Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Firefox Will Handle DRM In HTML

Posted by Soulskill on from the backed-into-a-corner dept.

An anonymous reader writes "Last year the W3C approved the inclusion of DRM in future HTML revisions. It's called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, it had the support of several major browser makers, and now Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, 'This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. ... From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. ... Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.'"

9 of 361 comments (clear)

  1. Isn't hard drive access desirable? by CRCulver · · Score: 3, Interesting

    In our implementation, the CDM will have no access to the user's hard drive or the network

    As with all DRM schemes, it's only a matter of time before this is broken. However, to save the decrypted content to the hard drive, one has to, well, have access to the hard drive. Does Firefox's architecture actually get in the way of users eventually pirating the content? Might have to switch browsers if that's the case.

    1. Re:Isn't hard drive access desirable? by Ash+Vince · · Score: 5, Interesting

      As with all DRM schemes, it's only a matter of time before this is broken.

      DRM being crackable is not actually that important, what matters is how difficult it is for the average user. You only have to make it slightly tricky or add some slight perceived risk to downloading pirated stuff and they will choose to pay for it instead. For most people with a bit of cash the hassle factor of DRM is what keeps them on the straight and narrow, for the people without cash who cares, they probably would not have paid for it anyway.

      Some people who pirate lots of stuff eventually grow into big paid consumers of stuff when they get a bit money, but when they do they often end up forgetting about their strict stance on DRM and just sign up with Netflix or Lovefilm or whatever based on how convenient it is for them. Who cares about keeping a copy of the latest crap to come out of content permanently, just give us lots of stuff to watch on demand and most of the time as consumers those of us with money are happy.

      Does Firefox's architecture actually get in the way of users eventually pirating the content?

      It's not really the job of browser vendors to make sure you can be a freeloading shithead is it? Their job is to make a product that as many people find useful as possible and that means a certain amount of mass appeal. Refusing to support this part of the standard would have robbed Firefox of more users than they will lose by supporting it.

      The reality is that people who view piracy as some sort of moral duty and right like you do are in the minority, that is why most of the public quite happily go along with more stringent copyright laws being drafted by the politicians they elect. That means that creating a browser that will be unusable for certain sites that want to protect their content will just drive users away.

      BTW, I actually also think DRM is a joke and a complete waste of space and that more companies should trust us to buy their content if we like it. I spend a fortune on services like netflix and cable TV. I also think though that people who refuse to pay should do without, pure and simple. Anything other than that is freeloading off those of us who pay.

      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
    2. Re:Isn't hard drive access desirable? by CRCulver · · Score: 3, Interesting

      The reality is that people who view piracy as some sort of moral duty and right like you do are in the minority, that is why most of the public quite happily go along with more stringent copyright laws being drafted by the politicians they elect.

      Come visit us in Eastern Europe sometime. Furthermore, even in more affluent countries, it seems to me that an enormous proportion of the youth are getting their music from YouTube, not from buying CDs or purchasing legal downloads. You can find nearly any album from any era on there. Yes, Google might send a little bit of advertising revenue to whoever complains, but most of those songs were uploaded by a third party, not the copyright holders or artists.

    3. Re:Isn't hard drive access desirable? by CRCulver · · Score: 4, Interesting

      You can think negatively of pirating all you want, but my point was that, in spite of the OP's claim that pirating is some kind of fringe behaviour, getting whatever music and films one wants from pirate sites instead of purchasing a CD or DVD, is normal for a majority of people in many countries now. There are few shops in Eastern Europe to legally purchase the breadth of content people want, and the prices of what CDs and DVDs are available are considered prohibitively expensive against local salaries, so watching films or getting one's music* from pirate sites has been the usual way of consuming content since broadband first became available here in the early millennium.

      (* As I mentioned above, it may be that YouTube has now become the standard venue for listening to music. While some copyright holders may be getting paid for this, whether the upload is authorized or not, is not something that troubles the average person.)

    4. Re:Isn't hard drive access desirable? by Anonymous Coward · · Score: 2, Interesting

      You only have to make it slightly tricky or add some slight perceived risk to downloading pirated stuff and they will choose to pay for it instead. For most people with a bit of cash the hassle factor of DRM is what keeps them on the straight and narrow, for the people without cash who cares, they probably would not have paid for it anyway.

      Then there are people like me. I have a bit of cash but have no desire to trade any of it for a product that will be actively hostile to me, or to reward a company who continues to lump me, the paying customer, in with the same group as pirates.

      If the company wants to give the pirates a better product than their paying customers, where the paid version limits me in stupid ways (aka forcing me to have/connect/power an optical drive for their installer media while the software runs 100% from internal storage - or forcing me to waste hardware resources on a dongle/key) then I will do without their product while they do without my money.

      If the company wants to load their DVD or whatever with unskippable ads for other equally unscrupulous companies, pop up a 60 second long unskippable picture telling me how much prison time I will get for obtaining this video in any other way, despite the fact I already have the preferred medium and paid to get it - then I will do without that product while they do without my money too.

