DRM In HTML5 — Better Than the Alternative?

Underholdning writes "DRM is coming to HTML5. The W3C published a working draft yesterday of the framework that will support the use of DRM-protected media. Ars Technica's Peter Bright reports on it with an article claiming that DRM in HTML5 is a victory for the open web, not a defeat. Bright argues that if HTML5 does not support DRM, then content providers will move their content away from open standards and implement it with native apps — abandoning the web in the process. Quoting: 'Keeping it out of W3C might have been a moral victory, but its practical implications would sit between slim and none. It doesn't matter if browsers implement "W3C EME" or "non-W3C EME" if the technology and its capabilities are identical. ... Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. Want to send DRM-protected video to an iPhone? "There's an app for that." Native applications on iOS, Android, Windows Phone, and Windows 8 can all implement DRM, with some platforms, such as Android and Windows 8, even offering various APIs and features to assist this.'"

What's the difference?

[Hatta]

Neither can be used on a free platform, so what's the difference? How are platform specific encryption modules any better than platform specific native apps?

Re:What's the difference?

[gl4ss]

Browser components, surprising how many applications require them. once this is in will it create other unforseen content controls?
Also I can't wait for the first client side security vulnerability.

the way I see the html5 drm thing right now is like this: some dudes who would gain something from it are pushing it after having a conversation that went like: "ah darn it, ain'nt anyone doing plugins anymore, 'dem plugins have soo bad reputation. We should design a platform for running closed source code inside browser! and make it html5! and with hooks!"

point being, I don't see it fixing anything in the current system. they could just implement plugins with the old plugin system for things they want to run closed..

Re:What's the difference?

[blackiner]

http://www.w3.org/TR/2013/WD-encrypted-media-20130510/#introduction

Pretty much everything in the picture is standardized and can be implemented by any browser, but the Content Decryption Module (CDM) can be anything, and is selected by keySystem from the DOM data. There is a single reference system that merely decrypts blocks of the stream. But you can pretty much just dump the decrypted blocks into a file. I'm sure all this will really accomplish is requiring people to download proprietary CDMs, or only allow browsers that ship with them like IE or Chrome to play content. This is a shit solution.

Re:What's the difference?

[magic+maverick+]

Exactly. I won't be able to see restricted media on my system anyway. Because DRM - digital restrictions management - don't work without locking you out. It doesn't matter if it's an "open standard" or not. And, as noted in the article, this HTML5 thingy doesn't even provide an open standard for DRM. It provides hooks. That's it. The DRM will still be closed, will still not be a standard, and will still probably not run on open systems (most desktop Linux).

And the W3C should have taken the pragmatic approach and said, "we don't want DRM to be associated with us, as it will tarnish our good name".

This "standard" won't make things any better, because there will still need to be a closed blob to decrypt the restricted media. Whether it's viewable via a web browser, or not, is irrelevant.

Re:What's the difference?

[meustrus]

Except with W3C standardization, you can make 1 plugin for all browsers instead of having to navigate the interfaces for IE, Mozilla, and Webkit, and probably just completely ignore all of the less popular browsers like Opera and Konqueror (don't think that everybody using Linux is willing to forego closed-source device drivers and software packages for ideological reasons and just not get decent graphics performance or Flash videos).

Re:What's the difference?

[blackiner]

And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress.

Re:What's the difference?

[Cajun+Hell]

If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out).

But what is being proposed, is identical to that. Consumers will only be able to use services like Netflix where Netflix deigns to create an implementation of their proprietary EME plugin.

If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

This is where the confusion lies. Nobody is suggesting making DRM itself a standardized part of the web; you're rooting for a side which isn't in the fight. They're talking about making a non-standard DRM component (something just as unportable as Flash and Silverlight, and subject to its ONE CREATOR'S whims) have standard API for the browser to use. This is a tiny little issue; Flash already used a defacto-standard API for the browser to inferface with. Such a defacto interface isn't maybe as good as a well-described one, so you could see this new API as a minor step forward, but it comes with the cost of legitimizing and endorsing something which is just completely ridiculous.

I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

That is not being offered by this HTML5 compromise, and it won't get you closer to that. If Netflix, as the one and only party in the world who will have the closed trade secret to make the Netflix decrypter, should decide to ever see fit to allow the specific non-dominant platform that you're thinking of, to join the list of platforms they support by making a Netflix plugin for it, they're just as likely to decide to allow an app on that platform.

