Free Software Foundation Challenges Tim Berners-Lee On DRM

Slashdot reader Atticus Rex writes: On Monday, W3C (World Wide Web Consortium) director Tim Berners-Lee released a post defending his decision to allow Netflix, Microsoft, Apple and Google to enshrine DRM in Web standards, arguing that blocking it would be pointless. Zak Rogoff, FSF campaigns manager, writes in the response:

"As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures."
Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.

"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."

"universal"

[klingens]

"The web has to be universal, to function at all. "
As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"but also the well polished ideas of the century."
Something with DRM is always never an idea of the century cause it will never last a century before it's not possible to consume that idea anymore: it is locked away with DRM, illegal to decrypt.

Re:"universal"

Agreed. It's a question of vision: shall the web be one of captive eyeballs, silos and one-way communication? Or an open marketplace, enabling everyone's participation?

It can't be both.

Re:"universal"

The choice has been made for us, the providers and the the people who consume think nothing else is important. One way all the way. Participation is now when the providers do 'fly on the wall' product -- 'ooh look a program about people participating'.

Re:"universal"

[Chas]

Took the words right out of my mouth.

Unfortunately, it looks like the web is going to have to wait TBL's generation of old developers to simply die off before it can be reworked on a platform of truly open standards.

So 20-30 more years of this crap...

*sigh*

Re:"universal"

[beelsebob]

As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

Which is rather the point. By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

By not including DRM, you would cause all the companies that wanted it to go away and implement it in some weird, proprietary way, that only works on the biggest platforms.

You get support for more devices by putting it in the standard, not fewer.

Re:"universal"

[king+neckbeard]

No, you win a war by dividing and conquering your enemy, not giving them a united front.

Re:"universal"

As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

*cough* Netflix 4K *cough*

Something with DRM is always never an idea of the century cause it will never last a century before it's not possible to consume that idea anymore: it is locked away with DRM, illegal to decrypt.

The consumers buying e-books that can be retroactively disabled or removed from their devices by the publishers are to be blamed for the insanity. Only one such event has occurred for now, but inevitably there will be more. DRM protected digital content should be considered as rented or licensed for a short period anyway, not bought like a book or a record is. It's the video rental or amusement park model and the prices should reflect that, which they don't always do.
  Did Hollywood produce copies of the movies for the Library of Congress in the US still? Those have to be unencrypted for the preservation to make sense.

Re:"universal"

[Cmdln+Daco]

What exactly is the root of TBL's qualifications to render such a judgement regarding the WWW? He came up with the first implementation of an httpd for his computer at CERN and so now he 'owns' the WWW and can curate it as he sees fit?

That is a ludicrous notion. The inventor of the transistor has not been allowed complete control of how transistors are used in the world.

Did the guy lose his job at CERN and this directorship gig is a consolation position? Give him a small staff to direct and keep him out of the way.

Re:"universal"

[Anonymous+Brave+Guy]

You can't win a trade war like this when you're just a consumer and someone else is producing the content. The value is all generated on their side, and they have plenty of alternative ways to supply their content and plenty of other consumers who will pay for it if you limit the Web so it won't meet their requirements.

Re:"universal"

[king+neckbeard]

We have plenty of "alternate ways to supply their content" as well. Information wants to be free, remember? If piracy/DRM-free is the most universal platform, we win.

Re:"universal"

[Fringe]

I admire your passion, but the world of media doesn't work that way. If the content distributors (Netflix, Amazon, HBO GO/NOW and the also-rans) weren't able to use standardized DRM, they would use... and standardize... on a non-standard platform. One that, being non-standard, would probably be very closed-source and proprietary. And consumers would flock to it Resulting in a huge, unverified surface for exploits and attacks.

This has happened before. Remember Flash?

Channel George Santayana.

Re:"universal"

[king+neckbeard]

Yes, it fucking does. I watch things on Netflix because it's convenient. If Netflix ceases to be convenient or what I want isn't there, I get it from somewhere else. We've done this song and dance with music, and DRM-free mp3s won despite all of the exact same arguments being made.

Re:"universal"

[Anonymous+Brave+Guy]

DRM protected digital content should be considered as rented or licensed for a short period anyway, not bought like a book or a record is. It's the video rental or amusement park model and the prices should reflect that, which they don't always do.

That is all fair. The other side, though, is that if someone is essentially offering some sort of rental model, maybe with access to a large library of content for a specific period at a price far lower than buying a permanent copy of each of the relevant works accessed during that period, then there needs to be some system so customers can't just blatantly take advantage.

It seems doubtful that the likes of Netflix and Spotify would get deals to provide mainstream content to their subscribers if they were then allowing those subscribers to download and keep as many movies/shows/songs they wanted to in return for buying whatever the shortest subscription is.

Some of these alternative models have proved to be popular precisely because they are beneficial for enough customers, just like the video rental stores of yesteryear, so it isn't necessarily helpful to ban the kinds of technologies that make them viable in the real world and insist that unprotected, permanent copies are the only way that creative works can be offered.

Re:"universal"

[Anonymous+Brave+Guy]

Information wants to be free, remember?

No, it doesn't. This is one of those nonsense sayings that gets trotted out every time, but it makes no sense economically. A lot of creative content wants to be paid for, because otherwise there's no commercial incentive to create and distribute it. How that payment works is open to debate, but millions of creative professionals still need to pay the rent, and if creating won't do that, they're going to have to do something else instead.

If piracy/DRM-free is the most universal platform, we win.

Only if there's still stuff to pirate, and only if you don't suffer real world consequences for breaking laws when you rip infringing content. Neither of those is an inherent truth in the world.

Re: "universal"

As a content producer, I see the tech industry as trying to grab our earnings whilst being just a conduit. Tech does not really add any value to our content but wants to take all the profits from it. Seems fair to you?

Re:"universal"

[Anonymous+Brave+Guy]

We've done this song and dance with music, and DRM-free mp3s won despite all of the exact same arguments being made.

But as I pointed out in another post, music is basically the only creative sector where that has happened widely, and there are reasonable economic arguments for why that is.

Re:"universal"

[klingens]

This has happened again with EME: you get non-standard BLOBs which are totally and utter proprietary, exactly the same thing like Flash.
And those BLOBs only work on approximately 3 OSes: Windows, some Linux, some Apple OS. And each of them on different ones and only very select few Browsers on that platform.Basically the Big Four and nowhere else. If it works on another browser, then only cause said browser actually is one of the Big Four browsers but with a different theme on top.

Re: "universal"

Yes and that's mainly because the files were small enough for the broadband of the day to transfer in large quantities. At 4mbps max, it would take over a day to download a movie.

Photos and books are a different set of markets. Both get pirated, but there's usually a couple dozen similar photos and books are cheap enough for the experience that most folks either buy or borrow them.

Movies and games are the last bastions of DRM to be slayed. I'm sure that the books will eventually go DRM free as the biggest risk of loss in publishing is a lack of eyeballs and books have very short shelf lives during which to sell.

Re:"universal"

[Kohath]

Something with DRM is always never an idea of the century cause it will never last a century before it's not possible to consume that idea anymore: it is locked away with DRM, illegal to decrypt.

Most of us just want to watch Netflix rather than worrying about whether people a century from now can still watch Bojack Horseman.

Re:"universal"

[king+neckbeard]

This is one of those nonsense sayings that gets trotted out every time, but it makes no sense economically.

Information wants to be free in the "libre" sense, so economics doesn't come into play. Similar to how nature abhors a vacuum, the net (and largely, information in general) interprets censorship as damage and routes around it. DRM is censorship from that perspective.

Only if there's still stuff to pirate, and only if you don't suffer real world consequences for breaking laws when you rip infringing content. Neither of those is an inherent truth in the world.

There are already orders of magnitude more media than any human could possibly watch. You're just repeating industry shill "the sky is falling" garbage. Now, you are correct that lawyers might get involved, but they will only make themselves look bad. There is no money to be made in trying to scare pirates straight. There IS money in providing a convenient service, and DRM never adds convenience.

Re:"universal"

[Anonymous+Brave+Guy]

Similar to how nature abhors a vacuum, the net (and largely, information in general) interprets censorship as damage and routes around it.

Seriously, is this the cliche of the month club and I missed the memo?

No, the Internet does not interpret censorship as anything. The Internet is not alive, and the actions taken to distribute works illegally are ultimately taken by people.

Also, comparing measures to prevent infringement of copyright, which is merely against laws that are widely applicable throughout the world, with the sometimes very real problems of actual censorship is just a propaganda move designed to attract an emotional response that is not otherwise justified.

You're just repeating industry shill "the sky is falling" garbage.

Someone who has a different point of view to you is not necessarily a shill. And if there really isn't a problem if we stop creating and distributing new works, why is the vast majority of piracy ripping those new works, instead of just sharing the "orders of magnitude more media than any human could possibly watch" that we already have? Apparently most pirates disagree with you about which work is more valuable.

There is no money to be made in trying to scare pirates straight. There IS money in providing a convenient service, and DRM never adds convenience.

It would be lovely if that were true, but I have been following this issue for a long time, and the evidence so far seems to say otherwise. How would you run a service like Netflix, which obviously a great many people find more convenient than other models for watching movies and TV shows, without DRM or some other system with a similar effect? You're trying to separate DRM from what makes a useful service and treat the two separately, but they aren't independent issues.

Re: "universal"

[Anonymous+Brave+Guy]

We've had broadband fast enough to stream HD movies or TV shows in real time for several years in many countries, but the same has yet to happen. I don't think your bandwidth argument holds up under scrutiny.

Re:"universal"

[squiggleslash]

By including DRM in the standard, you allow everyone to implement the exact same thing...

That's possible anyway.

and make it universally available on all devices

...that doesn't follow from the first part of your sentence. It would follow if what you'd written was by standardizing DRM you allow everyone to implement the exact same thing, but as your wording correctly implies, all that was standardized was the method by which DRM is referred to in HTML5, not the DRM itself.

Had the W3C not punted on the DRM scheme itself, Berners-Lee's comments would have been legitimate if not what we necessarily wanted. But in failing to standardize DRM, they basically created another <OBJECT> tag - something that's inherently platform and vendor specific, and will never be anything but.

Re:"universal"

[king+neckbeard]

No, the Internet does not interpret censorship as anything. The Internet is not alive, and the actions taken to distribute works illegally are ultimately taken by people.

And nature can't actually abhor anything, since it's an abstract concept. But the anthropomorphic metaphor is a succinct way of describing a phenomena, so welcome to 8th grade English class. Any DRM of static media will be broken, given sufficient time and attention, and once broken, the static media can be distributed throughout the internet unimpeded. Some MS researchers basically repeated that in a paper and nearly got fired.

Also, comparing measures to prevent infringement of copyright, which is merely against laws that are widely applicable throughout the world, with the sometimes very real problems of actual censorship is just a propaganda move designed to attract an emotional response that is not otherwise justified.

Technology is amoral, and if you think of it as anything else, you are delusional. It's not about who is good, who is bad, and what is equivalent, but about the inherent logistics of trying to control the dissemination of information. The pro-dissemination side has an inherent long-term advantage even when the anti-dissemination side has vastly greater resources, whether it's Chinese dissidents, terrorists, child pornographers, bored hackers, or pirates.

Re: "universal"

[king+neckbeard]

And here I am, watching Netflix DRM free on Linux and downloading what I want to watch that they don't have. Last year was the supposed great victory against piracy, and yet nothing has really slowed down except for the conversion of customers with quality and convenience.

Re: "universal"

[dougdonovan]

man made it, man can break it so it can be both.

Re:"universal"

[VernonNemitz]

IN GENERAL I subscribe to the opinion that it is better to have something and not need it, than to need something and not have it. Logically, therefore, I should support the existence of DRM, even while I cannot now imagine what it might someday actually be needed for.... (The greed of DRM users is never an actual "need".)

Re:"universal"

As we all know, no cultural works, no art, music, or plays existed before Adam Smith.

