Tim Berners-Lee, W3C Approve Work On DRM For HTML 5.1

An anonymous reader writes "Danny O'Brien from the EFF has a weblog post about how the Encrypted Media Extension (EME) proposal will continue to be part of HTML Work Group's bailiwick and may make it into a future HTML revision." From O'Brien's post: "A Web where you cannot cut and paste text; where your browser can't 'Save As...' an image; where the 'allowed' uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively 'View Source' on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the 'Web' technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."

Open source browsers?

[ZorinLynx]

How does this affect open source browsers like Firefox? If something is open source you surely can't enforce any sort of DRM restrictions; someone can just build a hacked version of the browser.

Is this possibly the beginning of the end for open source browsers?

Why in the hell are they even THINKING of approving this bullshit?

Re:Open source browsers?

[MightyYar]

Yes, DRM in-browser is laughable. There is no way to protect the keys, unless my admittedly shallow encryption background is flawed somehow.

Re:Open source browsers?

The DRM implementation basically allows for binary opaque blobs to be part of the browser. These likely would be separate files bundled with installs, and not in the source. Those may be reverse engineered and replaced with FOSS variants, but that will take time and pain.

Re:Open source browsers?

[Jeremiah+Cornelius]

Maybe approving something doom to fail, is a way to get it off your agenda, and cease endless persistent lobbying by media companies.
"Yes. Why don't you start work on the perpetual motion machine - here we've provided you a framework."

Or maybe Tim Berners-Lee is Hitler.

Re:Open source browsers?

[Wootery]

How does this affect open source browsers like Firefox? If something is open source you surely can't enforce any sort of DRM restrictions; someone can just build a hacked version of the browser.

As I understand it the thing they've just approved is some sort of 'standard' API with which Netflix etc. can tie their necessarily-proprietary, platform-specific, native-code, obfuscated-media-player plugin (DRM), into the browser (which may or may not itself be Open Source).

How this thing works technically, I don't know. I don't think it's just a C API.

Is this possibly the beginning of the end for open source browsers?

Why in the hell are they even THINKING of approving this bullshit?

Amen. 'They' (Netflix and co) need the web, not the other way round.

Re:Open source browsers?

[ZorinLynx]

Why does this need to be made part of HTML, though? The existing plugin infrastructure works just fine. You can implement whatever the fuck you want in a plugin. Just use that and leave HTML alone. Things are complicated enough already without introducing new artificial complexity that is purposely designed to break things.

(All DRM is purposely designed to break content. It provides absolutely no benefit to the user)

Re:Open source browsers?

[non0score]

If it's so laughable, then isn't it better to just have it? So instead of a world where content owners won't publish jack on HTML5 (you read that right, content owners of the content you're willing to pay for will never publish on HTML5 unless they have some sort of DRM), you get a world where content owners would and you can somehow mine the keys. I don't see how this is any worse.

Re:Open source browsers?

Probably, but it's a dangerous move in the current political climate.
They will enforce this and make it a horrible crime to distribute a browser that "circumvents" the brave new web. This is the world we live in now.

Re:Open source browsers?

[MightyYar]

I don't really care whether they publish or not - if there is one thing the internet does not lack it is content.

Re:Open source browsers?

[h4rr4r]

And what happens when there is very little non-EME content? What happens when your bank uses it, the .gov sites require it and you must use it to buy things?

Re:Open source browsers?

[fustakrakich]

...content owners of the content you're willing to pay for will never publish on HTML5 unless they have some sort of DRM

Who cares? Fuck 'em. There are plenty of people who will publish without all that crap, and we can just stick with them. Besides, DRM is easy to crack, a snake oil sold by scammers. I have no sympathy for those stupid enough to buy it.

Re:Open source browsers?

[Twylite]

Indeed. Encrypted Media Extensions, W3C First Public Working Draft 10 May 2013:

This proposal extends HTMLMediaElement providing APIs to control playback of protected content.

The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation). License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies.