      Give me a product that doesn't slander me personally, and isn't limited more than the version the pirates would get, and I have no problems sharing that bit of cash in return. I do so frequently, and "a bit" is a surprisingly large value in this case compared to how I would normally use that phrase.

      Additionally for software at least (not so much movies/tv in this case), I am one who many other people solicit recommendations from.
      Sure, there are "only" around 300ish people who will make purchasing decisions on my recommendations, but if I dispise your product or your company, I will not be mentioning either unless it is to sway one against it.
      When I do like the product or company I tend to ramble on and on about how much I like it and exactly why (perhaps ramble more than non-geeks would prefer, but that gets balanced out by the excitement in my speech that tends to get picked up on)

      You can only burn the ignorant once before those people are no longer ignorant and share the same hatred of how they are treated. Even after "changing your ways", many won't bother to give a second chance and will continue to repeat their original bad experience.

      This simply can't be a good long term business approach. Yes the pool of ignorance is pretty large, but it is shrinking every moment.
      It's only a matter of time until such practices are universally hated by the majority, and those companies practicing them plus all future ones who plan to do so will fail.

      I also think though that people who refuse to pay should do without, pure and simple. Anything other than that is freeloading off those of us who pay.

      I agree completely, although for different reasons.
      People who don't want the product as-is SHOULD refuse to pay and do without. They should also take a moment to inform the company that their product was considered and ultimately rejected as even an option, and be specific about exactly WHY.

      I do not feel the pirates are freeloading off of me, or anyone else who pays for that matter.
      In fact I don't feel personally or directly harmed by the actions of pirates, with exception of occasionally being jealous that better options are given to them than are even available to me.

      But I DO blame the pirates for basically indirectly rewarding companies that clearly do not deserve reward. The companies must know it isn't always about price. They need to learn somehow, and piracy only sends the wrong signals and causes confusion that gets interpreted (purposfully for evil, or honestly out of ignorance) as their actions are acceptable if perhaps it was only a little cheaper.

  2. Personal DRM by Anonymous Coward · · Score: 5, Interesting

    What we need to do is figure out how to apply DRM to the personal information emanating from our machines. You will then be able to lawfully defend against those who profit from that information. Of course you could work out an arrangement to get a slice of the gross coinage as well ;).

  3. Ayn Rand Quote Time by bmajik · · Score: 2, Interesting

    Oh look. Here's a whole _page_ of Ayn Rand quotes about compromise

    In any compromise between good and evil, it is only evil that can profit

    or...

    Contrary to the fanatical belief of its advocates, compromise [on basic principles] does not satisfy, but dissatisfies everybody; it does not lead to general fulfillment, but to general frustration; those who try to be all things to all men, end up by not being anything to anyone. And more: the partial victory of an unjust claim, encourages the claimant to try further; the partial defeat of a just claim, discourages and paralyzes the victim.

    http://aynrandlexicon.com/lexi...

    Many folks have a go at the idea that they can somehow tame evil or compromise with it without being tainted too much. I'm not sure this has ever really worked out.

    There is a lot to like about the Richard Stallmans of the world. They are clear about the what and the why, and they stick to their guns.

    --
    My opinions are my own, and do not necessarily represent those of my employer.
  4. Making bug reporting illegal?! by Anonymous Coward · · Score: 4, Interesting

    From Cory Doctorow's article today...

    ...the Adobe module is not only closed source, it is also protected by controversial global laws that threaten security researchers who publish information about its security flaws.

    These laws â" the US Digital Millennium Copyright Act, the European EUCD, Canadaâ(TM)s C-11 and so on â" prohibit revealing information that can be used to weaken DRM, and previous security researchers who disclosed information about vulnerabilities in DRM have been threatened and prosecuted.

    This created a chilling effect on the publication of vulnerabilities in DRM, even where these put users at risk from hackers. For example, when word got out that Sony BMG had infected millions of computers with an illegal rootkit to stop (legal) audio CD ripping, security researchers stepped forward to disclose that theyâ(TM)d known about the rootkit but had been afraid to say anything about it.

    This gap between discovery and disclosure allowed the Sony rootkit to become a global pandemic that infected hundreds of thousands of US military and government networks. Virus writers used the Sony rootkit to cloak their own software and attack vulnerable systems.

    The inclusion of Adobeâ(TM)s DRM in Firefox means that Mozilla will be putting millions of its users in a position where they are running code whose bugs are illegal to report.

  5. dumb by Charliemopps · · Score: 3, Interesting

    Rather that deal with it in such a complex way, they should just do what linux did for years with MP3s. Popup box "This is an MP3, we can install the thing you need to listen to it, but it's not open source. Do you want it? Yes/No" Simple as that. Let users chose. I don't see how this is any different.

    Then they can let their plugin community quietly subvert the entire mechanism, just like they have everything else, and the industry will abandon it.