Google Quietly Makes 'Optional' Web DRM Mandatory In Chrome

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

Sounds wrong

[Carewolf]

Widevine like all EME are plugins, they are not part of the browser binary, but separate libraries. Chromium couldn't be open source if it wasn't designed that way. So remove the plugin? In any case the part about researching Chrome... WTF? Chromium is open source...

Re:Is it just me

[exomondo]

No, I can't put valid certificates on them. That would violate compliance in the first place

Compliance with what?

Re:There's no unilaterialism with software freedom

[buss_error]

I'm speaking to at scale work, not simply a few thousand servers. Add more orders of magnitude.

What you discuss is absolutely possible. If you have time, or manpower to dedicate to watching every single part of every single tool used. Management is simply not going to pay that salary. And since not every single tool is under constant, close scrutiny, the opportunity for sudden work stoppages is much greater. I simply cited the tools everyone knows.

What you suggest about selecting software - not so much when you work at scale. Think many thousands of people, always with that percentage that simply don't get the news. (There's always someone).

IT was suggested that we start using containers or VMs for maintenance. This is what we've come to. You can no longer depend on tools you own and supervise, you have to lock them up and proactively defend them - from their own makers.

I find that astonishing.

Re:Still optional

Or delete the DLL from the plugins directory, or change the permissions on the plugins directory or use Chromium (which is essentially Chrome without the DRM bit anyway).

Nope. Stop right there citizen.

Changing ANYTHING about the DRM stuff is a no-no under the DMCA. You have no right to block it. You have no right to turn it off, and coming soon, you will have no right to a computer or software without it.

In all seriousness though, I do wonder if changing the permissions on or deleting a DLL that provides DRM would be considered "tampering or circumventing a technological protection measure" under the DMCA and it's variants. Of course the browser is entitled not to play the content if that's the case, but my money is on the "You bet your ass it is." side considering that "helps" to increase corporate profits.

Re:Still optional

It's unclear what will happen to the forks. I think the forks are all using the Chromium source code which is from now on also going to be contaminated with this change thanks to Google.