This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the simple clear key system is required to be implemented as a common baseline.

That rationale (as I've heard it explained) is that media (video/audio) content distributors are going to implement DRM, so the Hobson's choice is between giving them a standard interface (HTML EME) or having every distributor create their own proprietary media player (probably platform-specific with embedded rootkit).

If you believe that all media should be gratis, or you believe that all media should be open and consumers should be trusted to pay for non-gratis media absent any technological protection, then you will view EME as a bad thing.

If you believe that Copyright should be able to exist on media and that authors and/or distributors should be able to charge for the video/audio, and you believe that technological protection measures may have some impact to reduce non-paid use of such media, and you believe that it is in the interest of consumers to have standards for these sort of things, then you may view EME as a good thing.

Re:Open source browsers?

[ralphaostrander]

I want an internet for me not them, If they dont like it here dont come. live by the open rules or stay home. I am happy with that. The net was here and was better before it became a giant for sale god damn sign.

Re:Open source browsers?

[non0score]

That's a fine way to think about it. But if you don't want it, doesn't mean others don't want it. And if you think it's so easy to crack, then why do you care? Just let the content owners have that false sense of security if you think it's so easy to crack.

Re:Open source browsers?

[serviscope_minor]

Breaking content in a standard way, which can then be unbroken in a standard way (likely to be cross platform and supported by your browser); as opposed to only being unbroken by a dodgy Windows-only rootkit supplied by the content distributor.

Please go back and look at the standard. The "standard way" you talk about is merely a standard API to a non standard blob of binary crap. It will still require the windows only rootkit to decode.

Re:Open source browsers?

[non0score]

And they want an internet for them, not you. Works both ways.

Put it this way, can you access the private portions of some government website without risk of getting charged with something criminal (assuming you're not a government employee/contractor/etc...)? Is that part open? No. Then why aren't you complaining about it? Oh, that's server-side you say. Then how about Netflix? You have to install Silverlight so they can protect their content (assuming it protects their content). I don't hear you complaining about that either. So what's the difference between you having to install a plug-in vs. it's built right into the browser? The end game is still the same: do you get access to the content or not, not whether this is open or not.

Re:Open source browsers?

Then why do I keep ending up here on Slashdot out of boredom?

Re:Open source browsers?

[jedidiah]

This is the exact opposite of "getting rid of Flash".

Re:Open source browsers?

[Kielistic]

No. Once their foot is in the door they will start demanding signed binary for browsers since anything else is useless to their wants.

Re:Open source browsers?

[lgw]

The reason to care is that they will publish, just not using HTML5, making yet another "if only people followed it" web standard.

I swear, every time DRM gets mentioned in HTML5 it's like IE6 never happened! Do we have to repeat that sad mistake? The point of a standard is to describe a specific way to do what everyone is going to do anyway. A standard that petulantly refuses to describe what the big players are doing anyway is worse than useless. The W3C finally learned this lesson, but apparently /. has a shorter memory.

Re:Open source browsers?

[NatasRevol]

Because you don't know the latest address of ThePirateBay?

Re:Open source browsers?

[NickFortune]

If it's so laughable, then isn't it better to just have it?

Well, the security aspects are laughable. The potential legal follow ons are not. For instance, the next logical step is to insist on digitally signed browsers and declare non-complying browsers illegal as "circumvention tools" under the DMCA or somesuch. You might not be able to detect hack browsers, but you could sure as hell sue anyone distributing binaries or patches. You might have a hard time claiming non-infringing uses as well.

That would pretty much make any new browser impossible to distribute, and potentially puts enough regulatory red-tape on people like mozilla that they'd have difficulty continuing in their current open source form.

Then there's the possibility to pressure ISPs to only allow encrypted content (call it an anti-terrorism measure - that works for most things) and eventually to start chaging for access on a per web-page basis for all content.

From the point of view of some media and content cartels, that's a very desirable outcome. The genie would be back in the bottle.

