Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Quietly Makes 'Optional' Web DRM Mandatory In Chrome (boingboing.net)

Posted by BeauHD on from the flip-of-a-switch dept.

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

95 comments

  1. Chrome by oldgraybeard · · Score: 5, Informative

    Don't care about netflix so bye bye chrome.

    1. Re:Chrome by im_thatoneguy · · Score: 1

      A lot of people do care about Netflix and Netflix on Chrome is only 720p (probably because of previous policies). Now that they're hardening the DRM we'll probably see Edge's exclusive 1080p/Dolby Digital capability go away.

    2. Re:Chrome by Anonymous Coward · · Score: 0

      I hope your comment gets modded even higher than 5. There should be a special category for your comment. It is by far the most informative comment I have read on the web, and it deserves so much more.

  2. Still optional by aquabat · · Score: 3

    It's still optional; just stop using Chrome.

    --
    A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
    1. Re:Still optional by Anonymous Coward · · Score: 0

      And use what? Firefox is about to lose a lot of its extensions, including tabgroups. Now Google finally decided they had enough market share to let the less savory types in management (or even engineering, some people really are too shortsighted for the good of the entire world) run wild.

      Some backlash is *really* required on this one. Where is the EFF?

    2. Re:Still optional by JohnFen · · Score: 1

      There are several FF forks around, such as Pale Moon, that can serve just fine.

    3. Re:Still optional by Anonymous Coward · · Score: 0

      Some backlash is *really* required on this one. Where is the EFF?

      So why can't your precious open source save you? Chromium and Firefox are open source. What's your problem? Hypocrisy much?

    4. Re:Still optional by Anonymous Coward · · Score: 1

      probably a unique browser ID is also generated during installation which it then hands out to any server that asks. your VPN tricks will no longer work

    5. Re:Still optional by exomondo · · Score: 1

      It's still optional; just stop using Chrome.

      Or delete the DLL from the plugins directory, or change the permissions on the plugins directory or use Chromium (which is essentially Chrome without the DRM bit anyway).

    6. Re:Still optional by Anonymous Coward · · Score: 0

      No, they don't. Pale Moon already doesn't support those addons, and the rest are even less likely to support them. It's no trivial task; why do you think Mozilla is dropping support? Because it's such a low effort task to maintain that old addon system?

    7. Re:Still optional by hairyfeet · · Score: 2

      Or just use one of the forks, not like there isn't plenty of choices. There is just off the top of my head Chromodo and Comodo Dragon by Comodo (I use Dragon its quite nice while Chromodo is their bleeding edge build), SWIron, Torch, Vivaldi and Opera.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    8. Re:Still optional by Anonymous Coward · · Score: 5, Interesting

      Or delete the DLL from the plugins directory, or change the permissions on the plugins directory or use Chromium (which is essentially Chrome without the DRM bit anyway).

      Nope. Stop right there citizen.

      Changing ANYTHING about the DRM stuff is a no-no under the DMCA. You have no right to block it. You have no right to turn it off, and coming soon, you will have no right to a computer or software without it.

      In all seriousness though, I do wonder if changing the permissions on or deleting a DLL that provides DRM would be considered "tampering or circumventing a technological protection measure" under the DMCA and it's variants. Of course the browser is entitled not to play the content if that's the case, but my money is on the "You bet your ass it is." side considering that "helps" to increase corporate profits.

    9. Re:Still optional by Anonymous Coward · · Score: 0

      I'm a Russian citizen where DRM might be prohibited by the law banning all forms of encryption. Can I compile from source Chromium without that crap?

    10. Re: Still optional by Anonymous Coward · · Score: 0

      Citation needed. Have you read the friggin DMCA?

    11. Re:Still optional by Anonymous Coward · · Score: 0

      Because they have very limited funds (well quite a lot actually) and are concentrating on putting it all into trust so that they can live off the interest rather than depend on search related funding. Or they youngster can't be taught rdf so they folded and went chrome like instead. Or they want to destroy mozilla as a developer of software people want to use and develop for but destroying the browser alone hasn't stopped people using it for the addons they like/need. Then the only option is to remove the addons they don't develop via reduced functionality or signing.

