... EME opens the door, and only the Naive believe EME will start and stop at Video Content.
There are already requests for ebooks,and fonts. Images and and even web content itself is not far behind
>I agree that it's a myth that EME doesn't have plugins. What EME does is reduce the scope of those plugins.
Yes and no, if you buy in to the "perfect sandbox" myth then sure, but to believe CDM's are secure is laughable. There are too many hooks into the hardware, there as to be in order to bypass the user, for it to actually be secure.
No the security is more protecting the CDM from the user, not protecting the user from the CDM
Well. Look what happened when Apple refused to support Flash. Did Netflix all the sudden support HTML 5 H.264 video in the browser in a cross platform way? No. They wrote a proprietary app for iOS. Would more people have been served if Netflix could have had a standard that worked across all browsers that would have allowed Android users to use Netflix 9 months sooner?
Firefox users were already viewing Netflix with a Silverlight plug in. Would you rather be stuck with an MS solution or one with input from various companies.
As far as the music industry getting rid of DRM it had nothing to do with "carrot vs. sticks." The real history:
2003: itunes was introduced with DRMd music that only worked with the iPod.
late 2006: other companies tried to sell drmd music but since it didn't work with the iPod, none of them could gain traction.
Early 2007: the music industry asked Apple to license FairPlay. Apple refused. As an alternative, Jobs said that if the music industry would license their music without DRM, any music sold anywhere would be compatible with any player. His "Thoughts on Music" essay giving this alternative was widely publicized in 2007 (https://www.google.com/amp/readwrite.com/2007/02/06/steve_jo...) and was on the front page of Apple.com
The music industry wanted variable priced music, the ability to bundle songs, a cut of every iPod sold, and a deposit to insure against losses due to privacy. Apple refused all of those conditions.
To both decrease Apple's dominance in the market and to increase the competition, the music industry allowed all of Apple's competitors who would bow to their demands to offer DRM free music. Apple was only able to sell DRM free music by EMI and independent labels and they weren't allowed to sell music at all over cellular for the then new iPhone.
2008: Apple and the music industry came to terms and Apple started selling DRM free music.
The only reason the music industry allowed DRM free music was to decrease Apple's dominance.
That may lead to people switching to other browsers more often than dropping Netflix subscriptions, but the costs for Netflix wouldn't be 0
Maybe not, but since they already provide their content via various apps anyway, it's hardly a leap to them providing a dedicated, proprietary player on other platforms as well.
If Chrome were to ship without DRM, Netflix would cave faster than you can say "thepiratebay". See what happened to flash when it wasn't supported on the iPhone.
Flash continued to be the dominant platform for online video for several more years, major sites didn't work on Apple devices, and competitors literally ran campaigns with lines like "See the whole Internet"? I'm not sure you're making the point you intended to here.
If your defeatist attitude had prevailed in the early years, we'd all be writing VBScript to animate the spinning gif on homepage.doc – yes, Microsoft once tried to push .doc to replace .html.
This is just silly. At no point in the history of the Web, from its earliest days growing out into public awareness, was there any serious prospect of anything like that happening. Whether we're really better off with JS having become the dominant front-end language is a different question, but I digress.
I also think the music industry has proven quite clearly that you'll have a lot more success with carrots than sticks.
The music industry can sell its primary content at sub-dollar prices and still make a reasonable profit. Almost no-one else can.
I don't agree with "people want to watch what they want to watch."
IMO the 2005-2015 wave of pirated content was due to the exact opposite; users (people in the living room) not going the extra literal mile to buy/rent a DVD.
With the coming of Spotify & Co the music pirate scene has pretty much died off and it's because the physical CDs are replaces by something orders of magnitude easier.
Same thing is happening with video content now that most houses have the capability of streaming it.
What people want to do after work is to sit in the sofa and press "play". They don't want to start installing software.
I don't agree with "people want to watch what they want to watch."
I have quite a few data points that say you are flat wrong about that. I would add to this: people watch what they want to watch and how they want to watch it.
I've literally downloaded HBO shows even though I'm an HBO Now subscriber. The Roku HBO Now app is so horrible, I just hate using it.
I agree with this. My frustration is not only HBO, but also UFC. I pay for Fight Pass because I love the sport, and I want to support it, but my Roku experience is so bad that I found myself looking for other means of consuming it.
Sorry, that's not how it works. The situation is what it is, and the people with hard data are going to act on it, and your scepticism does not change any of that.
As another person with business interests that produce custom video content for niche markets, I have shifted significantly in my attitude towards DRM since discovering how real people behave. We tried to be nice and considerate and not limit access to the video files with DRM. We did this while producing new, original content unlike anything else out there for our subscribers. We held out for several years.
But we got to the point where we were spending so much time dealing with that that it was directly affecting our ability to deliver for the vast majority of our customers who respected the rules. We were losing out on revenues, our genuine customers were losing out on new content, and the only people winning were the freeloaders and the people enjoying our content on other people's sites/channels/whatever.
My concern about DRM affecting legitimate customers if something goes wrong is as strong as ever, so we still take a cautious approach and err on the side of being nice. However, I have no qualms at all about DRMing every single asset we have, and I have no qualms whatsoever about deploying the lawyers against people who knowingly, maliciously and without remorse rip off the results of several years of hard work and share them with others.
As a final point, none of this negates your point that making access convenient and prices reasonable improves conversion rates. But I see little evidence that this helps if part of your potential market is finding your content totally free from someone else first.
> What people want to do after work is to sit in the sofa and press "play". They don't want to start installing software.
Maybe, but Roku, Fire Sticks, Apple TV & Chromecast all seem to indicate that people are willing to put in some effort to set up a platform for video consumption. That combined with pre-installed solutions like iTunes and Microsoft Movies & TV give users some pretty easy options to compete with their browser.
I think we lost the ability to make fun of RMS once the Snowden revelations come out. Regardless...
>> It is a techno-centric fantasy to think that browser makers have even a modicum of leverage here
You realize the world's largest browser vendors are Google, Apple, and Microsoft... right?
>> EME is a ideological compromise, sure, but it's a net benefit to the open web since its scope is small and it maintains the overall schema of web standards.
Ahhh yes, the classic "compromise some of my morals to save the rest of them". Works every time.
Google and Apple have very little leverage. If even one major studio withdrew all their content from Apple and only made it available on Netflix, Apple could potentially lose millions of subscribers. People want to watch what they want to watch.
1) Content production is rapidly moving to an "in house" model, where subscribers are more heavily influenced by original and exclusive content
2) I doubt there would be large transfers of subscribers, more a slight depression across the board and large increases in piracy, as we saw rather distinctly with the early days of music providers (like before itunes early days)
3) Google and Apple each by themselves are worth the entirety of Hollywood many times over. I think it's less them having little leverage, and more them playing a longer game and not caring about DRM battles in the short term.
Content is indeed moving in house, and all the companies that are doing in-house production in any meaningful way DRM their content. So what does this matter?
You keep using this phrase. Doesn't that also suggest that, if given enough trouble, they will just pirate that content instead? DRM has shown to do very little to stop that, so why continue pretending that it does.
> You keep using this phrase. Doesn't that also suggest that, if given enough trouble, they will just pirate that content instead? DRM has shown to do very little to stop that, so why continue pretending that it does.
Yes, but, in general, trouble has been decreasing, and so has the need to pirate. I would argue that there are only three kinds of people who pirate anymore:
1. People who want a local copy of the content that can't be taken away (e.g. Netflix pulling a title, or just canceling one's Netflix account).
2. Content that is so long-tail that it's not available for streaming from one of the major players that have decent device/playback support.
3. People who are so far in the "openness"/ownership camp that they would refuse to buy into a service like Netflix unless they provided #1 (DRM-free, of course).
The fourth kind of person is mostly gone: the person who doesn't need 1-3, but finds the options for playing content legally to be too cumbersome, or who can't find a legal player for their chosen viewing device. (Essentially, they've been "given enough trouble".)
If Netflix were to drop all browser support, and release native apps for Windows and macOS, there would be an increase of that fourth kind of person (Linux users, mainly, though I wouldn't put it past Netflix to release a Linux client too), but that wouldn't change the situation for the 1-3 type people, who are the bulk of pirating community.
I really think, for the vast majority of viewers, having a native Windows/MacOS app, plus native apps for Android/iOS, is plenty. Taking away browser support isn't going to increase piracy by any measurable amount.
You missed be largest category for pirating: people who want to watch new releases before they are available on Netflix, but cannot afford $20 to see it in theaters, or $15-20 to buy it digitally before it becomes available on Netflix. The window before a movie is in theaters until it becomes available on Netflix can be huge, and many people don't want to wait that long. I usually prefer watching movies in theaters (I like the experience) and if I miss it in theaters I will gladly buy it through iTunes, and even then I usually have to wait 3+ months before a movie I missed in theaters is available for purchase. I don't pirate because I wouldn't even know where to start but I can say I've been tempted to look into it just so I can watch a movie today rather than 3 months from now (and I would gladly buy it even after pirating it).
4 is still a thing because of exclusives and regional restrictions meaning that you need a growing number of subscriptions to access a chosen subset of content, and it might not be available at all in your region
> You keep using this phrase. Doesn't that also suggest that, if given enough trouble, they will just pirate that content instead?
Not to point any fingers, but I can confirm that this happens, a lot.
But regardless of my personal views of DRM and its efficiency, kudos to Netflix for targeting Linux as a platform, even if they do it for their own pockets' sake.
> You might as well say that anyone who is not living an RMS-sanctioned ascetic technology lifestyle is hurting the cause of free software everywhere.
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
―George Bernard Shaw, Man and Superman (1903) "Maxims for Revolutionists"
This is all true. What has happened is probably the best out of a set of crappy options. It's only a net benefit compared to the other non-fantasy possibilities, though. EME is more something to be resigned to than happy about.
> It shouldn't be considered worse than proprietary plugins with arbitrary scope.
True. Proprietary plugins with limited scope are better than proprietary plugins with arbitrary scope, all other things being equal.
> Sorry, but as someone who spent nearly a decade founding and building a premium content VOD service, and 6 of those years fighting fiercely against DRM and making great content available without DRM, I have both the knowledge and moral authority to say that you're living in a fantasy world. .... EME is a ideological compromise, sure, but it's a net benefit to the open web
If you need DRM, nobody is forcing you to create a solution based on a open-platform. Go make a OS and platform-specific app instead.
I mean... That's what EME makes browsers and web-sites into anyway. You now have so called "web-sites" where your OS and platform has to be "supported".
And then you might as well make a native app. Like Netflix does. Like Spotify does. Like everyone does.
I think you're living in fantasy world where DRM actually works. Not once has DRM prevented me from watching a netflix show, it's only prevented me from watching it on netflix.
DRM works to do the only thing it was ever really meant to do, which is give copyright holders warm fuzzies so that they're more willing to put their content up for sale on legal channels that don't require much in the way of technical savvy to use. Which means that it also works for the vast majority of consumers, since that's all they really ever wanted in the first place.
The whole bit about preventing people from copying content is just a feel good story that's told to TV executives in order to further DRM's primary purpose.
> I think you're living in fantasy world where DRM actually works. Not once has DRM prevented me from watching a netflix show, it's only prevented me from watching it on netflix.
Yes, yes, and yes.
DRM has blocked me from Netflix as a Linux user (not anymore obviously), blocked me from games due to bugs in the DRM in windows and or rootkits, and blocked me because the DRM does not work in Linux while the actual game does. And often you can find DRM free piracy versions.
It only deters people that were already detered by their own technological inability, the ones that don't know what files are. Everyone else can circumvent it by grabbing a pirate bay version.
Wrong, neither I nor anyone in industry believes DRM "works" in that sense. You're misunderstanding the purpose of DRM, see my other comment: https://news.ycombinator.com/item?id=13936576
> The point of enforcing DRM is not to prevent piracy, but rather to flex their market clout and demonstrate control.