On the other hand, if we don't have EME then the problems don't arise, so on balance I'd say better not to have it.

So instead of a world where content owners won't publish jack on HTML5

I don't see why that's a problem. There are DRM formats that work with PDFs so it's not as if your content dudes can't publish under DRM. They just can't try and make it apply to the whole web. Nothing of value is being lost here.

you get a world where content owners would and you can somehow mine the keys

Mine the keys illegally I think you mean. Possibly with disproportionate penalties as used by the recording industry in their anti p2p lawsuits.

Let's just not go there. Less effort + less risk == Win

Re:Open source browsers?

[GameboyRMH]

It's worse because it's an idological loss - DRM has no place where technical competency and/or openness exist - and because it could accelerate the adoption of DRM by providing a standard.

It's also worse because it adds to the complexity of a system for no gain - unless you count the aforementioned DRM standard a gain. I don't, I'd rather have the DRM stay where it belongs, in shitty plugins that have to be installed one user at a time.

Re:Open source browsers?

[ssam]

I think its the end for being able to view a lot of content on open source systems. If the DRM module is decrypting it and passing it to the browsers rendering engine, then an opensource browser could capture it defeating the whole point. So the modules will want a method to pass the decrypted content straight to the screen (HDCP), or having guarantees from the browser and OS that saving and screen capturing are disabled.

Re:Open source browsers?

[DriveDog]

>>Amen. 'They' (Netflix and co) need the web, not the other way round.

>(All DRM is purposely designed to break content. It provides absolutely no benefit to the user)

These are the two most relevant comments I've seen, and excellent short'n'sweet arguments against having DRM in an otherwise open standard.

Re:Open source browsers?

[stealth_finger]

If it's so laughable, then isn't it better to just have it? So instead of a world where content owners won't publish jack on HTML5 (you read that right, content owners of the content you're willing to pay for will never publish on HTML5 unless they have some sort of DRM), you get a world where content owners would and you can somehow mine the keys. I don't see how this is any worse.

For every Hollywood movie, cookie cutter show or bland pop act the industries are trying to force you to pay through the nose for there are a hundred indies doing it for the kicks and are just happy to be seen. Maybe its better they keep all the crap on html5. Then they'll be all like 'internet downloading is killing internet downloading'

Re:Open source browsers?

[calzones]

Some of us simply believe that if someone is going to try to impose DRM on us that it should be an inconvenient onus on them and the consuming public to do so. A fragmented non-API solution would mean that content providers choosing to implement DRM would face greater costs and suppressed demand due to the extra hurdles imposed by DRM.
If both any given content provider AND their audience agreed it was worthwhile to install Flash or Silverlight in order to view the content, then that's what they would do.
On the flip side, any content providers that attempt to impose DRM on an audience unwilling to install Flash or Silverlight would find their subscriber base evaporating, forcing them to release the content without DRM and find a different way to earn money. Once it's standardized and part of the browser, any moron on the web will suddenly feel like they can and should protect their content and all users will be forced to comply or stay out of the web.
Bottom line: DRM as a hassle means the onus is on content providers to provide users with a suitable value proposition and it leaves greedy or misguided or trend-following content providers who cannot meet that standard out of the web (or else on the web, but free). DRM as an integrated seamless solution flips that around and leaves consumers who seek free content out of the web.

Re:Open source browsers?

[marcello_dl]

> If it's so laughable, then isn't it better to just have it?

Yes, let's run unverifiable crap on our PCs. Nothing ever wrong happened with that.
Hmm it's like microsoft era and the NSA activities never happened for you, good, good.

Re:Open source browsers?

[Arker]

"If you believe that Copyright should be able to exist on media and that authors and/or distributors should be able to charge for the video/audio, and you believe that technological protection measures may have some impact to reduce non-paid use of such media, and you believe that it is in the interest of consumers to have standards for these sort of things, then you may view EME as a good thing."

Sorry that's a horrible strawman. Lots of people believe in copyright without condoning DRM in any way shape or form.