    12. Re:Still optional by Anonymous Coward · · Score: 1, Interesting

      It's unclear what will happen to the forks. I think the forks are all using the Chromium source code which is from now on also going to be contaminated with this change thanks to Google.

    13. Re:Still optional by Anonymous Coward · · Score: 2, Insightful

      It is a question of enforcing a small market share. We want DRM to continue being a "enable it, instantly lose a lot of viewers". Just like intrusive ads (a piece of static text or a picture without spyware javascript coming along with it) are widely considered "evil virus carriers" (which they *are*), we would like EME DRM to be known as such too, with the same self-protection behavior: disable it in the browser (i.e. same as using ad-blockers).

      It is the only way to force the industry to find a better way (to deliver content, to deliver ads without compromising your computer and privacy along with it). Otherwise, they will take all they can and reverting a bad situation is always a lot more damaging and difficult in the first place, than avoiding it taking root in the first place.

      So, think of it as a boycott call. Because ripping EME out of Chromium (or making it optional again) *is* going to be something the Linux Distros are going to do *anyway* (on the grounds that they don't want to ship the EME closed-source blobs in the first place), that has never been my concern. Besides, I can and will help (I have the skills and I am a member of the community with the right contacts to do it) at least three of the major Linux distros rip it out if necessary.

    14. Re:Still optional by Anonymous Coward · · Score: 0

      The -1 for this comment proves yet again how broken Slashdot's moderation system is.

    15. Re:Still optional by Anonymous Coward · · Score: 0

      Please check before making recommendations. From Wikipedia:

      According to Lifehacker, Iron doesn't really offer much you can't get by configuring Google Chrome's privacy settings. According to others, it is scamware or scareware, since the developers bring up non-existent issues about Chrome to claim Iron solves it.

    16. Re:Still optional by Anonymous Coward · · Score: 0

      Pale Moon's rendering engine is too out of date. Just go here and download one of the "EME-free" versions:

      https://ftp.mozilla.org/pub/firefox/releases/51.0.1/

    17. Re:Still optional by Big+Hairy+Ian · · Score: 1

      Chromium

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    18. Re:Still optional by Anonymous Coward · · Score: 0

      If the country were to actually ban encryption, wouldn't that also mean the end of DRM?

    19. Re:Still optional by Anonymous Coward · · Score: 0

      The mundanes don't care. Good like with the fight though.

    20. Re:Still optional by Sloppy · · Score: 2

      No. DMCA has been common fodder on Slashdot for .. oh shit, it's decades plural now, huh? Learn what it says, and also how courts have interpreted it. It's actually not that big of a topic.

      I'm leaving out a lot of synonyms or near-synonyms, but basically: you're prohibited from bypassing a technological measure that limits access to a copyrighted work. Removing your computer's ability to descramble DRMed stuff is not a violation, because doing this does not provide you with access. It is perfectly legal, per DMCA, for you to do that.

      (You might have violated a contract by deleting a shared library, though. DMCA aside, we saw some sweeping "judicial activism" in contract law, a few years ago. (Thanks, Blizzard and their customers.) It's possible that you [wave hands] did a thing [waving harder, look over here!] equivalent to signing a contact, where you magically (and unknowingly) (and possibly requiring time-travel) agreed to not alter or delete any of the proprietary software on your computer.)

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    21. Re: Still optional by Anonymous Coward · · Score: 1

      Have you read any of the legal issues companies are using to stop people from legally using products? Like the printer company that stopped refills because of DMCA. Or what's happening right now, car companies stopping repairs because of DMCA. Tractor companies stopping repairs because of DMCA.
      So yeah, this is a thing.

    22. Re:Still optional by exomondo · · Score: 1

      In all seriousness though, I do wonder if changing the permissions on or deleting a DLL that provides DRM would be considered "tampering or circumventing a technological protection measure" under the DMCA and it's variants.