Re:"universal"

[Anonymous+Brave+Guy]

Far fewer works were created, and they were far less widely distributed, in that time. Perhaps more significantly, many of those that were were funded through the patronage of wealthy individuals.

The whole point of introducing intellectual property is to apply Smith-style free market economics, and in particular the incentives to provide supply to meet demand, to creative industries, thus promoting the creation and distribution of new works without relying on a small group of very wealthy benefactors to fund everything.

Re:"universal"

[Anonymous+Brave+Guy]

But the anthropomorphic metaphor is a succinct way of describing a phenomena

It might be a succinct way of describing something, but obviously I don't think it's a particularly accurate metaphor in this case.

Any DRM of static media will be broken, given sufficient time and attention, and once broken, the static media can be distributed throughout the internet unimpeded.

Maybe, though rather like car theft, it's become difficult enough to break the security systems directly that most people are working around them, in this case by finding a different source for the material.

In any case, during the time-and-attention stage, the DRM is inhibiting illegal distribution, and even after it's been cracked it's still inhibiting illegal distribution for some people, who don't know where to find illegal sources, are concerned about the dangers of downloading them, or simply didn't realise that downloading to keep wasn't allowed if it was easy to do.

The pro-dissemination side has an inherent long-term advantage even when the anti-dissemination side has vastly greater resources, whether it's Chinese dissidents, terrorists, child pornographers, bored hackers, or pirates.

Interesting choice of examples, given that there are relatively few people who do get away with most of those things, and the penalties for those who do not can be severe.

If anything, piracy is the major exception, but given the degree of surveillance that routinely happens online these days, that is more because the authorities and the major copyright holders turn a blind eye up to a point, presumably fearing a popular backlash if they suddenly started actually enforcing what the law says and modern technology allows on a large scale. If whatever DRM they're applying to the new movie/show/game/whatever delays widespread piracy by a few weeks, they've probably already collected most of the extra revenue that was available from potential customers who would have been lost to piracy anyway.

Re: "universal"

I am just amazed at all the people who think they have an inherent right to steal someone else's work. And it is stealing when the content provider sets the value of the content and the content is taken by others who disregard the content providers reimbursement.

Having access to every conceivable means of media content is not a right. If you are unwilling to abide by the providers rules you so be it. The largest group of people complaining about DRM are people who have never created an original piece of content. When DRM is gone the creation and publishing of new content will also disappear. Is someone going to crowdsource a $100 million dollar movie production? When the content providers can no longer rely on compensation for their efforts they will be required to find other means of supporting themselves while pushing all the other efforts to the side.

Bottom line. If you are against DRM then get your content some where else. Today's entitlement generation needs to grow the fuck up and stop venting their daily outrage which does nothing but expose their inability to operate in the real world where you discovery life isn't fair and nobody owes you a living or entertainment content.

Re:"universal"

[king+neckbeard]

It might be a succinct way of describing something, but obviously I don't think it's a particularly accurate metaphor in this case.

Almost everything is cracked immediately these days. Might get a honeymoon of a few months when a new format drops, but in the long run, almost everything is cracked unless it's too obscure to be worth cracking.

Maybe, though rather like car theft, it's become difficult enough to break the security systems directly that most people are working around them, in this case by finding a different source for the material. In any case, during the time-and-attention stage, the DRM is inhibiting illegal distribution, and even after it's been cracked it's still inhibiting illegal distribution for some people, who don't know where to find illegal sources, are concerned about the dangers of downloading them, or simply didn't realise that downloading to keep wasn't allowed if it was easy to do.

I can download the blu-ray rip without having to put pants on. The only thing is that if I do buy a blu-ray, I can't conveniently make copies like I could with a pirated version, which will never prevent it from getting on TPB the day of release if not before. You are just repeating talking points about deferring casual piracy without taking into consideration how people would even try to get their media.

Re:"universal"

[king+neckbeard]

Far fewer works were created, and they were far less widely distributed, in that time.

Yeah, and that's TOTALLY because of copyright and has NOTHING to do with hundreds of millions of connected super-presses in people's homes, or that the population is more educated, with a far smaller portion of the people engaged in primary food production or strenuous manual labor.

The whole point of introducing intellectual property is to apply Smith-style free market economics

Smith was anti-monopoly, so calling legal monopolies his style is pretty ridiculous. Copyright was making lemonade out of a corrupt system of press control, censorship, and church/state backed propaganda. This lemonade was at the behest of the publishers guild, who didn't want their money train to end.

Re:"universal"

[Anonymous+Brave+Guy]

Given that copyright-supported creative industries employ millions of people, I think it's safe to assume that at least some of the benefit is because everyone isn't just free to let those people do all the work and then leech off the results.

And copyright is more analogous to respecting private property rather than communal ownership than to having a monopoly in the usual economic sense of the term. If only one organisation could produce any works subject copyright, then it would be more like a normal monopoly.

Re:"universal"

[Anonymous+Brave+Guy]

Almost everything is cracked immediately these days.

You keep saying things like that, but it's just not true. If anyone does have a crack for several of the major online DRM schemes, other than crude things based on the analog hole or the like, they're keeping it extremely close to their chest.

As I said elsewhere, the pirate content is typically coming from other sources now, such as the Blu-ray rips you mentioned.

Re: "universal"

[K.+S.+Kyosuke]

Hilariously, he's the guy who screwed up hypertext/hypermedia for everyone by turning it into a cryptic static barely-functional throwback when it was just getting started. And they gave him an award for that. Typical...

Re:"universal"

[king+neckbeard]

Given that copyright-supported creative industries employ millions of people, I think it's safe to assume that at least some of the benefit is because everyone isn't just free to let those people do all the work and then leech off the results.

Anybody that wants to pirate can pirate today. So, in practice, every is just free to let those people do all the work and then leech off the results. But that is beside the point, because your argument is just bad application of statistics. If you don't think that education and telecommunication aren't far larger factors in the number of works produced, you aren't living in reality. Human desire to create is just behind human desire to procreate. If you want to increase the amount of creation, give people a UBI. Will likely do a lot more than copyright ever has, especially since there isn't much data to support copyright other than number of works produced and strength of copyright both only moving in one direction throughout history.

But you are correct that the creative industry is largely structured around our current copyright laws. That in no way indicates that we couldn't have high creative output without copyright, just that the structure will be organized according to how the legal system directs the money. It's not a particular efficient method

Re:"universal"

[king+neckbeard]

Blu-Ray and Netflix/Amazon 4K are getting ripped, as well as every broadcast and cable TV show. If everything you have is already more readily available from other sources of roughly equal quality, that would fall into "too obscure to be worth cracking." But if there is no exclusive content of note, there is no protection.

Re:"universal"

[murdocj]

How does including DRM prevent people from providing DRM-free content?

Re: "universal"

[murdocj]

we should all be such screwups

Re: "universal"

[murdocj]

They don't just think they have a "right" steal, they are outraged that anyone would try to prevent them from stealing.

Re: "universal"

Movies and TV series seem to be free to my professional acquaintences. "Torrent" whatever that is. Most people swap them on sticks. Including one senior govt IT security guy. Before that it was DVDs from seasia ( which seemed to have fantastic compression algorithms)

Re: "universal"

Sky TV used to be cracked every 12 months or so until Rupert got Adi Shamir at the Weissman institute to write some decent crypto. Don't know if it's cracked often now. It has sports and dumbass movies so I don't pay much attention.

Re:"universal"

[Waccoon]

By not including DRM, you would cause all the companies that wanted it to go away and implement it in some weird, proprietary way, that only works on the biggest platforms.

We're already at that point. Web developers only care about the biggest platforms.

Most of the small, alternative browsers support the latest W3C standards just fine. Alas, web sites only support brand names. I regularly come across web sites that work fine in Firefox, but don't work at all in Pale Moon, despite the two browsers being based on the same rendering engine. The reason why is that the web sites are designed to detect your browser by the UA header or some stupid JS hack. When a site doesn't see a popular, "supported" browser, it freaks out and renders nothing at all, or even just flat out tells you to update to a modern browser like Chrome. Pretty frustrating when you're trying to browse a site that doesn't even try to use the latest tricks or media types.

I recently came across a site that forces the use of WebP images, unless you're using IE, Edge, or Firefox. Thus, Pale Moon shows no images. Why the site didn't just make exceptions for "anything other than Chrome" is beyond me.

Re: "universal"

[easyTree]

Disclaimer: I've not read the standard.

Does the move also standardise a platform for DeCSS-type unlocking of content?

Re:"universal"

[TheRaven64]

By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

Except that's not possible. DRM relies on secrets, not simply for keys, but in the implementation. You cannot have an open source implementation of DRM, because anyone can simply modify the code to remove the encryption and make the unencrypted stream available. You can standardise a mechanism for plugging proprietary DRM modules into the web, but you're still reliant on the vendors to provide them for your platform of choice. If you're a minority platform, then you're still screwed.

DRM on music was killed by Apple's control over the DRM on the iPod and the iTunes Music Store. They were able to lock all competitors out of providing DRM'd music that played on the iPod. No one wanted to buy DRM'd music that they could only play on a Windows computer or a Zune, so Apple has a very strong bargaining position with the studios. Their only way around this was to allow other stores to sell DRM-free downloads.

It's important to remember that there are three participants in media distribution:

• The studio that produces the content.
• The consumer that buys the content.
• The distributor, who sells the content.

We often conflate the studio and distributor, but DRM is something that benefits distributor over the studio: it allows them to lock customers in and strengthens their negotiating position, because whoever controls the DRM platform is the gatekeeper for the consumer's device. The best way to end DRM is to allow a single company, such as Netflix, to gain so much control over the channel that the only way for the studios to break this control is to allow their competitors to sell without DRM.

Re:"universal"

[TheRaven64]

if someone is essentially offering some sort of rental model, maybe with access to a large library of content for a specific period at a price far lower than buying a permanent copy of each of the relevant works accessed during that period, then there needs to be some system so customers can't just blatantly take advantage.

So limit downloads. I'd happily pay a subscription fee that limited me to, say, 30 hours a week of video downloads. Even with an unlimited download ability for DRM'd content, I'd still have an incentive to keep up the subscription, because a lot of the value I get is from access to new content. If I sign up and download everything in their catalog then cancel my subscription, I'll have enough to watch for the rest of my life, but I won't be able to watch films and TV shows produced the following year, and that's what I'm most willing to pay for - older TV shows are so cheap on DVD now that it's better to buy the boxed set than stream them.

Re: "universal"

Your united front on this spawned the mish-mash shit show of plug-ins to do the same damn thing we have today. How's that working out for Linux?

Having a standard means it can be adopted in platforms on which certain companies don't have any spare fucks to give.

DRM is a fact of life - it's been with us for 18+ years, and content owners (read: the MPAA) aren't giving it up any time soon.

Re:"universal"

If past experience is any indication, the implementation of a "universal" standard for DRM will mean that great effort will be expended on ways to as universally circumvent it. Thus will commence endless arms race that will create one more (complicated) way for web standards to fail and that will suck away time and energy that could be put to better use. Whatever standard they come up with will be broken, vendors will come up with their own proprietary, ugly hacks to try to get around those limitations (witness the corruption of DVD standards in an attempt to maintain DRM there), and we'll all be worse off.

Re:"universal"

which is merely against laws that are widely applicable throughout the world

Copyright laws are applicable throughout the world in very different ways. As a Brazilian I inform you that the law against the crime of committing piracy for culture distribution/acquisition and not for profit is not enforced at all here. It is a crime, but no one is charged with it, IMO because the access to culture is enshrined in our constitution and our culture.
Anything that pushes it towards one direction (enforcement in this case) matters. Copyright law is a legal form of censorship (aimed at promoting the development of the culture and arts, they claim), it prevents people from singing certain words and from playing/sharing certain bytes. DRM is a method to enforce this censorship.

Re:"universal"

If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.

