Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Quietly Makes 'Optional' Web DRM Mandatory In Chrome (boingboing.net)

Posted by BeauHD on from the flip-of-a-switch dept.

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

17 of 95 comments (clear)

  1. Chrome by oldgraybeard · · Score: 5, Informative

    Don't care about netflix so bye bye chrome.

  2. Still optional by aquabat · · Score: 3

    It's still optional; just stop using Chrome.

    --
    A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
    1. Re:Still optional by hairyfeet · · Score: 2

      Or just use one of the forks, not like there isn't plenty of choices. There is just off the top of my head Chromodo and Comodo Dragon by Comodo (I use Dragon its quite nice while Chromodo is their bleeding edge build), SWIron, Torch, Vivaldi and Opera.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:Still optional by Anonymous Coward · · Score: 5, Interesting

      Or delete the DLL from the plugins directory, or change the permissions on the plugins directory or use Chromium (which is essentially Chrome without the DRM bit anyway).

      Nope. Stop right there citizen.

      Changing ANYTHING about the DRM stuff is a no-no under the DMCA. You have no right to block it. You have no right to turn it off, and coming soon, you will have no right to a computer or software without it.

      In all seriousness though, I do wonder if changing the permissions on or deleting a DLL that provides DRM would be considered "tampering or circumventing a technological protection measure" under the DMCA and it's variants. Of course the browser is entitled not to play the content if that's the case, but my money is on the "You bet your ass it is." side considering that "helps" to increase corporate profits.

    3. Re:Still optional by Anonymous Coward · · Score: 2, Insightful

      It is a question of enforcing a small market share. We want DRM to continue being a "enable it, instantly lose a lot of viewers". Just like intrusive ads (a piece of static text or a picture without spyware javascript coming along with it) are widely considered "evil virus carriers" (which they *are*), we would like EME DRM to be known as such too, with the same self-protection behavior: disable it in the browser (i.e. same as using ad-blockers).

      It is the only way to force the industry to find a better way (to deliver content, to deliver ads without compromising your computer and privacy along with it). Otherwise, they will take all they can and reverting a bad situation is always a lot more damaging and difficult in the first place, than avoiding it taking root in the first place.

      So, think of it as a boycott call. Because ripping EME out of Chromium (or making it optional again) *is* going to be something the Linux Distros are going to do *anyway* (on the grounds that they don't want to ship the EME closed-source blobs in the first place), that has never been my concern. Besides, I can and will help (I have the skills and I am a member of the community with the right contacts to do it) at least three of the major Linux distros rip it out if necessary.

    4. Re:Still optional by Sloppy · · Score: 2

      No. DMCA has been common fodder on Slashdot for .. oh shit, it's decades plural now, huh? Learn what it says, and also how courts have interpreted it. It's actually not that big of a topic.

      I'm leaving out a lot of synonyms or near-synonyms, but basically: you're prohibited from bypassing a technological measure that limits access to a copyrighted work. Removing your computer's ability to descramble DRMed stuff is not a violation, because doing this does not provide you with access. It is perfectly legal, per DMCA, for you to do that.

      (You might have violated a contract by deleting a shared library, though. DMCA aside, we saw some sweeping "judicial activism" in contract law, a few years ago. (Thanks, Blizzard and their customers.) It's possible that you [wave hands] did a thing [waving harder, look over here!] equivalent to signing a contact, where you magically (and unknowingly) (and possibly requiring time-travel) agreed to not alter or delete any of the proprietary software on your computer.)

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. Re:Fake news by Anonymous Coward · · Score: 5, Informative

    They've moved the options regarding Flash and PDF Reader plugins. Widevine is not listed nor given the option to be disabled within the UI.

    Also these are Plugins not Extensions, two entirely different things.

  4. Re:Yes, but... by NotInHere · · Score: 5, Insightful

    Google Chrome is not open source. Only Chromium is. And Chromium already has web DRM disabled by default. So you will only have to build Chromium, without any changes to the source code at all.

  5. Is it just me by buss_error · · Score: 4, Insightful

    Or is anyone else getting tired of basic internet tools being turned in to monsters? By that I am talking about FireFox deciding to not trust a certificate, you can't select "Yes, I know, give it to me anyway". EG: StartCom's certs - you can't click past, you have to use another browser.

