Slashdot Mirror
EFF Makes Formal Objection to DRM In HTML5
The Electronic Frontier Foundation (EFF) has filed a formal objection to the inclusion of DRM in HTML5, saying that a draft proposal from the W3C could hurt innovation and block access to people around the world. From their press page: '"This proposal stands apart from all other aspects of HTML standardization: it defines a new 'black box' for the entertainment industry, fenced off from control by the browser and end-user," said EFF International Director Danny O'Brien. "While this plan might soothe Hollywood content providers who are scared of technological evolution, it could also create serious impediments to interoperability and access for all."'
No DRM will mean no access for anyone!
someone with backbone!
While I understand why they've taken this position, "The Internet" != "WWW". Increasingly content producers are publishing content through app stores because apps provide content creators with a piece of mind that distribution across the DRM free web does not.
We will get to see the result of the grand experiment of publishing content on the web versus through apps. Content follows the money. If there is more money to be generated distributing content over a DRM free web, that's where it will stay. But if there is more money to be made distributing it through locked down apps on locked down platforms - well there's no reason to think that people won't abandon any technology as quickly as they adopt it if the content that they want to view migrates somewhere else.
DRM is not an evolution, it is a forced through solution to keep content FROM evolving.
When you cant win, ad hominem.
I don't want to be slave of plugins.
I don't want to be slave of browsers.
I don't want anymore to be slave of ECOSYSTEMS making me have three or four platforms just to be able to access content.
I prefer if HTML includes provisions to allow optional cross-platform DRM instead of having to rely on plugins/stores/apps.
Yeah, because the current scheme of using proprietary playback plugins that have their own set of security flaws and performance issues, if they exist at all for your platform of choice, isn't an impediment to interoperability at all.
Hollywood isn't going to go DRM free (yet). DRM as a standard in HTML5 is a better place then where we are today. These things must change over time. See: all the stores now selling DRM free music, which would have never happened if the stores of yesteryear hadn't first gotten the RIAA comfortable with digital distribution, then weaned them off the DRM teat.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
You'll take it and like it. Time, and time, and time again.
Nobody wants to hear it, but RMS has it right.
optional cross-platform DRM
LOL optional DRM is simply (mandatory) DRM, you either are one side or the other. I personally think that *software* should never contain any DRM.
Principle vs. Pragmatism. The principle camp says that if you don't defend your freedom you lose it. The pragmatists realize that if they don't allow DRM then the standard will fork into two viable streams, HTML5 and HTMLX (let's call it). Browsers will have to support both and we'll have the joys of all the bugs, confusion, and configuration wars that would ensue. Pundits at sites like cnet would be happy though, as they'd have a continuing tech controversy they could write about w/o having to do much research. Ugh. Let's move on with the new standard.
DRM as a standard in HTML5 is a better place then where we are today...stores of yesteryear hadn't first gotten the RIAA comfortable with digital distribution, then weaned them off the DRM teat.
I am confident that DRM should not be a standard, and the argument that DRM being dropped will happen because companies will get *comfortable*; They don't they would have you electronically chipped if they could get away with it. The reason why DRM was dropped was because customers simply were not happy with it.
As far as I am concernned they may keep their crappy so-called "content" all for themselves.
W3C, and most internet standard bodies, want to build a service hatch into your computer with no lock and key that only the good guys know about so they can run provide you with an awesome software experience. They will say HTML is good enough, but then they need CSS, Java, Javascript, ActiveX, Flash, Silver-light, and the list goes on and on.
Problem is, we've already had this adventure. On Win98, Windows update ran through Internet Explorer which at that time, shared binaries with Explorer; Iexplore.exe installed stuff on your computer through what was at the time activex. And that meant enterprising criminal who found the open service hatch on your computer could install what they want. And what they installed was never really a nice thing.
You ask these same people about security, their response "The internet was meant to be open, Man!"
Before anyone says security is expensive; it really isn't because it compartmentalizes failure. If everyone in a 10,000 user network has admin on every other machine, and wmipvrse.exe decides to go on a rampage eating boot.ini on all those units due to a hardware memory failure, there's an issue. There are other issues there too that are obvious, but giving everyone user rights compartmentalizes that failure to 1 unit. And yes there does come a point where expenditure doesn't result in a saving greater than expenditure, but that's obvious with everything.