I don't see how DRM does this. The amount they've spent compared to the results they've got seems to demonstrate a complete lack of control to me.
>As long as they put up moderate barriers to ripping, and as long as they have legal sanction to suppress productized piracy, the steady stream of new must-have content allows them to throw their weight around.
What does DRM do to prevent productized piracy?
>Licensing streaming without DRM is a slippery slope that decreases the perceived value of their content.
So the choose to increase the real value of it instead?
All evidence points to the opposite. Browser usage has expanded every single day since they were introduced ~26 something years ago. All that time there was no DRM in the browser.
Proprietary plugins have been the source of the majority of exploits. EME will be no different
> all that would mean is that premium content would not be available in browsers
I doubt that. All browsers boycotting DRM freaks would cause more rational heads in the media industry to push against those who insist on DRM, and it could become the tipping point in ridding video of this disease.
They themselves admit, they don't mind it, but don't want to be first to disrupt the status quo. So cowardice of browser makers only advanced the problem. But I agree that Firefox alone couldn't change things. This had to be a combined effort. But others simply either have no guts to stand against DRM, or are themselves dirty with it.
> Even if all browsers banded together and refused, all that would mean is that premium content would not be available in browsers, and that would lead to a significant devaluation of the web in favor of proprietary apps
Not everyone sees this as a bad thing. Horses for courses; the web doesn't have to be the platform for everything.
Someone can fork FF though and make it so that the DRM looks like it's there to the websites it visits, but it isn't really there. There's no way DRM can't be removed if I own the device that can play it.
You don't understand how this works. Firefox just provides some APIs that the DRM blob can use. All the decryption is done by the blob, not Firefox. You can reverse engineer the blob itself to an extent, but that will also become impossible with SGX (hence 4k on kabylake + edge only).
What's to stop someone reverse engineering the blob before it's loaded into an SGX enclave? I don't understand it very well so I could be missing something, but wouldn't that at least let someone document how the DRM works even if not running their own implementation?
It would be of no use (and the code can also be encrypted for additional obfuscation). There is no private data in the blob. The blob communicates to mothership once it's safe inside the enclave, and that's when sensitive data is transmitted over an encrypted channel which only the blob can decrypt inside the enclave.
Digital signatures. Not that I actually know how it's implemented, but I would expect someone like Netflix to pay Intel for the build infrastructure to be able to build signed blobs that the SGX will load.
The "someone" in your hypothetical can modify the blob, but then they won't be able to resign the blob, so SGX will fail to load it.
No, that's all fine for mucking around and developing apps, but actual SGX needs attestation which the emulator can't fake. That's the whole point of SGX.
There is a hardware-based secret which emulators cannot obtain or fake. That breaks the attestation chain. At the heart of it, there is some stuff that only your processor can do and not you the user even though you may have full control over the operating system. The OS is in SGX's threat model.
>Someone can fork FF though and make it so that the DRM looks like it's there to the websites it visits, but it isn't really there.
No, they can't. The DRM will have to be there, or the content (as is from the website) wont play.
>There's no way DRM can't be removed if I own the device that can play it.
There are several ways (including recording the analog signal if it comes down to that). But not any way of "make it so that the DRM looks like it's there to the websites it visits, but it isn't really there"
It is very rare that I find something I want to watch here, where as the content I generally want to watch, sadly, exists behind a DRM-wall.
Services/competitors are a dime a dozen, but the issue is driving users to your service, and I don't believe users will run to watch content they don't want to watch just because it is DRM free. I also don't feel like we will force content creators to go DRM free since, as we're seeing, everyone is releasing their own streaming service, which would include DRM.
Hollywood has no desire to enter an open platform. They're completely happy if none of their movies are online, ever. Really. They already have a massively profitable distribution system in the theaters.
The problem is that people want to watch Hollywood movies on their computer, including people that use Linux. So what do you tell those people to do? Tell them run Windows? Have them go watch it in the theater? And they have copyright controls that can force offline sites that host copyrighted content in various countries.
So DRM is the tech industry's way to kiss these people ass. It may be flawed or may not work, but it's still ass-kissing. They're the artists, they get to decide what they do with their art. The consumer has no right to an artists creation. Their only choice is to pay up or ignore it.
And you'll find that this happens to other art mediums as well. There are many, many art galleries that won't sell certain works of art if they deem your ownership as insufficient. Literally - the customer is wrong.
That's true but Hollywood has been dead wrong so many times it's laughable. They've been dragged kicking and screaming from one giant pile of money to the next. Don't forget the former head of the MPAA Jack Valenti's testimony to Congress in 1982:
>We are facing a very new and a very troubling assault on our fiscal security, on our very economic life and we are facing it from a thing called the video cassette recorder and its necessary companion called the blank tape. And it is like a great tidal wave just off the shore. This video cassette recorder and the blank tape threaten profoundly the life-sustaining protection, I guess you would call it, on which copyright owners depend, on which film people depend, on which television people depend and it is called copyright.
But hey if Hollywood wants to refund every purchase I made adjusting for inflation and with interest of VCRs, LaserDisc Players, DVD Players, BluRay players and all the titles I bought on them over and over then fine let's go back to you can only ever see a movie in a theatre.
Yes I realize DVD and BluRay have DRM but there was just as much wailing and gnashing of teeth over those media when introduced and each one was more profitable than the last and remain so even though their DRM is now broken. Contrast that with the failed DIVX platform and you can see what consumers want versus what Hollywood does are very much out of sync.
People used to say the same about music before iTunes went DRM-free. In the long run, universal computers have far more value than audiovisual media. And you can explain what Hollywood wants without taking their side.
Music is a different animal. I can listen to a piece of music hundreds of times. I'll only watch a movie once, even the most diehard will only watch a movie at most dozens of times. I'm going to notice restrictions on my music way way sooner than I'll notice them on my movies. My only real objection to DRM on movies is philosophical, while my objection to DRM in music is practical, as in, I'll pirate my music if I can't move it around.
They can pirate it too, which is often a superior user experience in that the user can keep the file, move it to a different device, watch without arcane restrictions, etc.
Look at Netflix and others who are starting to build alternatives to that ecosystem (in addition to working with it for existing content). If DRM remained second-class, maybe the next such alternative would loosen its stranglehold a bit to gain a broader audience and reduce friction.
The dominance of a distribution platform is largely determined by the content it offers. If you aren't willing to play ball but the competition is, guess who gets the content?
The problem is DRM has been used for more than digital rights management. We've seen it used to surveill the user and collect information - and restrict actions on the users' computer when it thinks you're doing something illicit (not allowing you to burn things to disc, restricting the ability to screenshot videos, uninstalling/deleting programs, adding rootkits, etc).
Far outside the scope of providing authorized access to protected content.
What's terrible is Netflix could have used it's considerable influence to tell _that_ _Industry_ that we won't walk this walk anymore. EME - as I understand it - allows them to create a closed-source program that runs in a sandbox to authorize and reproduce content we've paid to view. It should have very limited ability to do this - but breaking out of sandboxes is what some software engineers are employed to figure out. We're trusting those companies with the ability to run their programs on our computer so we can watch Paul Blart: Mall Cop. We hope it works as it's defined, but it's not a guarantee.
It's not worth it and pirates don't rip from Netflix anyway. They usually work for the industry as some part of the distribution/theater network.
This hurts the customer. Our computers are not our own.
> What's terrible is Netflix could have used it's considerable influence to tell _that_ _Industry_ that we won't walk this walk anymore.
Why do you assume they didn't? And if they did and the industry said no, what should they have done? Walk away, lose access to all its content, see a large part of their subscriber base move to different services that do support DRM and therefor get the content and eventually have to start firing employees as their income drops?
Just about any streaming service has this exact same problem. They don't love DRM nor want to support it, it's annoying and cumbersome. But it's how you get access to the content. And unless you can survive purely on your own content you don't really have the option to walk away over your ideals.
If you want DRM out of the system, convince the content/rights holders that DRM isn't in their best interests, i.e they can make more money without it or at the very least won't lose money over not having it. If you're hoping that somehow a significant enough size of the population will boycott it for the industry to change, based on the ideals of the open web and open access, you'll be waiting a long time.
It's interesting that DRM is basically a "free market problem." In cases where there is a government-supported media production/distribution service, as with the BBC in Britain, no DRM is needed, because the success of the service is not dependent on income from licensing the content. Instead, the content itself is often put up for free on a government-hosted online archive, in as many formats as possible, to ensure it can reach all the citizens who paid for it.
About a 1 billion of BBC revenues of about 5 billion GBP come from licensing content worldwide. They utilize both geolocation access restrictions and DRM in an attempt to protect this revenue.
the issue itself is not a "free market problem" because copyright only exists because of government interference. Government created the "right" DRM is protecting against.
In a pure free market, there is no copyright, thus no need for DRM to protect a right that does not exist
DRM schemes effectively allow the implementer to invent their own rules well beyond what copyright law specifically reserves (e.g. restrictions on resale and lending, ability to create their own licensing regime to publish on a given platform), so I don't see how DRM depends on government intervention. DRM is already defined more by business and technical considerations than by the law. If anything, it seems to me that draconian DRM schemes would be more desirable to vendors if they didn't also have copyright lawsuits in their arsenal.
I see how that's supposed to work, but I don't think that's how it happens in practice, and hence doesn't explain much about the motivation behind actually bothering to deploy DRM. Proto-DRM (copy protection, lockout chips, dongles) was in play decades before anticircumvention laws, and as far as I've seen those laws have little practical value in stopping circumvention anyway. They seem to be primarily used for extra charges against vendors of "fully loaded" hardware (e.g. consoles and media players preloaded with illegally copied content). When governments are leveraged to go after pure circumvention tools, the Streisand effect usually kicks in and ensures that the necessary code and keys are spread far and wide. The main place where DRM actually has teeth is in applications where connectivity and an account are required, such as streaming media services (i.e. the primary application of EME) and online gaming. In that case, the vendor can frequently update anticircumvention measures in the client and deactivate accounts (or, in the case of vendor-managed platforms like game consoles, ban the actual device) that fail enough checks.
> And if they did and the industry said no, what should they have done?
Distribute industry content with DRM, distribute their own content without, and see what the results are.
Somebody's going to have to perform the experiment to see what the outcome will be. Since Netflix produces tons of content now, they are in an excellent position to try this.
Netflix creates tons of original content so it is both a producer and distributor. If Netflix really believed that the marginal value of DRM was zero they wouldn't use it on their own content since it has a nonzero cost on the distribution side.
The only other possibility that I can come up with is if Netflix's original content has multi-party rightsholder situations with contacts that legally require them to apply DRM even to "their own" content (IANAL and don't know much about how these things work, but it wouldn't surprise me).
From a purely consumerist standpoint, by far the biggest problem with DRM used to be how it was falsely advertised as selling copies, when it was in fact just temporary access that could end any day, even tomorrow (company/server shutdown, hardware token malfunction/loss, general incompatibility with new stuff). Now that "buying" has mostly been replaced by streaming subscriptions, this problem has disappeared: it is perfectly obvious to even the most naive user that access to the content will be gone if they cancel Netflix (or if Netflix disappears) and as a bonus, it has become just as obvious that the streaming provider knows what you stream, open, "natural" surveillance instead of hidden, deliberate. Now it is more like the cashier knows what you buy at the supermarket (how else could they do their job?), whereas before it was a bit like the loyalty card backend knows (ignoring the massive difference in centralisation between cashier and loyalty card).
I think you've perfectly summed up the problem the average anti-DRM advocate has: it's pretty easy to get people riled up when they paid a noticeable amount of money to “buy” something which goes away. In contrast, the Netflix/Spotify model where you pay a modest amount of money for all-you-can-eat accesss is hard to get much traction with since nobody thought they owned a particular work and the total price is so much lower that few people care.
