W3C Declares DRM In-Scope For HTML

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

Reality vs idealism

[Agelmar]

It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences. DRM on the web is already a reality, largely using Flash or Silverlight (see e.g. Hulu, Netflix). However, both of these platforms face problems -- Silverlight in particular seems to have a rather uncertain future, Flash availability on tablets and mobile in general is largely non-existant. The poster asks us to "please use other applications when necessary" - is this really a good answer? That is going to lead to even less interoperability, and I would argue it hurts the web at a time when it's already fighting a serious battle against native apps that generally offer developers better control (of UI, no random GC pauses, actual threading models, etc). It's easy to say "DRM will harm the web", it's a bit harder to foresee what the eventualities of telling people "please go away and use native apps" are.

I expect this is likely not going to be a popular response, but in short please realize that this is not as simple as saying "DRM is bad". Yes, DRM sucks but I'd argue that in the long run, having a hobbled web platform losing out to native apps (see e.g. iOS) is going to suck more.

Re:Reality vs idealism

[kthreadd]

Are you talking about iOS apps?

Re:Reality vs idealism

[Skapare]

However, media via Flash or Silverlight is also broken. It doesn't work everywhere and those media executives are just too stupid to figure out a safe system that will work everywhere. They need to find some smart people that know how to make things work and stop push old ideas of trying to control the software in people's computers. It is possible to do.

Re:Reality vs idealism

[foniksonik]

Let me know when you've managed to convince the major OS developers to use a portable container, common SDK and common glucode scripting language.

Re:Reality vs idealism

DRM has its place, but we also have to be careful about when and how we use it. For example: I would argue that DRM is valuable for ebook lending (e.g. through libraries). However, it doesn't have a place when the goods are sold (e.g. violates the doctrine of first sale).

In the context of the Internet, we must also be careful. One of the advantages of the current structure is openness. That openness allows adaptability to different circumstances. DRM opposes that because anyone who has the keys can reopen the Internet, so those keys will be carefully guarded. This would result in vendors be marginalized, from the application to the system software level. Not only does this limit options for the market as a whole, it limits options for specialized products (e.g. accessible web browsers, utilities for people who don't have access to broadband due to location/affordability).

Re:Reality vs idealism

DRM won't harm the web, it will divide it. See Facebook.

iOS is just a trend, a fading one, otherwise it's percentages wouldn't shift that easy.

Re:Reality vs idealism

No. HTML, Hyper Text Markup Language, is a standard for describing documents. It is NOT the place to implement or enforce Digitally Restricted Media(DRM). Other applications already exist for this purpose and new application will also follow that can all be integrated into your HTML document if you insist on using it. But it belongs in an external application, not HTML.

Re:Reality vs idealism

[MickyTheIdiot]

Anything that breaks the cross-platform nature of the web is a breakage of the web. We've got enough shit that does that now.

Re:Reality vs idealism

DRM being bad is a not a "idealism". It's not some persons *opinion*. It's not like arguing about whether Inception was a good movie (it was).

DRM is faulty *by design*. This is a mathematical truth. And you either accept that truth, or you live in denial. This isn't a "weelllll, it's really annoying for business". Ok, so what? Gravity is really annoying for the American Airlines. Those are the breaks.

The hardware, at the most bottom layer (assembly), has the instruction: mov eax, ebx. This instruction copies data freely. All digital hardware has an equivalent function. You cannot do anything with computers without this basic function.

When you hold a computer, you are physically holding this magical copy instruction. This copy instruction does not know about copyright, or rights holders, or fair use, or DRM, or business models. It simply duplicates a digital value. No computer could exist without it.

So, how do you propose to remove this function, without destroying the computer in the process? It's, ultimately, impossible. You can make things very difficult -- that's fine! Because all you need is one bored determined hacker to break it (which must always be possible, as long as computers exist), and "unlock" the media. Then it will be traded freely.

The only way to stop it is to destroy the computer. Destroy the `mov ax, bx` instruction, that freely copies digital data. But the computer provides so much *other* value, that you can't do that either.

So you just have to live with it. And the sooner you realize that, and realize that this isn't about "idealism", but instead about a mathematical truth that people are living in denial about, the sooner you stop propagating this delusion that DRM is some sort of "solution". It's snake oil. Get over it. I know it sucks. It sucks for me too -- I make music. It sucks. Adapt, or die.

Re:Reality vs idealism

[ByOhTek]

What exactly would you consider a better technology?

Pure HTML is nothing more than an SGML derivative, like XML, and for the use of formatting, is not bad.
CSS, as a way of taking some of the ambiguity and potential for different interpretations on formatting, is also not bad.
JavaScript... OK, yeah, this language could be better. It has a lot of nifty features that can do more harm than good, and is missing one or two nice features (like good type identification, rather than prototype checking, which can have quirks in different browsers).

Everything else is a non-standard and/or proprietary add-on.

Can you think of a better alternative out there that fulfills all the same needs? About the only thing I can think of doing to improve it is replace JavaScript with python (mostly to fix the missing features), Java or C# - and then tweak CSS and HTML a bit to add a few extra features.

By the way, the needs of HTML, as far as I can observe:
To present data on a wide variety of systems, where presenting the data accurately is more important than minor (and even major) variances in formatting, as may be called for by the platform presenting the document(s).