Re:Open source browsers?

[NickFortune]

A standard that petulantly refuses to describe what the big players are doing anyway is worse than useless. The W3C finally learned this lesson, but apparently /. has a shorter memory.

So presumably we should legalise mugging because muggers are going to rob people with violence whatever we do, and if we're going to have destructive anti-social behavior, it's far better if it's enshrined in some sort of formal framework?

Re:Open source browsers?

[sl4shd0rk]

And they want an internet for them, not you. Works both ways.

Then let them open their own vpn.com and sell accounts to whatever DRM spew they want to pimp to the pants-on-head-stupid masses who will click on anything like it's a friggin whack-a-mole competition.

Re:Open source browsers?

[lgw]

A technical standard is in no way, shape, or form a law. That's probably where your thinking went off. A technical standard is just a piece of paper, making some recommendations. There's no enforcement or compulsion here, no requirement to comply.

Standards are useful precisely to the extent they describe what the big players actually do, so that you can code against the standard and be content. When standards fail, and the big players just ignore them, then they're only of academic interest - maybe you can learn something from them, but they're not directly useful.

Re:Open source browsers?

[wile_e8]

Except this change still doesn't describe what the big players are doing. All it does is standardize a call to DRM binaries without any standardization of what those binaries do. It in no way describes what the big players are doing in these binaries, meaning we are still going to be left downloading closed proprietary plugins that are only available for supported platforms. Since one of the main goals of HTML5 was to get rid of the plugin mess that was necessary to play media on the web, this is a backwards step that solves nothing.

Re:Open source browsers?

[fustakrakich]

I think it's time to look past the 'big players'. Make them not so big. First by reducing their political influence on technical standards *cough* Microsoft. We don't need 'standards' that cripple our machines. DRM killed the minidisc, which was otherwise a very good standard of the time. It may as well do the same to HTML5. All these things do is raise the bar of entry, protecting the 'big players'. So, fuck 'em. Let's make it easy for the small players to produce and distribute their work. The more the merrier.

Re:Open source browsers?

[NickFortune]

A technical standard is in no way, shape, or form a law. That's probably where your thinking went off.

A technical standard and a law are both ways of defining how we want some aspect of the world be work. That's probably where you've failed to keep up. (BTW, do we really need to do this all snide and sarcastic? I mean I'm up for it if you are, but it's not exactly conducive to a constructive discussion. Your call :))

Standards are useful precisely to the extent they describe what the big players actually do, so that you can code against the standard and be content

Standards are only useful if people follow them yes. But that doesn't mean that we should use them to rubberstamp every counter-productive, short-sighted or destructive practice currently being persued.

Standards are supposed to be about how to make something work well.

Re:Open source browsers?

[scarboni888]

Lack of imagination would be my guess.

Re:Open source browsers?

[magic+maverick+]

It works in Ankh-Morpork. And you wouldn't want to argue with Vetinari would you?

Re:Open source browsers?

[lgw]

It seems to standardize as much of the process as is possible. What more can you ask? There aren't any alternative approaches that the big players would actually use, and this approach keeps the DRM stuff off in a corner where it won't make a mess of non-DRM video.

Re:Open source browsers?

[kbg]

So instead of the Flash plugin you have the DRM plugin. How is it that any better?

Re:Open source browsers?

[fustakrakich]

And if you think it's so easy to crack, then why do you care?

Because it gives the cops probable cause to bust down your door, shoot the dog, and steal your equipment under the mere suspicion there's something illegal going on. Then you are declared an unfit parent for child endangerment because the kids were there during the bust and could have been gravely injured, so the DFS comes and takes them away, and puts them into a foster home...

That's why I care...

And you?

The right to read

[hazah]

http://www.gnu.org/philosophy/right-to-read.html

So fucking sad

Re:The right to read

[Jeremiah+Cornelius]

TimBL should hang his head in shame - then send his OBE/KBE back to the Queen, like Lennon did.