Comparing people's reaction to your overrated posts to the "very real problems of actual censorship is just a propaganda move designed to" keep the overrated status.

Or do you think that reducing access to a certain information amounts to censorship?

Re:"universal"

[Anonymous+Brave+Guy]

Even with an unlimited download ability for DRM'd content, I'd still have an incentive to keep up the subscription, because a lot of the value I get is from access to new content.

(I assume you meant non-DRM'd there.)

And in my experience, many subscribers agree.

The trouble is the amount of time you spend dealing with the other people, the ones who will sign up for as short a time as they can get away with, just sit there all day downloading as much as they can get, and then put it up on YouTube with their channel's branding and ads all over it or whatever.

If you're a big movie studio, this isn't such a problem. No-one is going to think JonnyRipz on YouTube made Moonlight. But what people often forget is that the same laws and the same economic concerns apply to countless small businesses and independent creators, who are making some sort of specialist content in whatever niche market they work in. At that end of the scale, we might be talking about a weekend band who are really good at playing some unusual style of music, or someone who makes videos from their living room teaching how to knit different patterns for kids' clothes.

The Internet is full of people running their own little sites or channels where people do this stuff and are just trying to make a bit of extra money to cover their costs or bump up their incomes a little. Hardly anyone is getting rich off these kinds of activities, and they're often part-time gigs, so time spent chasing down copycats is time wasted and money lost to someone else putting up duplicate content on their own channel can be significant. I know several people, in completely different contexts, who fit this broad pattern, and people ripping them off is a significant problem and it is a significant disincentive to carry on. That's too bad, because it's often these kinds of people who make a lot of the most interesting or useful content in their particular niche.

Re:"universal"

[JohnFen]

Which is rather the point. By including DRM in the standard, you allow everyone to implement the exact same thing, and make it universally available on all devices.

But the DRM system that is described in the standard does not even come close to accomplishing this. The DRM plugins are still proprietary and platform-specific. All the standard does is describe the plugin mechanism itself.

Re:"universal"

[Anonymous+Brave+Guy]

Or do you think that reducing access to a certain information amounts to censorship?

But the point of copyright is to increase access to information, through economic incentives.

Saying you can have something but only if you're prepared to pay a market rate for it isn't censorship. You can tell this because the same economic arguments apply to physical goods where censorship isn't even relevant.

Re:"universal"

[TheRaven64]

Here's the thing: DRM doesn't stop any of that. If you want to create a YouTube channel full of Hollywood films, you can find thousands of them on usenet, on any torrent web site, and so on. There are many other things (notably, copyright laws) stopping people from this. DRM only inconveniences people who have paid for the content, everyone else gets the DRM-free bersion. If anything, removing the DRM could make it easier to catch people who do this, because Netflix could add a steganographic watermark to each stream and make it possible to identify whoever had originally downloaded it.

From my personal experience, all of the books that I've written are available DRM free, because my publisher (Pearson) found that DRM reduced sales too much to be worthwhile. The PDF of my first book was sent by someone to a mailing list that a lot of the potential target market subscribed to. I was, understandably, a little bit cranky about it, until a few months later when I realised that it had, if anything, had a small positive effect on sales.

Re: "universal"

Having is better than not having. Having a movie is better than just being able to watch it.
Having is better than giving away. Having control over your browser is better than giving control to corporations who install opaque binary blobs in your browser. There's a reason we are getting rid of plugins and applets.

Re: "universal"

> Only if there's still stuff to pirate,
Yes, remember when home taping killed music? Those were horrible years. No music!

Re: "universal"

[Anonymous+Brave+Guy]

You understand the irony that if everyone had pirated that music the way some did, it would have killed the supply of that music, right?

Re:"universal"

[Anonymous+Brave+Guy]

Here's the thing: DRM doesn't stop any of that.

Yes, it does. That's the point. At smaller scales, for independent content, there is a lot that you can do to deter casual infringement and cheap attempts at copycat sites, and those are your big problems. And any decent DRM scheme of this kind is almost completely transparent these days and very unlikely to inconvenience any legitimate customer.

I'm happy for you that your approach worked for you with the books, but I've spent much of this year dealing with these issues for real with various small businesses affected by them. Customer numbers are up, and so is customer retention, and so is revenue. In contrast, time spent filing takedown notices and dealing with infringers is down to near zero, and complaints from customers about being affected by the changes are exactly zero. I never thought I'd be the one making this argument, but the fact is, making copying harder does work, at least in this context. The data does not lie.

Re:"universal"

[shutdown+-p+now]

You don't win a war from the position of weakness, regardless of your strategy.

Re: "universal"

[king+neckbeard]

No, because pirates are often the best customers.

Re: "universal"

[king+neckbeard]

Yes, the enemy has a clusterfuck on their hands if the W3C tell them to fuck off and do it themselves. That's what we want.

As for DRM being a fact of life I would say that no, piracy is the fact of life. Your 18+ years is green compared to the history of piracy, and there is no effective DRM in existence. Only security by obscurity. The fact is that the technology of the general purpose computer is fundamentally pro-copying, and the value of the general purpose computer vastly outweighs the value of the film industry. It doesn't matter if they give up or not, piracy will win. So we shouldn't humor those idiots, and should bash their skulls in with the cold hard facts about how computers fundamentally work.

Re:"universal"

[tlhIngan]

I admire your passion, but the world of media doesn't work that way. If the content distributors (Netflix, Amazon, HBO GO/NOW and the also-rans) weren't able to use standardized DRM, they would use... and standardize... on a non-standard platform. One that, being non-standard, would probably be very closed-source and proprietary. And consumers would flock to it Resulting in a huge, unverified surface for exploits and attacks.

This has happened before. Remember Flash?

Actually, what happens now is... Apps.

Want Netflix? Use an App. Want Amazon? Use an App. Want Hulu? Use an App.

The web is universal yes. But with people with specific needs not being addressed, well, the App Platform is now king. And people are drawn to making apps which are websites encoded into apps (Google's got loads of apps. Despite having web interfaces for all their services).

So you want to use a web browser to get information, or to simply be an Appl Distribution Mechanism? Or more correctly, a way to get a link to load up your App Store to get the app you need to see the content?

After all, instead of owner's manuals in cars, now you have apps with the same content. They could've made a PDF or HTML with the same content, but... Apps!

You can win the battle on DRM on the web, only to lose the war as the internet gets sectioned off into apps, with the web browser being now an app discovery mechanism, where every site you visit is now "install the app for the content".

And before you say it, Netflix does still support web browsers, but only stereo audio and 720p. 1080p requires the app. 4K requires the app. Surround sound requires the app.

DRM and Netflix

[Kohath]

Does anyone seriously think Netflix could ever operate without DRM? No DRM, no Netflix or services like it.

Re:DRM and Netflix

[DontBeAMoran]

Why does Netflix have to play inside a freakin' Web browser?

You can use Netflix on smartphones, tablets, set-top boxes, various generations of game consoles from all three major companies, via dedicated apps. Netflix has so many players on so many platforms they can't just turn around and say they can't release a player for Windows, macOS and Linux.

Re:DRM and Netflix

Then perhaps we can do without netflix.

Re:DRM and Netflix

[AnotherBlackHat]

The question isn't "Do we want Netflix and services like it?"
The question is "Do we want Netflix and services like it in our web browsers?"

Re:DRM and Netflix

[lgw]

The answer is "yes". Just ask anyone who's not an obsessed nerd.

Since Netflix is obviously going to happen in browsers, whatever obsessed nerds think about that, better to have some sort of standard for that, some hope of getting Netflix on Linux, than not.

I know some people actually believe that somehow, if we didn't have DRM standards, streaming content would magically be DRM-free. Those people have a lot to learn about the world we live in.

Re:DRM and Netflix

[DontBeAMoran]

Anyone who's not a nerd watches Netflix on their smartphone, tablet, set-top box or game console.

Re:DRM and Netflix

[king+neckbeard]

It's about the power dynamics. Free-flowing information is the norm on the internet, and unless browsers enable such support, pirates will keep DRM in check because everything gets broken. Surrendering to the media companies isn't tactically sound, because the math is on our side.

Re:DRM and Netflix

Your post doesn't make any sense in the context of the real world. Up until now DRM was not part of the web standard AND Netflix plays in web browsers on Linux. Arguing that we need DRM in our web standards to get Netflix on Linux is clearly a false argument since we can already do that without the standard.

Re:DRM and Netflix

[allo]

People said this about music stores. Now you buy music as mp3, because they had no success with their drm.

Re:DRM and Netflix

[Cmdln+Daco]

When you swing around the term 'obsessed nerd' like it's a cat you are holding by the tail, it makes you seem like a fucking suit. With that low slashdot UID, what the fuck are you doing here on Slashdot? Did you have your secretary buy that account with petty cash?

Re:DRM and Netflix

mod parent up for truth

Re:DRM and Netflix

[dissy]

The question is "Do we want Netflix and services like it in our web browsers?"

Yes

If you personally do not want Netflix and their DRM, that is perfectly fine, just simply stop going there and using them.

But please stop trying your hardest to take Netflix away from me.

Re:DRM and Netflix

I know some people actually believe that somehow, if we didn't have DRM standards, streaming content would magically be DRM-free.

Some think think that somehow, if we didn't live in segregated neighborhoods, racial prejudice would magically disappear.

Those people have a lot to learn about the world we live in.

Actually, it's realizing how fucked up is the world we live in that pushes some people to change it.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

And music is so far the only major exception to the rule, possibly because bundling up lots of tracks into an album and charging a higher price for it was always an artificial restriction. Much more music is bought as singles today, and mass-market singles can be economically sold at sub-dollar price points that are an impulse purchase for anyone who can afford an Internet connection and a device to use it. Unfortunately, the same economics don't necessarily work for creative sectors where the normal full purchase price would be in double-digits.

Re:DRM and Netflix

[Kohath]

When you swing around the term 'obsessed nerd' like it's a cat ...

Who else knows what DRM is and also thinks they should fight against it for ... some reason?

Re:DRM and Netflix

[allo]

it's all about the convenience. DRM did what the EFF and FSF tell you: It stopped people from using their music. In the age of mp3 players a format, which requires you to renew the licence file on the player every few days? No way.
The same does apply to netflix. The (even 4k) rips of netflix movies started, because people wanted to see netflix on settop boxes / sticks, which do not support netflix. People do not have a problem to pay $10 per month. People have a problem, if watching the movies is FUBAR. AND you can never defeat privacy. As soon as there is a single copy, it cannot be removed from the net anymore. So you may only delay it by a few weeks, if you're lucky. Is that a reason to make watching movies a PITA for all honest custumers?

Re:DRM and Netflix

[lgw]

My UID is low enough to remember when Slashdot was "News for Nerds, Stuff that Matters".

Re:DRM and Netflix

[lgw]

Some think think that somehow, if we didn't live in segregated neighborhoods, racial prejudice would magically disappear.

That's a beautiful thought. Yet, despite a bunch of laws, most people still live in segregated neighborhoods. And there's still a bunch of racial prejudice. Some things can't be changed by a central authority.

Also, a standards body isn't even a central authority in the first place. I've worked on an international standards committee. They have no real world power at all - they just write wish lists, and hope for the best. Large companies only follow a standard because you write down what they were going to do anyway. If you write down something else, then you have an ignored document that is not the de facto standard - and you get IE6.

Growing up is mostly realizing that "wishing doesn't make it so". Any good engineer works in the world as it is, not some idealized world as we wish it would be.

Re:DRM and Netflix

[gweihir]

Complete nonsense. Everything they offer, you can download for free somewhere. They are turning a profit because they are not too greedy and they are convenient.

Re:DRM and Netflix

[Kohath]

So you are seriously saying Netflix could operate without DRM? Why doesn't someone operate a service like Netflix with no DRM then?