Re:Reality vs idealism

[petermgreen]

Open standards and DRM are fundamentally incompatible. If you know how to decode something to display it to the user you also know how to decode it and save the results of that decoding to a file. Therefore any standard that includes drm will either be trivially broken (see conventional pdf "usage restrictions") or not truely open.

Re:Reality vs idealism

[the_B0fh]

Because you will get royally fucked over. That is why DRM sucks. You will now hand your over identity in order to be able to browse sites, etc. Google, Facebook, etc will now know who you are. Anonymity will be gone forever. Your browser will report on you all the time. Do you know what are web bugs? Do you think the equivalent DRM'ed version will not be there? Except now, because of DRM, it will know exactly who you are.

And don't even think of using different browsers, etc. Because of DRM, you will establish an identity through each of them, or you won't get to use DRM encumbered crap.

Seriously, this is really fucked up.

Re:Reality vs idealism

[the_B0fh]

Also, why do I have to give up my privacy just so that you can get off on your hate of iOS? IF someone wants to give up their privacy and use a native app, that's their bloody business.

Why do I have to use a DRM encumbered web? It won't be just movies or songs or ebooks, it will be used for other things. If someone can put a tracker shit in flash, you think they won't do it with DRM?

Re:Reality vs idealism

[MeNeXT]

DRM is bad especially when it is not disclosed. As an example, I though like you, back in the old DVD days and did not think that CSS was such an issue. The problem was that the DVD not only were encumbered by CSS they also had bad sectors or tracks which created problems for computers. Now the reality was that it also created problems with DVD players which implemented CSS but were a little too old. One day day I bought a Disney DVD and sat down with my kids to watch the movie. It started and would constantly error out. Now thinking that the DVD player was broken I rushed out and bought a new one. The funny thing was that the old one would play all the existing DVDs just fine. Then the second player did the same thing with transformers. I may be slow but I know that's when I realized that there is nothing wrong with the players. What I had to do is scrap the player every 2 years or so in order for the DVDs to work.

DRM prevents the law abiding person to get screwed it does not stop a pirate especially Disney, MPAA, RIAA and such. Where I live you cannot return media when the package is open even when the contents are defective. The laws may not say as much but getting your $20 back will cost more.

Re:Reality vs idealism

[Agelmar]

The reality of DRM is that, absent having a TPM that enforces some sort of software integrity that reasonably ensures that the player is sending the video to a trusted display (TPM validating OS validating player software validating HDCP connection), you're going to be stuck with some security-by-obscurity closed source components, or "plugins". It's unfortunate but I can't honestly see a way around that without much larger changes (like trusted computing, but in a slightly less evil implementation hopefully). The "better alternative" to native apps then becomes allowing DRM to be done in the browser in the least intrusive manner possible -- that is, use as much of the browser's code as possible and have the plugin footprint be as small as possible. Today Flash and Silverlight are used not just for DRM but for the entire player application, ideally the player application could be mostly in HTML and using the browser's stack as much as possible, calling out to the DRM module only for either decryption or saying "Please composite this decrypted stream into that div".

Re:Reality vs idealism

[Phrogman]

I couldn't agree more. HTML is for marking up the content we want to serve on a webpage. It should not be a means to enforce corporate digital rights, particularly when we have seen other instances where enforcing those rights meant "deny by default". Implementing something like this will require even more monitoring of every web browser. I am already tracked enough by dozens of websites who do so without my permission, then sell the results to corporations.

Re:Reality vs idealism

Because cross-platform implies open standards so that everyone is able to implement it on his platform. OTOH, DRM implies a secret component, so that only licensees can implement it. So DRM will only be available on platforms which are popular enough that the implementation pays off the licensing cost (assuming he is even able to get a license). And it will be completely unavailable on open source platforms because it is incompatible with open source.

Re:Reality vs idealism

[h4rr4r]

Because how would they not be?

DRM requires that there is some secret that you do not share with me. This means the implementor would have to port it to every OS and architecture since no one else could.

Re:Reality vs idealism

[Cenan]

That only moves the point in the pipeline where you need to insert code to do the ripping. No matter what scheme is thought up, the end result will always be breakable, simply because you need to output unencrypted content to the end user. You don't even need to break the encryption or do anything at all, all that is needed is to intercept the unencrypted signal before it is presented to the end user. This has been shown time and time again.

Re:Reality vs idealism

[fuzzyfuzzyfungus]

The trouble is that the properties that make a DRM system actually useful(ie. some degree of robustness, enough information about their environment to 'rights manage' in some granular way, and so on) require fairly extraordinary powers over the client system.

The 'Encrypted Media Extension' itself doesn't; because it defines almost nothing(one 'baseline' encryption mechanism that is little more than a toy obfuscation system, along with standardization of some interfaces for asking the non-joke DRM module questions); but it is designed to plug into DRM systems that do, which is the only reason that it has any support at all.

Consider, for example, the BBC's little request list:

Unless it is 'sufficiently secure that there would be the possibility of legal action in the event of bypassing it.', no go.

Unless it 'securely identifies a type of device', no go(browser UA is explicitly noted as not being good enough)

Unless it allows 'identification of the context in which the content appears', no go.