I can't decide whether this is bad or a sign of progress towards training people that DRMed content is not worth much.
The major EME providers are PlayReady, which is Microsoft, and Widevine, which is Google.
You've already given those two companies pretty broad permission to run binaries on your computer (unless you use Firefox on Linux) so I'm not sure what the incremental security issue really is.
That's quite the invalid assumption. Additionally, if I let Google run binaries on my system in one spot, it does not mean I have given them full access to run binaries elsewhere.
I suppose but when you're already using Chrome using the Widevine CDM isn't a huge difference. When you're using Edge using the PlayReady CDM isn't a huge difference.
I see the general theory of the argument for Opera and especially Firefox but even so, why trust a CDM blob less than any other commercial binary?
Tell that to the 4k webrips on the private torrent trackers; I'm sure they'll be surprised both by the fact that they exist, and have apparently gained sentience.
It would be better if the platforms that wanted DRM just made their own damn desktop apps, just like they make their own iOS apps, Android apps, Roku apps, smart tv apps, etc. There's no reason for them to be embedded in a browser.
They knew the adoption rates for out-of-browser proprietary content viewers were awful. That is why they dedicated resources to usurp the open web.
If Mozilla had fought back, we might have progressed towards the death of the obsolete content model big media wants to keep in place and prevent change in the market. It would have at least been a step in the right direction - instead, the promise of the open Internet was sabotaged, and big media gets to be more "convenient" at its sacrifice.
Mozilla did fight back, but nobody in the OSS community at large bothered to care about EME until the writing was already on the wall. I remember being at the Mozilla Summit 2013 discussing Mozilla's alternative proposals, but even by then the prevailing mood was that of imminent despair at the inevitable.
AFAIR the alternative with the most promise involved implementing a new video codec in JS (heavily leveraging the GPU and the then-nascent asm.js) with first-class support for digital watermarking, then convincing studios that per-user watermarking was more effective than DRM. You can see the difficulty of Mozilla's position: it wasn't enough to come up with an alternative to EME, they had to come up with an alternative to DRM altogether. A tough sell, to say the least, and basically DOA because Chrome and IE were shipping EME for use with Netflix in 2012.
Why is reasonable DRM a problem in the first place? I'm paying Netflix $8 a month to watch thousands of movies whenever I want. Being constrained to a large number of devices that take some steps to prevent someone from ripping the movies is a fair tradeoff. It works flawlessly on my computer, on my phone, and on my xbox. The DRM hasn't bothered me once.
Because I'm going to immediately argue with you that there is no reasonable DRM.
It comes from two ideological positions. One believes that content creators need complete systemic control of what they make - at all costs (that the creator maintains full control no matter how the content is interacted with) - and the other is that content shouldn't be controlled (or that I, as a buyer of content, should control the content I bought), and all real world implementations fall between those extremes.
But when it comes to DRM, it should be understandable that plenty of people (myself included) are not willing to allow third party companies to run proprietary code (the drm) on my hardware for the exclusive purpose of preventing me from interacting with data on my own computer (the streamed movie / music). When web browsers start baking in this proprietary functionality, it forces me to look for alternatives to the established open source browsers.
If you are content with that relationship with content (heh) providers, then this is not your fight. But at least accept that a lot of us want to own our computers, and proprietary software takes away that right, and DRM is just one of the more visceral forms proprietary software takes where its entire purpose is to impede the users ability to control their computers.
So, install a DRM-free browser on your universal computer and get a dedicated box for the subscription service? Except for perfectly avoidable waste, what did I miss?
The problem is, eventually, no one is going to make an DRM-free browser because "no one" will use it if they can't watch movies or access whatever other content will be locked down with EME. Firefox let's you easily disable DRM, for now, I have no faith it will remain that way forever. If content providers were really never going to give up on DRM requirements, I think a standardized "Media Browser" specification should have been created with the only goal being audio/video delivery, completely separate from web standards. I don't even understand why Netflix wants to be under the thumb of the major browsers, they should be the one's looking for a dedicated solution so they can declare independence.
Yes, the bundling is ridiculous, but as long as the browser is open source, it'll still be possible to disable it - it's a tiny amount of code to allow that to happen, not a high maintenance effort item at all.
They quite frankly can't technically, only legally - they're selling a 0 margin good, anyone who has it can basically give away infinite copies at zero cost per additional copy. Anyone who wants it for free will have it for free. They need no more than drop a few words into Google or type the name of something into a fully automatic tool like Sonarr.
It's pointless for them to bother trying to stop piracy, especially of analog content using technical means.
"but it's not perfect, someone could just xyz and abc and get around the system."
DRM is not about being perfect against a dedicated pirate. Just like locks on doors, it's about putting up a few barriers that serve to keep the vast majority of people honest. No one is under any illusions that DRM will stop movies and games from showing up on torrent trackers.
There's a big different between breaking a door down to bypass a lock and pirating a movie via bittorrent though.
It doesn't "keep honest people honest" when piracy is so damn easy regardless of what they do with DRM. The point of that phrase is to increase the effort and motivation necessary to commit a crime - in this case, DRM doesn't do that. With or without DRM any idiot can download the latest Popcorn Time fork and stream movies with 1 click. DRM doesn't hinder the most casual of pirates at all, it only hinders honest customers.
People are pretty wary of using torrents because they're scared of being sued. What DRM on Netflix prevents is you ripping all of the seasons of your favorite shows, with almost no risk of getting caught, and then cancelling your Netflix subscription/sharing the rips with your friend, who is probably not inclined to use torrent sites.
Most people I know who casually pirate things don't even use torrents, they use streaming websites, file lockers, Kodi plugins, etc. Which offer similarly no risk of getting caught. I was simply using Popcorn Time as the extreme example of the level of ease it can be at.
None of these are exactly out-of-the-way high-effort options. There's no increased effort - you just don't bother trying to do so via Netflix. Any of these can be Googled in a few minutes. DRM does nothing to prevent them.
The legal risk you're talking about is just that though - nothing to do with DRM, everything to do with a legal threat. Note that it's more effective than DRM.
Even those who do go out of their way somewhat to improve the piracy experience don't go that far. I wouldn't compare configuring a typical Usenet+Sonarr+CouchPotato+Plex rig to breaking down a door, and that's pretty much the most advanced sort of setup you can get. It may require slightly specialized knowledge, but it doesn't require specialized intent usually. The intent is still the same as that of the casual pirate, it's just a tradeoff of upfront effort for later ease.
So how do we ensure people keep making quality content and software? Should they give it away for free by default and just count on charity?
Seems to me the only ultimate solution is to have some kind of guaranteed basic income, at least for all people that aren't involved in the creation of tangible goods (that can't be copied at zero cost).
Does anyone remember what the prevailing mood was like when/before Chrome started becoming popular? Were people simply happy to see more companies putting a dent in that avatar of Lovecraftian horrors that was Internet Explorer?
Why didn't Mozilla work harder to catch up with Chrome and counter Google? Was it a case of "My enemy's enemy is my friend?"
And why did Opera slip away into the mists of obscurity? I remember it being pretty good and it was actually my main browser for a year or so.
> Why didn't Mozilla work harder to catch up with Chrome and counter Google? Was it a case of "My enemy's enemy is my friend?"
I'd argue that this "catching up to Google" was more their problem than their solution.
In making Firefox more and more Chrome-like they took away many unique and important Firefox features and they keep moving further and further in that direction. They now want to trash XUL and move to an extension framework that exactly matches Chrome's, removing the deep flexibility and customization that Firefox users have enjoyed. Several of my favorite extension authors have already announced they're giving up when that change happens.
If your browser just plays catch up without differentiating itself in any significant way, why would anyone use it?
Mozilla came up with some cool UI ideas, but never implemented them, or quickly did so, got them to a tiny percentage of their full potential and then abandoned them. That's the kind of thing they should be focusing on - that's the kind of thing that made Firefox gain market share in the first place. Instead they keep playing catch up. And playing catch up with a massive codebase against a giant company is incredibly hard.
Right now Brave is doing a better job differentiating itself and it's built on top of Electron - on Chrome's core codebase. If it were a little more active I think it'd have a shot at something.
That's a good reason. Ideally sand-boxing desktop applications will be an easy thing to do in the future. Maybe the big companies involved in making this Netflix thing happen could have spent their time coming up with a cross platform standard for that. No matter what, the open internet's more important than me or you or even Morpheus. I make the trust call with desktop applications every day, I'd be ok with making the call for 1 or 2 more. I have DRM turned off in Firefox and I won't change it for Netflix or Hulu (the only 2 sites for me that don't work with it off), I limit Netflix and Hulu use to Roku.
Because the browser provides a privacy and security sandbox where you can't be fingerprinted and where it is more difficult to turn decoding bugs into remote code execution exploits.
Users should have a lot more faith in the protections of a browser over the free-for-all security and privacy nightmare that is desktop computing.
Who told you it's going to be sandboxed? It's probably going to be a obfuscated binary blob (it has to of it wants to try ensure that nothing is intercepting it) which will try verifying that OS isn't intercepting data.
The spec talks about both securing the CDM with Sandboxing and preventing fingerprinting, amongst other security + privacy issues that should be addressed:
the spec also says if the CDN isn't sandboxed then the user needs to be warned and prompted to allow exec:
> if a user agent chooses to support a Key System implementation that cannot be sufficiently sandboxed or otherwise secured, the user agent should ensure that users are fully informed and/or give explicit consent before loading or invoking it.
For me, it usually wouldn't start up (some oddball Windows Store error, probably because I don't sign into my machine with a Microsoft ID) and streaming quality was horrible, especially at the beginning, and there was no way to tell it to wait longer for buffering.
That wasn't his central point I don't think, also Flash and Silverlight where largely beaten by the Open Web because they never got the adoption sufficient to rival it.
So instead they lobbied for it to be built in, the day will come when view source won't work anymore because everything fed down will protected by DRM and we moved another step closer to turning the web into a gigantic walled garden for whoever the incumbents are at that point in time.
> That wasn't his central point I don't think, also Flash and Silverlight where largely beaten by the Open Web because they never got the adoption sufficient to rival it.
this is a false statement, Flash was ubiquitous. Still today every chrome user on desktop has a flash player. Obviously, this isn't true for mobile, but before the mobile era flash was basically on every Windows and Mac computer with a browser.
Merely been installed isn't adoption, if 99% of my web time is using HTML/JS to render content and 1% of that time Flash then do the web browser and flash have the same adoption?.
By that metric notepad would be the most adopted programmer text editor in the world..
Yes, with WebAssembly. (With ASM.js, the predecessor it was still JS, but hard to read as human.) that's why WebAssembly is bad for the open web. In near future we will see binary blob SaaS like full Office running in browser. So the 1990s vision of vendor lock-in come to a full circle.
One of the only positives to come out of these new standards was that NPAPI could be deprecated.
We've arguably replaced an insecure and general purpose open interface to proprietary blobs with more narrow and single purpose open interfaces to proprietary blobs.
The thing is that there is (for all intents and purposes) no difference between ECE and plugins.
Actually, ECE is a plugin. The only difference is that it helps web-designers switch plugin providers.
That's it. No more security. No more standardization.
As a user, you still depend on the goodwill of the ECE provider throw you a bone. If you use a slightly niche OS (say, OpenBSD on ARM), you're out of luck.
If Adobe decides that it's not worth their time to develop a plugin for PaleMoon, they won't and you're out of luck (or will MS let their ECE plugin run on Linux, or Google's run on FF?). You (as a user) won't be able to switch to another provider. It all depends on the provider.