Re:DRM and Netflix

[Gravis+Zero]

Yes, they could do so... partially and maybe fully, eventually. The reason that they could is that they own some content, the "Netflix Originals" which could be DRM free. It may take years but if people appreciate the DRM free component enough that they only use Netflix, it will force the hand of other content providers and it's a domino effect really.

Re:DRM and Netflix

[Gravis+Zero]

better to have some sort of standard for that, some hope of getting Netflix on Linux, than not.

Actually, Netflix is transitioning their content to Microsoft's PlayReady 3.0, so you will NEVER get a Linux version that isn't part of a "smart" TV.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

DRM did what the EFF and FSF tell you: It stopped people from using their music.

And yet it is also the foundation for arguably the most successful innovation in the music industry in decades: Spotify.

The (even 4k) rips of netflix movies started, because people wanted to see netflix on settop boxes / sticks, which do not support netflix.

Who do you think is ripping 4K movies from Netflix?

People do not have a problem to pay $10 per month.

As someone who has actually run businesses in this market, I can promise you that many people do have a problem with paying $10/month. The number of people today who think everything should just be available for free, or that any new content should be a $1.99 download from some App Store regardless of economics, would blow your mind.

So you may only delay it by a few weeks, if you're lucky. Is that a reason to make watching movies a PITA for all honest custumers?

Ideally, no. But of course good modern DRM schemes do actually work transparently almost all of the time, inconveniencing very few honest customers, and delaying widespread infringement by even a few weeks can make a huge difference to the commercial success of say a new film or game.

Just to be clear, I have no time for those, particularly in the gaming world, who attempt to use heavyweight DRM schemes that do screw up and hurt legitimate customers, and I am in no way defending them. However, they are also the exception, not the rule.

Re:DRM and Netflix

[Waccoon]

Since Netflix is obviously going to happen in browsers...

Says who? The obvious thing that's happening is not browsers, but "apps".

Mobile devices won't even let you watch videos in a "browser". They force you to use the app. I remember regularly using the web browser on my PS3 to watch YouTube, when one day, the site blacklisted the PS3 entirely, forcing you to use the app instead. That pissed me off, since the YouTube app on the PS3/PS4 sucks balls. But, hey, it's the only way to watch videos on that platform. I stopped watching YouTube on my TV after that, and now just use my PC.

Re: DRM and Netflix

[easyTree]

Because their windows store app is unstable?

Re:DRM and Netflix

[TheRaven64]

So you are seriously saying Netflix could operate without DRM?

Yes. Netflix DRM does absolutely nothing to decrease piracy. If Netflix provided plain .mp4 downloads (perhaps rate limited to prevent people from trying to download their entire catalogue) then their service would still work. I'd actually subscribe to them (I don't now), because I'd be able to watch their content on the FreeBSD media centre box connected to my projector.

Why doesn't someone operate a service like Netflix with no DRM then?

Because the studios won't license their content to Netflix without DRM (they also wouldn't let iPlayer stream films without at least a token attempt at DRM, even though it was trivial to break). They have failed to learn the lesson of the music industry and are still buying the argument that it decreases piracy as a cover for allowing companies like Netflix to control their channel. Netflix licenses their DRM to a load of set-top-box makers and so on, meaning that there are a huge number of devices that can watch Netflix content. That's a big barrier to entry for a new startup to overcome. If the studios would license their content for DRM-free download, you'd see a load of Netflix competitors spring into being.

Re:DRM and Netflix

[stephanruby]

Does anyone seriously think Netflix could ever operate without DRM? No DRM, no Netflix or services like it.

Does anyone seriously think DVDs could ever operate without DRM? No DRM, no DVDs or other medias like it.

/s

Re:DRM and Netflix

[allo]

> And yet it is also the foundation for arguably the most successful innovation in the music industry in decades: Spotify.
I use spotify with mopidy, which streams the music via gstreamer. It would be like half in hour of gstreamer manpages to pipe it directly into files, including the metadata.
The point of spotify: I do not need to. I have a flatrate, which i can afford and it provides me with a radio i can control (or just listen to). Their success is not via drm, but comes from a good offer.

> Who do you think is ripping 4K movies from Netflix?
Dunno? Doesn't matter? Somebody did and now streaming via DRM is useless, as people who want it without can just download it without. But there is no offer to download without DRM while paying. OTOH, the paying customers get the limited DRM offer.

> As someone who has actually run businesses in this market, I can promise you that many people do have a problem with paying $10/month.
So?
That's the whole point. The "pirates" do not steal your money. They would not have bought the movie either, if it wasn't available via download. There is little loss through piracy. Who can afford it, would pay to have a nice download portal without DRM. Who cannot, will download anyway. With or without DRM, its always little time until the first rip appears.
And be honest, people who cannot afford to buy even watch bad camrips. And then you think, that DRM will stop pirated copies?

> As someone who has actually run businesses in this market, I can promise you that many people do have a problem with paying $10/month.
It would, but there currently is no such scheme for movie streaming. You always get trouble from time to time. The less trouble it is, the more customers, which is proven quite good by netflix, amazon prime, etc. But there is still a customer base waiting for better support i.e. in KODI, which would be the point they start paying for netflix.

I fact, i guess some "pay what you want, but above $1" scheme would probably be quite useful for many. At least for music. Who can afford the music and actually likes the music (sorry, one hit wonders ...) WANTS to support their artist. Who cannot afford the album doesn't listen to it at all or pirates it. These people would then pay the dollar and the artist gets one dollar more then he would have gotten with the pirate copy.
Of course the DRM-free copy could be pirated, but a nice music portal, with streaming service for personalized radio, etc. would be enough to be worth it.

Why the dollar? There is one point you have to have: Payment. Payment requires some work. Typing in your credit card number. Logging in into paypal, ...
This amount of work stops people from paying, if they do not need to. So the person who would have given 50 usd for the album to support the artist would download the 0 usd version as well, because he's to lazy to login to paypal. That's why there needs to be a minimum amount.

by the way, there are such services, have a look at bandcamp. They even allow the 0 option.

Re:DRM and Netflix

Of course streaming content wouldn't be magically DRM-free, but given that any scheme yet devised has ways for it to be circumvented, the end result is merely a whole lot of inconvenience and extra incompatibilities. A "standard" scheme is going to last 5 minutes in the wild before it is broken, or, worst-case, people will do real-time screencaps of what they can see on-screen if it isn't (yet).

But the *worst* thing about standardized DRM is going to be that some people will want to apply it trivially to everything. Cut-and-paste text from a web page? Save an image? If there's an easy and standard way, some people will try to block it. It undermines the whole principle of the web that you can see what's there and inspect it yourself if you're interested in the details or want to adapt it to something else (e.g., write some kind of data filter that manipulates the HTML). There are people out there already that waste their time with silly javascript trickery that in the end doesn't actually prevent you from yanking the media files from the cache or using other simple techniques. If DRM was everywhere it will only get more annoying and break things that used to be routinely available. Maybe it will help with vendors like Netflix, but there is the potential it will decrease functionality for many other things if it is easy to implement.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

That's the whole point. The "pirates" do not steal your money. They would not have bought the movie either, if it wasn't available via download.

The thing is, that's another thing people often say that isn't necessarily true.

There are few things more disheartening to someone creative than seeing something you worked on for a long time and are selling for a modest cost somewhere being plastered all over someone else's site or channel or whatever with their branding and in some cases also with them monetizing the content. In some cases, clearly people do appreciate the material and are willing to pay for it, they're just giving the credit and the money to the wrong person.

As I mentioned in another post, this isn't such a big issue if you're a big record label or movie studio or famous comedian or something. But for all the little guys making their own content -- and there are a lot of them -- this sort of copycat culture can be very damaging.

Re:DRM and Netflix

First, I would claim your problem is plagiarism, not piracy. I think even the people with the "craziest" (not meaning it that negative really) opinions on copyright ("Information wants to be free", Richard Stallman, ...) will generally agree that plagiarism is not ok and needs to be punished. Heck, just look how piracy groups react when someone claims a certain release as their own!
Second, DRM doesn't protect you against all the people breaking it for fun, why do you think it would help you in any way against people making serious money from it??
In fact, your content being easier to pirate and thus more available on the more "legitimate" piracy sites would probably REDUCE the plagiarism issue as those sites would not appear anywhere near the top on e.g. Google.
I'd say better make sure the people you fight are actually those you have an issue with. Otherwise there will be a lot more losers than there should be.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

Much of what you and others here are writing makes sense up to a point for large businesses with very widely available content, but not for all the smaller businesses or individual creators. In the latter case, casual infringement is a real problem, casual plagiarism (to follow your terminology) is also a real problem, it's quite likely that no super-hacker actually will bother to break a decent DRM scheme, and even if they do, there probably won't be a critical mass of people to operate clandestine P2P distribution so dealing with rips on public sites like YouTube is the bigger problem.

Re:DRM and Netflix

[king+neckbeard]

Oh come on, obscurity is way more deadly than casual piracy.

And regarding plagiarism, the answer to that is to get rid of the exclusivity elements of copyright. If a musician can tell you the four different bands they cribbed for their new single, there's a decent chance they will. However, today, there are almost never explicit acknowledgements of those truths (unless the work is out of copyright), and giving that credit is a legal liability.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

Oh come on, obscurity is way more deadly than casual piracy.

Ah, so the next cliche from the book is that everyone who rips off some content is actually free advertising and so a good thing? Have you heard of pyramid schemes at all?

Here's what actually happens when it's a small, obscure project being ripped by casual pirates: the pirates tell their casual pirate friends, who copy the content and also say how useful the content is and like and upvote stuff and mostly don't give you any money, and then their casual pirate friends copy the content and say how useful it is and like and upvote stuff and mostly don't give you any money, and after this continues for a bit someone has the great idea to just set up a free source of everything they've got before you kicked the accounts who were blatantly copying as much as they could after signing up for the minimum possible commitment, and now you have a copycat site hosted in somewhere like China where you basically can't do anything about it, and in the meantime you spent a lot of time doing very little other than trying to contain the problem rather than having the time and money to make new content, which is all you ever really wanted to do. The icing on the cake is when you get an email from someone you've never heard of, who has never contributed anything to the cost of the project, saying how fantastic your stuff on is and how much they've been enjoying it for the past few weeks and asking when you'll be publishing the next update. Not that this has happened multiple times to people I know or anything.

Re:DRM and Netflix

[king+neckbeard]

And while that sure sounds like a sad story, it would be a rounding error compared to the benefits of breaking up a number of copyright monopolies, as well as adjusting laws to have a reasonable return of works to the public domain. Hell, your really sad story doesn't even come close to the amount of exploitation businesses do of creatives for "exposure" or something similar. There's way more abuse from big business than there is pirates.

Re:DRM and Netflix

[Anonymous+Brave+Guy]

OK, I give up. You seem completely unable to grasp that there are more people involved in creative industries than the big media giants and that the same rules apply to the little guys too. If I haven't convinced you that there are more possibilities than Big Media vs. The Heroic Pirates by now, or that some things that might make sense at one scale don't necessarily work at another, I doubt I ever will.

Re:DRM and Netflix

[strikethree]

Since Netflix is obviously going to happen in browsers, whatever obsessed nerds think about that, better to have some sort of standard for that, some hope of getting Netflix on Linux, than not.

What makes you think that the binary blob that the DRM will be, will be made for your platform of choice? The only thing being standardized here is that there can be DRM. None of the details of the DRM are being standardized.

In short, standardizing the fact that there can be DRM does not in any way encourage that the specific DRM chosen will run on your platform of choice.

Re:DRM and Netflix

[lgw]

Netfliisn't going to port Flash or Silverlight to Linux, but they might port a plug-in that's a few hundred lines of code. See the difference?

Seems like the wrong approach for the FSF

[John.Banister]

If they don't like people thinking it's normal for the cool content to be handcuffed by EME, shouldn't they be producing better content and sending it out unshackled?