And 'The ability to pass further restrictions to the graphics rendering path if available'.

A set of requirements like that is both a fairly stock summary of what a DRM system should be capable of to be worthy of the name and a set of demands that certainly aren't going to be met in any non-tivoized OSS implementation, and wouldn't even be particularly easy to meet on something that isn't a closed box.

Essentially, once the pointless little baseline case is immediately ignored by anybody who would ever actually use the system(since, if you don't want DRM, you won't want the hassle, and if you do, the baseline is far to pitiful to be worth anything), EME is a 'standard' for 'how to use javascript to talk to an entire black-box video rendering mechanism, upon which there will be enough demands that it will almost certainly be platform specific'. Pretty much exactly the same situation as having the video player stuck in a blob of Silverlight or Flash, except that (because this is HTML5, man) the wicked 'browser plugin' has been renamed a 'content decryption module'(which, as the spec notes, 'CDM implementations may return decrypted frames or render them directly, and 'CDM may use or defer to platform capabilities'). In all but name, it's the definition of a few javascript APIs for interacting with a black-box video path more or less identical(if not worse, given the more robust support for invoking the hardware-protected 'platform capabilities' now present on a lot of consumer gear, which something like Flash was always too dubiously competent to do in any serious way) to the plugin-based video player arrangements of the past.

Re:Reality vs idealism

[TractorBarry]

And let's not foget one important thing.

Any series of bytes, of any arbitary length, can be viewed as representing a number. In the case of a file containing (say) 100,000 bytes that's a large number but the point holds that the byte sequence can stil be viewed as a number.

And what's more ridiculous than trying to prevent people sharing a number ?

If that number, represented as a sequence of bytes, can be interpreted by some music playing software to produce sound well... that's just magic :)

Re:Reality vs idealism

[gl4ss]

are you suggesting we move movie decode to monitors? and then what about the open source browser being tweaked to save the stream to disk and replaying it... and to combat that the monitor would also need to have network - the whole thing would end up being running in the monitor. might just as well buy a tv with a binary only inaccessible properiaty content browser in which case there is nothing open about your content flow. DRM inherently depends on black boxes - sw or hw - and that is incompatible with open systems, be them hw or drm.

the tech is definitely a problem - it's in direct odds with anything open source being in the flow. you can already do crappy drm plugins(silverlight) for your browsers and stream via them(like netflix) so I fail to see what would be the point of trying to put this shit into the general open source portions of the browser.

remember the point isn't about controlling access to the media but controlling what the browser does with that media. and that needs total control over the browser - which means you wouldn't be able to compile your own.

Re:Reality vs idealism

[BrokenHalo]

If we're going to go down the path of the internet being used solely for the purpose of a marketplace, I suspect I will continue my pattern of diminishing usage of it as the years go by. I was there right at the beginning when it was ARPANET and MILNET (and yes, I am even older than that). I understand that DRM has legitimate purposes, but so far, what I have mostly seen is its use to lock in consumers and restrict or deny (I'm looking at Amazon here) legitimate use.

If I am put in a position where in order to purchase certain content, I have to accept DRM encoding, the very first thing I do before I use the file is strip the DRM out. I call this future-proofing, on the grounds that some content providers (Amazon again) have been known to "take back" content, and on the grounds that a digital file should be subject to the same restrictions as a physical book, CD, DVD or whatever.

But I digress: in the earlier years of the internet, I used to spend a (probably too-)large proportion of my life online. Nowadays, having moved away from urban centres and needing to devote more time to getting a life (growing vegies, raising chooks etc) - and with an enforced bandwidth and traffic limit, I find it easier to keep a more distant perspective. So I no longer spend so many hours trawling the net for things hitherto unknown, and actually spend a few more hours at night in bed with my wife.

Re:Reality vs idealism

DRM is a broken concept. If it is possible to read or display the data anywhere, then it is possible to make a copy of that data.

No DRM schema will ever work, even if you make custom hardware to enforce it. How has custom hardware helped out the XBox? just solder a mod-chip on the motherboard and now you can run unsigned code. as soon as someone else has physical access to the hardware you can't stop them from altering it.

It only requires a single person to break your DRM for DRM free versions of your data to leak out. and many times DRM free versions are available before the official version is even released, meaning insiders were involved, so they can't even secure their own facilities.

In the end DRM is only punishing the honest customers and degrading their experience, it isn't even slowing down the "pirates".

Re:Reality vs idealism

[devent]

No it is possible: with legislation. That is why the BBC is calling for legal sanctions.
This will result in invading your privacy at home just like any DRM:

However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

Television is generally a more expensive medium than music to produce due to the amount of labour involved, and therefore for consumers to purchase. Business models that enable content to be available to them on a temporary (or rental) basis are usually able to do so at significantly lower cost than would be the case for permanent copies.

That is definite not true on the Internet. "Television" on the Internet is cheaper then permanent copies. Once the infrastructure is in place, you just pay for the bandwidth.

An example of this effect in action can be seen with the BBC’s iPlayer – by limiting the window of availability, the BBC is able to make content available for no additional fee to UK licence fee payers.

Yes because the current copyright model is broken. If the copyright terms were not astronomical high, the producers wouldn't be so greedy and would not impose artificial limitations by hiking up prices for unlimited availability. That is the only reason public entities like the BBC needs to artificial limit availability. There are no real cost in making a video available once or unlimited on the iPlayer.