      Of course not, if the DLL isn't there it's the same as not having HDCP in your display or the wrong region DVD player. The content simply won't play because you don't have the capability to play it.

    23. Re:Still optional by exomondo · · Score: 1

      It's unclear what will happen to the forks.

      If they didn't have code changes they would be pointless, any fork that maintains the chrome://plugins functionality is probably a fine choice.

      I think the forks are all using the Chromium source code

      Well yes, otherwise they wouldn't be forks of it now would they.

    24. Re:Still optional by Anonymous Coward · · Score: 0

      I think the forks are all using the Chromium source code

      Well yes, otherwise they wouldn't be forks of it now would they.

      That sounded pretty moronic on my part. I meant to say that the fork was not a one time thing, but they try to be in sync with the Chromium code base which is now contaminated.

  3. Re: Yes, but... by Anonymous Coward · · Score: 1

    Hmm... would that constitute tampering under DMCA?

  4. easy by Anonymous Coward · · Score: 0

    Use IE.

  5. Re:Fake news by Anonymous Coward · · Score: 5, Informative

    They've moved the options regarding Flash and PDF Reader plugins. Widevine is not listed nor given the option to be disabled within the UI.

    Also these are Plugins not Extensions, two entirely different things.

  6. A OK! by Anonymous Coward · · Score: 0

    Pretty soon Microsoft will look like angels...

  7. Re:Yes, but... by NotInHere · · Score: 5, Insightful

    Google Chrome is not open source. Only Chromium is. And Chromium already has web DRM disabled by default. So you will only have to build Chromium, without any changes to the source code at all.

  8. Was it again? by Anonymous Coward · · Score: 1

    Something something Evil....

  9. Google is now evil by Anonymous Coward · · Score: 0

    who would have guessed

    1. Re:Google is now evil by taustin · · Score: 3, Insightful

      Now? Where have you been the last 10 years?

    2. Re:Google is now evil by houghi · · Score: 2

      To me they became evil the moment they raped https://dejanews.com/

      --
      Don't fight for your country, if your country does not fight for you.
  10. Sounds wrong by Carewolf · · Score: 1, Interesting

    Widevine like all EME are plugins, they are not part of the browser binary, but separate libraries. Chromium couldn't be open source if it wasn't designed that way. So remove the plugin? In any case the part about researching Chrome... WTF? Chromium is open source...

    1. Re:Sounds wrong by Anonymous Coward · · Score: 2, Informative

      See related story here. You can no longer remove that plugin. As for chromium you could always compile your own version to allow you to remove the plugin in question but it's probably easier (and better in principle) just to dump chrome and it's offshoots altogether.

    2. Re: Sounds wrong by Anonymous Coward · · Score: 0

      only one guy/gal has to build it and make a pkg for people to install.

    3. Re:Sounds wrong by Carewolf · · Score: 1

      See related story here. You can no longer remove that plugin. As for chromium you could always compile your own version to allow you to remove the plugin in question but it's probably easier (and better in principle) just to dump chrome and it's offshoots altogether.

      Chromium doesn't even support widevine since it uses proprietary codecs, and those are only enabled in official Chrome builds.

  11. Is it just me by buss_error · · Score: 4, Insightful

    Or is anyone else getting tired of basic internet tools being turned in to monsters? By that I am talking about FireFox deciding to not trust a certificate, you can't select "Yes, I know, give it to me anyway". EG: StartCom's certs - you can't click past, you have to use another browser.

    Another example: Java 8 - I maintain servers. Many thousands of them, all over the globe. No, I can't put valid certificates on them. That would violate compliance in the first place, in the second place, we are talking $many^3 servers. But in Java 8, you have to add the IP to an exception list. Yeah, that's a lot to maintain. So we don't use Java 8.

    Please guys that write this stuff - you cannot make unilateral decisions on security and not impact workloads. Yes, the average Internet user is an idiot and needs to be protected, but those non-idiots don't have the hours of time needed to get around your unilateral coding decisions.