Unpopular here, but I'm with Berners-Lee. DRM exis

[raymorris]

I know this opinion will probably be unpopular here on Slashdot, but 20 years of developing web standards and web technologies tells me Berners-Lee is right on this one, from a standards perspective. Our choice, realistically, for some content is between standardized, compatible, cross-platform DRM, or non-standard, incompatible DRM that requires Internet Explorer on Windows with Java or Flash. This isn't about what we think people *should* do, it's about what they *actually* do.

From the 1990s through to today, some publishers have found a need for DRM of one form or another, and over and over again they've asked me to help deploy it. I explain that DRM generally doesn't work and can't work. They then buy some DRM solution based on ActiveX, or Flash, or Java, or whatever is popular at the moment, and I can't see their content on my Linux desktop. The story repeats over and over. How many years could Linux users not access Netflix?

The fact is, companies will implement DRM. Lacking a standard way to do it, most require Flash (which is a security nightmare), Sony installs a rootkit on customers' computers. Most companies *shouldn't* use DRM, perhaps, but they do. A few companies have a strong case of why DRM actually makes sense for their content.
There is no debate about this point - we KNOW companies will deploy DRM without a standard, because the DO. Lack of a standard for web DRM has never stopped them from hacking together really annoying DRM.

Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent DRM, they can only offer a reasonable way of doing it or leave publishers to implement it in all kinds of unreasonable ways.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

Exactly. If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser. I, for one, do not. I will choose the lesser evil. We're going to need it until we "fix" copyright law, which could take literally forever.

Some services need DRM

[DrXym]

If the browser doesn't supply it, they'll use a plugin that does, e.g. Flash or Silverlight. So I don't really see the argument for stopping DRM, or standardizing the form that it takes.

Re:Some services need DRM

[king+neckbeard]

Because people will do whatever is easiest. By making DRM harder and more inconvenient, you make it less profitable, which puts non-DRM media at an advantage.

Re:Some services need DRM

[rjstanford]

Compared to creating content at the level of a blockbuster movie, implementing terrible DRM is basically free. Sure, you're forcing everyone who wants to watch it to do some stupid crap like downloading a random Windows executable, but the incremental cost to the creator rounds to zero. The incremental inconvenience to the consumers rounds up to infinity, but it turns out that they want to watch it anyway and generally don't care so they'll just do the thing.

To most people, giving them the choice of being able to watch Dr. Strange after double-clicking some weird EXE or being able to watch the latest $4 budget indie production just by playing it, they'll pick the EXE every single time.

Re:Some services need DRM

You truly think that a large number of people are going to cancel their Netflix subscription rather than click "Install" on a dialog box?

Re:Some services need DRM

[king+neckbeard]

No, I'm thinking that DRM-free content will have an edge when people have to go through 12 different kinds of DRM to watch whatever they want, while pirates and DRM-free services "Just Works";. We've fought this fight before, and we kicked its ass on music.

Re:Some services need DRM

[king+neckbeard]

The cost isn't in implementing the DRM, it's in losing customers because the DRM is inconvenient. DRM'd media is broken, and by not giving them a unified standard, we ensure that customers eventually see it as such. Everyone is talking about the hypothetical clusterfuck of non-standardized DRM, and I'm here saying that it's not a bug, it's a feature.

Re:Some services need DRM

[Anonymous+Brave+Guy]

By making DRM harder and more inconvenient, you make it less profitable,

Slightly, but the cost of a reasonably effective DRM scheme relative to the scale of deals that the likes of Netflix and major movie studios are making is probably pretty small.

which puts non-DRM media at an advantage.

That only follows if you assume the DRM doesn't have a beneficial effect that justifies its cost. If that were true, the executives running Big Media businesses would have switched tactics long ago.

It might not be a popular sentiment around here, but the reality is that a lot of copyright infringement is done casually and often by people who don't even realise they're doing anything against the rules. Copy protection technology doesn't have to be perfect to be effective. Even a relatively simple barrier can make quite a big difference here.

In contrast, if you look at the issues raised in the bug trackers after Chrome 55 added that download icon to the controls on HTML5 video elements, you'll find one comment after another from web developers whose clients were extremely unhappy about it. It wasn't just because it made it more obvious that people could download and save unprotected videos; obviously web developers knew this was possible before. It was also because the mere existence of the icon was causing visitors to those clients' sites to think that downloading and keeping the videos was permitted, even if it was totally against their terms. If you've never run a web business, you might not appreciate how much of a business finance and customer service problem even such a little change can cause, and equally how much hassle and abuse can be avoided just by making casual infringement a bit less easy/obvious.

Re:Some services need DRM

[Kohath]

That's why no one buys computer games on Steam.

Re:Some services need DRM

[king+neckbeard]

Slightly, but the cost of a reasonably effective DRM scheme relative to the scale of deals that the likes of Netflix and major movie studios are making is probably pretty small.

There is no reasonably effective DRM stream. Any movie or TV is on TPB basically as soon as a legit copy or stream is available.

That only follows if you assume the DRM doesn't have a beneficial effect that justifies its cost. If that were true, the executives running Big Media businesses would have switched tactics long ago.

That only follows if you are that the executives running Big Media businesses were perfectly rational and omniscient. Having lots of money and power can do a lot to insulate against the effects of stupidity. Head coaches of professional football teams, paid millions of dollars, always punt on a fourth down, despite statistics sayings that they usually should go for it. By your logic, this shouldn't be happening, because you aren't acknowledging that reality is more complex than "invisible hand" metaphors.

In contrast, if you look at the issues raised in the bug trackers after Chrome 55 added that download icon to the controls on HTML5 video elements, you'll find one comment after another from web developers whose clients were extremely unhappy about it. It wasn't just because it made it more obvious that people could download and save unprotected videos; obviously web developers knew this was possible before. It was also because the mere existence of the icon was causing visitors to those clients' sites to think that downloading and keeping the videos was permitted, even if it was totally against their terms. If you've never run a web business, you might not appreciate how much of a business finance and customer service problem even such a little change can cause, and equally how much hassle and abuse can be avoided just by making casual infringement a bit less easy/obvious.

Seems like the better option is to keep the suits out of technical discussions. Which I know is often not an option, but I don't see any reason for pretending that they aren't the root of problem. Expecting agnostic copying machines to not copy agnostically is deeply irrational.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

+1

Just because there's a standard doesn't mean it has to be used. DRM-free content will survive on its own merit, just as paid-for DRM content will survive on its own value. I would much rather have the opportunity for a consistent standards-based DRM implementation than the plethora of security-imploding crap we have today.

Anyone who thought the fight to keep DRM standards out of the W3C was going to be their ticket to not having to popularize content with their dollars was always a fool. The fight is against copyright extensions and for copyright reform. Operational standards are always in everyone's best interests.

I feel truly sorry for TBL on the political fallout from this, but it's absolutely the correct decision.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[e432776]

Thank you! I believe you hit the nail on the head, as has Sir Tim. Unfortunate, but not surprising, that FSF took the narrow and unproductive view.

We have "selected platforms" without standards

[raymorris]

> As soon as you introduce selective DRM for selected platforms and devices, it's not universal anymore.

"Selected platforms and devices" is what we get without a standard. We know that because we've tried that for 25 years. How many years could Linux users not access Netflix. When I first got involved with the IETF (web standards group), ActiveX was the popular way to implement DRM. Meaning you could only see the content using Internet Explorer on Windows. Talk about "selected platforms"! Later DRM on the web commonly used Java for a few years, then Flash. Flash-based DRM lasted for many years, and there are still many sites that require the security nightmare known as Flash because that's how they do their DRM.

Note in the above paragraph I never used the word "should". This isn't about what publishers "should" do, or what we'd like them to do. It's about what they actually do. What they actually do is require Flash in the best case DRM, and implement the Sony rootkit in other cases. Of course there are almost as many different ways of doing DRM as there are publishers using it - there is no standard.

On the other hand, we've long had standards for video and images such as mpeg and jpeg. Are those limited to "selected platforms and devices"? No, the entire point of standardization is that a standard can be implemented on any platform and device.

I've personally made the case against DRM to probably 100 of my customers (qho arw publishers) yet so many of them decide to go ahead and use DRM. About half choose a DRM solution that means I can't see their content on my device. Would a rather they each come up with their own incompatible, annoying DRM that doesn't let me view the content, or would I rather they use a compatible, cross-platform standard that anyone can view, developed with input from users? Given the options we actually have, I'd rather be involved in developing a usable standard than have another generation of Flash-based sites and Sony rootkits.

Re:We have "selected platforms" without standards

If everyone comes up with their own version, that means it will only be used by those few people.
Once it's a standard, every web page that wants to track you will require it, just like they require cookies.
And that's when the open web is finished, in a way that Flash never managed.

Re:We have "selected platforms" without standards

If you encrypt it, that means you don't want that information known to everyone to begin with. Which means it shouldn't be on a system whose entire reason for existence is the sharing of information.

I don't care if I can't view your encrypted crap, but for those that do: EME does not mandate that encryption be avaiable to every device. As the CDM or Content Decryption Module: may or may not separate the implementations of CDMs or treat them as separate from the user agent. This is transparent to the API and application This would seem to permit an EME to use an external program / plugin for decrypting content. If so, then the entire purpose of having EME is rendered completely pointless. The vendor can simply choose not to provide a CDM for the given platform / browser.

Where we get into problems with security is this: All messages and communication to and from the CDM, such as between the CDM and a license server, MUST be passed through the user agent. The CDM MUST NOT make direct out-of band network requests. All messages and communication other than those described in Direct Individualization MUST be passed through the application via the APIs defined in this specification. Specifically, all communication that contains application-, origin-, or content-specific information or is sent to a URL specified by the application or based on its origin, MUST pass through the APIs. This includes all license exchange messages. The "all license exchange messages" part. Virtually guarantees that people / groups like the MAFFIA will say that a browser that implements EME could be used to sniff the license keys (see Common Key Systems for why this info can be leaked. Spoiler: It must pass the keys though the browser.) and therefore must be protected by the DMCA and it's other applicable laws elsewhere. This would effectively make a web browser a legal black box. A black box that is currently being used as literally the world's OS. All of those web applications that we use everyday would then become uninspectable for bugs or defects. Security researchers would not be able to examine them nor release information about their findings to the public without approval from the developer. Making us all less safe online. (See all of the stories here on /. about how a bug that was known for 90 days never got fixed by the manufacturer even when it was known to be in use in the wild by malware packages. These stories would become illegal if EME gets implemented.)

I'm sorry if TBL wants a universal system. I can empathize with that, but what he is suggesting is neither universal nor in the world's best interests. What he suggests is contradictory to the purpose of system he helped implement to begin with. I'm sorry if he can't think ahead and see how his desire for a universal encryption system would be abused by those demanding it to the determent of the world. None of this is progress. It's a step back to prop up an obsolete business model because of an industry that has no desire to modernize itself.

This is bad, and you will not convince those demanding EME to step into the modern era. You will have to drag them kicking and screaming. Bowing down to their demands hurts all of us, and it's time we cut our losses and move on without them. They are not worth the damage that they want to inflict on all of us, and if you say that they are, you have absolutely no right to complain if you get hacked, loose all of your data, or are unable to fix something without the blessing* of the manufacturer. Why? Because you asked for it, you supported it, and you got it.

*"Blessing" typically meaning using only their parts and services at a huge markup.

Re:We have "selected platforms" without standards

[peppepz]

But EME are not a standardized form of DRM. With EME you don't get a standard platform that anyone can implement in order to watch DRM-protected media. EME is a standardization of HTML hooks that allow portions of a web page to be decoded by a closed source, proprietary, non standardized binary plugin, that the content provider will choose. The difference from the past is that before EME, publishers would force you to install their proprietary plugin. With EME, they'll force you to use the proprietary browser (Chrome) or operating system (Android) that they think will prevent you from downloading their stuff. It's arguably even worse than the Sony rootkit, because you can be forced to use an operating system that has no root access for you but is safe for them. And since the proprietary plugin will not even need to be installed, because it will most probably come built-in with the browser or the OS, content providers will have even less disincentive to make use of it.