Fucking gongs. The Brits beg for these baubles, too - like puppies, on their hindmost.

Kind of was expecting this

[willthiswork89]

html 5 is a world with real applications, not to say that traditional html did not have real applications but with html 5 now having so many uses and access to hardware acceleration, I think the only next logical step to gain more commercial popularity was to give companies a way to protect their programming investment. I know my self I worried about using html 5 as a valid alternative to some programming I am doing because of the seemingly easy nature to steal and reproduce something I want "closed source". Don't get me wrong here, I love open source and hope this isn't something that is mandatory. But I also see some benefit of being able to protect my code. The real question will be how easy it will be to get around it.

Re:Kind of was expecting this

[wagnerrp]

If you allow web sites to require DRM, the web is no longer open. That's all there is to it. If you browsers must protect content, then browsers must be certified and signed before they can access the content. Had your desire to prevent the theft of your hard work guided the original protocols of the internet, it never would have become the important communications resource it is today.

Re:Kind of was expecting this

[VortexCortex]

I think the only next logical step to gain more commercial popularity was to give companies a way to protect their programming investment.

Do you accept the mechanic welding your car hood shut and installing a coin slot into the ignition system to protect his mechanical investment in your car?

No. What you do is come up with a contract to do work, the work gets done, paid for once, and that's that -- Just like home builders and every other labor industry. The mechanic's work only benefits one car owner. Bits are in infinite supply. Do this: Imagine a board room meeting where you pitch selling ice to Eskimos as a valid business strategy -- You'd be a laughing stock. Selling bits to folks with computers is just as valid as business strategy in the Age of Information. Economics 101: That which is in infinite supply has zero price regardless of cost to create. Sand and water were very costly: Born of a supernova, and yet look at their price. When you pay for water or sand you're only paying for the labor it took to haul or process it -- The same should go for bits.

A digital work has the potential to benefit all of culture. To leverage the one-to-many property of information dissemination one needs to charge all the customers. To do this one need only NOT do the work until you know you'll be paid for it. Don't do the work for free, then try to enforce restrictions on the duplication of infinitely reproducible information. Otherwise, the Eskimos will soon end you in rebellion over moronic ice taxation. You have an unlimited monopoly over your work BEFORE you do it, just like the home builder, mechanic, or burger joint has.

Seek funding prior to doing the work. Do the work. Distribute the work freely, it's cheaper for everyone that way -- including developers. To get more money, do more work. Is it a miracle that crowd funding can be used to have society fund a cultural work? No, this is the nature of information. It's no wonder larger established companies are now using such to get initial funding for projects. They can sell direct to the consumers now. Soon competition among those who would crowd-fund all proceeds and give the content away for free (since it's already been paid for) will drive others who accept such funding and charge for the output we paid them to perform to lower prices and stop leveraging artificial scarcity; They will simply ask for what profit they actually want to make, rather than install the coin slot ignition system.

So, you see: There is NO benefit of being able to protect your code. You shouldn't write it for free, then expect payment. Why would you subject yourself to such an asinine futures market for your livelihood? If you work for a corporation writing code you do not try to protect it from them. If you work for society itself it will be the same (or better) compared to working under the publisher's boot. You will still not need to protect your code. There is no need to fear the ability to "steal and reproduce" the output of your labor.

Think man! Yours is not "the only next logical step". I have just disproved this. The output from your labor is in infinite supply! Market what is scarce instead. What's scarce is not the bits. What's scarce is your ability to configure the bits, your labor. That is something no one can take from you. If you want to end piracy, I have just shown you the way. Now, as mother nature has said: You will either adapt, or become extinct.

Shoot in the foot

[gmuslera]

Putting in the very fabric of the web a point of obscurity, just when we have to figure how to deal with security after the death of trust=. We are in the risk of breaking internet into country-sized pieces, and with this W3C is hitting it with a big hammer to see if it stands.

Re:Shoot in the foot

[sourcerror]

You can also view this as an attack on Silverlight. At least with HTML a bigger part of the stack is open.