We require the ability to securely identify a type of device, and enable or disable video playback based upon the answer.

Goodbye free operating system and free browsers. I can see a future where Mozilla needs to negotiate a license with the BBC (or any other producer) to be able to play their videos.

The ability to pass further restrictions to the graphics rendering path if available.

Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

Instead, the high-quality video content that the broadcast industry produces will be made available only to closed devices and application stores where such security can be implemented.

It's just the same anyway. Either you close up the Web with DRM or you use closed solutions like Flash or Silverlight. What is the advantage for the Web again? There is no way under those conditions from the BBC that an open source browser like Firefox or open source system like Linux can operate.

Re:Reality vs idealism

[AvitarX]

But if the browser is allowed to be open, then you've defeated the DRM.

the way I see this playing out is no movies or newspapers on Firefox or chromium. Google stands to save how much money with this? I imagine a large percentage of the people will go to chrome.

if the DRM is supposed to be any more effective than the no right click style JavaScript, its going to destroy the open source browser eco system. If It's simply meant to prevent the most casual of copying (this is actually what I think is a valid use of DRM, as realistically content is gonna get out anyway), then your plugin idea works, but good idea selling that.

Re:Reality vs idealism

[devent]

PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman

Now the DRM from the cloud services will be standardize. That will give legislators only more excuses to push such laws as the DMCA, SIPA or SOPA. "The proposed law will only make compliance with the W3C Media Source Extensions more easier. You do want your Youtube videos, no?"

Re:Reality vs idealism

[devent]

That will all be changed by brain implants. Now we can ensure the trusted path: Internet, local Computer, HDMI connection, Monitor, Eyeballs. The monitor will output an encoded picture that the eyes will register and the brain implant will decode it to your occipital lobe Later it will erase any memory of the video if the producer set the broadcast flag.

Re:Reality vs idealism

[serviscope_minor]

I understand that DRM has legitimate purposes,

No it doesn't.

What it does is annoy the paying customer and serve as no impediment to the pirate.

Re:Reality vs idealism

[jellomizer]

Digital media has brought on new problems.
Creating quality content is still expensive. Mass distribution is easy.
So we have good old economics 101 of Supply and Demand. With Digital Media Supply reaches a level so high that Demand has barely any effect, and the price per unit is 0. So 0 times any number is still 0, which is less money then it makes to create the content.

Pre Digital media we could control this. Books required to be printed, Music on records or tapes. If you were to mass Pirate books or Music without serious loss of quality you would need an expensive operation. Sure we had tapes of songs from the radio or copies of the tapes, however the quality to copy a copy degrades with the analog copy. Not so with digital, every copy is exactly the same as the previous. Meaning we can cheaply make copies ourselves and mass distribute them over and over.

DRM is a way to limit the supply of digital media, so its price won't fall below where they can make profit. Yes I bet some of you Anti-Capitalist say Profit is bad and Greedy and evil and all that stuff... But plainly put, without profit it is near impossible to have the resources to continue on providing your goods.

RMS is right, Data wants to be free. However making the data isn't free, and the army of volunteers doesn't always work for every project.

Re:Reality vs idealism

[jellomizer]

DRM isn't fool proof. However it is a case of keeping the honest, honest.

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

Are you willing to solder a chip to your hardware, risk breaking it?

Re: Reality vs idealism

[drakaan]

The funny thing about this idea is that even if the server side of the web decides to implement some fancy new DRM scheme baked into html, DRM proponents can't be sure that all user agents will care. They'll either deny access to non-conforming agents or have ineffective DRM, at which point users will have a starting point for bitching about inaccessible content, just as they did with Apple and iTunes content (or no reason to care, if the restrictions can be bypassed).

This is a near universal "donotwant", so while certain interests may succeed in getting DRM included as an aspect of a document markup specification (*sigh*), that doesn't mean users will accept it or desire it or be happy about it or shut up about the problems it causes. Making noise now serves to signal that there will be problems down the road when everyone realizes what the hell is happening.

Re:Reality vs idealism

[Catbeller]

Our browser engines will now become secrets. Cracking those secrets will be a felony worldwide.
This is the end of the world wide web. The network is now a commercial sanctuary, guarded by businesses for businesses.

I never understood why banks and such were even allowed to be on the web. It was obvious then, and now, insanely obvious, that they would envelope and digest the protocol, and make it their own. They should have stayed on their own closed lines. The web was not designed for secrets.

Except now, it will be.

Re:Reality vs idealism

[sootman]

Or, as Bruce Schneier so briefly and eloquently put it, "Trying to make bits uncopyable is like trying to make water not wet."

Re:Reality vs idealism

[bzipitidoo]

DRM is 100% nonsense. Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data, the ones that use the term "intellectual property" disingenuously. Of course authors deserve compensation. But being fair to content creators does not mean we should accept costly measures to prop up business models that are clearly broken. Abandon the Internet? Submit to inspections by piracy police paid for by ourselves? Ridiculous! The honesty most lacking is not the people's, it's the proponents of these copy protection schemes.