Allowing you to watch Netflix, is not something that is being standardized. That aspect would remain as closed as Flash's DRM. This is how all DRM must always be. The only way Netflix can ever be standardized such that you will be permitted to use it on a device of your choosing, is if they drop the DRM.

Or if they were to standardize the DRM itself, I suppose that would work. But they wouldn't want to do that, since the whole point of DRM is to keep people from implementing it! :-)

Re:What's the difference?

[Microlith]

So you'll still need one plugin for Windows, one for OS X, one for iOS, one for Android, one for Windows RT, etc. (oh and none for Linux.) And then you'll have a multitude of others made by various and sundry companies of varying skill.

I expect that if this takes hold, malware will spread like never seen.

Re:What's the difference?

[Microlith]

It's about choice. If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out). That will generally be the few dominant platforms.

It will be the same with this, because instead of having to compile their app for a platform they'll have to compile their EME module.

If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

Unless they're on an unsupported platform.

their support of this standard suggests that they actually want me to be able to use their service on my Playbook.

I suspect you won't get Netflix on your Playbook unless Blackberry negotiates a licensing agreement with Netflix for their EME module.

I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

And I sincerely doubt you will. This is about taking control, not granting you choice.

Re:What's the difference?

[Jane+Q.+Public]

"And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress???"

There. Fixed that for you.

For what it's worth, I agree. It has taken a while to shake out, but DRM, as a market concept, has been an almost complete failure. It simply doesn't stop people. If anything, it pisses people off and makes them more determined to break the DRM anyway.

Look at HDMI, and CSS (DVD encryption CSS, not the web page kind). They're totally broken. It took a while for the HDMI protection scheme to be broken, but a couple of years ago a guy showed how it could be done with off-the-shelf tools, in a couple of days. (And now that the technique is known, it can be done by a hobbyist in a few minutes.) CSS was broken in even less time with DeCSS by "DVD Jon".

Yet the industries are still using these broken technologies, and saddling consumers with the totally worthless cost.

This has no place in an "open standard". I say get rid of it, and stop coddling the clueless, protectionist, blindly greedy corporations.

Re:What's the difference?

[gl4ss]

Surely you mean one for Windows/x86 (oh, and maybe x64 if we're generous), and one for iOS/ARMv7 (oh, and maybe Android/ARMv7 if we're generous). OS X? WinRT? What's that? May be you'll even say (hah!) Linux?

You'll just have to hope they're not too OS specific, so may be x86 and ARMv7 will (mostly) cover it all and won't need much fucking around to make it work on all platforms. Maybe they'll even be exploit-compatible!

they will have to be os specific and tie into the graphical display system for them to be considered effective at all. basically it can not offer any advantage over silverlight/flash/quicktime type of scenario which we are in now. you'll have a closed plugin which displays the drm protected site.

and users WILL NOT install specific plugins for specific random sites and users will be told not to install them. because it's just common sense. in effect that would not be any different than installing specific apps for specific sites.

oh and to the "but you'll only need 1 plugin for all browsers on the system" well that's also the system we already are in - minus browser specific bugs/"features".

Re:What's the difference?

[Darinbob]

If they all move to proprietary apps away from open standards, then what's the problem? It'll be like back when everything was quicktime and you had to upgrade weekly to get the right version necessary to play that week's videos. The result in that case was that smart people learned to just not watch the stupid videos. If youtube dies from not having DRM in HTML then that sounds like a very good thing to me.

Betteridge's law of headlines

[twocows]

No.

Re:Betteridge's law of headlines

[allo]

And very well suited for this type of rhetoric question like in the article ... because the author doesn't provide any arguments, he is convinced of, so he puts a question in the title instead of a hypothesis (without questionmark)

Time to fork W3C

It would be nice to have a grass roots standards body which impletments the good works of standards bodies but chooses not to implement shill standards. Then grass roots software development can choose to use these standards rather than give in to the corruption of the standards process.

Re:Time to fork W3C

[loufoque]

HTML5 was already formed as the result of a fork of the W3C called the WHATWG.

Re:Time to fork W3C

[Microlith]

They seem intent on listening to a very, very tiny base when it comes to ramming EME through. Apparently what Hollywood wants is more important than what anyone else wants.

Oh the horror!