Say it ain't so!

[mark6509]

Please tell me that Tim Berners-Lee is only declaring it as in-scope so that it doesn't get worked on by some other group, so it can be killed as it should be.

Re:Easy solution

[Peristaltic]

If nobody visits DRMed websites I think the whole thing will sort itself out.

...and I'm starting a porcine flight training program, which is sure to be a huge success.

Missing the big picture

[no_opinion]

Yes, I know I will be flamed for this, but I think the thing that is getting lost in the conversation is that we've all be using DRM for years, and the point of this is to increase interoperability. How many of us have netflix or amazon movie streaming? Buy kindle books? Use steam? Even the books downloadable from my library use some form of protection. Most people don't care, because those protections don't impact our typical usage patterns. But all of these services live in their own separate worlds, because they are not interoperable. Adding support for a common protection standard doesn't suddenly make it possible to encrypt movies or harder to download images on the net because that already exists today (and has for years)! The point is to end the balkanization of media players and let everything work in your vanilla browser. That sounds good to me.

Re:Missing the big picture

[jedidiah]

> and the point of this is to increase interoperability.

This does squat for increasing interoperability. It doesn't really change much of anything actually. The real problem is that it demonstrates a fundemental philosophical shift on the part of those entrusted with looking after web standards.

The web is no longer an open medium designed to be usable by anyone with any browser.

No, it's just another content consumption medium now. It's just cable TV.

The old status quo was fine. The corner case of media consumption was isolated while still being accommodated.

There was simply no need to "swim in the kool-aid" here.

This will not make Netflix any more accessible to Linux and will likely only make more of the web INaccessable to Linux and other alternative and non-corporate players.

Re:Missing the big picture

[serviscope_minor]

That sounds good to me.

That's because you misunderstand the proposed standard.

The standard is a standardised API to an external encryption plugin. All this means is that it is marginally easier to communicate with the plugin, though clearly it isn't much of a problem at the moment with flash anyhow.

It will still require a binary plugin to actually do the decryption, just like flash.

How many of your devices have flash?

Do you think $RANDOM_EME_PLUGIN will work on your Windows PC (of course!). Your Windows phone (uh...?) your Mac (perhaps...) your older Mac (probably not) your brand new Andriod phone (could do), your older Android phone (doubtful), your Atom android phone (really unlikely), your Blackberry (ha!), iOS devices (crapshoot), your TV with a built in web browser (not a damn chance).

If you think "just like the bad old days where you had to worry about who Adobe was supporting today with flash except now any monkey thinks they can make a binary DRM plugin because it's standard" sounds like a good thing, then you have a very different definition of "good thing" to me.

Re:Missing the big picture

[mark6509]

I can see your argument, but on the other hand I look at the example set by digital audio. The same balkanization occurred there, until finally things got so bad that finally the media caved to pressure and now I can finally buy legal audio in formats that really are interoperable. There were several lousy years where I basically gave up buying new music while the industry figured out that the reason I wasn't buying what they were selling was because DRM didn't work for me.

So there is precedent that delaying adoption of really interoperable DRM has resulted in better media access in the end. On the other hand, I can't think of any precedent saying that having relatively painless DRM has resulted in better media access. Of course it's possible, but I think precedent weighs against you.

On the other hand, maybe you're right and the battle is already lost; with digital audio it was really Apple's closed distribution model that finally broke the camel's back-- there was no way for anybody except Apple to encrypt music for iPods, and music encrypted for iPods wouldn't work anywhere else. Nobody was able to put together a deal that would bridge that gap, and although Apple's market share was significant it wasn't big enough to standardize the entire market on, and consumers knew that they would be screwed one way or another if they opted for any of the then-available DRM flavors, so enough of them stayed out of the market that eventually the markets were forced to open up. With digital video, that hasn't happened. All of the major media playback manufacturers support the same DRM flavors, so most of the market can be served with relatively little pain.