I completely understand and sympathize with your point, however this:
"If you use a slightly niche OS (say, OpenBSD on ARM)"
Is rather hilarious - calling OpenBSD on ARM a 'slightly niche' OS in the context of 'operating systems people use to watch video on the web' is rather ambitious, don't you think? OpenBSD on ARM would have to increase it's user base in this arena by a couple orders of magnitude to elevate itself to 'slightly niche'....
I picked two relativity popular platforms, though niche together to focus on the danger. All the more so would something like the rust os have problems.
The bigger issue will be when these providers will start holding OS's hostage (well, you want to view half the web? You've got to have a locked bootloader and only I have the key. You want to index our sites? Google has permission (the unlocking key) but not you).
Google's CDM ("Widevine") does run on Firefox, apparently.
I wonder whether it would be feasible to run the CDM within QEMU on a platform like OpenBSD/ARM? At the end of the day it's just ordinary code that runs in the Gecko Media Plugin sandbox.
What other option was seriously on offer? I buy DRM-free music but the video options are extremely limited to a few committed proponents — I love them for that but it's like saying nobody should buy conventional agribusiness food because you can buy organic free-trade kombucha.
I don't know if I'm just looking too far into your comment, but I don't see why you're blaming Netflix (or it seems you are) or how you got to them being the bad guys for this? They're not the ones that make the content. If it was up to Netflix, they would just release their shows DRM-free on Netflix for any platform. Unfortunately, that's not how things work and they have to bow to the demands of the content distributors (not creators, like some people have stated in other comments).
"I don't know if I'm just looking too far into your comment, but I don't see why you're blaming Netflix (or it seems you are) or how you got to them being the bad guys for this? They're not the ones that make the content. If it was up to Netflix, they would just release their shows DRM-free on Netflix for any platform. Unfortunately, that's not how things work and they have to bow to the demands of the content distributors (not creators, like some people have stated in other comments)."
We did a book study on a book called Clean Code where I work, and I reminded of a similar situation that the book explains when describing why we all write dirty and bad code.
Why do we write bad code? Because our stakeholders and our product owners require it. Well, they push deadlines and expectations on us that mean we have to cut corners to make their promises become reality within the unrealistic time provided.
But if you ask the stakeholder why they pust that on you, the stakeholder will say "well, it's the client". Or they'll say "marketing made a promise to the client".
It's always upstream. There's always an upstream concern.
In the book they talk about making a stand, as a developer. That you have a responsibility to explain to your stakeholders and the people above you that doing something the RIGHT way is worth it. That you are the subject matter expert, that it is your responsibility to raise these concerns and thus your responsibility to write good code.
Netflix can pass the buck. "We do what we have to".
But they have a responsibility as one of the premiere web companies to do more than pass the buck.
A Good Internet doesn't happen accidentally, and it doesn't happen when stakeholders pass the buck. It happens when people make a stand for what's right and operate according to their values.
So yes, it is Netflix's responsibility not to bend Mozilla into accepting a Studio's IP demands, but to bend the Studio into accepting humanity's internet demands.
Why do we assume that Netflix can persuade Mozilla, but not a rightsholder?
While I agree that there's always an upstream to hot potato too, Netflix really isn't in a position to make those kinds of demands. That's part of the reason why they're starting to produce their own content. The majority of the revenue in their business model comes from the content they show and the majority of that content is owned by someone else. If there wasn't historical precedent of companies giving Netflix the finger and pulling all of their content from their service, I would say that Netflix could push the boundaries and take a stand to try and make a change in the right direction. Unfortunately, until losing Netflix as a platform hurts the movie studios and publishers, that's not going to happen.
Netflix absolutely does not have a responsibility to go out of business for the sake of pushing an issue few people care about. They have no real leverage here.
Is it Netflix's sole responsibility though? Their only real legal responsibility (other than, well, to not break the law) is to add value for their shareholders. "Taking a stand against DRM" doesn't sound like that.
It sounds more like the job of the citizens to elect representatives that support a Good Internet, and if the politicians they elect turn around and screw their supporters (which isn't illegal), to elect new politicians. A pretty disgusting and slow system, sure, but the only other solution I can think of (I am not a smart man) is outright revolution, and hoping the revolutionary government is all about a Good Internet.
EDIT: I'm fine with being downvoted if I'm wrong or stupid, but I'd appreciate if someone could tell me why they believe I'm wrong or stupid.
> If it was up to Netflix, they would just release their shows DRM-free on Netflix for any platform.
That is SO UNTRUE. Netflix would never want their content to be distributed by anyone other than them, which is the point of DRM; absolute control over distribution, not copy protection.
If Netflix was against DRM, then why release their first party content DRM ensnared?
That's not necessarily true. It may just be a matter of efficiency. Because all the other content requires DRM, they may have a processing workflow or other technology that just DRMs any and all content in a single, unified manner. Changing that workflow to bypass DRM may actually make it more complicated. You also have to consider that their first party content is rather new so this could absolutely be something that they're working on doing but never implemented because it wasn't an option when they weren't producing their own content.
That's a pretty big "what if" I'm not willing to grant. Given how complicated the MSE+EME stacks are, I have no doubt they would test just MSE without EME, since they can't guarantee EME compliance on any given browser. You're reaching.
Ok, fine... then replace it with any other one of the innumerable reasons they could have. Maybe it's not a technical issue. Maybe it's a political issue. The fact is that no one here knows why they haven't taken a position, especially based on their historic behavior related to it, and the issue is likely more complicated than anyone is giving it credit for.
> If it was up to Netflix, they would just release their shows DRM-free on Netflix for any platform.
What evidence do you have to back this ? It's not like Netflix's own content is available DRM free. Corollary: If you are a content owner and want your content to be available DRM-free on Netflix, will Netflix make a provision for you ? I hate these generalizations that people make. Just because a company (like Netflix) is more tech-savvy than the average media house and makes a few blogs and OSS projects that run on BSD or Linux, it doesn't make them any better for the end user.
I actually agree with you and am against DRM, but I think I've read that Netflix doesn't actually own all the rights to their content, which doesn't mean that they don't have a great amount of influence if they wanted to do it - obviously, they don't.
I can't say for sure but rights are really complicated. I mean... if you look at a show like House of Cards, Netflix doesn't even own all the rights for that. It's not just a decision that they can make unilaterally.
I thought that the only change was that the DRM mechanism was turned into an open standard. How is this worse than before? As someone that occasionally uses Linux, I think it's great that Netflix works there now. Previously, the audience on Linux wasn't worth the development effort for Netflix.
Am I missing something? Is this a case where an open standard is a bad thing?
First, the DRM is still not standard. Only the interface to it is. Every browser must still deal directly with the DRM provider and hope to reach an agreement with them, both technically and financially. As a result, only certain platforms are supported. New browsers face a new barrier to entry, in particular - the exact opposite of how the Web is support to work.
Second, this is worse in the sense that Netflix, Google, and Microsoft - creators of EME - have gotten the W3C to support DRM. That's not just a symbolic blow.
From another comment, don't necessarily think of the dilemma of a netflix user, or internet browser, instead think of the of the blow to the openness of the next person that wants to make a brand new web browser. For the new browser to fully compete, they now /NEED/ to set up a closed relationship with netflix, the drm provider, the other browsers. If it was an open standard, they could simply code the crypto algorithms that the standard needs and not need to get permission for the closed drm formats.
So what's the alternative, exactly? Before EME, you needed Flash or Silverlight to view DRM-ed content like netflix. Someone making a brand new web browser would similarly need to support a Flash plugin or Silverlight plugin to compete. Such a developer could choose not to bother with a Flash or Silverlight plugin, but couldn't they also choose not to bother to implement EME? What's changed?
> First, the DRM is still not standard. Only the interface to it is.
Is a programming language a good analogy? The C++ spec says what a switch-statement should do, but nothing about how it must be implemented, right?
> New browsers face a new barrier to entry
It's not really a new barrier to entry though, is it? If I wrote a browser last year, were my chances of getting Netflix to support it better then than they are now?
What about if I wrote a new DRM scheme? With a standard interface, are the barriers to entry for me now lower?
> Is a programming language a good analogy? The C++ spec says what a switch-statement should do, but nothing about how it must be implemented, right?
No it isn't. Example: Netflix will ask for Widevine DRM provider (and exactly that provider!). It's a proprietary closed licensed platform and your system needs to have their binary blob licensed and compiled for it. If you don't have it and didn't pay for it, you won't be able to decrypt the DRM. Of course to get your DRM blob to run, you'll also have to prove and promise to the DRM provider that you have locked out the user from their own device so they won't be able to accidentally record the video they watch.
It's impossible to make your own open implementation or compete with existing players because they built the fact that you need to negotiate with them for licensing into the standard.
> It's impossible to make your own open implementation
I don't think that's true. It's still just a plugin so as long as implement something like the Gecko Media Plugin / CDM, you should be good, or at least no worse off than before where you had to support the Flash or Silverlight plugin.
well at least as it looks Widevine has no license fees for Device Manufacturers i.e. browsers. You only need to contact them.
Not sure how this company makes any money tough. (maybe through training courses)
It's true that in the short term this can seem like a step forward - we went from bad to slightly less bad. But it's also harmful and dangerous in the long term for all the reasons being discussed.
The 'Open Web' means "My browser can access ANY AND ALL CONTENT on the Web given that it supports the necessary standards."
This DRM implementation would add this suffix: "and any number of third parties have chosen to allow my browser to use their proprietary decryption modules." This is the opposite of the Open Web and therefore a threat to user freedom and the integrity of the Web as a whole.
EME is a much bigger barrier than the old system of plugins. With plugins you implemented the right API for the silverlight plugin and netflix would work. In the future you need to not just implement the API but persuade someone to build the plugin for your browser and then persuade each individual DRM using site to work with your browser.
The CDM is just a plugin - on Firefox it's a Gecko Media Plugin, and it seems easier to implement the GMP API than the NPAPI for Silverlight, since it's a lot more restricted.
Your browser can just download the plugin from Google the same way Firefox does. No permission required since you're not distributing it yourself. This is no different than the case of the Silverlight plugin.
There is no reason why Netflix would need to do user-agent sniffing - the EME API is built around request access to specific "Key Systems" (eg. Widevine) by well-known-name. If they do user-agent sniffing that's an entirely separate issue, and is just as much as problem in the Silverlight case.
> Is a programming language a good analogy? The C++ spec says what a switch-statement should do, but nothing about how it must be implemented, right?
That's not what's going on, though. It's an API that a DRM provider can implement. A website that gets a DRM provider it doesn't recognize will refuse to work with it.
I don't get it. You argue that not being able to visit Netflix "isn't the full experience," and so people won't choose a browser where they can't visit Netflix. So, because of this... all standards-compliant browsers should be unable to visit Netflix? So then why would anyone choose a standards-compliant browser?
It is not "not being able to visit Netflix" which isn't the full web experience. Web-based DRM will spread to other services, maybe even to other things than video.
I couldn't care less about Netflix, I never intended to use their services and never will, but this really is bad news for the web.
Netflix on the web with a plugin was fine for me: people wanting to watch Netflix on their standards-compliant browser would need to install a proprietary plugin to do so, and would have done it (at least a great number would have, I guess). It was their choice to do so (the other one being not to watch Netflix in a browser, and yes it _is_ a choice).
The difference (and it's big to me) was that it had _no_ impact on people not wanting to watch Netflix in their browser. These people did not have this proprietary code running in their browser and all the potential security issues coming with it.
IMO the browsers should (and I don't actually know if they do or not atm, this is a thing I need to check soon) at the very least let people opt in or out of this. Of course if they opt out they wouldn't be able to use services like Netflix.
And here comes the browser plugins world again... So much for killing flash (which was and still is a _great_ platform for small to medium web games).
Only insofar as Netflix was opting not to put their content on the web. Netflix was _not_ prevented from being on the web pre-DRM -- it's just that responsibility for meeting their requirements for access to content rested with them rather than browser developers.
edit: not really sure how I messed up the original comment, which was an incoherent mess.