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
    1. Re:Is it just me by zlives · · Score: 1

      for java you can use a deployment file with trusted ip's and a custom certstore file to bypass cert issues. at least most of them.
      not a simple process but if you are managing a large deployment then chances are its no big deal for you.
      firefox is more manual but also doable...

    2. Re:Is it just me by zlives · · Score: 1

      actually not sure about the StartCom's certs, i am unfamiliar with them... but even self signed certs can be added as trusted CA's

    3. Re:Is it just me by exomondo · · Score: 3, Interesting

      No, I can't put valid certificates on them. That would violate compliance in the first place

      Compliance with what?

    4. Re:Is it just me by Anonymous Coward · · Score: 0

      You can click past self-signed just fine. You cannot click passed a pulled cert.

    5. Re:Is it just me by swb · · Score: 2

      Who hasn't been burned by hardware that requires Java but then finds that either the browser or the JVM won't run the interface due to HTTPS compliance problems. And sometimes its not even Java -- we recently ran into some wireless controllers with a default public certificate that was revoked, breaking the management GUI and the captive portal functionality.

      In an ideal world, an organization would have their own internal PKI or buy public trusted certificates for all of it, at least solving the HTTPS certificate issue. But this is a problem for a lot of organizations, either financially or in terms of complexity. And not just the complexity of running PKI, but in getting complex systems that use self-signed certificates to replace those certificates with trusted ones.

      There's seldom a single certificate replacement tool/option, it's often a difficult task that if not done right breaks the whole solution.

    6. Re:Is it just me by Anonymous Coward · · Score: 0

      Here's what happens: person(s) write cool software with good intentions. Software becomes popular. Team size increases proportionally. Some of the new team members are not "with the program" and the rot starts (featuritis, misfeatures, UX "experts"). Time passes, original authors slowly lose interest or are otherwise displaced. Managers and other attention seekers take over. The rot becomes terminal, and a monster is born.

    7. Re:Is it just me by buss_error · · Score: 1

      It depends on where they are (legal jurisdiction wise). All of them would fall at the very least within the business change management. Add in various legal jurisdictions, and various laws within that jurisdiction, with various requirements of the server clients ....

      --
      Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
    8. Re:Is it just me by exomondo · · Score: 1

      That sounds like a *very* narrow problem case on your end, and it doesn't really explain how a valid certificate would violate compliance with your procedures.

    9. Re:Is it just me by buss_error · · Score: 1
      That sounds like a *very* narrow problem case on your end

      But one with a huge cost of manpower to overcome. It is true that others, with fewer points on the surface, will experience less disruption. It is disruption none the less.

      and it doesn't really explain how a valid certificate would violate compliance with your procedures.
      Without being overly specific It is quite simply easier to leave an expired certificate in place than it is to put in a current one. The expired certificate is documented, the new one would have to run that gamut.

      --
      Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
    10. Re:Is it just me by exomondo · · Score: 1

      But one with a huge cost of manpower to overcome. It is true that others, with fewer points on the surface, will experience less disruption. It is disruption none the less.

      So expend the effort (or pay somebody) to fork the Firefox code and implement a toggle, that's the point of Open Source, it it really is a huge cost of manpower to overcome then it will easily be worth the effort for the savings.

      Without being overly specific It is quite simply easier to leave an expired certificate in place than it is to put in a current one. The expired certificate is documented, the new one would have to run that gamut.

      Yes I imagined it was a case of it's just easier to not do it properly, but again the problem is on your end with your business process causing a bottleneck on doing the job correctly.

  12. The streaming model is fucking stupid by MrKaos · · Score: 1

    There I said it.

    Why, because media companies are too stupid to come up with a better model so they bog down the net with streams of moronic shows.

    While I am venting my spleen over stupid stuff, another thing pissing me off is slashdot starting to display ads over the posts even when signed in - please stop doing that shit slashdot.