Re:We have "selected platforms" without standards

[Solandri]

This is just another aspect of the question about the fundamental nature of freedom. If you are free, can you choose not to be free? And by corollary, if you cannot choose not to be free, are you truly free?

It crops up all over the place. Can citizens in a democracy vote to cease being a democracy? Does freedom of speech protect the speech of people who want to withdraw or limit the freedom of speech? And more relevant to this case, the BSD license vs the GNU license. Generalizing, the BSD license lets you do whatever you want with open source. OTOH if you use GNU-licensed open source to create something, you are required to release what you do as GNU-licensed open source itself.

Honestly I don't know for certain which is actually better, or if one is better in some situations, the other better in other situations. But I tend towards the more-freedom side for one reason: If you prohibit certain activities, you're deliberately prohibiting the exploration of certain portions of the solution space. I've yet to see a mathematical or logical argument demonstrating that the optimal solution can never reside within these prohibited solution spaces. So prohibiting them is based on ideology, not on reason. So I'm with Tim Berners-Lee on this one - as much as I dislike DRM, people who disagree with me should be free to experiment with it, including forming DRM standards if they wish.

Re:We have "selected platforms" without standards

"Selected platforms and devices" is what we get without a standard.

No, "selected platforms and devices" is what we get when there's a market leader that sets the de facto standard and that de facto standard is designed for "selected platforms and devices" precisely to segment usage in favor of "selected platforms and devices". Ie, you're confusing the chicken and the egg.

We know that because we've tried that for 25 years. How many years could Linux users not access Netflix. When I first got involved with the IETF (web standards group), ActiveX was the popular way to implement DRM. Meaning you could only see the content using Internet Explorer on Windows. Talk about "selected platforms"! Later DRM on the web commonly used Java for a few years, then Flash. Flash-based DRM lasted for many years, and there are still many sites that require the security nightmare known as Flash because that's how they do their DRM.

And the lesson is...that repeatedly "standards" have come to create a platform, DRM, to do the impossible: give users the ability to view content but do not gives users the ability to copy content. The "protection" keeps getting broken, so new "technology" is introduced that "really, for sure fixes" the problem, and it gets invented into the hottest "new" framework: this time it'ls HTML5. Yet the very fact that it's a single framework makes it a large, juicy target for piracy and the "protection" gets broken again. The only way to avoid this fate is to have "selected platforms and devices" to make you content segmented enough to not be a large enough target to be worth breaking*.

Nothing of value is learned. HTML5 as a "platform" dies for DRM, and we're left with all the cruft of supporting that shit indefinitely for "backwards compatibility". That last part is the real reason to not kowtow to such bullshit. Either this crap has to be supported indefinitely, or we'll see everyone moving off HTML5 to the new "thing" and it'll share the same fate as ActiveX, Java, and Flash: obsolete technology with no forward path. Who in their right mind would sanely invite that fate? Better to never support DRM and be potentially dropped outright than to stupidly repeat history.

* Btw, this is the nice paradox. Either you're too small--PlayForSure--and you're acknowledging you're not even worth protecting or you're so big--just about other DRM system--and will be broken. Maybe you'll be lucky, be middle tier and somehow fall through the cracks. Odds are good that--duh--, if you're that middle ground you're not going to be a huge pirate mecca anyways so the DRM is just shit you're throwing on that wastes your time and inconveniences people**.

** Even Steam can be an ass if you've got Linux and want to try to WINE bottle a specific game. Rampant piracy, of course, is best avoided by having competitive prices, not having a headache of a DRM system. So, Steam mostly is a small stick and a decent carrot and can work. But, honestly, it'd work without the stick. Just like the Google App store works.

As Much About Advertising as Copyright

[Kunedog]

Saying "universal" in this context seems more like a trick of language, tacitly admitting that DRM has to be EVERYWHERE or sane users would never put up with it.

EME proponents Netflix, Microsoft, Apple, and Google

Hey look, all the major browser makers, except one. Users still have a choice in Firefox.

Except that Youtube-owner Google spent hundreds of millions to obtain considerable financial influence over the browser maker thought most likely to resist (Mozilla). And then (what a coincidence!) Mozilla gave in on DRM, and seems perpetually bent on making dozens of other perplexing decisions that users can't stand, and seem outright designed to cost it market share.

Be assured that the other big (if not the main) reason they want DRM is to thwart adblock for videos. If they can compromise your browser/vidplayer to the degree that they've prevented you from even reading the content stream, then they've necessarily also prevented you from altering it.

Re:As Much About Advertising as Copyright

Mess with my adblock and I'll start using a patched browser.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[king+neckbeard]

But as you say, DRM doesn't and can't work. Why the fuck should we bow down to a party that will ultimately lose? There are other considerations, and if they have to go out of their way to use DRM, it will become a more costly approach. Make them pay for buggy, substandard solutions and they'll either get it together or be eaten alive by pirates providing a better experience.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

>If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser.

And that is what we do. It's not like raping and pillaging is supposed to be easy either.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

Where is this cross-platform? Nobody has a EME implementation for ARM, MIPS, PowerPC, SPARC, ... or on the OS side for OS/2, BeOS, Haiku, ... nor are there any plans to add them.
It will mean the beginning of the Intel-only web.

Better to collaborate with the nazis

Better to collaborate with the nazis, then being gassed along with the people you try to defend.

Bullshit!

"There will be DRM anyway, so we implement it for them" is no excuse for anything.

Do not let the web become Intel-only!

These DRM solutions are all Intel-only and will stay so for the foreseable future (maybe ARM if we get lucky).
Do not let the web become Intel-only!

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[Cmdln+Daco]

What '20 years of dictating web standards' tells me is that TBL has had his shot at it, and it's time for somebody else to get a chance.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[Cmdln+Daco]

But what if I want Flashes and Silverlights to only be installed on other people's equipment who choose to install it?

What if I don't want a Flash and a Silverlight embedded into each and every browser that it's possible for me to use?

Re:Unpopular here, but I'm with Berners-Lee. DRM e

I know this opinion will probably be unpopular here on Slashdot, but 20 years of engineering execution standards and execution technology tells me Berners-Lee is right on this one, from a standards perspective. Our choice, realistically, for some executions is between standardized, compatible, execution methods, or non-standard, incompatible executions that require homemade poisons, farming pesticides, or crazy use of electricity in a chair. This isn't about what we think states *should* do, it's about what states *actually* do.

From the 1990s through to today, some states have found a need for executions of one form or another, and over and over again they've asked me to help deploy them. I explain that an execution deterrent generally doesn't work and can't work. They then buy some execution solution based on chlorine, or napalm, or used coffee acid, or whatever is popular at the moment, and I can't have them use my clunky but workable standard executables. The story repeats over and over. How many years could execution users not have access to painfree and cheap standard executables?

The fact is, states will execute people. Lacking a standard way to do it, most states require napalm (which is a cleanup nightmare), Oklahoma injects pesticides into criminals' veins. Most states *shouldn't* use executions, perhaps, but they do. A few states have a strong case of why execution actually makes sense for their criminals.

There is no debate about this point - we KNOW states will execute people without a standard, because the DO. Lack of a standard for execution has never stopped them from hacking up really annoying executions.

Do we prefer a standardized, cross-state approach developed with input from "users" or do we prefer the Oklahoma pesticide approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent executions, they can only offer a reasonable way of doing it or leave states to implement it in all kinds of unreasonable ways.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

What if I don't want a Flash and a Silverlight embedded into each and every browser that it's possible for me to use?

It's usually possible to take such things out, or at least block them. What's the problem?

standarized non-working DRM

I have never seen a DRM protection that actually works, but it would be nice to have at least a standard for non-working DRM.
In the end it all boils down to a single "if()" in the browser source code, with a comment: // Please don't delete this line.
As an example, see the do-not-print and do-not-copy-paste bits in the PDF "standard".

Re:standarized non-working DRM

Unless.., this is implemented as a open source browser running a closed source binary to handle the DRM, which indeed sounds just as bad as running Flash.

Re:standarized non-working DRM

and that's exactly what it is, the closed source binary is called a CDM in terms of the EME standard,
black boxes not specified, but required

even calling it a 'standard' is ridiculous with that fact, 90% of the functionality is not specified

Amusingly

I've always thought it better to get a DRM standard in. But i'm anti DRM. Why?

Because we make the studios choose a DRM, put it in everything.. then we break it later. Tada, everything can be easily un-DRMed, and the lawyers can point at licensees and say "DRM is in the spec, we did our part"

Re:Amusingly

As long as content owners pay for the implementation, I'm all for the most complex DRM standard as possible. It still won't work, but at least it will be expensive.

Re:Amusingly

[JustNiz]

I believe the standard effectively just describes the nature of the interaction, and people can still use any DRM algorithm they want under the covers, so its still not a one-hack-cracks-all situation.

So and so

[Impy+the+Impiuos+Imp]

and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users

I question whether this position is truly "standing up on behalf of users".

Most users have governments which pass copyright laws predicated on the value of securing, for authors for limited times, exclusive right to profit from their works as a means of encouraging the creation of said works, the volume of which as a benefit for The People.

Factually mistaken. Needs only Javascript & AE

[raymorris]

> Nobody has a EME implementation for ARM, MIPS ...
It will mean the beginning of the Intel-only web.

That is factually incorrect. See Chromium for one open source example. EME can call any CDM, only one is required, called Clear Key. Clear Key is basically "the video is encrypted with AES, prompt the user to copy-paste the key". Clear Key (and therefore EME) can be implemented in nothing more than (clever) Javascript, so any platform that can run Javascript can run EME.

Of course it isn't *normally* implemented in Javascript, but it can be.

The web is such a failure, nobody ever used it

[raymorris]

Yeah the web has been a complete failure under W3C and IETF. I'd never use the web, and I'm sure you wouldn't either.

I'll Workaround it anyways, go ahead...

When you can write code at the kernel level you really stop caring about such stupid things....

Lets see.... X11 Composite extension to snag the video and save it to a file unencrypted. Maybe 1 or 2 days of coding.

Hack the DRI interface at the kernel to dump the framebuffer into a memory backed buffer with a kernel thread writing to disk..... Maybe a week or two...

Run the browser over a professional grade opengl X11 server such as exceed and capture the network stream....

Use a projector in a big room then film the wall just like people do in theaters.

Broadcast the current screen as a live stream and park it on a series playing episodes in order....

Write an LD_PRELOAD hack to override the system C and C++ libraries before the browser loads, or just modify the linker directly to lie. Then intercept whatever call they use and dump it whilst lying to the application about the result of certain operations (such as equality checks with operator overloading).

Use a VM and run the video full screen whilst the host OS is capturing video and audio. (Hack the kernel in the VM to lie about being a VM when asked about hardware)

Shall I keep going? Implement your fucking DRM. I challenge you!

Re:Unpopular here, but I'm with Berners-Lee. DRM e

If we don't want Flash and Silverlight we should be for having something comparable right inside the browser?
Flash doesn't get better by being an integral part of the browser, it still is not possible for the users to fix, it still is not available on any but the top-3 platforms and top-1 CPU architecture, it still is not possible for security researchers to independently audit etc. etc.
It's like Flash, just a tiny but less obnoxious but instead with 100% market penetration and thus unlike Flash it will be everywhere and we will never get rid of it. Not a good deal.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

If we don't want Flash and Silverlight we should be for having something comparable right inside the browser?

We already effectively do have all the parts of flash right in the browser already except for the DRM. But then since we need to add something else to get the DRM, we end up getting all of those things all over again in some other form and adding a lot of unnecessary attack surface.

It's not like you won't be able to get an OSS build which doesn't have the DRM.

Re:Factually mistaken. Needs only Javascript &

[king+neckbeard]

Yes, but if the only protection is clever javascript, there will be a script to rip the content in -3 seconds, making the DRM pointless.