Huh? If a browser developer doesn't bother to implement an EME interface and get access to DRM components for their users, all that happens is that some sites don't work. It doesn't force any burden on the developer.
I understand the argument about this making it harder to develop new browsers and so on, but eschewing EME probably wasn't going to prevent that from happening, it would just happen in flash or other closed code.
Could we "fork the web" or something?. Someone could create a parallel stack of web standards that is fully free/open. For the most part it would be the same as the conventional web standard, but open source browser developers would have something to base their developments on, something like the "OpenWeb Stack". Sorry for my bad english.
I wonder how long it will be for newsprint media companies to use this to "secure" their websites so that Adblockers cannot process the 'encrypted but you can't see' data?
To a huge chunk of users video IS the web. If Netflix, Hulu, and YouTube didn't work (assume YT adopts DRM) the browser would basically be DOA for a HUGE chunk of people.
So...the _entire_ web should be saddled with DRM because people who don't care about the web wouldn't use it otherwise? Is the web better now because all those people now have _another_ way to passively consume video content?
That argument works both ways. _NO ONE_ should have the option to view copyrighted videos because you don't want it?
Yes, I think this improves the web. You no longer need the unmaintained disaster that was silverlight or the resource vampire and exploit factory that was flash. Users can choose to view this content in a safeER way than before.
The only good argument against this is the 'we don't need DRM ' argument, but that hinges on the ability to get content you want in a non-DRM format and it seems clear that isn't happening anytime soon thanks to Hollywood et. al and I don't blame them.
It's true but it doesn't make sense IMO for the buck to stop at Netflix. If Netflix could have talked content providers into allowing them to use an open-source "DRM" that worked for ordinary users but which could probably be circumvented by someone with programming skills, this wouldn't happen. The problem is that legally Netflix could be on the hook for any copyright infringement that may have been facilitated by their service. Crucially, the definition of "facilitated" can include not taking enough precautions to prevent it, and apparently using an open-source script that imperfectly prevents copying is still enough to expose Netflix to liability.
The laws must be ordered in a way that allows streaming video to be sold to users of open-source software. It's not like the current scheme is entirely resistant to pirates anyway. It's very much like the Drug War in that externalities affecting individuals who have done nothing wrong begin to exceed the damage caused by the "crime".
This argument was more true in the early days of the web DRM debate, but the Netflix of today is largely publishing its own content rather than distributing the content of others, so it is setting the terms of how its content will be protected.
I don't think it is a coincidence that Netflix's more aggressive anti-piracy actions and rollout of more DRM-enabled platform choices has come at a time that they're distributing more of their own content.
Even if I don't like DRM, I don't believe a closed source DRM is any more perfect than an open source one. There's a strong link to cryptography here, and in that area an open source encryption is no less perfect than a closed one.
Whatever DRM was required to please the suffering media conglomerates, it could at least have been open source.
If you don't want Widevine, you can simply uncheck the “Play DRM content” checkbox in Mozilla-distributed Firefox, and the CDM doesn’t get downloaded and gets deleted if it was already downloaded. No need for a different build. Be sure to uninstall Flash and Silverlight, too.
>That puts the cost of DRM on everyone except the ones who want to freeload on our open tech to take our freedom away.
This argument implicitly assumes that the big cost of DRM is actually implementing the DRM. Everyone knows that isn't true. The social cost of DRM is the effect on the users' freedom, and if the users are using entirely proprietary applets they're probably less free than if they depend on a single proprietary library.
Did it? I have a feeling we're about to see more DRM with music. All the pieces are falling into place. Files get replaced with streaming (which is to files what a service is to a product), and I wonder how long it will take before more companies will follow Apple's suit by ditching the audio jack. Going full digital there will enable companies to set up fully DRMed path from memory to speakers/headphones, like they did with video.
> to set up fully DRMed path from memory to speakers/headphones
Unlike with video, where the signal ends up unencrypted only on the very last chip in the chain, namely the one that drives the (I'm taking a guess here!) thousands of pixel lines, this is not practical with audio signals - you can always intercept and easily record the signal in analog form, either right before the PA stage or if this does not work (because the D/A converter and PA are implemented on one chip) after the PA output. The signal will of course be affected by the PA frequency characteristics, but that can be compensated for - and you still get a perfect audio signal.
Also, I highly doubt that professional/semi-professional home theater setups will ever ship with "smart" (i.e. more wires than just the +/- heavy-gauge, direct speaker power signal wires) speakers, so you get the analog hole right there, on the output matrix of the amp.
It worked for music because they were stupid enough to put all their eggs in one basket, iTunes and iPods, and then got screwed when Apple wanted to sell electronics more than music and wouldn't raise their prices. Movies aren't in the same situation.
Movies are a great deal more fractured, and they will remain fractured. The movie studios will not let Netflix turn into the iTunes for movies.
More like "It was either support EME or become the browser where you can't use any useless service like Netflix."
As long as torrents exist Netflix is useless.
This is the strategy Microsoft tried over a decade ago with ActiveX. And Firefox saved us. It was starting to be normalized, to have to install ActiveX controls to view certain content.
Companies like CinemaNow[1] offered Netflix-like streaming movie services using Microsoft's ActiveX based Janus DRM over a decade ago. Thankfully, the community had more of a backbone back then.
Firefox and Linux were not broken because they didn't support Microsoft's crummy software. I considered it a major feature, actually.
Microsoft was trying to push the narrative that if you wanted to truly get a first class experience of the web, you had to be running Windows and Internet Explorer. Microsoft made it easy to just use the Trident engine, and get locked into their ecosystem.
Now, the same thing is happening again, except that Mozilla is on board with it. It's only a matter of time until Firefox is just a wrapper for webkit, and websites will compel you to install EMEs that will force you to watch ads.
> Now, the same thing is happening again, except that Mozilla is on board with it.
Mozilla doesn't have as much leverage now that a large part of "the community" has abandoned Firefox for Chrome. If you care about these issues, stop and consider the effect of your choice in user agent.
> It's only a matter of time until Firefox is just a wrapper for webkit
It will be a very cold day in hell before this happens. Mozilla is only investing more in its browser engine tech with Quantum and Servo.
> Mozilla doesn't have as much leverage now that a large part of "the community" has abandoned Firefox for Chrome. If you care about these issues, stop and consider the effect of your choice in user agent.
Mozilla still has nearly an order of magnitude more market share than they did when activex was everywhere.
At the time that Firefox started really turning heads, it took an order of magnitude less money to build a better browser. JIT innovations that were once just good research ideas from the Smalltalk world had an open source implementation in Java which then got ported to open source dynamic languages like Python (see polymorphic inline caching & similar techniques). Then Adobe came along and donated a bunch of it's JIT code form ActionScript to Mozilla as well. To top that off, Microsoft was visibly asleep at the wheel with respect to Internet Explorer.
All of this allowed Mozilla to both build a better browser and show the community a way forward with rich experiences that leveraged Javascript instead of ActiveX based solutions.
With Google pouring resources into Chrome and Microsoft actually paying attention to Edge, competition is much harder. Mozilla is spending large sums of money on Firefox and delivering an experience that is just okay compared to the other players.
> At the time that Firefox started really turning heads, it took an order of magnitude less money to build a better browser. JIT innovations that were once just good research ideas...
Is that really how things are, though? Isn't it possible that the underlying software ecosystem was manipulated by Google, so that they would have a problem to solve with Chrome?
Imagine if trends continue, and every website is just an "app" for a js vm. Then Google would really have the advantage. I don't think Mozilla could fight Google on their own turf like that.
Why should we let Google set the direction that our technology goes?
I encourage you to try out Firefox Nightly. https://wiki.mozilla.org/Electrolysis has made me switch from Chrome to FF as the experience has improved greatly.
Mozilla also picked the wrong battles. Firefox languished while they chased mobile OSes and other projects. They have a much more formidable competitor in Google than they did with MS in the early days. So trying to go for both Android and Chrome's market when there isn't a whole lot wrong with those products is a hard sell.
I use Chrome because it doesn't look and feel like a dated browser with substandard performance. It is up to Mozilla to modernize and improve their browser in order for me to care about them and not the other way around.
>>browsers have less leverage as more Netflix subscribers get their content either on set-top boxes or mobile devices (where Netflix has total end-to-end control), and fewer are stuck with browsers.
Yea they will us Blink, not Webkit...
Mozilla is trying their hardest to make Firefox the best Chrome Clone on the market...
Ofcourse Vivaldi is giving them a run for their money, but I I am sure Adopting EME, Web Extensions, and every other Chrome Tech will really get them their market share back..
Interesting point about ActiveX, but I think that Flash killed (or stopped the proliferation) of ActiveX, at least for video. Flash "just worked".
Don't get me wrong, I use Firefox and I don't use Netflix or Flash, but most people are quite content on Chrome. For Firefox to stand up to Netflix, it would need more than at 15% market share. Firefox is doing what it can to survive. If someone lacks a backbone, it's the W3C :(
Now such companies lobby for WebAssembly. A software blob running in your browser. It's actually similar evil as ECE.
They will recompile their old rusty software to the web. eg Newspapers will make websites as blob-applications - Adblockers won't work any more. New forms of DRM will slip into web world this way.
We need a fork of Firefox/Servo-based/Chronium that is more lightweight, becomes mainstream pretty fast with a great community and has no inbuilt DRM and no WebAssembly support.
> It's only a matter of time until Firefox is just a wrapper for webkit
This tired "Firefox is just turning into Chrome because Australis/DRM/web extensions/xkcd 1172" hyperbole simply couldn't be further from the truth. Mozilla is building an entirely new rendering engine with Servo [1], parts of which will be shipping in Firefox this year [2].
I like the idea of that, but, Mozilla is absolutely abandoning what made Firefox amazing.
They are embracing this strange thing where they think that they are a for-profit app platform, like Google, when they aren't. So they're locking down their web browser.
It makes sense for Google to do that. Not Mozilla.
Firefox is supposed to be like emacs. Should emacs need permission from some central authority to install an extension?
Many of Google's UX methodologies make zero sense when Firefox implements them.
It makes sense for Chrome to be locked down and customizable. It makes sense for iOS to be locked down.
I'm not thrilled about it, but it makes sense to maintain the control and integrity of the platform, for a business perspective.
But there is no reason to do it for Firefox whatsoever. I should really document this, but, I have an entire set of Firefox profile "distros" that I use for some very specific purposes, with Firefox. And they're slowly being phased out. Because Mozilla is a cargo cult.
This would be like if Ubuntu decided to forbid you from using apt to install anything except by authorized repos, in order to be more like iOS. Because people like iOS. So if we superficially copy them, we will inherit some of that magic.
Technical decisions for Chrome are often made pragmatically, like, they will decide to use a native pdf reader instead of a javascript one, purely for performance reasons, even if it is a step in the wrong direction for portability. That is a business decision, and the same as any number of Microsoft's inconsistent implementation decisions for Internet Explorer. You don't have to COPY them. Maybe try offering an alternative?
And let me be clear: at Mozilla, they FETISHIZE Chrome. The sole justification for removing FTP support from Firefox[1] was a single pasted URL from Chrome's bug tracker announcing that Chrome was removing FTP support.
Google doesn't even have to try. They lead Mozilla around by the nose. Google could announce that they were removing the address bar, and the sycophants at Mozilla would have already officially announce that they too were deprecating the address bar as being obsolete, because Google said so.
Why do companies put so much effort into DRM when a commonly available $20 device strips it away in real time? I don't want to steal streams, I just want my HDMI devices to work together. This little gem strips HDCP so my old (but nice) receiver can talk to my newer projector:
But Netflix and Amazon Prime content still turns up pirated in 4K. But Netflix and Amazon can be seen to be doing "everything they can to prevent piracy!"