    Another example: Java 8 - I maintain servers. Many thousands of them, all over the globe. No, I can't put valid certificates on them. That would violate compliance in the first place, in the second place, we are talking $many^3 servers. But in Java 8, you have to add the IP to an exception list. Yeah, that's a lot to maintain. So we don't use Java 8.

    Please guys that write this stuff - you cannot make unilateral decisions on security and not impact workloads. Yes, the average Internet user is an idiot and needs to be protected, but those non-idiots don't have the hours of time needed to get around your unilateral coding decisions.

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
    1. Re:Is it just me by exomondo · · Score: 3, Interesting

      No, I can't put valid certificates on them. That would violate compliance in the first place

      Compliance with what?

    2. Re:Is it just me by swb · · Score: 2

      Who hasn't been burned by hardware that requires Java but then finds that either the browser or the JVM won't run the interface due to HTTPS compliance problems. And sometimes its not even Java -- we recently ran into some wireless controllers with a default public certificate that was revoked, breaking the management GUI and the captive portal functionality.

      In an ideal world, an organization would have their own internal PKI or buy public trusted certificates for all of it, at least solving the HTTPS certificate issue. But this is a problem for a lot of organizations, either financially or in terms of complexity. And not just the complexity of running PKI, but in getting complex systems that use self-signed certificates to replace those certificates with trusted ones.

      There's seldom a single certificate replacement tool/option, it's often a difficult task that if not done right breaks the whole solution.

  6. Re:Google is now evil by taustin · · Score: 3, Insightful

    Now? Where have you been the last 10 years?

  7. Re:Sounds wrong by Anonymous Coward · · Score: 2, Informative

    See related story here. You can no longer remove that plugin. As for chromium you could always compile your own version to allow you to remove the plugin in question but it's probably easier (and better in principle) just to dump chrome and it's offshoots altogether.

  8. Re:There's no unilaterialism with software freedom by buss_error · · Score: 4, Interesting

    I'm speaking to at scale work, not simply a few thousand servers. Add more orders of magnitude.

    What you discuss is absolutely possible. If you have time, or manpower to dedicate to watching every single part of every single tool used. Management is simply not going to pay that salary. And since not every single tool is under constant, close scrutiny, the opportunity for sudden work stoppages is much greater. I simply cited the tools everyone knows.

    What you suggest about selecting software - not so much when you work at scale. Think many thousands of people, always with that percentage that simply don't get the news. (There's always someone).

    IT was suggested that we start using containers or VMs for maintenance. This is what we've come to. You can no longer depend on tools you own and supervise, you have to lock them up and proactively defend them - from their own makers.

    I find that astonishing.

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
  9. Re:Remember when googles motto was do no evil? by kevin_j_morse · · Score: 2

    Are you for real? Were you around that time a major corporation installed malware on all of their customers computers in the name of DRM?

    https://it.slashdot.org/story/...

  10. Re:Google is now evil by houghi · · Score: 2

    To me they became evil the moment they raped https://dejanews.com/

    --
    Don't fight for your country, if your country does not fight for you.
  11. Re:Remember when googles motto was do no evil? by fox171171 · · Score: 2

    Evil? Also for breaking things. I have had games I paid for not work. I have had (way back now) a DVD movie I bought not play (media player claimed DRM issue, stopped using Win Media player after that (I did say way back now!)). I had a game tell me about software I was not allowed to have on my computer (WTF!?!) or the game would not run. First of all, WTF!?! That is my decision. Secondly, I did not have that software on my computer, never had, and at that point had not even heard of it (Daemon Tools, if I recall correctly.).

    Why should hardware and software force this on us? I don't care to consume their media, why should I have to pay for hardware (DRM decoding in hardware) that could be better used for my benefit instead of **AA? Why should I have that crap in my browser?

    If Chrome wanted to add it, it should be optional. Want to watch Netflix on it? Get a notice to install the optional DRM crap. Don't want to? Never see it. Never get it.

    Remember when Sony hardware was good? Before they got involved in media, and ruined their hardware? Microsoft and Intel are collaborating to ruin the hardware too.

    https://www.extremetech.com/extreme/204319-windows-10s-playready-3-0-mandates-hardware-drm-for-4k-playback

    http://www.managingrights.com/2016/09/intel-and-microsoft-drm-patents.html