DRM In HTML5 — Better Than the Alternative?

Underholdning writes "DRM is coming to HTML5. The W3C published a working draft yesterday of the framework that will support the use of DRM-protected media. Ars Technica's Peter Bright reports on it with an article claiming that DRM in HTML5 is a victory for the open web, not a defeat. Bright argues that if HTML5 does not support DRM, then content providers will move their content away from open standards and implement it with native apps — abandoning the web in the process. Quoting: 'Keeping it out of W3C might have been a moral victory, but its practical implications would sit between slim and none. It doesn't matter if browsers implement "W3C EME" or "non-W3C EME" if the technology and its capabilities are identical. ... Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. Want to send DRM-protected video to an iPhone? "There's an app for that." Native applications on iOS, Android, Windows Phone, and Windows 8 can all implement DRM, with some platforms, such as Android and Windows 8, even offering various APIs and features to assist this.'"

What's the difference?

[Hatta]

Neither can be used on a free platform, so what's the difference? How are platform specific encryption modules any better than platform specific native apps?

Re:What's the difference?

[gl4ss]

Browser components, surprising how many applications require them. once this is in will it create other unforseen content controls?
Also I can't wait for the first client side security vulnerability.

the way I see the html5 drm thing right now is like this: some dudes who would gain something from it are pushing it after having a conversation that went like: "ah darn it, ain'nt anyone doing plugins anymore, 'dem plugins have soo bad reputation. We should design a platform for running closed source code inside browser! and make it html5! and with hooks!"

point being, I don't see it fixing anything in the current system. they could just implement plugins with the old plugin system for things they want to run closed..

Re:What's the difference?

[blackiner]

http://www.w3.org/TR/2013/WD-encrypted-media-20130510/#introduction

Pretty much everything in the picture is standardized and can be implemented by any browser, but the Content Decryption Module (CDM) can be anything, and is selected by keySystem from the DOM data. There is a single reference system that merely decrypts blocks of the stream. But you can pretty much just dump the decrypted blocks into a file. I'm sure all this will really accomplish is requiring people to download proprietary CDMs, or only allow browsers that ship with them like IE or Chrome to play content. This is a shit solution.

Re:What's the difference?

[magic+maverick+]

Exactly. I won't be able to see restricted media on my system anyway. Because DRM - digital restrictions management - don't work without locking you out. It doesn't matter if it's an "open standard" or not. And, as noted in the article, this HTML5 thingy doesn't even provide an open standard for DRM. It provides hooks. That's it. The DRM will still be closed, will still not be a standard, and will still probably not run on open systems (most desktop Linux).

And the W3C should have taken the pragmatic approach and said, "we don't want DRM to be associated with us, as it will tarnish our good name".

This "standard" won't make things any better, because there will still need to be a closed blob to decrypt the restricted media. Whether it's viewable via a web browser, or not, is irrelevant.

Re:What's the difference?

[meustrus]

Except with W3C standardization, you can make 1 plugin for all browsers instead of having to navigate the interfaces for IE, Mozilla, and Webkit, and probably just completely ignore all of the less popular browsers like Opera and Konqueror (don't think that everybody using Linux is willing to forego closed-source device drivers and software packages for ideological reasons and just not get decent graphics performance or Flash videos).

Re:What's the difference?

[blackiner]

And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress.

Re:What's the difference?

[Cajun+Hell]

If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out).

But what is being proposed, is identical to that. Consumers will only be able to use services like Netflix where Netflix deigns to create an implementation of their proprietary EME plugin.

If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

This is where the confusion lies. Nobody is suggesting making DRM itself a standardized part of the web; you're rooting for a side which isn't in the fight. They're talking about making a non-standard DRM component (something just as unportable as Flash and Silverlight, and subject to its ONE CREATOR'S whims) have standard API for the browser to use. This is a tiny little issue; Flash already used a defacto-standard API for the browser to inferface with. Such a defacto interface isn't maybe as good as a well-described one, so you could see this new API as a minor step forward, but it comes with the cost of legitimizing and endorsing something which is just completely ridiculous.

I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

That is not being offered by this HTML5 compromise, and it won't get you closer to that. If Netflix, as the one and only party in the world who will have the closed trade secret to make the Netflix decrypter, should decide to ever see fit to allow the specific non-dominant platform that you're thinking of, to join the list of platforms they support by making a Netflix plugin for it, they're just as likely to decide to allow an app on that platform.