Because a ton of people are honest and want to pay for content, and don't want to try that hard to pirate it. Even a small hurdle is enough to keep them on the straight and narrow.
I'm quite willing to pay for content, I'll even go out of my way to find a way to do it sometimes. The few times I've looked into piracy in the last few years it's such a thorny mess that I'm quite happy to try and find a legal way to view. If there isn't one? I probably just won't watch it. I don't want to dig into that giant hornets nest of a mess.
IMO your missing the point - people wanting to pay for things legally does not somehow negate the existence of HDCP strippers and the pointlessness of DRM.
They really needed DRM to survive. It's great that they can run a sandbox in my computer so I can watch videos, something which wasn't possible with the open web standards.
By the way, here's the list of titles which weren't pirated thanks to DRM: .
It's more difficult. For example on Safari you can't take full-res screenshots. https://www.quora.com/How-can-I-screenshot-Netflix-without-g... But I think the point is that you don't know what code or data is being run on your computer. You can only see the end result.
There are quite many ways "pirates" capture a video. Recording the screen is probably the last resort and makes you end up with a very low quality copy.
But yes, until they also build in the technology they have in PlayStations (Cinavia) to video cameras, that is the most obvious leak.
Problem is that grabbing the last frame buffer would mean you're doing it post decompression. To distribute something you grabbed like that you'd need to recompress it and then have a generation degradation of lossy compression.
It's one thing if you're converting from one compressed format to another, or recompressing an already compressed file.
It's another to simply grab the pixels off of screen and compress those. You won't get as good of a shot because of the original decompression, but your description of why is inaccurate.
algesten's comment seems entirely accurate to me. He's not claiming that the captured frame buffer will be of lower quality, but that in order to distribute it afterwords, you would need to recompress the captured frames. That recompression is where the quality reduction would occur.
Everything I just said is rephrasing what is already in algesten's comment.
Because it has nothing to do with the original compression.
Think of it like this.
If you compress and distribute someone's wavy hand-cam pirating of a movie, the poor experience isn't due to the compression, but the way the move was recorded in the first place.
likewise, recording a stream and then compressing it later, the quality isn't because of the original compression, it's because of the quality of the original stream.
Now that poor quality may partially be the result of the initial compression, but recompressing it isn't why the quality isn't great.
Netflix sends you a video that has been lossy compressed once. If you lossy compress that lossy compressed video, then you will have a video of worse quality than the video that was only lossy compressed once.
Original source video > Netflix video stream (1 level of lossy encoding) > Recompressed video stream (2 levels of lossy encoding)
I think you'll find if you record and compress a netflix 4k video, the resulting quality will be just fine, especially if you're recording it and compressing it later (rather than doing it realtime).
That's because, while it may have been compressed going over the wire, it's 4k and the quality is pretty stinkin' good.
what you don't do is try to simply recompress the signal that netflix is sending you, you uncompress and then compress.
At which point you're not "recompressing", what you're doing is compressing a stream that may not be as high quality as the original, uncompressed form, but it's a truckload better than sneaking into the theater and recording that way.
Nobody has said that the quality would be bad, just that some amount of generation loss [1] will occur when you use a lossily compressed [2] video (the netflix stream) as input for the creation of another lossily compressed video (the "recompressed" video file). The "recompressed" video would be slightly worse than the streamed video, which would be slightly worse than the original video.
An approximation of an approximation of a video is going to be worse than an approximation of a video.
right, but what algesten originally said was (emphasis mine):
> _Problem is_ that grabbing the last frame buffer would mean you're doing it post decompression. To distribute something you grabbed like that you'd need to recompress it and then have a generation degradation of lossy compression.
In the context of getting a decent pirated copy, that's not really a problem due to how good those streams are.
I used the hdfury years ago. the output quality wasn't anywhere near the quality of the input signal. but it did technically give you a signal without hdcp.
Who are you saying deserves to go out of business? Netflix? Because I can assure you Linux users that insist on Firefox support instead of just Chrome will not be the difference between them being in business or not. They themselves tend to be pretty understanding of the whole anti-DRM thing and contribute to FOSS technology more than most companies, but they cooperate with DRM content because that actually is the difference between them being in business and not. I get that we don't like DRM, but I've seen speakers who work for Netflix get yelled at on stage at open-source tech conferences over it. Not helping. The same is true if you meant Mozilla deserves to go out of business. This attitude of "anyone who isn't 100% in line with my principles should be removed from society" is just getting taken too far. It's stupid.
> They themselves tend to be pretty understanding of the whole anti-DRM thing and contribute to FOSS technology more than most companies, but they cooperate with DRM content because that actually is the difference between them being in business and not.
Is it really though ? I mean ... their content still get pirated. Everybody's content gets pirated, yet most of them are still in business.
My main point is that they're in business because they can get licensed to distribute the content because they'll accept DRM. Try being a DRM-free alternative to Netflix that I think is worth $8 a month. Good luck. It's not that DRM changes a ton with consumers, it's all about getting the producers onboard. For better or worse, most of the best content producers (at least the management) are insisting on DRM.
Anecdotally, I do see a whole lot less piracy than I did 10 years ago. I think things like Spotify and Netflix / Hulu provide enough of what people want with the right business model and enough freedom that the peasants aren't willing to revolt. Which can be a good thing - fewer computers get AIDS from Kazaa. It's analagous to most governments. Some people want 100% anarchy. But almost no one's trying to overthrow the government because 60% freedom is good enough for most people and not worth war. But maybe I'm just less hip than I used to be.
What Netflix is doing that hurts the web is opposing net neutrality now that they're big enough they can bargain for special treatment.
This—on the other hand—provides a replacement for use cases which used poorly-supported, insecure, and battery-hungry proprietary plugins. I run Safari with no extensions and having this for Netflix and Amazon is fantastic. I trust Apple to patch security vulnerabilities and the browser is auto-updated along with the rest of my system. Not having to worry about Flash zero-days is more important to me than some purity argument about what the W3C should be doing.
If you seriously think VoD services were going to operate using standards without DRM in place I'm not sure you'll find many productive conversations on this topic. The web has been dead for some time and Netflix had very little to do with that.
You're not getting EME extensions from Apple, you're getting them from the third-party that developed the extensions. You can count on terrible security vulnerabilities being found in these.
Movies aren't important. Netflix isn't important. The open web, the ideology (or as you put it pejoratively, "purity") behind it, is important.
You don't need to Trojan-horse DRM into W3C standards to kill the web. Facebook Instant Articles, Google AMP, adtech, and general trends toward centralization are doing that just fine with no changes in standards whatsoever.
The amount of heat this change has generated is disproportionate to its actual role as a threat to the open web
From the beginning or near the beginning it was possible and not uncommon to put things on the web with restricted access. The HTTP protocol itself supports a couple of login mechanisms which were intended to be used to restrict access to content, and these have been there since at least as early as 1996.
And that's different from a web page that won't allow you to access it without a password, how? In both cases, a business decision by a third party limits what you're able to access.
I understand that you don't want to run code Netflix approves of and that you're not permitted to read in its original source form. And that's fine, a good reason not to subscribe to Netflix. But how is that any more an offense to "the open web" than a subscription-only website?
What you're missing is that passwords don't require blobs. The ContentDecryptionModules used for DRM on the Web are blobs.
For a browser to run a blob, there needs to be an interface between the browser and the blob. Flash and Silverlight blobs used a standard interface: NPAPI. Any browser implementing NPAPI could run the blobs (assuming the blob was compatible with the host OS).
CDMs have no such standard browser/blob interface (note that EME relates only to the Javascript environment not the actual browser code). In fact, the only browsers able to run these blobs are the ones that the CDM provider 'trusts' and is willing to provide proprietary information to in order for browser developers to get their blob working. Your independent Firefox fork will almost certainly never be able to support any major CDM; the CDM provider doesn't trust, nor care about your browser.
Therefore, CDM providers arbitrarily _select_ which browsers can have access to their Web content. This is unprecedented. Content on the Web, in whatever form, has always been accessible by _any_ browser; it was merely a matter of that browser implementing the necessary standards. This is the idea of the open Web. CDMs are literally the opposite idea.
I don't think I'm missing it, so much as I'm not understanding what the material difference is between your unwillingness to run a blob on your machine versus your unwillingness to do any of the other things a business might require before issuing you a password.
You are free not to run those blobs, and not to use Netflix's services. Where you lose me is the militant demand that Netflix not offer services to those willing to run the blob.
> This is the idea of the open Web. CDMs are literally the opposite idea.
Yes, both a CDM and passworded accounts limit access to content. The difference is that CDM providers are only letting certain Web browsers view the content. Passworded accounts have no such limitation.
The open Web is dependent on any conceivable browser being interoperable with ALL Web content. Any barriers to interoperability are only technical. Third-parties, like a CDM provider, cannot setup arbitrary barriers. Otherwise, it is no longer "open". THIS is the definition of 'open Web'; it has nothing to do with authorization as in subscription only websites.
EME strictly reduces the amount of "closed" code on the web. Without EME, more of the content protection stack is proprietary, and the trusted code base that enables content protection is larger. This is a very simple point that I think we all understand; I don't understand why EME's opposition thinks they can dodge it.
The assumption you make is that DRM _must_ exist in one form or another.
I, as an open web proponent, want to make it difficult for any business to add DRM to their media offering. by making DRM a difficult system to implement due to proprietary plugins, it increases the perceived value of just offering it without DRM.
but by having EME a standard, it makes it a no brainer to use DRM, because their customers will automatically have it as part of a browser. the cost of DRM is then externalised, and even legitimised such that it's the norm.
I have no trouble understanding the strategic goal nerds have of trying to use standards body formalities and browser vendors to retard the development of DRM software they disfavor. There's nothing wrong with that (at least, nothing more wrong with it than all the other things that are wrong with standards groups).
Where you lose me is the notion that there's an intrinsic ethical imperative not to provide attachment points in standards for DRM. That doesn't ring true.
The point of EME is to minimize the amount of code that differs between platforms, by standardizing everything but (in essence) the authenticated key derivation step.
The point of EME is to make it impossible for a browser to show a web page without having financial deals with the websites (or a 3rd party representing the websites).
That is what people oppose. The fact that you do not directly address this point and try to equivocate it to <input type=password> makes me question your good faith here.
This is false. EME describes only the interface between the Javascript environment and the CDM. It says nothing about the CDM's interface with the browser code, which is the heart of the issue.
You're rebutting an argument I didn't make. The CDM is closed-source, but it was closed-source in the pre-EME world too. My argument is that EME opens up DRM stacks; it's that it opens up more of the DRM stack than was open before it.
> by standardizing everything but (in essence) the authenticated key derivation step.
Your argument is that EME covers most of the code responsible implementing DRM. This is false. EME is a small part. The large majority of the implementation is not standardized. For example, there is no equivalent of NPAPI in the post-EME world; the CDM/browser interface is browser-specific.
No, that's not my argument, as you can see from my comment above. What you've done here is twist my argument around to introduce claims I didn't make that you find easy to rebut.
> by standardizing everything but (in essence) the authenticated key derivation step
Is there another interpretation of 'everything' in this context? You're making EME far more comprehensive than it is. CDMs do way more than derive a key, so your statement is false on its face.
> If you seriously think VoD services were going to operate using standards without DRM in place I'm not sure you'll find many productive conversations on this topic.
I know you are completely right. But I'm still not happy about it and I will still complain about it.
The technical ineffectiveness of DRM isn't something that needs to be explained on HN, this is absolutely about business people and lawyers getting too much power without having the necessary technical understanding.
While I'm waiting for the solution on that, I'll continue watching torrented shows that are obviously Netflix screencaps.
Both of which have an interest in having control over media platforms.
DRM = control. See Apple and iTunes DRM for the first decade of its existence. Same with Amazon and the Kindle.