It's because of Hollywood

[Solandri]

The studios approve two types of devices if you wish to stream their coopyrighted content. One approval is for a hardware device - a phone, tablet, dedicated player (e.g. Roku), Blu-ray player, etc. You submit a sample of this hardware, they go over it and OK it, and authorize you to stream to it. This is why the iPhones got Netflix before Android phones. Netflix had to submit just a few iPhone models for approval, so that happened pretty quickly. They had to submit hundreds of Android phone models for approval, so that took some time.

The second type of approval is for software players. If you want to stream to a software player running on a general purpose computing device, Hollywood has much more stringent requirements. Their fear is that you'll run another program along-side the streaming video that peeks into the memory containing the decrypted stream, and save stream to disk thus giving you a DRM-free digital copy of the movie. Their "solution" is that the DRM and video decode process has to happen inside an encrypted virtual machine, which then sends each frame directly to the display device. They don't want a native Windows or OS X or Liinux binary which does this because someone could theoretically modify the binary before running to weaken or pierce the encrypted VM. That's why the players are coded in Flash or Silverlight (theoretically you could modify those as well, but it's a lot harder since a new copy of the player is sent when you begin streaming the movie).

This insanity is also why playing streamed movies on PC requires much heftier hardware than mobile devices. Because the entire decode process has to happen inside the encrypted VM, you can't take advantage of dedicated video decode hardware built into every GPU since the late 1990s. The entire thing has to be done in software (moreover, software running in a VM). It's extremely CPU-intensive. That's why until recently you needed an i3 or better (Pentium or Atom wasn't enough) to stream 1080p movies from Netflix, Hulu, etc, while your phone with a low-end ARM processor could stream the same 1080p movie with no problems. Because the phone was approved as a hardware device, it's allowed to use dedicated video decoding hardware.

Re:It's because of Hollywood

[whh3]

Fascinating post. I was wondering if you had any links or reference material that describe such an "encrypted VM" -- I would love to learn more about it!

Thanks for such a great post. I really found it incredibly fascinating!

Re: It's because of Hollywood

And we would like to subscribe to the newsletter!

Re:It's because of Hollywood

[DontBeAMoran]

While I understand Hollywood's point of view, it still doesn't explain why Netflix has to work in a web browser. If they can lock down browsers or browsers plug-ins, surely they can lock down a self-contained software player.

Re:It's because of Hollywood

You can't use hardware acceleration with codecs that are newer than what's built into the hardware.

Also currently netflix 4K requires new Intel processors because the "encrypted VM" is built into the integrated GPU which protects the memory where the video is being pushed.

Re:Factually mistaken. Needs only Javascript &

What you write is utter nonsense.
Clear Key will not work on ANY site, so its existence is irrelevant.
EVERYONE will require an Intel-only CDM. Ok, so I wrote EME when I should have written CDM.
It's not about what CAN be, they COULD implement widevine CDM for RiscV on Haiku tomorrow, proving me wrong.
They COULD stop using DRM, making this irrelevant.
The point is about what WILL happen (and I am willing to bet this is a WILL, not a MIGHT, and that a larger and larger part of the web will be behind DRM that will not be available except on very few architectures and OS).

One standard to break

[Kernel+Kurtz]

Better to only have to work around one DRM implementation than a bunch of different ones, cause you know they are going to happen regardless.

CSS anyone?

Protected by AES key, not cleverness of JavaScript

[raymorris]

> if the only protection is clever javascript

The protection isn't in the Javascript. The protection is that the content is encrypted with AES. Only a user with the key can decrypt the content. The Javascript is "clever" only in that it manipulates html tags that the browser doesn't natively understand, etc.

> there will be a script to rip the content in -3 seconds,

Absolutely. EME doesn't provide any protection whatsoever against an authorized user ripping the content. That's outside the scope of EME. The one decryption that option that's required to be supported, Clear Key (simple, unadorned aes) *only* ensures the content is available only to authorized users (who have the key). It has no protection against ripping or anything else done by authorized users.

> making the DRM pointless.

Right, there is no DRM in EME, or required by EME. EME is a small set of functions for a browser to find out how it should play some content. That "how" is separate from EME. EME could be used to say "this video is compressed zip version 9, unzip it with a compatible program before playing it". Or it could be used to tell the browser "this video is available in four bitrates and three codecs." Or it could be used to say "decode this video with a module called opendrm". Those things are separate from EME.

Re:Factually mistaken. Needs only Javascript &

DRM _IS_ pointless. The implementation of this standard will boil down to a single if() in the source code of open source browsers, either disable copying of content or to enable a closed source plugin. Even with digital signatures, blocking "non-compliant" plugins from accessing the content is still a single if() somewhere in the code. The standard could mandate that a comment "// please don't remove this line." must be added to the source code of browsers, but in my view that counts as non-working DRM.

*SIR* Tim Berners-Lee

[gumpish]

This is the same assclown who thought llittle-endian hostnames would be a great idea so now we're stuck with shit like:

store.mysite.com/some-category/some-product

instead of the more sensible:

com.mysite.store/some-category/some-product

for the rest of eternity. (Not to mention the brilliant idea to stuff a couple of slashes after the protocol name for no fucking reason.) What the fuck was this guy doing before he thought of adding pictures to gopher? Because it couldn't have been anything important...

Re:*SIR* Tim Berners-Lee

[JustNiz]

Still not half as bad as the stupid American date convention of
Month-Day-Year.

Re:*SIR* Tim Berners-Lee

Yes, as compared to what you created which is nothing at all.

Go fuck yourself.

Re:*SIR* Tim Berners-Lee

[mccalli]

What? He had nothing to do with DNS, that's all pre-the web. I used to use the old uk.ac.someuni.somemachine conventions on JANET in 1990, then we bridged over to the internet and had to start using the other one. Definitely pre-web.

Re:*SIR* Tim Berners-Lee

How the hell is that more sensible? If it's the store or just some about page or something, knowing that first is more important than seeing the "com" first. Why do we even need the com there are all?

Re:*SIR* Tim Berners-Lee

This is the same assclown who thought llittle-endian hostnames

Is this a troll?

Think back to the first time you used DNS. Now think back to when the web first appeared. Which came first?

There ya go.

You are predicting the past (and wrongly)

[raymorris]

> Clear Key will not work on ANY site, so its existence is irrelevant.

It *is* working, and has been working.

It always amuses me when people predict the *past* and still manage to get it wrong.

Re:You are predicting the past (and wrongly)

Please tell me which legal, generally available video streaming sites support Clear Key (officially).

Lets get pragmitic for a moment

[JustNiz]

I hate DRM as much as anyone but lets face it, if he did not ratify it into the standard, DRM isn't then just gonna magically go away.
The only effect not ratifying it would actually have is to ensure the continued existence of a fragmented mess of multiple different actual implementations across different sites.

BSD and GPL have history of successes

[raymorris]

> And more relevant to this case, the BSD license vs the GNU license. Generalizing, the BSD license lets you do whatever you want with open source. OTOH if you use GNU-licensed open source to create something, you are required to release what you do as GNU-licensed open source itself.
>
> Honestly I don't know for certain which is actually better, or if one is better in some situations, the other better in other situations.

It seems to me that each fits different needs slightly better. Certainly, the GPLv2 has been wildly successful, with Linux and millions of other software packages. We all know what the BSD licenses are, more or less, so apparently they are successful too - you don't know about the Morris Public License, because it wasn't successful. What I choose for a particular project depends on my goals and how I expect it to be used.

We'll see how GPLv3 does compared to GPLv2. Personally, I don't use GPL v3 at all, if I have the option.

Re:Protected by AES key, not cleverness of JavaScr

It will totally work as long as the AES key is stored on a computer that is never connected to the internet, or even better, only written on a piece of paper. (and you may as well encrypt random data, since no-one would be able to decrypt it.)

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[klingens]

>Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach? Those are the realistic options we can actually choose from. The standards bodies can't prevent DRM, they can only offer a reasonable way of doing it or leave publishers to implement it in all kinds of unreasonable ways.

EME is neither a viable standard nor is it in any way cross-platform and there was zero input from users. The input came from Adobe, Microsoft, Google, etc.
EME is basically something like NPAPI. it has a few API/html statements and is otherwise a proprietary blackbox for only very specific OSes, browsers, etc.
In this it works exactly 100% the same as Flash did: both have the same propeties.
EME is one of the unreasonable ways.

No free lunch

Those who cannot code their way out of a wet diaper need to get a grip and realize that giving away code only works when you have a benefactor to support you, and in the real world that benefactor is most often a fortune 500 company who profits from your work. This isn't T-Ball, you don't get a trophy just for showing up.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[Princeofcups]

Exactly. If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser. I, for one, do not. I will choose the lesser evil. We're going to need it until we "fix" copyright law, which could take literally forever.

One political revolution will end it pretty quickly. For some reason the US thinks they are immune to such a change, even when they see it happening all around them.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[DamnStupidElf]

I would happily support DRM that actually cared about customers' rights. I want the guarantee that, like physical media, DRM-protected content will be available in the far future. Blu-ray already fails this test, and I only purchase Blu-rays to strip the DRM and save a long-term format. I want the ability to gift, loan, or sell any media that I possess the rights to. I don't want to possess merely a ticket which grants me admittance to content for a limited time, under limited conditions, subject to the dissolution of whatever producer, licencor, or operator manages the DRM scheme.

Because piracy has absolutely no effect on 99% of customers I am fairly certain that what content producers/licencors truly fear is "casual piracy" and fair use like loans and libraries where market forces drive the resale cost of digital media down to its natural price in the free market.

It's perfectly natural to resist inferior DRM schemes by refusing to make them standard. If you want me to support an open DRM standard then it needs to be capability based with normal customers like you or me represented as first class owners of those capabilities and implement a durable scheme for transfer of those capabilities into the indefinite future.

For example, consider a ownership-based scheme where producers issue N digitally-signed capabilities to a particular copyrighted work and sell them to customers on an electronic marketplace. Bitcoin has proven that it's possible to maintain a globally consistent transaction ledger of ownership of individual tokens, and a much cheaper implementation could maintain ownership and facilitate programmatic transfer of capabilities to digital works (to support sales, gifts, and even temporary loans) because the marginal value of acquiring more than one capability to the same work is zero and so there will be little need to spend gigawatts of electricity maintaining the blockchain against adversaries. The copyrighted work doesn't even have to be encrypted. Just make standards-compliant devices/software require current ownership of a capability to use the work. Yes, this is an easily defeated scheme for pirates, but so is every other DRM scheme. At least this respects individual property rights, the first sale doctrine, fair use, and libraries for the vast majority of users.

Has something worked well in Oklahoma?

[raymorris]

Quite clever. Let's be a tad more clear. Is there something you saw tried regarding death penalty policy that has worked so well in Oklahoma that you want to apply the same approach more broadly?

Or are you pointing that the approach you favor for all issues has utterly and completely failed when applied to the death penatly debate?

Re:Unpopular here, but I'm with Berners-Lee. DRM e

If we want more Flashes and more Silverlights, by all means, fight against DRM in the browser. I, for one, do not. I will choose the lesser evil.

You're assuming that they will be satisfied with whatever the DRM standard is and not go back to Flashes or Silverlights because they like them better. The problem with standardizing DRM is that it doesn't prevent companies from doing non-standard DRM if they still want to. Given that reality I would prefer that the standards bodies did not participate because it gains us nothing.

Damn fucking straight.

And it rather shows how someone having a bright idea doesn't stop them being a fucking moron. Tim, you're a fucking moron. Get a fucking clue and LISTEN TO YOURSELF sometime.

TIA, The Entire Internet.

So it's better I have the content for free

in case I need it, even though I don't actually need it. Therefore copyright infringement is absolutely fine by you, right?

OR is your assertion as a hypocrite?