How much work are you willing to do to watch that movie for free

You're thinking of it wrong. It's not how much work any one person is willing to do, it's how much work we all are willing to do. Amortized over a world population of about 7 billion, the amount of work required to break DRM is trivial. Only takes one crack to break the DRM for everyone.

Is it worth trying different patches made by people of questionable ethics

The people with the more questionable ethics are the ones trying to impose DRM. I'm more worried about what their unpatched software does than the viruses that could be present in cracks. Remember the Sony BMG rootkit fiasco? The Turbotax boot sector mod? Windows Genuine Advantage, particularly the false positives it raised against legitimate installs? Ernie Ball's experience with the BSA? And once again, you're looking at it wrong. How long can a crack with a trojan go undetected? Only takes one person out of those billions to discover the problem. As soon as it's found out, it's game over for that trojan.

Are you willing to solder a chip to your hardware, risk breaking it?

I'm not willing to buy that hardware in the first place.

Re:Reality vs idealism

[jbolden]

It is not banks that are driving this. What banks what is generic HTML with security. Brokerages pretty much the same. Banks want your session to be secure, they are very well setup for securing their network against you.

Consumer entertainment is what is driving DRM.

Re:Reality vs idealism

[Microlith]

it is a case of keeping the honest, honest.

So punishing the honest while doing nothing against the dishonest.

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

For those willing, all they have to do is wait. Eventually it will be released sans DRM.

Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

If I'm forced to use an OS I cannot trust, then probably.

Re:Reality vs idealism

[vux984]

An honest person is honest because he is honest. He doesn't need anything to keep him honest.

Maybe. But we're talking about regular people not saints.

There's an awful lot of regular people who used napster, kazaa, and so forth. As those got shot down, a lot of them switched to convenient legal alternatives spotify, itunes, etc.

You can call them all dishonest people if you want. But the "old canard" about keeping honest people honest is really meant to apply to people like that. Most of us count them as honest people because they aren't exactly sociopaths and criminals with no regard for their fellow man... but if they can download something for free, nobody is visibly harmed, and its effortless then they will.

Make it just a little bit hard though, and they'll take the easier legitimate option.

Re:Reality vs idealism

[AmiMoJo]

By definition you can't have a "safe system" that works everywhere. All DRM requires some secrecy at some stage, making free beer and open source implementations difficult.

The current philosophy seems to be to make the DRM less annoying until a balance is found between restrictiveness and people's willingness to buy it. Netflix and Hulu are good example - annoying and unusual for lots of people, but apparently enough are okay with the limitations to pony up instead of heading to the Pirate Bay.

Re:Reality vs idealism

[AmiMoJo]

Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data

Actually that would be a lot better than what we have now. If I buy a chair it's mine to do what I like with. I can modify it, sit on it backwards, sell it to someone else, make copies myself. The carpenter who made it can't take it back, can't charge me on-going fees to sit on it, can't break into my house and smash it up because his license to the design ran out, can't prevent it being used in public etc.

Re:Reality vs idealism

[tyrione]

What exactly would you consider a better technology?

Pure HTML is nothing more than an SGML derivative, like XML, and for the use of formatting, is not bad. CSS, as a way of taking some of the ambiguity and potential for different interpretations on formatting, is also not bad. JavaScript... OK, yeah, this language could be better. It has a lot of nifty features that can do more harm than good, and is missing one or two nice features (like good type identification, rather than prototype checking, which can have quirks in different browsers).

Everything else is a non-standard and/or proprietary add-on.

Can you think of a better alternative out there that fulfills all the same needs? About the only thing I can think of doing to improve it is replace JavaScript with python (mostly to fix the missing features), Java or C# - and then tweak CSS and HTML a bit to add a few extra features.

By the way, the needs of HTML, as far as I can observe: To present data on a wide variety of systems, where presenting the data accurately is more important than minor (and even major) variances in formatting, as may be called for by the platform presenting the document(s).

Considering the Browser is written in C/C++ I think a standard Media Library fully open in C/C++ with clean hooks via HTML 5 and it's Media methodology would be just fine.

Re:Reality vs idealism

[Jeremiah+Cornelius]

Destroy rent-based models for business revenue.

Do it for your children.

"Central Services - we do the business, you do the pleasure..."

Re:Reality vs idealism

[KiloByte]

All DRM requires some secrecy at some stage, making [...] open source implementations difficult.

s/difficult/impossible/

To display the content, you need to decrypt it into an understandable form. This means, the authors would need to add an antifeature to deny some forms of use if a flag is set -- removing such an antifeature is trivial so no one even bothers.

Effective DRM is, strictly speaking, impossible even in closed source, but the bad guys can least make it hard to pierce.

Make those with the money pay

It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.

I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.

The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.

BBC not calling for legal sanctions

[AmiMoJo]

The BBC is not calling for legal sanctions to be in the standard or anything silly like that. They are merely saying that any DRM standard for online video must be executed in such a way that existing copyright infringement laws apply to it. In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

Re:BBC not calling for legal sanctions

[OzPeter]

In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

Ah .. so they finally want to implement the (almost) ten year old RFC 3514 IPv4 header!

Trust Us

[overshoot]

Well, so much for open-source W3C-compliant browsers.

Re:Trust Us

[xaxa]

Well, so much for open-source W3C-compliant browsers.