And now see how Microsoft is already abusing that power to say that its Edge browser can deliver higher resolution Netflix shows - not because it's any better at rendering videos than Chrome and Firefox, but because it's uses its Windows DRM to only allow Edge to play higher-quality Netflix videos. Hashtag #NewMicrosoft
They did not put DRM into web standards. They put an open interface into web standards that can be used to interface to third party DRM, but could also be used for non-DRM purposes.
> Netflix wouldn't be a viable business if not for DRM. Why is everyone so upset? Having the option to use DRM in native web APIs is not a bad thing.
Because Netflix is freeloading on our open technology to deliver closed content, and putting the cost to support their DRM on us. It's not right. It's not fair.
They are fragmenting the web by making "web sites" which are browser and OS-specific.
If they want to make closed, OS-dependent stuff anyway, they should have to pay the cost, not us. They should just make a native app. Like they already do for at least 10 other platforms.
Basically keep your closed and non-free poison out of my browser and open web-standards. That's a no-DRM zone.
In what sense is Netflix "freeloading"? Where does the free ride stop? Are they allowed to use TCP/IP stacks to deliver DRM? The HTTP protocol? Or is just Mozilla that's the problem?
You don't see in what sense forcing the implementation of DRM into an open standard (HTTP in a broad sense, which includes HTML, JS, etc.), that has been developed for the past decades in a rather open way so your company can keep making profits could be "freeloading"? Not to mention setting it up in such a way that their part of the web is broken if for some reason you do not have their blessing for their DRM.
Netflix came in and screwed over everyone, in a way that is just as bad as Flash.
Sure, use the TCP/IP stack. Send your data over the internet. Make your own software based on that, it's just a transport layer and it screws no one else. Except they seem to be pretty damn awful at it, considering how comically bad all their desktop apps are.
No, they're not. However, the standard itself is now tainted with this.
By forcing their way into the standard with EME, yes, they did. You cannot implement the full standard without getting their blessing.
They profited from the entire work done by hundreds of persons on an open standard, and implemented a proprietary solution on top of it. And made it part of the standard.
I use Netflix, simply because it is slightly more convenient than what I used to do, torrenting. I'm willing to pay for that convenience.
Besides, they said that the Apple Music Store couldn't survive without DRM. And then one day they removed it and nobody even noticed. Now nobody uses DRM when they sell music. Even Spotify don't bother encrypting cached mp3s on your hard drive.
If Netflix switched to unencrypted streams tomorrow, it would have no effect. There is no content that is exclusive to Netflix. As soon as Netflix makes something available, it is immediately ripped losslessly and put on The Pirate Bay.
Because the studios are the ones demanding DRM. I was under the impression that netflix original content is actually far more relaxed on restrictions (I don't recall where I heard this). They don't want DRM necessarily, but if they say "DRM is not an option" then the change of getting major studios on board is 0.
And even if you take netflix original content out of the picture, that applies. their "viable business" is "stream other people's content" and "other people" have to agree to that, and won't without DRM.
Netflix probably also enjoys this, as it presents a barrier to entry. They also don't say anything negative about DRM[1], instead talking about "premium" content. They even go as far as to say:
"This is a requirement for any premium subscription video service" -- this is blatantly false, unless you redefine premium to mean "requires DRM", in which case it's circular.
Also note the use of "protect" as if it was a positive or good thing.
perhaps "This is a requirement for any premium subscription video service that wants to interact with popular studios because if you don't interact with popular studios people don't view your service as premium."
Premium = big name movies
Big name movies = big name studios
Big name studios = full of corporate bigwigs who dont understand that DRM doesn't stop piracy
> Because the studios are the ones demanding DRM. I was under the impression that netflix original content is actually far more relaxed on restrictions
I honestly don't remember where I had seen/heard this. Which admittedly makes my claim far less credible. But it was something along the lines of being able to play some netflix content on some player without DRM being applied to it. DRM would be something they use because they want to, not because it's part of their contract with themselves.
Can you explain how this works? If there was no DRM, how would that lower their sales? Last I checked, things on Netflix were easily downloadable via torrents.
Are you suggesting that there are many shows on Netflix that someone wants to pirate, but the DRM is preventing them?
I'm saying that if CEO you do nothing to prevent piracy then you get blamed for all the piracy. If you're using industry standards, like DRM, to protect the content they can't hold you accountable. It's just a cost of doing business.
If one day the industry recognizes that DRM is useless and it's no longer demanded by content holders, then as CEO of Netflix you can abandon it.
Steve Jobs told the music industry to suck it up and deal, and they did. He was unable to convince the movie/TV industry to do the same.
Obviously, because if it was as convenient to pirate Netflix videos as it was to view them on Netflix, nobody would subscribe to Netflix, and their business would fail.
It already is as convenient to pirate Netflix videos as it is to view them on Netflix. You'll get a better selection, with a better UI, and often higher quality encodes. I still keep a Netflix subscription, because I want to pay for stuff, but it's hard to feel I'm getting value out of it.
I hope you realize the movies people 'pirate' have been stripped of the DRM. Even if the original file had DRM, that does not inconvenience downloaders at all.
Wow. This isn't as convenient as Netflix, but I concede that it's a lot more convenient than I thought piracy was at this point, and probably past the threshold where it matters.
This terrible analogy would only be remotely close if your house was copied to millions of people, and a single person breaking in could expose everything inside to everyone on the Internet.
Stealing implies that the theft of the "thing" denies the original owner of possession and use of that same "thing".
Digital IP is different - you can make infinite copies of it. A copy I make does not diminish your copy, nor does it deprive you of possession of your copy, or usage of that copy.
What it does deny you is the amount of money which you might have made on the sale of that copy (if you are the rights-holder and are selling the digital IP "thing" to others). I haven't, however, stopped you from continuing to sell your digital IP "thing" - you still have it. You just don't have the money.
Surely you can see this difference? If it could be called anything, it would be considered theft of opportunity, rather than theft of an object. You have been deprived of making a portion of money.
Now - that's very close to - if not almost identical, to me going up to your digital IP (via website, a kiosk, you at a table burning copies onto disc - whatever), looking at it, then saying to you "I would love to have a copy of this, but you know, I just won't, because you are charging money for it".
I still haven't deprived you of your IP - you still have it, you still have your copy, etc. What I have done is deprived you of the opportunity of making money. Should I go to jail, or be fined, or be forced to pay you the money in some manner because I didn't buy it?
The only real difference between the two? Well - in the first scenario, I have a copy of the digital IP; in very real terms, I have the knowledge of a particular number (because that is what any digital work can be reduced to - just a very large number) - in the second case - I don't.
But - what if on the off chance I somehow guess that large number? What if I am able to do that? Since it is a real number, there is that possibility (granted, the probability of being able to do so is vanishingly small). I know have the knowledge of that number, and can use it as I see fit - including decoding it to watch it as a movie, or play it as a piece of music, or whatever. But I didn't copy it from you; in fact, you might not even know that I now know your number!
Have I committed a crime?
DRM (and the laws which surround it) - in a very real sense - is a system put in place to criminalize and prosecute people for knowledge of particular numbers - nothing more, nothing less. In other words, knowledge of such numbers is considered a crime, unless you have paid money for that knowledge - even possibly if you independently arrive at that knowledge.
If the very large number took hundreds of people and millions of dollars to come up with, and it brings you pleasure, then yes, merely copying it when it's legally available for rent is wrong. Obviously stealing physical things is different from stealing digital things, but they are both fundamentally wrong because by doing so you're denying the creators the return on their investment.
The manufacturing (copying) cost for digital content being 0 doesn't really matter; it just means that the net cost of production is front-loaded. I can invest $30,000,000 in a housing complex with a tangible amount of units, or a Hollywood movie with infinite "units". I still deserve to get a return on my investment.
And I meant major ones. They admit that DRM isn't needed. See the report in the link above. Their usage of DRM isn't caused by business enabling requirements, but has completely crooked unrelated reasons.
So basically every mainstream movie and television content producer is colluding with every other such producer for some crooked end? By revenue, the overwhelming majority of the media industry is a criminal conspiracy?
gog.com is actually pretty good for getting somewhat older computer games. Like steam, but with even less hassle, and fewer hassles like the steam client deciding it doesn't like your network connection.
Biggest in the sense of sales, size of the game or development budget? GOG don't really publish their sales numbers, and budgets are often relatively private too, unless it's a crowdfunded project. But I'd guess it's probably The Witcher 3 which is quite a big game in many senses.
From the recently released, Shadow Warrior 2 is also pretty big. I wouldn't call the above mentioned TToN a small game either.
These are completely different realms. Legality of Uber and Airbnb is very different from Netflix losing all 3rd party content if they didn't provide DRM.
Also, many people seem to have a real hard-on for the same legal system that outlaws marijuana and created the DMCA.
How about sharing encrypted videos among a private group of people who are not technologically sophisticated?
The conventional way to do so would require recipients to download an encrypted video file, then run a separate program to decrypt the file. Then they could play the file. Then they have to remember to delete the decrypted file if it is something sensitive that should not be lying about unencrypted on their system.
It should be possible to design a system that plugs into EME that greatly simplifies this.
From your linked comment:> If you want to use the Clear Key key system for privacy, you need to deliver the key over https
I don't see anything that requires that the key be delivered over the net. I just did a test with Clear Key where the page with the video playback has a text field that the viewer pastes the key into, and that worked [1].
The scenarios I'm envisioning involve sharing videos between people that have good non-web methods of communicating, so can distribute a video's encryption key via some non-web means. End user encryption applications tend to by usability train wrecks for non-tech people (heck, they are often terrible for tech people, too...), so what I'm going for here is trying to get rid of the video viewer having to go outside their browser to deal with viewing an encrypted video.
Maybe this can be done with MSE without EME, by handling the decryption in JavaScript?
Does anyone else find it extremely off putting that companies that are supposed tech leaders are pushing "web" features to a subset of browsers?
I really have trouble accepting the fragmentation in the web world. This includes less extreme cases like mobile/desktop versions of browsers without user ability to toggle between the two.
Stuff on the web should just work on all browsers. How did we get to this point, seriously?
We cannot have both the uniformity that comes of a single universal browser and the benefits that come from a free marketplace. So long as anyone can make a browser, there will be differences. And the day we try to eliminate that will be a dark day indeed.
they should have a minimum level of compatibility. that's the meaning of a standard. that's why DVD players can play any DVD, no matter who manufactured it.
open standards means open competition. if in the future, only browsers who can implement the EME can survive, it will kill the small start up browser who other wise would have innovated and beat the incumbent.
> Stuff on the web should just work on all browsers. How did we get to this point, seriously?
This isn't any different from the compatibility issues across desktop operating systems. You wouldn't expect a mac desktop app binary to "just work" when double-clicked on a Windows OS.
I know, the web supposedly has a standard that should make this argument null, but the fact is browsers are basically being used as though they're little mini-operating systems by both consumers and developers. This kind of fragmentation has historically been just something that happens as each "operating environment"'s maintainers implement their own flavor of whatever, standards be damned.
And even with a completely coherent, well-formed standard, browsers will have (sometimes subtly) different behaviors between operating system implementations that will make 100% standards compliance forever be relegated to "nice to have" status.
> This isn't any different from the compatibility issues across desktop operating systems. You wouldn't expect a mac desktop app binary to "just work" when double-clicked on a Windows OS.
It actually is a completely different issue. The web is a standard, browsers implement that standard. It isn't perfect but its not the same intention as different OS architecture.
Yes, hence my comment about the argument being made null by the existence of a standard--but that's only in theory. In practice, often because of OS-driven constraints (e.g. the desktop vs Android version of any given browser), different tradeoffs with respect to the quality, breadth, and depth of implementation differ.
The point is this: the existence of a standard doesn't guarantee uniformity in implementations.