    --
    My ism, it's full of beliefs.
    1. Re:The streaming model is fucking stupid by CaptainDork · · Score: 1

      ... slashdot starting to display ads over the posts even when signed in ...

      I haven't seen this ... yet.

      I'm running FF 51.0.1 (32-bit) with Adblock Plus and NoScript.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:The streaming model is fucking stupid by duke_cheetah2003 · · Score: 1

      Why, because media companies are too stupid to come up with a better model so they bog down the net with streams of moronic shows.

      Not so sure spewing all the video streams over the 'net is a bad thing. It creates demand for capacity, which is naturally increased. More capacity is pretty much always a good thing IMHO.

    3. Re:The streaming model is fucking stupid by Anonymous Coward · · Score: 0

      top ad blows up and anchors if you don't stay on summary long enough. stay on summary long enough, ad scrolls of the top as you go down the page. don't stay on summary long enough, top ad anchors itself on the top of the screen, covering a third of the screen

    4. Re:The streaming model is fucking stupid by MrKaos · · Score: 1

      Mr AC has has characterized the issue. I'm on 50.1.0

      --
      My ism, it's full of beliefs.
    5. Re:The streaming model is fucking stupid by MrKaos · · Score: 1

      Why, because media companies are too stupid to come up with a better model so they bog down the net with streams of moronic shows.

      Not so sure spewing all the video streams over the 'net is a bad thing. It creates demand for capacity, which is naturally increased. More capacity is pretty much always a good thing IMHO.

      You're probably right and the additional capacity is a good thing, however that doesn't change that it is a stupid model. Advancement and adaptation is a good thing for business and these are businesses highly resistant to change. Their requirements for laws and constructs like the DMCA to sustain their business model instead of evolving to 21st century business conditions just shows that their business model is obsolete.

      They are a 20th century construct trying to stay relevant.

      --
      My ism, it's full of beliefs.
    6. Re:The streaming model is fucking stupid by MrKaos · · Score: 1

      Thanks, you nailed it - that is in fact what is happening when I wait whatever minutes it takes for the as server to get its shit together when I could have finished reading the thread.

      I hate stupid shite.

      --
      My ism, it's full of beliefs.
    7. Re:The streaming model is fucking stupid by Anonymous Coward · · Score: 0

      They already have a non-streaming model, it's called DVD and Blu-Ray, but the people have chosen streaming as a preferred method of consumption.

    8. Re:The streaming model is fucking stupid by duke_cheetah2003 · · Score: 1

      You're probably right and the additional capacity is a good thing, however that doesn't change that it is a stupid model. Advancement and adaptation is a good thing for business and these are businesses highly resistant to change. Their requirements for laws and constructs like the DMCA to sustain their business model instead of evolving to 21st century business conditions just shows that their business model is obsolete.

      Can't say I agree with this either. I personally believe the streaming model is very good, it achieves a balance the MPAA wants, without hindering the customers needlessly. We can all agree DRM is usually an annoying obstacle to doing what we want to do, but the stream model's DRM is pretty much invisible to the customer. The content creators get their stuff 'protected', we get to watch what we want, when we want. So yeah, I don't see a problem with this arrangement.

      Sorry you feel otherwise, but in all truth, other the saying 'its horrible" you really haven't pointed out real issues with this model other than to say it's horrible. You tried to make an argument for the excessive bandwidth usage, but backed down when I challenged your only actual point. I don't see how DMCA is even relevant here.

  13. Wtf is the point of the DRM? by Anonymous Coward · · Score: 0

    People can still screen capture, record audio/video.

    Bam. DRM defeated.

    1. Re:Wtf is the point of the DRM? by spire3661 · · Score: 1

      That is what Playready 3.0 is for. Basically Windows decides what you can and cant record/screenshot, etc.

      --
      Good-bye
    2. Re:Wtf is the point of the DRM? by Anonymous Coward · · Score: 0

      4k monitor, 4k camera on mount. Thanks for coming. It's fucking pointless.

  14. Repost... by Anonymous Coward · · Score: 0

    And only 3 stories between the old one and this. Was the other version not upsetting people enough?