These are the same people who refuse to publish a RFC for IPV6 NAT\PAT despite there being an exploit in the wild that causes NIC Firmware on many intel cards to self-immolate when sent malformed SIP Packets; You're going to allow me to see the MAC of your server thus determining the make and model of the card because you don't want to obfuscate the EUC-64 address? These are the same people who came up with Java based webapps to replace ERP systems and sold them to the government and utilities having no concept of security, so when their software become the basis for a rooting exploit, it's only when DHS says uninstall which means institutions now get to think 3x before developing and deploying webapps that they think. Mind you the latest and greatest version of java still has open in the wild root-privilege exploits.
And the RIAA are the same people who want carte-blanche' to turning any PC they want into a smoldering pile of rubble remotely at whim (which is very possible considering firmware-enabled fanbus is very popular on mobile and slimline systems; just make the sucker run too hot a few times and hope for a fire).
HTML 5 is, IMO, already a failed experiment, and Silicon Valley is turning into Hollywood at break-neck speed.
Ultimately, you will find "standards bodies" such as W3C are funded by companies like Microsoft and Google, who have a vested interest in turning their end users into products through "directed advertising". Try going to CNN.com and refreshing the page for 30 minutes on an up to date box, you'll get a virus Delivered through none other than the banner ad on the page. The bad guys are using advertising channels to distribute their binaries because the advertising channels are writing the standards in their favor and want to make things easy for themselves, not you.
Buyer Beware.
How come every time someone talks about pragmatism. It is about me sacrificing something, or me compromising, and we know what happens next...we are expected to do it again..and again.
Lets call pragmatism what it is Users being hit on.
W3C should not be including anything like DRM. They should remember that is is HyperText Markup Language. All they need to define is the usage of the 'a' tag, and left some IETF working group define the transport type for video etc. rather than using HyperText Transfer Protocol.
You're so busy playing corrective geek, SHOW US YOUR STANCE!
Current UEFI implementations would most likely be found illegal in many jurisdictions (anti-competitive behaviour, anti-trust... we've heard it all before); just the fact that on a completely new bought machine you have to boot up Windows 8 in order to have *it* enable your hardware to boot the OS of your choice should make it clear there needs to be a real fix for this crap.
Which part of "as far as I am concerned" didn't enter your small brain?
If I post a video on youtube to make a bit of money, I am sick of people ripping it off and reuploading it to other sites or even just youtube again to steal my money. If you think amateur youtube enthusiasts like me are mad, try MPAA and RIAA member mega-corporations. So basically if they don't add DRM to HTML5 natively, here comes Silverlight or some other similar bullshit with DRM because there's a market for DRM. The only question is do you want a security nightmare like Flash and Reader and Java running on every computer in the world or DRM natively supported in HTML5?
DRM is not an evolution, it is a forced through solution to keep content FROM evolving.
Why is this insightful? Evolve into what?
The road to hell is paved with good intentions.
No it's not. The road to hell is paved with fake intentions.
... HTML5 is not YET (apparently this is coming soon) a real standard. So the only users using it should be those interested in helping to test out the standard. In the mean time ALL web sites should provide a graceful degrade down to HTML4 so their site works in an HTML4-only browser as well as HTML4 can do (which DOES include video, even if most of you web programmers are too lame to understand how to do it). And you don't have to always embed the video ... just make a hyperlink and play it that way. That's worked for over a decade.
now we need to go OSS in diesel cars
The problem with this proposal is they are trying to include a black box in a W3C standard.
All other techniques and technologies described in the standard can be freely implemented by several competing browsers / libraries, in contrast to DRM decryption modules which are, by design, obfusciated.
It will be practically or legally impossible to create your own implementation of a specific decryption module and so any user who wants to, for example, watch a Youtube movie, must download the 'authorized' decryption module.
Note that DRM is designed to not interoperate as content providers actually have an incentive to limit the platform and/or browser that can run the decription modules, because this will reduce development costs and increase their control over how you consume their content.
And yes, the same arguments could be made for the current "plugin" model, but these goals should NOT be encouraged by including it into a web standard.
The first goal of a standard should be to increase interoperability and provide room for several competing implementations and the inclusion of DRM (which has completely opposite goals and designs) will seriously hamper the this.
If you read the EME standard draft, you will realize it isn't standardizing anything at all, it just gives every publisher a free hand to inject any arbitrary technology into HTML 5, severely hampering the original intention of providing a unified way to include media into web pages.
This would also set a horrible precedent and before long these modules will be used for all kinds of purposes and content, severely fragmenting the web (even worse so if HTML 5 gets used in apps and UI's).