The linked BBC email says:

Previous discussions on the W3C mailing list have looked at if the CDM itself should be defined or mandated to be open-source. We do not believe this would be helpful, primarily because it is difficult to see how an open-source CDM would have any hope of staying secure for any length of time at all. However, we would evaluate any open-source solution that did come along fairly against our criteria, and hope that adoption of a standard like the Encrypted Media Proposal will increase the amount of vendors offering CDM modules from the number of plug-in vendors that exist today as there would be a lower cost of entry. This may enable an open-source solution that we have not yet conceived to come to market.

That suggests a fundamental misunderstanding of encryption.

On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M. That compares to £3606M of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)

(Other broadcasters with different funding models might still want this system.)

EME - That's a shit move

Web Deli - "Serving fresh websites daily"
00:22 (0 minutes ago)

Attn: Philippe Le Hegaret
cc: Paul Cotton, Maciej Stachowiak, Sam Ruby

Dear Philippe et al,

Further to your discussion, [http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0122.html]

Adding DRM to the open web is a dick move.

When you are old you will look back and think... yeah we really fucked up when we did that.

But anyway - hindsight is usually clearer than foresight - personally I would think your respective talent could be put to better use.

What you do in the world matters, and doing what your doing is harmful - it's shaping a sub-optimal future.

Please reconsider the value of what you are doing and consider pursuing other projects.

Kind Regards,

Principal Web Developer
Julian Smith | Director

e: julian@webdeli.com.au
m: +61423797376

Web Deli - “Fresh websites served daily”
eCommerce | Online Marketing | Drupal | Email Solutions | PHP Development | iOS Development

Please send all mail to : 303/585 Little Collins Street, Melbourne, VIC, AUSTRALIA 3000

HTML is fine, its all the crap on top of it

Flash, Java, Silverlight, take your pick.

As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
The information I am able to find and use is also about the same.
The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.

Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
It's a web PAGE, pal. It should look and work like a PAGE.

Open Source Browsers

[acklenx]

Implement as much of the spec as you want.

BBC is calling for legal sanctions

[tuppe666]

"However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

Re:BBC is calling for legal sanctions

[FireFury03]

"However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

The BBC has a rather bonkers idea about DRM anyway. For example, HD Freesat receivers are required to implemtn DRM on their output (i.e. HDCP on the HD output, no analogue HD output, etc.), even though the DVB-S signal they are receiving is transmitted in the clear anyway. All it does is inconvenience legitimate consumers - anyone planning on copyright infringement is going to find it more trivial to record the raw DVB-S stream rather than an HDMI stream anyway.

Similarly, iPlayer's DRM is so weak as to be completely useless, and yet they still use it and therefore insist on using the terrible Flash player instead of making the video streams available in a standard format that would work on all platforms. (The flash player is so bad that I invariably just use get_iplayer and then play it with mplayer).

Re:BBC is calling for legal sanctions

[Ash+Vince]

"However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

The BBC has a rather bonkers idea about DRM anyway. For example, HD Freesat receivers are required to implemtn DRM on their output (i.e. HDCP on the HD output, no analogue HD output, etc.), even though the DVB-S signal they are receiving is transmitted in the clear anyway. All it does is inconvenience legitimate consumers - anyone planning on copyright infringement is going to find it more trivial to record the raw DVB-S stream rather than an HDMI stream anyway.

Similarly, iPlayer's DRM is so weak as to be completely useless, and yet they still use it and therefore insist on using the terrible Flash player instead of making the video streams available in a standard format that would work on all platforms. (The flash player is so bad that I invariably just use get_iplayer and then play it with mplayer).

BTW, get_iplayer does not bypass DRM since the BBC do not use any.

http://linuxcentre.net/getiplayer

From the link above:

"get_iplayer, does the recording, indexing and searching of the iPlayer TV/Radio programmes and podcasts available. It can even stream the iPlayer TV programmes while recording them to mplayer, vlc or xine, etc. It does not circumvent any digital rights management security (see the BBC’s website on how to do that with the Windows-only DRM content they provide)."

Re:BBC is calling for legal sanctions

[FireFury03]

BTW, get_iplayer does not bypass DRM since the BBC do not use any.

http://linuxcentre.net/getiplayer

From the link above:

"get_iplayer, does the recording, indexing and searching of the iPlayer TV/Radio programmes and podcasts available. It can even stream the iPlayer TV programmes while recording them to mplayer, vlc or xine, etc. It does not circumvent any digital rights management security (see the BBC’s website on how to do that with the Windows-only DRM content they provide)."

Not entirely true. iPlayer uses SWF verification. It's a pretty worthless DRM mechanism, but its there.

Time for a new Internet.

[blcamp]

Because this will break it beyond repair.

The worst thing since ActiveX

[GeekDork]

That's pretty much all.

The best that this idiocy can possibly produce is further fragmentation of "The Web": right now, we have "kinda sane" standards in HTML 4.01 and XHTML 1, as well as CSS 2.1; everything beyond that are half-baked hacks in the form of several implementations of HTML 5, CSS 3 modules, their DOM APIs, and whatever browser vendors decided to implement. Adding DRM to the fray will not help things, since no matter how you look at it, you will end up with content only available on specialty browsers like Chrome, IE, or fringe mobile platforms, all the while still blissfully carrying the "HTML" tag.