  15. So at what point by Anonymous Coward · · Score: 0

    Do we stop being idiotic sheep and start lynching these traitors and their families for compromising international security in the name of profit?

    Pitchforks DO still exist, right?

  16. Remember when googles motto was do no evil? by ColePEET · · Score: 1

    And now they just never ever say anything like that anymore?

    --
    Yeah? So I turned your toaster into an alarm clock. I'm an EET thats what we do.
    1. Re:Remember when googles motto was do no evil? by Dog-Cow · · Score: 1

      Do you remember when DRM was classified as evil? Yeah... me neither.

    2. Re:Remember when googles motto was do no evil? by kevin_j_morse · · Score: 2

      Are you for real? Were you around that time a major corporation installed malware on all of their customers computers in the name of DRM?

      https://it.slashdot.org/story/...

    3. Re:Remember when googles motto was do no evil? by Neuronwelder · · Score: 1

      $$$ changes a LOT of rules, doesn't it?? :(

    4. Re:Remember when googles motto was do no evil? by Anonymous Coward · · Score: 0

      Do you remember when DRM was classified as evil? Yeah... me neither.

      I do. All day, every day, by millions of people not paid to believe otherwise. Sorry about your Alzheimer's.

    5. Re:Remember when googles motto was do no evil? by fox171171 · · Score: 1

      Remember when googles motto was do no evil? And now they just never ever say anything like that anymore?

      Yeah, awhile back they decided to shorten the "Do No Evil" motto by dropping the "Do No" part. Suited them better.

    6. Re:Remember when googles motto was do no evil? by fox171171 · · Score: 2

      Evil? Also for breaking things. I have had games I paid for not work. I have had (way back now) a DVD movie I bought not play (media player claimed DRM issue, stopped using Win Media player after that (I did say way back now!)). I had a game tell me about software I was not allowed to have on my computer (WTF!?!) or the game would not run. First of all, WTF!?! That is my decision. Secondly, I did not have that software on my computer, never had, and at that point had not even heard of it (Daemon Tools, if I recall correctly.).

      Why should hardware and software force this on us? I don't care to consume their media, why should I have to pay for hardware (DRM decoding in hardware) that could be better used for my benefit instead of **AA? Why should I have that crap in my browser?

      If Chrome wanted to add it, it should be optional. Want to watch Netflix on it? Get a notice to install the optional DRM crap. Don't want to? Never see it. Never get it.

      Remember when Sony hardware was good? Before they got involved in media, and ruined their hardware? Microsoft and Intel are collaborating to ruin the hardware too.

      https://www.extremetech.com/extreme/204319-windows-10s-playready-3-0-mandates-hardware-drm-for-4k-playback

      http://www.managingrights.com/2016/09/intel-and-microsoft-drm-patents.html

    7. Re:Remember when googles motto was do no evil? by Anonymous Coward · · Score: 0

      What do you mean "neither", I remember it perfectly well. Not only when it was classified evil, which it still is in my book, but when it was classified as such by most with technical insight.

      Try to find anything positive about Palladium or PlaysForSure.

  17. There's no unilaterialism with software freedom by jbn-o · · Score: 1

    Please guys that write this stuff - you cannot make unilateral decisions on security and not impact workloads. Yes, the average Internet user is an idiot and needs to be protected, but those non-idiots don't have the hours of time needed to get around your unilateral coding decisions.

    Apparently they can and they do just that, hence your plea for help. But discussing this in terms of your workload is really discussing a distraction. Computer owners benefit from software freedom because software freedom grants users the ability to make the software do what they want it to do. If your chosen Java runtime doesn't behave the way you want, pick a free software Java runtime and customize it to be more efficient for your needs. If Firefox doesn't have the UI you want, you can customize it to gain that UI or port older code you liked to the current version. Sure, this comes at a price: learning development, testing code, documenting one's work, and possibly coordinating changes with others (such as publishing for upstream adoption). But the alternative is non-free software where you don't have options and you beg developers to see things your way—as you said, the proprietors "make unilateral decisions" and these decisions affect more than just security issues. Software freedom lets you decide how much you want others to control your computer.