There used to be very few obese people. Now there's a lot more obese people. Ergo, obesity is evolution.
Your momma!
"Increasingly content producers are publishing content through app stores because apps provide content creators with a piece of mind that distribution across the DRM free web does not."
What is the problem with that?
Really. What?
However, avoiding either is better still.
Why must this content be presented over HTML? Why? I don't hear any complaints that audiobooks aren't presented over a BluRay disk.
Why is not having a browser display this content that isn't part of the Internet and WorldWideWeb but having to have an application do it such a problem that it is NOT POSSIBLE to have it done by app?
Like you say, hardware DRM means that it is no longer your computer but the compute of the OS manufacturer/Hardware/content "owner", depending on who has the last say about the hardware DRM.
If they want to do that, then they should buy the computer.
What you do is you sell someone your stuff and then give it to them so they have it.
If you didn't mean to post it on youtube because people will "rip you off and reupload it", then don't post it on youtube. Problem solved.
What I would like is for the entertainment industry to be walled up in its own garden, so nothing ever escapes. If anyone wants to be "entertained" they can enter the garden. But the entertainment industry has to stay in their garden and not pollute my world with their tripe. All content must be locked up inside their walled garden permanently. People who need mindless drivel can go inside, but the rest of us will be free of it forever. Almost too good to be true, so it will never happen.
So when you have a propriatory closed kernel driver the rest of the kernel can lie about what it wants to be protected. The rest of the kernel just says "Yup, this is protected path all right!" when it "knows" it isn't.
So therefore the kernel has to be locked down and propriatory so that you can't change it and make it lie to the kernel module.
So now, instead of an app, you have now to write a "plugin" that replaces the entire OS...
DRM is not an evolution, it is a forced through solution to keep content FROM evolving.
Why is this insightful? Evolve into what?
Literally, anything. DRM is an attempt to bring the ball-and-chain of physical media into a purely digital operating space. You have an environment where new markets and many new things are possible, but the only thing you can think of to capitalise on it is to weight it down with a boat anchor so that it looks and feels just like the old existing marketplace.
This is being done at the behest of the Entertainment Industry. What happens with the next industry that wants something added to a standard? Where does it end? I have no problem with Netflix, or some other entity, saying that "if you want to use our fee-based service you must use this." But I don't want these add-ons polluting a standard. This is what we have plug-ins for. If you don't like the plug-in, don't use it and don't bitch about not getting a fee-based service.
There used to be very little pollution.
Now there's more pollution.
What, you don't like pollution? Evolve already!
I dont like DRM. However i dont like it even less that it comes in some undefined ways. Makes it diffcult to avoid or at least estimate its extend. I would prefer it very much if my browser had a warning (similar to the warnings regarding encryption etc) which *shows me* when a webpage tries it.
So i appeciate if we could direct this into a more ordered way.
Content should be free, man!
I never hear anyone defend intellectual property on this site. It's kind of sickening. F***ing electro-commies.
Effective immediately, we have ceased all HTML5 development, and will be utilizing an older HTML standard or Flash, or develop our own.
Any web page that establishes a DRM connection to my computer, will be considered a military attack, and will be subject to such a response.
By accessing my computer, all parties agree to my terms and conditions, implied or not, known or unknown, and are subject to change by me without notice.
This is great work by EFF.
But I get the feeling that if Stallman hadn't kicked up such a stink about this, other organisations wouldn't be jumping in to help now.
If EFF's objection is successful, some people will look back afterward and say that RMS's petition and public denouncements achieved nothing and only the later campaigns by others were useful, but they'll be missing the point that RMS is the one that whips those other groups out of inaction. He knows he usually can't win battles on his own, and he knows how to highlight a cause and set an example so that he isn't left on his own.
So thanks, EFF, and thanks, Richard.
Expert in software patents or patent law? Contribute to the ESP wiki!
I understand the Hollywierd types want big locks so they can charge the hell out of everyone at every corner, but my objection to those locks is that the internet is a worldwide medium for information. Only some of it (a very small portion of it) is used by the Hollywierd types, yet the DRM they are advocating affects everyone. That's crap.
In some ways DRM could promote innovation; it's the use of black box code for anything that concerns me. Is there a way to implement DRM in a white box instead?
-- Jimtown Kelly
People saying that really don't understand how the internet works.
Why is this insightful? Evolve into what?
It's obvious that you have no idea what actual content creators, mixers and innovators are doing these days. It's equally obvious that the proponents of DRM do have an idea and are scared.