A standard _allows_ for uniformity, the only barriers are technical. CDM providers are actively _preventing_ uniformity. There is a massive difference.
I don't like DRM, but I like binging Netflix in a corner on my laptop while I work. I've been doing it for years using Chrome with a fake user-agent to fool Netflix into thinking I'm on Windows (apparently that hasn't been needed for some time?) So...I'm torn, I guess. I'm glad Linux/Firefox can Netflix, but I'd like it if web standards were open and not patent encumbered.
I guess it's a political issue and not a technical one, and I doubt Netflix care all that much (I believe the content creators are the ones who insisted on DRM for Netflix to stream). Then again, now that Netflix is creating a lot of their own content, they might be evil on that front, too (as they're evil on net neutrality now that they are in a position of strength).
> I like binging Netflix in a corner on my
> laptop while I work
My girlfriend and some friends do this during work/chores, but I'm wondering how that works.
Are there really shows that aren't good enough to warrant your undivided attention, yet good enough to watch in the first place?
I really can't think of any for myself. If I don't mind missing chunks of a show, then I don't really want to watch it in the first place. If it was good, then I wouldn't want to miss it. Just curious.
I don't make a habit of it, but sometimes I'll have Twitch or something running in PIP mode while working. If I'm alone at home it can get pretty quiet and I don't always want music on.
It's a bit like white noise. I'm guessing this person uses Netflix in a similar way.
Mostly re-runs, but also scifi/fantasy stuff that isn't great, but still provides occasional moments of, "huh, that was interesting". Most recently I was binging The 100 while working. It's not good enough to really hold my attention, but it's also a fun post-apocalyptic story with a pretty good cast.
I mostly listen to music while working, but sometimes mindless TV is good, too. Probably not while I'm doing hard stuff, but some days I have a lot of mindless stuff to churn through.
> Are there really shows that aren't good enough to warrant your undivided attention, yet good enough to watch in the first place?
As someone with ADHD: that's going to be most of the shows I ever watch. Unless it's really one of the best shows or movies I've ever seen (like The Wire or something from IMDB's top 50), it's really hard to give it complete undivided attention and probably not worth it anyway.
> I'm glad Linux/Firefox can Netflix, but I'd like it if web standards were open and not patent encumbered.
The actual web standard is open. Netflix was one of the key players in making this an open extensible standard instead of it being an extension or plugin for browsers.
that's just a play on words. it's not an open standard if a completely unaffiliated party cannot implement the full standard (which I assume is true due to the blob for decryption).
The short answer is that, as with many corporations that find themselves in a position of significant leverage, their stance on the open internet has softened. They know they wield enough influence to keep the pipes flowing for their content...and, to hell with any tiny Netflix competitors that might spring up that don't have that kind of clout.
So I remember reading some early EME specs that seemed to indicate that EME encrypted content could be decoded and played by the browser's standard decoder and player - in the case of an open source browser like Firefox - hooking these decoding functions is quite trivial. Is this the means they've gone with or does this EME blob include their own decoder and player?
This diagram and most of non-normative parts of the spec are a deliberate red herring. The purpose of these is to derail discussion about DRM restrictions by saying that any restrictions are optional.
However, during discussions at W3C Netflix representatives confirmed that their implementation doesn't work like this. They are only interested in "strong" DRM model in which the player is not trusted and has no ability to see decrypted data, so it can't even use its regular HTML5 codec to decode it.
Netflix video quality sucks on browsers anyway – at least for movies. Half of them seem to be limited to something which could only be described as "less than DVD quality", some noticeably so.
That's the reality for the paying customer – for a “pirate”, most of the movies in HD quality are a quick web search away, without needing to install any programs.
Indeed it does, and I'm not in the lowest tier. The quality of video is very fine indeed when watching with, say, a Netflix app on a Sony TV, but I prefer to watch stuff on my desktop in a comfy chair, and for that, Netflix leaves wanting with video bitrate not always even above 1000 kbps.
(Right now, for the movie “Collateral”, the highest bitrate offered is 870 kbps when watching in a browser. I'm almost certain it is way above that on more restricted devices, as that has been the case with other titles in the past.)
Yeah, 1080p is reserved for those only. You can get pretty good quality in other browsers as well (mostly for Netflix original content, though, like I described before).
Marginally related: Are there any new developments worth following on the anonymous & decentralized content distribution front ? Bit torrent is decades old. TOR doesn't work for these cases. I don't know if zeronet is a good fit. Who is working on the next big bit torrent replacement ?
I think with open source and standards we lose control the moment things become too complex for a group of open source developers to develop. At this point you need funding, organized efforts or corporate backers who bring their own agendas. Or be on the sidelines for decades while the work is done incrementally like Linux.
For web browsers we have long passed that point. The level of complexity and ongoing effort rules out independent projects which means we are stuck with large corporate efforts like Chrome, Edge, Safari or token open ones like Firefox that trade on openness but are happy to collude with other browser makers to act against user interests.
With this kind of ecosystem its inevitable user interests or things like open web standards will be thrown under the bus when it has no benefits to the projects.
Mozilla has enough resources to take a stand against this or collaborate with orgs like EFF and try to rally users. It has certainly done that before, but nothing happened here. If Netflix wants to deliver DRM let them make their own app, there is no need to get browsers involved in any way.
Linux was never about convenience, it was and is about openness and users and developers have persevered for decades to get here. It would have been 'convenient' to stick to Windows at the outset but then there would be no Linux as we know it today.
I agree, but, I think that the reason that things got this bad in the first place was because we let them set the rules for what a web browser should be.
Firefox was the first major browser that didn't include an email reader, a news reader, and all this other crap.
I just wrote in a post a few minutes ago, about how broken Mozilla's design decisions are[1]. They are absolutely unwilling to step out from Google's shadow. Google now gets to decide what it means to be a web browser.
And I remember when Microsoft was in that position.
I honestly think it would be possible to unseat the one party system we have with web browsers. I wish I had the time to invest in it.
If I could though, I think a great place to start would be to just abandon a lot of the crap that we don't need. Microsoft was bloating the standard with all sorts of crap, like css rules for transparency (done poorly), or changing the color of the scrollbars (which everyone abused on myspace). Firefox said no. I think the web is way too heavy. And I'm already used to seeing websites with lots of javascript stripped out.
Are you using HTTPS Finder or a similar add-on? The blog isn't hosted with TLS and the link is to a plain HTTP URL, so I'm not sure why your browser tried to load a nonexistent HTTPS version of the page.
Still waiting on an update that allows for 1080P streaming on Linux. There's been a hard limit of 720P on all content and something like half of 3rd party content is limited to 480P. Everything available in HD streams at 1080P in Windows 10 or using a device like a Roku.
Whatever DRM they are using doesn't seem to be enough for them to be confident in allowing 1080P streaming on Linux, even for their own content.
A brief check in Firefox shows the limitation is there as well.
IIRC I remember seeing something in a forum that it is widevine, and that it had already worked in FF since whichever release included it (1-3 releases ago) if the UA was spoofed, but this could be somone's failed test and a bad memory..
> DRM is a necessary evil in that video studios would never ever provide content in the clear.
That is an untested assertion with no supporting evidence. The only reason studios get to strongarm providers like Netflix into using DRM is that specific providers like Netflix are happy to accommodate.
> what the best alternative is for implementing DRM on the web?
AFAIK, DRM inherently must be closed source. In order to implement DRM for the open web, you must circumvent the open web, or (in this case) sway those who implement that open standard (web browsers) to include your binaries.
Probably Silverlight, which they have already been using.
The thing is, premium content is going to be DRMd whether Firefox users like it or not. The question is, will Firefox users be able to consume it once they kill off Silverlight?
The only other viable alternative is a native app, and we all know how open and Linux-friendly those tend to be.
Digital Rights Management (DRM) is proprietary (closed-source) copy protection. It is made to prevent unauthorized copying.
In order to implement DRM, one must create a method for the user to decrypt a file without letting the user have any control over where that data goes. Netflix uses DRM to show the user a video file while making it difficult for the user to put that data anywhere outside of the browser's DRM plugin.
What Netflix has done here is strongarmed Mozilla into including the proprietary WidevineCDM component into their implementation of the open HTML5 standard. This means that Netflix has more control over what Firefox does on your computer than you do, or even Mozilla (who creates Firefox) does.
Does anyone have a technical summary of how this Widevine DRM module works? How it can possibly keep the unencrypted data away from the user if the user can modify the browser and other OS components in any way they like?
What's the problem with DRM from a technical perspective? Why is it hurting the Web? I can't make the link, is it impossible for mozilla to provide an open-source implementation of the DRM standard?
Digital Rights Management is a proprietary method to prevent unauthorized copying. DRM literally cannot be open-source. DRM literally cannot be defined as an open standard. DRM is, and inherently must be, literally closed-source proprietary software.
Perhaps I'm missing the obvious here, but is this going to work On Firefox on Linux on ARM? Specifically Rasbian?
Also no mention of Nrtflix's biggest dick move of late re:DRM. 4K playback on the PC only on Edge? Ugh. But the real kicker is "only with Kaby Lake Intel chips".
Hate DRM. But love what Netflix has done to disrupt delivery of video in a country that has suffered with high prices, bundling and delayed releases. I am going with the pragmatic view on this one.
This may be an extreme view, but have you ever wondered why DRM exists?
It exists because highly intelligent people designed it, developed it, and encoded it as software, in exchange for money. Period.
Ok - that's a simplification, but it isn't too far from the truth. These people (short of some kind of compartmentalized R&D model where nobody knew the complete picture - which I doubt happened in this case) each were intelligent enough to think to themselves, and even discuss among themselves, where this all could end up. Where it could lead, what the ultimate goal could happen.
In short - had they given it some thought, they would've been able to see the arguments against and for DRM, and how it could potentially affect consumers, users, and everything else...what we are arguing about today, and have been for a long while now.
So - if they could do this - why did they take the next step, then the next, and so on?
Sure - they needed to eat and pay bills, but we're not talking about had they not implemented it, that they would be instantly unemployed in the industry. They could have each said "I will not do this", and foregone the money.
Of course, the industry could have countered with larger and larger payouts; but if you were in the hot seat, and you had an idea where things would lead, and you didn't like that idea - what amount of money would've made you change your mind to sell out the future?
At what point does the money outweigh your values?
If you are someone in one of these positions, where you know or have an idea of what might come down the pipe in the future (or you know someone in such a position), if you honestly disagree with all of that, you need to make a choice, or speak to others, or whatever. You need to say to yourself, to your colleagues and/or friends in the business that "yes - I will compromise my values for this money" (or if not money, whatever compensation is being offered or procured). You need to be honest about that to yourself and others - no excuses.
Or you must resist, and say "no amount of money will make me change my values; my name and reputation are worth much more than that".
Here's a thought - would you shake the hand of the developer(s) of DVD/CSS, or would you look at them quizzically, and ask them scornfully "why?". Would you shake Jack Valenti's hand and tell him "Nice job!"? (yes I know he's dead)
Ultimately - what I'm trying to get at - it isn't an "us vs. them" situation. It really is "us" and "us" only. We continue to support this, as we continue to rail against it.
I'm not saying if we did anything differently things would have changed. Most humans on the planet honestly don't give a crap about others, about future others, about the political and social consequences of their actions, thoughts and deeds in the now. They barely care about themselves. But if -you- do care about this issue (and a myriad of others), you need to ask yourself whether you support it or not, and if not, what it would take to buy you off - and whether you could live with that.
I think it's a mistake to put such things on those who implement. For any given bad idea, there will always be people willing to take money to implement it.
Let them release their own video (which they create) DRM-free. Otherwise their disgusting efforts of pushing EME into HTML standard are also backed by stinking hypocrisy, of claiming in not being interested in DRM themselves.