Re:So it's better I have the content for free

[VernonNemitz]

Do you or do you not understand what "IN GENERAL" means? Also, I wasn't talking about only me possibly someday needing DRM for something; the current data indicates that no one actually needs it for anything. Not to mention that since all existing DRM systems seem to have major flaws, it follows that the tech should perhaps be perfected before anyone uses it. Finally, the last gasp of copyright idiocy should happen about the time someone invents a way to stimulate the average human brain to do something known as "eidetic recall". Every song you've ever heard is already in your brain, and it can be perfectly recalled, no iPod or equivalent needed.

We have the money.

Quite what they think they'll buy with copies of the next movie is anyone's guess.

But here in reality the situation is 180 degrees turned around from your "thought". If they want to sell us content or even sell our eyes AS the content, they have to make it available. Behind DRM nobody can unlock and they don't even have the next movie to exchange for their electric bill being paid.

WE DO NOT NEED THE CONTENT.

The content is something we will find with or without them.

Therefore they can't win this war, since they have nothing if they don't let us access it. And with DRM, that's not letting us access it.

NB: will the content be outside copyright, since it will never be held to its end of the bargain?

Re:We have the money.

[Anonymous+Brave+Guy]

WE DO NOT NEED THE CONTENT.

The content is something we will find with or without them.

Then why do pirates keep ripping the latest Hollywood blockbuster, Game of Thrones season or Adele single, instead of all the other stuff that was around before?

You might not need the content, but apparently plenty of pirates want it, and certainly plenty of people will pay to get it in other ways that maybe aren't so amenable to ripping it off.

Re:We have the money.

[king+neckbeard]

Because they've already ripped the other things, and in many cases, much of the older stuff has exceeded a lot of its relevance. And of course, if it's legal, its not considered pirating, and thus you are simply an archivist.

That has nothing to do with the asymmetry in the struggle here. Movie studios are trying to make copying machines not copy so they can share media that can't be shared. They have to give the keys to the user, but can't let the user have the key. By contrast, the pirates want to copy and share the media and key with the copying machines. One side has a much easier task than the other.

Indeed the only way to standardise DRM is BSD it

INCLUDING the authoritative keys. Otherwise I can't implement it in my web browser because Netflix won't see a signature that it accepts is a legitimate target for the data it wants to send. Of course they won't allow that because I could write my browser so that it recaptures the video output rather than throwing it to hardware and not looking. But without that, only the closed source and legally mandated as unavailable except to the most wealthy and accepted "content creators" can write a browser.

Which is why this scheme is bullshit.

You will not be able to write Firefox and release the source code and have it access the DRM'd content, because you, the customer, is not trusted, and only those trusted by media will be allowed access.

Without DRM, there's no issue with trust and I can write my own browser to access video.

With DRM, I can not.

We have unlimited compatibility with real standard

What they actually do is require Flash in the best case DRM, and implement the Sony rootkit in other cases.

You're leaving out 99% of the cases.

Usually what they really do, is one of the above things, which doesn't work for anyone so it has to be pirated. And then everyone plays the pirated version, because it's the only one that works. And the pirated version works perfectly, and isn't limited to "select devices."

There already is a standard for DRM: not having it. Every time some fuckwit tries to "improve" on that (by making it not work as well), the market upgrades their perverted abortion to the standard.

There is a way to make it right/thwart it.

[Gravis+Zero]

The W3C Encrypted Media Extensions only defines a way to use Content Decryption Modules (DRM) but there is no definition for the the modules themselves. If their interface and format were 100% defined then that would be ok. However, they have specifically gone out of their way to avoid defining CDMs because they want to make CDMs platform specific and be able to reach deep into your operating system to "verify the environment". Just say they can have the EME if they completely define the CDMs and suddenly you will have exposed the fight for secrecy.

Re:There is a way to make it right/thwart it.

Firefox on my Linux machine: "I solemnly swear that I'm a Microsoft Edge, on a 100% trustworthy Windows 10 machine, and will send the content only to the appropriate (and unmodified) CDM, send the output directly to the screen buffer, and disable playback when the user starts /sbin/simplescreenrecorder (Shit, is that even available on Win 10?) so help me God. Please hand over the data and DRM keys."

You don't need it in a browser.

Your TV has an app. You used to watch movies with an app called "Media Player".

So, no you don't need it in a browser. Having it in a browser only "means" something if the DRM code is freely available, unpatented, and can be implemented by anyone. Otherwise it's not a browswer, it's just an app that uses http transfers. It's as much a browser as MSOXML makes MS Office documents a browser product.

Re:You don't need it in a browser.

[dissy]

Having it in a browser only "means" something if the DRM code is freely available, unpatented, and can be implemented by anyone.

Which is exactly what we are talking about, unlike the rest of your post.

Just like I can install a freely available and implementable by anyone SSH client, which does not include the key files to access your data, this very discussion is on freely available and implementable by anyone DRM encryption that similarly does not include the key files to access just anyone's media.

So unless your complaint is that OpenSSH is not open software due to not including a private key to access my servers, I fail to see why you would object like you are to open DRM standards that work the same way.

Again I refuse to run Flash in my browser due to the choices and desires of people like you, and will continue to refuse to do so.

There is no standard DRM in the change.

There is no DRM at all in it. Not there.Nonexistent. Not a standard. All that#s standardised is the tags you close the black box bitstream in to say "pass this on to this black box decoder that is 100% identical to flash, except every assclown will have written their own".

IOW the "standard" says "Here is how you specify this is DRMd conent". THERE IS NO STANDARD DRM IN IT.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

One political revolution will end it pretty quickly. For some reason the US thinks they are immune to such a change, even when they see it happening all around them.

If we do have a revolution, I doubt we'll even get around to fixing copyright. It'll just be a new gang of assholes in business soon enough.

Re:Tim can go and fuck himself.

[behrooz0az]

The language is not good, alright. but parent makes a valid point.
I would really love to see someone enlighten me on why it's downvoted to -1 for any reasons other than that.

Freedom is better than DRM, Netflix, etc.

[jbn-o]

Your framing, as with anyone who says DRM is somehow necessary, is giving into those who would take away the freedom the web was built on. I'd rather have a free web than a web DRM-based business owners feel more comfortable with because I value my freedom.

Even in the narrow terms defended by DRM quislings DRM doesn't work to exclude those who share copies of DRM'd works; virtually everything Netflix publishes is available gratis online anyhow. So what we end up is the very divided web DRM proponents claim will be avoided with DRM. Thus this debate isn't really about pursuing that alleged unification. Better to push for the freedom that got us to the point where businesses took an interest and sought to divide and conquer.

Re:Freedom is better than DRM, Netflix, etc.

[Kohath]

I think a lot of people would rather have Netflix. Does the existence of Netflix preclude anything anyone else wants to do? Because not having DRM available precludes Netflix, and a lot of people seem to value Netflix.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

No, we don't have the "binary, single-OS and single CPU architecture blobs" part of flash in our browsers today, which is the problem and the source of many of the issues with Flash.
The DRM part is exactly what that adds just this.
That you can get it without it is not relevant: The default download will contain it, your parent's computer you have to fix will contain it, loads of websites will require it. What you're saying is like claiming that Flash was never an issue because you could always get a browser without it!

Positive Uses for DRM

Could DRM be used by individuals as a form of private communication? They seem intent on putting a lot of work to make is secure and easy to use. Could I use DRM for secure communications between me and my friends? I've tried with PGP, and it was a real pain.

Is TBL actually "calling out" DRM?

Think about it. Everyone is trying to keep the stone from rolling down the hill...rather than allowing the stone to roll, and be there to pickup the pieces. If it's bad then it will fail..if it's good it will succeed: not giving DRM a shot is basically like telling some small independent writer...screw you, you have no right to control your work.

Re:Is TBL actually "calling out" DRM?

[king+neckbeard]

If we are going with rolling stone metaphors, I'd call the pro-DRM side Sisyphus and be a lot more accurate.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[Waccoon]

Indeed. It's worth nothing that both Chrome and (soon) Firefox will banish plugins, ensuring that whatever DRM exists out there will have to be built into the browser through political clout and sponsorships. That means if you don't like the DRM, you have no ability to uninstall it, or possibly even disable it.

At the very least, we need a standard mechanism for managing DRM, which hopefully means being able to turn it off.

Re: Unpopular here, but I'm with Berners-Lee. DRM

But since that revolution will never happen, it's useless to discuss it.

There is no standard DRM in the standard

There's only a standard way to tell the browser that this is DRM'd content to hand off to a propriatory black box that is outside the standard.

Quite why slashdot, a geek tech site, gets such a moronic claim so highly recommended can only be explained by shills and retards infesting the site.

Why the surprise?

Tim Berners-Lee is over 60 now. He's well into the age where one knows which battles can be won, which cannot but be lost and which aren't worth fighting. Fighting DRM at this stage is futile, it's been a lost battle since a long long time. We might have had a better deal but this is better than nothing. It's easy for a basement-dweller neckbeard to type "no compromises" with their pudgy fingers on dorito-encrusted keyboards but out here in the real world we have to deal with armies of lawyers and lobbyists, and a public opinion that could not care less. We can play ball and accept DRM or the Internet will be balkanized (it's already happening) or simply turned into a larger version of Facebook, and into a million little walled gardens. Sir Berners-Lee is a realist and is still pushing for an Internet that, though not as free as we hoped it would be, is still better than the alternative. Make no mistake, the opposing side here as ALL the advantages, and despite what some deluded comments here say, we do NOT have the advantage of numbers. Maybe in the '90s it was true but not it's no longer the case. It's time to grow up and accept a compromise that still allows us some freedom of movement rather than be completely defeated.

Re:Why the surprise?

[JohnFen]

this is better than nothing.

I don't think a good case for this statement has been made.

Re: Tim can go and fuck himself.

[easyTree]

Attacks the man not the ideas.

Keep their shit to themselves

Nobody is forcing the media companies to use the internet. If they want to use it, they can deal with it. We should not have to.

I don't watch their crap in my browser, why should I have to have a browser with this trash built in?

Why should I have hardware in my computer to handle this crap? Waste of good silicon.

Re:Unpopular here, but I'm with Berners-Lee. DRM e

Do we prefer a standardized, cross-platform approach developed with input from users or do we prefer the Sony rootkit approach?

False option on the dichotomy. The input coming from actual users is that we do not want it on the standard (or from some users that want it on the standard). The input on how to implement it is coming from the companies.

Either option pushes forward someone's interests. Because I believe in universal access to culture, I prefer the Sony rootkit approach, because it reinforces the idea that only DRM free stuff is safe, makes the "legal" way harder (when DRMd), favors DRM free vendors (these are actually selling the culture, not renting it), and favors piracy for those products that doesn't have a drm free option, and the free sharing of culture. Standardizing the DRM gives it a false sense of security, makes it easier to rent the content you are allowed to in your region (reducing overall spread), and pushes forward the interests of those who want to limit access to culture (by keeping the culture locked in their servers and only allowing certain people temporarily see it).

Re:Unpopular here, but I'm with Berners-Lee. DRM e

His point was that DRMing the browsers was equivalent to having Flash and Silverlight in every browser that it's possible to use. I agree with him.

it's sad

[SuperDre]

it's sad DRM is needed, but people are responsible for that themselves. If people would never have ripped copies then DRM would never have been needed.
Now, for the internet to be "universal", that's just a load of crap, as a lot sites do not work acros a lot of browser, mostly they only work in the webdev's favorite browser (which mostly is Chrome or Safari), even though those browsers are acting more like what dev's in the past accused IE6 for doing (going beyond the defined specifications)..

Re:Unpopular here, but I'm with Berners-Lee. DRM e

[drinkypoo]

His point was that DRMing the browsers was equivalent to having Flash and Silverlight in every browser that it's possible to use. I agree with him.

You're both wrong. Flash and Silverlight come with vastly more than DRM. If anything, it's like having a small part of one or the other of them in the browser. You can still object to that if you like, but it's not the same thing.