Allowing you to watch Netflix, is not something that is being standardized. That aspect would remain as closed as Flash's DRM. This is how all DRM must always be. The only way Netflix can ever be standardized such that you will be permitted to use it on a device of your choosing, is if they drop the DRM.

Or if they were to standardize the DRM itself, I suppose that would work. But they wouldn't want to do that, since the whole point of DRM is to keep people from implementing it! :-)

Re:What's the difference?

[Microlith]

It's about choice. If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out). That will generally be the few dominant platforms.

It will be the same with this, because instead of having to compile their app for a platform they'll have to compile their EME module.

If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

Unless they're on an unsupported platform.

their support of this standard suggests that they actually want me to be able to use their service on my Playbook.

I suspect you won't get Netflix on your Playbook unless Blackberry negotiates a licensing agreement with Netflix for their EME module.

I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

And I sincerely doubt you will. This is about taking control, not granting you choice.

Re:What's the difference?

[Jane+Q.+Public]

"And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress???"

There. Fixed that for you.

For what it's worth, I agree. It has taken a while to shake out, but DRM, as a market concept, has been an almost complete failure. It simply doesn't stop people. If anything, it pisses people off and makes them more determined to break the DRM anyway.

Look at HDMI, and CSS (DVD encryption CSS, not the web page kind). They're totally broken. It took a while for the HDMI protection scheme to be broken, but a couple of years ago a guy showed how it could be done with off-the-shelf tools, in a couple of days. (And now that the technique is known, it can be done by a hobbyist in a few minutes.) CSS was broken in even less time with DeCSS by "DVD Jon".

Yet the industries are still using these broken technologies, and saddling consumers with the totally worthless cost.

This has no place in an "open standard". I say get rid of it, and stop coddling the clueless, protectionist, blindly greedy corporations.

Time to fork W3C

It would be nice to have a grass roots standards body which impletments the good works of standards bodies but chooses not to implement shill standards. Then grass roots software development can choose to use these standards rather than give in to the corruption of the standards process.

Oh the horror!

[maxwell+demon]

There would be content on the internet that is not on the web? Oh the horror! </sarcasm>

Seriously, I want them to provide their own programs for DRM-protected stuff. That stuff just doesn't belong on the web. After all, even if it were made with HTML5+DRM and accessed through web browsers, it would still not really be part of the web, because I could not just fire up any web browser and watch it; I'd first have to install their proprietary DRM. So what is the big difference, if I have to install some proprietary code anyway? If it's a separate program, I'll at least know up front that it's not part of the web.

Also, in my experience, native programs tend to have the better interfaces anyway.

Re:Oh the horror!

It's always the same bullshit. Make it easy for us by making your lives harder.

It's long past the point where everyone should be telling the content barons to eat shit and die.

The rest of the world generates masses of traffic, money and innovation - far more than the thugs in the content industry.

Yet all we ever hear about is how everyone else should dance to the entertainment industry's tune.

Re:This is retarded.

[BasilBrush]

Have they not learned that DRM only hurts the honest people? The pirates will get their crappy content anyways.

This is a false dichotomy. Whilst there are people that only ever use legally acquired stuff at one end of the scale, and people that always pirate non-free stuff at the other end, the vast majority lie in the middle of those extremes, pirating if it's easy and the result is good enough for them, buying when that's easier, or has the quality they require and is within their budget.

DRM doesn't come free for the industry. It would be cheaper to ship without DRM than with. The areas where DRM doesn't help the media industry's bottom line, such as songs, has already been abandoned. Areas where they keep investing in DRM, they do so because it works well enough to raise their bottom line vs not doing it.

If it didn't work, they wouldn't put money into it.

Re:DRM should not be standardized

[devent]

EME is not a standard of DRM. EME is a standard to access DRM via API. That is a very big difference.
_If_ EME would be a standard of DRM, then anyone could implement the DRM and see the videos.

But EME just make the API standard do access DRM to decrypt the content. DRM can not be standardized, it's the very nature of DRM.

Re:Native apps are better anyways

[lgw]

I'd put it this way: regardless of what the W3C does, the user experience in the browser will be the same. You'll go to a Netflix web page, click, and watch a DRMd video stream. That's 1/3 of internet traffic today, and Netflix has no choice about the DRM part.

The only question is: will that 1/3 of internet traffic be following the HTML5 standard, or not be following the HTML5 standard? The question "should streaming video have DRM" is completely irrelevant to the standard: hate it or accept it, you can't eliminate DRM through a standard.

Do we love the days of IE6, where a big chunk of internet traffic ignored the W3C? Wasn't that fun?