From another comment, don't necessarily think of the dilemma of a netflix user, or internet browser, instead think of the of the blow to the openness of the next person that wants to make a brand new web browser. For the new browser to fully compete, they now /NEED/ to set up a closed relationship with netflix, the drm provider, the other browsers. If it was an open standard, they could simply code the crypto algorithms that the standard needs and not need to get permission for the closed drm formats.

So what's the alternative, exactly? Before EME, you needed Flash or Silverlight to view DRM-ed content like netflix. Someone making a brand new web browser would similarly need to support a Flash plugin or Silverlight plugin to compete. Such a developer could choose not to bother with a Flash or Silverlight plugin, but couldn't they also choose not to bother to implement EME? What's changed?

> it's a good compromise in a capitalist society where artists need to make money for what they produce in order to feed themselves

Funny, I haven't heard many artists clamoring for DRM, and the ones who do tend to be well beyond the feeding-themselves step on Maslow's Hierarchy.

No, it is, as always, the distributors. That's because DRM hurts artists but entrenches distributors.

It is a shitty compromise because it is the start of a closed web. Enjoy your view-source while your corporate overlords deign to give you permission.

> Is a programming language a good analogy? The C++ spec says what a switch-statement should do, but nothing about how it must be implemented, right?

No it isn't. Example: Netflix will ask for Widevine DRM provider (and exactly that provider!). It's a proprietary closed licensed platform and your system needs to have their binary blob licensed and compiled for it. If you don't have it and didn't pay for it, you won't be able to decrypt the DRM. Of course to get your DRM blob to run, you'll also have to prove and promise to the DRM provider that you have locked out the user from their own device so they won't be able to accidentally record the video they watch.

It's impossible to make your own open implementation or compete with existing players because they built the fact that you need to negotiate with them for licensing into the standard.

> It's impossible to make your own open implementation

I don't think that's true. It's still just a plugin so as long as implement something like the Gecko Media Plugin / CDM, you should be good, or at least no worse off than before where you had to support the Flash or Silverlight plugin.

well at least as it looks Widevine has no license fees for Device Manufacturers i.e. browsers. You only need to contact them. Not sure how this company makes any money tough. (maybe through training courses)

I'm still not getting how this is a step backwards. Last year there was no Netflix on Linux. This year there is.

Is there a better way to make strong DRM?

It's true that in the short term this can seem like a step forward - we went from bad to slightly less bad. But it's also harmful and dangerous in the long term for all the reasons being discussed.

The internet is used for a heck of a lot more than content destined for a browser.

EME is a much bigger barrier than the old system of plugins. With plugins you implemented the right API for the silverlight plugin and netflix would work. In the future you need to not just implement the API but persuade someone to build the plugin for your browser and then persuade each individual DRM using site to work with your browser.

The CDM is just a plugin - on Firefox it's a Gecko Media Plugin, and it seems easier to implement the GMP API than the NPAPI for Silverlight, since it's a lot more restricted.

Please re-read my post.

These steps are not technical but they are very significant.

Consider how you would provide this plugin to your users as the author of a new browser? You have to ask the plugin authors for permission to use it.

Then consider that you have to persuade Netflix to allow the users of your browser to use their site (without changing user agents).

Neither of these steps were required with NPAPI

Your browser can just download the plugin from Google the same way Firefox does. No permission required since you're not distributing it yourself. This is no different than the case of the Silverlight plugin.

There is no reason why Netflix would need to do user-agent sniffing - the EME API is built around request access to specific "Key Systems" (eg. Widevine) by well-known-name. If they do user-agent sniffing that's an entirely separate issue, and is just as much as problem in the Silverlight case.

> You have to ask the plugin authors for permission to use it.

I don't believe that's true. The plugin is freely available. You just have to write the host.

I don't think Netflix or the rights owners would care since the stream is protected equally in any browser.

> Is a programming language a good analogy? The C++ spec says what a switch-statement should do, but nothing about how it must be implemented, right?

That's not what's going on, though. It's an API that a DRM provider can implement. A website that gets a DRM provider it doesn't recognize will refuse to work with it.