    --
    Digital Citizen
    1. Re:There's no unilaterialism with software freedom by buss_error · · Score: 4, Interesting

      I'm speaking to at scale work, not simply a few thousand servers. Add more orders of magnitude.

      What you discuss is absolutely possible. If you have time, or manpower to dedicate to watching every single part of every single tool used. Management is simply not going to pay that salary. And since not every single tool is under constant, close scrutiny, the opportunity for sudden work stoppages is much greater. I simply cited the tools everyone knows.

      What you suggest about selecting software - not so much when you work at scale. Think many thousands of people, always with that percentage that simply don't get the news. (There's always someone).

      IT was suggested that we start using containers or VMs for maintenance. This is what we've come to. You can no longer depend on tools you own and supervise, you have to lock them up and proactively defend them - from their own makers.

      I find that astonishing.

      --
      Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
  18. Re: Yes, but... by Anonymous Coward · · Score: 1

    nope because your not messing with the drm part just removing it but that means you can not watch videos that use it. im sure there are audiences that do not care for it.

  19. Re: Yes, but... by Anonymous Coward · · Score: 1

    but it says its on by default now in chromium.

  20. Dear Shawn Willden, Google buttboy: by Anonymous Coward · · Score: 0

    Please stop by to tell us what a wonderful new development this is.

  21. More reasons to hate Google and Chrome. by Anonymous Coward · · Score: 0

    So on top of hovering up all your data and destroying your laptop's battery life there's yet another reason not to touch Chrome with a bargepole.

    Google are thoroughly embracing their new motto: Be Evil.

  22. Google Chrome nomore by Anonymous Coward · · Score: 0

    I will nolonger you Google Chrome unless I freakin' have to.

  23. Forks affected? by Anonymous Coward · · Score: 0

    How does this affect forks like Vivaldi? I think Vivaldi is build using the Chromium source code which, according to this story, Google also contaminated with this change.

  24. DMCA? by Opportunist · · Score: 1

    Why should I give a shit about that DMCA? I love it, if it means the US competition has to resign before they may even start!

    --signed, European security researcher.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:DMCA? by Anonymous Coward · · Score: 0

      browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products.

      These "interpretations" are idiotic anyway, because they don't focus on intent. I have always been amazed by the way the UK and US press sees exponential interpretations on something which is by law required to be interpreted by the letter, and not running amok into all things between heaven and earth, whatever that means for the reader.

    2. Re:DMCA? by Neuronwelder · · Score: 1

      You're right. We can't even so much stand on wobbly legs to any competition! (our legs have been cut off by this monster.)

  25. Re:Fake news by Neuroelectronic · · Score: 1

    Can you explain to use the difference between plugins and extensions?

  26. Re:Fake news by Anonymous Coward · · Score: 0

    Plugins only affect inside web pages. Extensions affect all the way up to the GUI. A plugin can't create a new menu item, but an extension can.

  27. It's bitztream by Anonymous Coward · · Score: 0

    the moronic, autism-hating, custom EpiPen-hating, Musk-hating Slashdot troll!

  28. Silver lining by Blaskowicz · · Score: 1

    Look, it's a crap situation, but in a few years when you're trying to use the web on some low end slow eight core piece of crap that shows a 1080p desktop on a TV (e.g. phone that runs a linux VM), it ought to be useful.
    The better security might be, well, more sure, when "AI" is used to spread malware.
    Now I feel for people with custom GUI stuff. But perhaps some of the features belong in the browser itself. Likely, Firefox might become meaningfully "embeddable" ; so many browsers are just skins of Chrome and iOS Safari, but for Firefox there aren't that many (most derivatives are alternate builds or historical)
    So if you want your star-shaped upside down tabs and whatever, maybe there will be equivalent projects to Vivaldi, Brave etc.