[maxwell+demon]

There would be content on the internet that is not on the web? Oh the horror! </sarcasm>

Seriously, I want them to provide their own programs for DRM-protected stuff. That stuff just doesn't belong on the web. After all, even if it were made with HTML5+DRM and accessed through web browsers, it would still not really be part of the web, because I could not just fire up any web browser and watch it; I'd first have to install their proprietary DRM. So what is the big difference, if I have to install some proprietary code anyway? If it's a separate program, I'll at least know up front that it's not part of the web.

Also, in my experience, native programs tend to have the better interfaces anyway.

Re:Oh the horror!

It's always the same bullshit. Make it easy for us by making your lives harder.

It's long past the point where everyone should be telling the content barons to eat shit and die.

The rest of the world generates masses of traffic, money and innovation - far more than the thugs in the content industry.

Yet all we ever hear about is how everyone else should dance to the entertainment industry's tune.

Re:Oh the horror!

[Motor]

You can put what you want on the web.

But why do you expect everyone else to pay the technical cost of it (the DRM infrastructure, lock in and lack of choice and innovation)?

If you want DRM... then you maintain your own infrastructure and the associated costs.

it should be standard

There's an increasing amount of content that you can't view without DRM support, and people want to view this content. This should be enabled in the HTML standard, even if the plugins have to be platform specific.

It's only going more in this direction in the future. I have a cousin who works for a major news agency to remain unnamed here, and there is a movement afoot in the news world to investigate DRM for protecting online news content. There is a realization that they cannot keep giving it away forever. There have been a few initial experiments with paywalls on some news sites, but not DRM per se. DRM is a big thing now though in terms of what is wanted going forward. So either this can use the Web, or as TFA says, it will move off the web entirely.

Either the Web has to keep up, or it will become less and less relevant to modern computing. Not overnight of course, but times change. At one point, if you told people the Web would supplant Gopher, they just laughed.

Re:it should be standard

[Microlith]

This should be enabled in the HTML standard, even if the plugins have to be platform specific.

Why?

It's only going more in this direction in the future.

Then things will only get worse.

have a cousin who works for a major news agency to remain unnamed here, and there is a movement afoot in the news world to investigate DRM for protecting online news content. There is a realization that they cannot keep giving it away forever.

So destroy web browsers and force them to betray their users and treat them as criminals?

DRM is a big thing now though in terms of what is wanted going forward.

Fuck them. People are bitching on this site about end users having entitlement complexes, what about media companies that feel entitled to have end user's systems betray their owner for the sake of their bottom line.

Either the Web has to keep up, or it will become less and less relevant to modern computing.

Or maybe it'll become more like it was originally, before the commercial interests started moving in and tried to turn it into TV 2.0.

DRM should not be standardized

[mounthood]

Maybe this will help:
1. Open and Standardized is good.
2. DRM is not Open. (This is simply its nature.)
3. DRM can be Standardized with HTML5 extensions.

The problem is confusing point one with the FOSS attitude of wanting systems that are open. Standardization is not advocated by any open source group or in any open license. Standardization is an artifact commonly associated with free/open systems, but it's presence doesn't mean the system is free or open.

Re:DRM should not be standardized

[meustrus]

Standardization, not openness, is the primary goal of the W3C.

Re:DRM should not be standardized

[devent]

EME is not a standard of DRM. EME is a standard to access DRM via API. That is a very big difference.
_If_ EME would be a standard of DRM, then anyone could implement the DRM and see the videos.

But EME just make the API standard do access DRM to decrypt the content. DRM can not be standardized, it's the very nature of DRM.

If they want false comfort, let them have it

[thoth_amon]

The central problem with DRM is that it stops only honest people. Anything that is located entirely on the user's computer in obfuscated form and plays from there can be cracked, and crackers will crack it, whereupon the cracked goods will quickly find themselves on BitTorrent and other sharing networks.

The thing is, competing with free isn't that hard. If you offer high-quality goods for a reasonable price, using an open format, at a convenient location, customers will buy from you. How did Tower Records thrive for so many years when recording tape-to-tape or record-to-tape was so easy? Or, for a modern example, look at Tor books, which has un-DRMed its books. They say the sky isn't falling. This transition has already largely completed in the realm of technical books at companies like O'Reilly, Manning, Apress, and others.

DRM is an endless and futile game for content creators, and an annoyance to customers. I doubt in the end that any DRM standard we settle upon will be sufficient for most publishers for many reasons, ranging from capabilities to safety, and in the end those publishers who are really serious about DRM will go with proprietary plugins anyway (and will find that those don't work very well either).