On the third hand (ha ha), while I have started buying music, I've stopped buying videos. I bought a lot of DVDs after CSS was cracked so I could actually play them on my other devices; it was essentially an interoperable format in practice if not in law. I stopped when Blu-Ray came out because DVDs became second-class citizens, but Blu-Ray was too locked down. Streaming rentals work for me because the DRM only has to work once, but I'll never actually trust that streaming companies will still be there, supporting "my" content years from now after they've made their buck today.

So I still think that there's an effectual struggle to be made, that there's a chance that big media can be convinced to accept open standards. I'm not super optimistic, but I think it's possible, and so I'd oppose any attempt to make DRM more seamless and interoperable for the masses (easy for me to say, since they never seem to interoperate with MY devices anyway. Hazards of running Linux I guess).

Re:Missing the big picture

[no_opinion]

> The web is no longer an open medium designed to be usable by anyone with any browser.

I don't understand how this changes anything. Aren't there already plug-ins and even HTML5/Javascript/CSS features that are browser or platform specific? If this gets adopted, will there be more or less content available in-browser? Most media services want to maximize their addressable user base, not minimize it, so interoperability is in their interest.

As far as this being a corner case, maybe you have not seen the recent numbers on internet traffic (yes I know internet != web, but this is what people are doing). See: http://allthingsd.com/20130514/netflix-still-eats-a-third-of-the-web-every-night-amazon-hbo-and-hulu-trail-behind/

I think this is a reasonable application of the 80/20 rule: as media consumption becomes the 80%, browsers want to continue playing a central role, and that will be made easier by this.

Re:Missing the big picture

[blackiner]

That baseline protection is essentially no protection at all. The site owners (Netflix for example) are not obligated to support this baseline protection either, so if you visit Netflix and your browser only supports this open source baseline encryption, you will see nothing. You should just pretend this part of the standard doesn't exist, it is completely meaningless.

Re:Good luck with that

[Guspaz]

Huh? EME is already supported in the shipping versions of Chrome and IE, with Safari coming soon, and is already in use in the real world by Netflix to deliver video to users of IE and ChromeOS. Firefox is the only major browser to have not implemented or begun implementing support for it, and with every other major browser supporting it, all that will accomplish is to marginalize Firefox amongst the average user. To them, the problem will be manifested as "Netflix doesn't work in Firefox".

Re:I think they're missing something...

[Guspaz]

And EME is Encrypted *MEDIA* Extensions. It works on the HTML media tag, for encrypting audio and video, not HTML. It has nothing to do with HTML, nothing to do with copying and pasting or saving text or documents.

Encrypted video support in browsers is going to happen, or rather already has happened since EME support is shipping in most browsers used today and is in active use on the web, whatever the W3C or Slashdot users think about it, because there is a huge amount of demand in the real world from users and content providers. If it's going to happen anyhow, shouldn't it at least be standardized?

Re:The Internet will route around it...

[geeper]

SMART People will use browsers and websites that don't use the DRM tech, and "big media" will wonder why 1% of their traffic dropped off... must be the pirates!

And the other 99% will use will go on using whatever is handed to them.

Re:The Internet will route around it...

[Conspiracy_Of_Doves]

Tech-savvy people will use those browsers and sites. The vast majority of people on the internet have no idea that this issue even exists or why it's important.

MOD PARENT UP

[Tailhook]

Signed binaries running from a signed kernel, booted on UEFI Secure Boot hardware you can't legally compromise.

Alan Cox explained this 12 years ago.

That is the dream these people have.

Re:MOD PARENT UP

[hairyfeet]

Sounds just like Chromebooks to me, the only difference is IF you put in a page and a half of CLI gobbledygook that most can't pull off then and ONLY then can you take what was once a standard X86 laptop and install one of a handful of hacked bootloader Linux versions. Oh and no dual booting for you citizen, can't have that!