At the end of the day, it will be cheaper for content peddlers to just cut out the bullshit and keep doing things in Flash, and I can't even say that I'm sad about it anymore.

Oh, and the W3C? They can go die in a car crash FWIW, it wouldn't be a huge loss beyond the humanitarian impact. Not like they did anything useful in the past 10 years.

Reality vs idealism: in reality, DRM doesn't work

It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences.

It's not about the evilness of DRM, it's about the fact that it's useless. Has there been a DRM in history that has not been cracked? Why spend energy on a useless endeavour?

The people pushing for this may believe it's worthwhile and useful (or rather the content licensees do), but I think most people on Slashdot are clueful enough to know better.

So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?

Do I see a hole in the DRM?

[MathFox]

Nothing in the "Encrypted Media Extension" specs prevents or forbids proxying of both the key and the encrypted media stream to an external "decryption and caching" service. And all of the usual "how do we prevent the plaintext from leaking from the user's machine" questions are still in full force. It is unlikely that the W3C will get "effective protection".

DRM html??

[Dcnjoe60]

Ummm, if the DRM is in the html code, then what is to stop somebody from having html code that circumvents the DRM? Here is a better idea. If you have content that you want to protect, then protect it on your end. Yes, it is less convenient for your users, but if they value your content they will still jump through your hoops. If they don't they will go elsewhere. Most likely the content owners realize that their content isn't all that valuable and if they try and restrict it on their end, people will indeed go elsewhere. However, that is how free markets are supposed to work.

Use online newspapers as an example. Many have paywalls and do quite well, with that model, however, those that do not want to pay, get their content elsewhere. It doesn't require DRM built into HTML to protect content.

Re:Binary

[h4rr4r]

Either you want java or something like it or you are going to tie the web to some architecture. I think you can see the flaws with both those plans.

What happened to the W3C?

[fritsd]

Here, read this: http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0137.html, this person puts it very clearly: WTF is the W3C doing trying to *hinder* an open accessible web? DRM is against what their purpose in life as an organisation is.

Did "the Director" die, or something??

So, it will be EXACTLY what we have now...

[tekrat]

The ads will load into your browser, but not the content you were trying to access. The Ads will play a video, but then the video you were trying to see will generate an error. While you're at work, an annoying sound will come from the ads, but you still won't be able to read the article you were hoping to read.

The web has already become useless. Every site is so loaded with crap ads, you can't even FIND the content you were googling for. So go ahead, add the DRM. It won't change anything. It won't work, it'll cost more money to implement, and you'll get less ad revenue as even more people give up as I have.

Long live the web, death to the web.

HTMLMediaElement is ALREADY part of HTML

[AwaxSlashdot]

The proposal is to extend HTMLMediaElement (which is an ALREADY existing part of HTML) so it supports DRM in a standard way.
HTMLMediaElement is a specific DOM element that correspond to media elements (audio, video) and extends the standard element with media specific features: play, pause, length, volume, etc ...

The proposal is to recognize that DRMs are an widespread feature used in conjunction with media elements. As such, it is worth standardizing.

If the DOM accepts having play/pause features on a media element, it could also support DRM methods on a specialization of this element.

As you said, the implementation and enforcement of DRM is EXTERNAL to the DOM/HTML. Have you read the proposal ? I guess you didn't because the ONLY thing this proposal adds is a bunch of events and methods to allow javascript to provide the key to decrypt an encrypted flow.

Re:HTMLMediaElement is ALREADY part of HTML

[strikethree]

Ah. So we should just go along with building the guillotine because the blade is not included. Right.

So, video codecs are out of scope, but DRM isn't?

[GNUALMAFUERTE]

We badly needed the W3C to define a codec when they defined the HTML5 video standard. They didn't. They said it was out of scope. To this day, HTML5 video isn't widespread yet because of that. Apple and microsoft are pushing their own agenda in having a proprietary, controlled, patented standard in which they hold interests used, while disregarding technically viable, free, open solutions such as Theora or WebM.

But the motherfucking codec was "out of scope".

And DRM is in scope? What the fuck people! You consider you have no say in the very fucking core of the video playing system, but you do get to taint the web with unnecessary shit such as DRM?

Everyone at the w3c can go fuck themselves.

Re:Focus on the specifics. "DRM Bad" is dumb

[peppepz]

Lets focus on the specifics of EME. "DRM Bad" is a gross oversimplification.

Interesting, let's see.

I think we can all agree that HTTPS is a good idea - it lets us securely communicate with our bank etc.

Indeed, that's because HTTPS has nothing to do with DRM, besides the fact that both use encryption. HTTPS serves the user, and the user has full control over it.

What if our bank wants to send us a video message, or we want to watch one of our home videos we've stored on a cloud server? Well, we could use HTTPS for that. But HTTPS requires the server to encrypt the content as we're streaming it... that's probably OK for those scenarios, since there won't be more than one person downloading the same video at once.

Exactly. So far, no uses for DRM. Let's hear further.