Re:This is retarded.

[BasilBrush]

Have they not learned that DRM only hurts the honest people? The pirates will get their crappy content anyways.

This is a false dichotomy. Whilst there are people that only ever use legally acquired stuff at one end of the scale, and people that always pirate non-free stuff at the other end, the vast majority lie in the middle of those extremes, pirating if it's easy and the result is good enough for them, buying when that's easier, or has the quality they require and is within their budget.

DRM doesn't come free for the industry. It would be cheaper to ship without DRM than with. The areas where DRM doesn't help the media industry's bottom line, such as songs, has already been abandoned. Areas where they keep investing in DRM, they do so because it works well enough to raise their bottom line vs not doing it.

If it didn't work, they wouldn't put money into it.

So what's wrong?

[rbprbp]

"Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. "
So what is wrong with this, exactly? If you want to distribute DRMed content, you are fully free to use your own means. Let the web stay DRM-free, as it should be.

Reality intrudes.

[westlake]

The reality is that every Internet enabled device in your home or car supports subscription services and protected media content. Each to some degree pushes the "open web" browser further into the background.

The Windows 8 Start Page makes that explicit.

If the app becomes your primary source for music, videos, books, newspapers, magazines and games, it isn't much of a stretch to imagine the app becoming your primary source for other content and services as well.

Re:Without explicitly saying it...

[meustrus]

What's to say that Netflix wont choose an encryption scheme that has a Microsoft Windows only CDM?

The W3C is giving Netflix the opportunity to choose a cross-platform CDM where before they could only support platforms that Microsoft had "blessed" with Silverlight. Why would they did pick a Windows-only scheme if there's no advantage to that over Silverlight? Worst case, things stay the same. Big whoop.

Re:I'm not too bothered by DRM in HTML5

[icebraining]

You'll still be locked out, because the proposal involves proprietary binary blobs that perform the actual decryption, which won't exist for your platform.

The only "standard" part is the browser hooks for those modules to plug into.

No binary blobs in HTML5

[HalAtWork]

I don't want binary blobs* to be included in a document for what is supposed to be read on a cross-platform interpreter. The binary blob will not work in this situation anyway (different CPU/OS APIs/etc), so why include it as part of the standard? It might as well be an external app or plugin.

* The Content Decryption Module (CDM) required to interpret/implement the DRM

Re:Native apps are better anyways

[lgw]

I'd put it this way: regardless of what the W3C does, the user experience in the browser will be the same. You'll go to a Netflix web page, click, and watch a DRMd video stream. That's 1/3 of internet traffic today, and Netflix has no choice about the DRM part.

The only question is: will that 1/3 of internet traffic be following the HTML5 standard, or not be following the HTML5 standard? The question "should streaming video have DRM" is completely irrelevant to the standard: hate it or accept it, you can't eliminate DRM through a standard.

Do we love the days of IE6, where a big chunk of internet traffic ignored the W3C? Wasn't that fun?

Re:Article is full of it

[mrbester]

Not quite correct. People want to see movies. That these movies and other content has DRM is usually irrelevant except to that small percentage who aren't on the supported platforms. For the most part people don't even know it is there.

A stance of "DRM has no place in HTML5" (a marketing term, like "HTML 2.0") would help educate the blissfully ignorant of how the web works and that it is the *content providers* who are trying to dictate how you consume.

Re:I'm not too bothered by DRM in HTML5

[devent]

ROFL. I like your first question.
If they have used whips to punish the slaves, wouldn't it be better if they would use a standard whip instead of their custom made whip?

For your second question: No.

Adobe goal was to dominate the web with their Flash technology. After years and years of waiting Adope finally released a Linux version of Flash, only to be horrible broken (see for example [1], HAL is deprecated for years). Then Microsoft starts a direct competitor to Flash: Silverlight. You would think because Adobe and Microsoft goals are to have a well established technology in the Web that they would offer best support. But besides Windows and MacOS there is no such best support.

So I ask, if two giants in the technology sector are not bothering to making a true system independent DRM implementation, why would anybody offer EME style DRM modules for Windows, MacOS and Linux? The EME will not change anything. All it will do is to introduce DRM to the open Web and took open and free system at a disadvantage.

[1] http://helpx.adobe.com/x-productkb/multi/flash-player-11-problems-playing.html