It just amazes the hell out of me that one company can cook up something nasty, like turning an X86 laptop into a locked down corp controlled thin client and get cheers and when another company does the exact same thing get treated as a monster. Would the ones that cheered the Chromebook have had the same reaction to a Winbook? Kinda doubt it.

As for TFA this is precisely why we must fight tooth and nail not to take HTML V5 in its current form, as its practically a love letter to the big corps who would like nothing more for the future to be similar to Chromebooks, locked down devices that access apps and content "stored in the cloud" that can only be viewed or used with approval.

Re:MOD PARENT UP

[mgiuca]

Chromebooks come with instructions on how to both:
a) unlock the bootloader and boot into a version of ChromeOS that gives you access to the Linux file system, allowing you to run arbitrary binaries including a modified kernel or Chrome executable, and
b) install alternative operating systems including Ubuntu, as well as running Ubuntu in a chroot (see: Crouton) so you can switch between ChromeOS and Ubuntu without rebooting.

There is nothing user-hostile down about Chromebook's boot protection. They just come with the security enabled by default (and make it a bit tricky to disable it so that an ordinary user does not accidentally flip the switch off). That is totally different from hardware that physically does not let the user install custom binaries.

Re:Tim Berners-Lee

[jedidiah]

It was THE WEB.

There's a difference you know.

Just to Point Out

[carrier+lost]

It wasn't all that long ago that browsing the internet with Linux was seriously crippled

Many sites in the early days used Active-X, Microsoft's "answer" to Java, which was only readable by IE and IE for Mac.

I remember not being able to use government services and banking sites because of this.

Because of the huge installed base of MS products, many govs and businesses just rolled out MS-centric solutions without any care for Unix, Linux or Mac.

Trust me, you don't want the web to go back to that.

It may not be MS at the helm this time, but it's easy to see that if there is a content-restrictive standard instituted for the web, there will be great pressure for it to be applied (even in places where it may not be needed!) and the collateral damage is inestimable.

WHATWG

[zmooc]

Due to slowness and creating other "less ideal" conditions, the W3C is quickly becoming an irrelevant marginalized nothing. They've their control over the HTML5 spec long ago; all browser manufacturers follow the HTML5 spec that's maintained by WHATWG (which, coincidentally, was formed by those browser manufacturers out of discontent with the way W3C managed it. Apparently they've learned nothing from that since this DRM stuff will marginalize them even further. Nowadays, W3C approving stuff has just about nothing to do with what browsers will support or what the Internet will look like in the future.

Great news !

[TractorBarry]

Hopefully this means the *AA cartel can build their own "consumernet" where they can carry on with the obsolescent rent seeking business model with the masses and the rest of us can get along using our newly usable (hopefully fully encrypted ad vastly improved) internet again.

Of course when the "consumernet" gets no customers they'll bribe some more law onto the various statute books of the world but hey ho, c'est la vie.

Re:I think they're missing something...

[Microlith]

And EME is Encrypted *MEDIA* Extensions. It works on the HTML media tag, for encrypting audio and video, not HTML. It has nothing to do with HTML, nothing to do with copying and pasting or saving text or documents.

For now. The demand will inevitably be made for it to cover everything.

there is a huge amount of demand in the real world from users and content providers.

Yup, those same content providers who buy congressmen and manipulate our laws entirely in their favor and abuse the DMCA with no repercussions.

If it's going to happen anyhow, shouldn't it at least be standardized?

It isn't standardized. It still requires proprietary, arbitrary blobs and works on all of two OSes.

Protected Video Path

[tepples]

With this hypothetical example the areas to target would be the output container (think Fraps capturing the entire window, or a portion)

Windows Vista, Windows 7, and Windows 8 include a Protected Video Path that encrypts video even over the PCI Express bus. I'd imagine that Microsoft anticipated programs like CamStudio and FRAPS and blocked API calls like PrintWindow() and GetWindowDC() and glReadPixels() for a window displaying DRM restricted video.

or capturing audio via your speakers (the audio stream itself isn't encoded at this point).

Audio is already routinely watermarked using Cinavia technology.