Now suppose a video store offers to sell us a video. Of course we'd use HTTPS to send our credit card details to prevent them getting intercepted by hackers. The video store might let us download or stream the video over HTTPS. But HTTPS requires the server to encrypt the content as we're streaming it, and if lots of people are streaming the same video the server will be very busy. What's more, since the server has to send differently-encrypted data to different people, they can't use a CDN to spread the load (unless they load their private key into all the CDN boxes, which would be insecure). The solution is EME with the "Clear Key" encryption: the store encrypts the video file once, and tells us to stream the encrypted video file over plain HTTP from their CDN. They then send us the key over HTTPS. The browser uses that key to decrypt the file. Note that there's no "DRM" anti-consumer stuff here - the consumer's web browser has both the key and the encrypted data, and could save those if they wanted to. It's just protecting the data as it flows over the network, like HTTPS does.

What you described is no DRM. The server is giving the user full access to the media, by giving the key to him. They could as well store the media inside a password-protected zip file, serve it over plain HTTP, then send the password for that file to the user. It would have achieved the same level of security. The point is that no media company will use such a model for distribution, because a single user could give away his password to all the other users, making the system ineffective. In fact, no user's right is restricted by this model, there's no "black box" software or hardware involved, there are no encryption keys ureachable to the user, there's no personal information of the user stored inside the media. This is not DRM and this is not what people are afraid of.

Now, EME does also have hooks for a full DRM system. It doesn't specify a full DRM system - it's just hooks so your browser could include a DRM system if it wanted to. Rather than getting the clear key over HTTPS, the browser can get some encrypted data that's passed to the DRM system. The DRM system then does it's thing and decrypts the video, presumably applying copy protection as it does.

So after you've talked so much about completely irrelevant topics, you dismiss the actual problem with three lines and no argumentation. You're actually worsening my concerns, because not only you're telling us that EME will force all content consumers on the web to implement DRM and pay for its implementation and its computational overhead, but also you're giving us reason to believe that the specification will be incomplete, and every content publisher will be free to implement or license a different digital restriction management system based on those "hooks", forcing the users to choose what content they want to access, or to implement or license all of the competing systems, as is already happening with DRM systems for digital television broadcasting.

The sort of companies who are going

Hi! ho! Yet Another Parameter Passing Mechanism

[TheRealHocusLocus]

The media's directly linked, it has a URL---
Hi! ho! the derry-o, we simply GET the stream.

The link has gobble-de-gook, it changes every time---
Hi! Ho! the derry-o, we follow redirect.

It's encrypted with a key, the key is passed to me---
Hi! ho! the derry-o, our extension reads it for free.

The key comes from a script, the script talks only to Fred---
Hi! Ho! the derry-o, our sandbox looks like Fred.

A dongle decodes the stream, which plugs into USB---
Hi! Ho! the derry-o, its Certs have just been leaked.

It's all secure at last! A special TV decodes it all---
Hi! Ho! the derry-o, they didn't sell any at all.

It's encrypted again but now, NO ONE gets the key---
Hi! Ho! the derry-o, we watch Gaussian noise for free.

I'm used to it. Digital TV reception in my area closely resembles watching a raw stream of encrypted video where only God has the key. A pretty mosaic of brightly colored boxes that rearrange themselves into endless, hypnotic patterns. Its audio is mercifully muted.

Frankly, I'm amazed at the progress we've made.

Stallman wrong

[DragonWriter]

PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman

Actually, Stallman was wrong on that, starting with confusing out "renting out services run on someone else's computers" (which is the actual source of the "trap", insofar as it exists, that he refers to, and is a practice nearly as old as business use of computers) with "cloud computing" (which is a set of technologies relating to dynamic allocation of resources -- virtual servers, etc. -- which has many applications, including, but not limited to, more efficiently implementing the kind of remote third-party services which have been around forever in which Stallman sees a "trap".)

Reality

[Sloppy]

How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00? Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

Arrghh.. Really? People can still totally misunderstand the situation this badly, in 2013?

The people who endure the things that you're talking about, also pay. The fact that they paid for the DRMed media, is why they have DRMed media. Nobody does anything like what you're talking about, to avoid paying.

People who don't pay, don't go through any of that. How much work am I willing to do to watch that movie for free? NONE. The free content is what works on a computer without any patches, rebuilding, soldering, etc; it works under normal conditions with normal hardware and software. That's the smooth, reliable case, and since anyone and everyone can work on it, there are many players competing against each other to be The Best.

The non-free DRMed content, is the stuff where the computer is always abnormal in some regard. Either the computer is actively hostile to its user (i.e. the user just accepts the absurdity of the DRM-compatible players' artificial limitations and their general lack of competitive features), or it's schizophrenic and (possibly) unreliable, due to needing to [appear to] serve two masters (the case you seem to be harping on).

There's not even a grey area worth speaking of. It's not a matter of "some non-payers have to deal with DRM and some customers don't." These are truly all-or-nothing scenarios, where the exceptions are so rare that it's not worth speaking of. Everyone who makes use of pirated media, is free from having to deal with DRM bullshit while they use that media. And similarly, everyone who does struggle with DRM, is always working with a non-pirated copy, which was paid for, unless you're talking about some fringe case of shoplifting or something like that. Don't you understand that?

So it's not a matter of keeping the honest honest. It's a matter of punishing and discouraging the honest for the "crime"(?) of being honest, constantly tempting them with the promise of how much nicer and easier things will be, if they defect.