Slashdot Mirror
W3C Erects DRM As Web Standard (theregister.co.uk)
The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
Digital rights is an ugly theft of words implying the rights of people, rather than the rights of greed ie digital wrongs. Where is the right to privacy, absent. Where it the right to the truth, absent. Where is the right to freedom from censorship, absent. All that is covered is the digital right to greed and the ability to print money and censor and silence the public, think those digital wrongs tools wont be extended out to mass censorship, how wrong you are.
Chaos - everything, everywhere, everywhen
Are there vendors, browsers or developers who have committed to not adopt this standard?
As with almost all technology, it depends on context.
DRM can be abused to lock up content far in excess of normal copyright protections.
DRM also makes new and useful business models practical, giving us modern replacements for old school rental stores from the likes of Netflix and Spotify, which obvious work out for a lot of people.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
No DRM has ever been effective in its stated purpose.
Stripping A/V from a stream is trivial.
The best way to circumvent it is to simply make iso files from DVD's and Blurays. It is so trivial APK and Hairyfeet could do it!
I don't really care if the support is there as long as I'm notified that content is so crippled so I can avoid it.
"Standard" is just a label you give to a proposal. Right now all effort has been focussed on preventing to stick that label on EME. I think that effort could have been spent better.
You can for example make browser vendors adopt only DRM plugins that charge money for each visit, that will drive away all the little websites and makes every website owner think twice before they put their video under EME DRM. Really the worst that can happen now is that every video website on the web starts putting all their video into this EME DRM. This is what the actual war is about.
However, you can't introduce such a payment barrier overnight, as there is still flash. Users must uninstall flash in large numbers, and once browsers don't offer the flash plugin any more, you can make websites pay. So first step, petition people you know to uninstall flash, and all other plugins, maybe uninstall it yourself, and then as second step petition website owners which require flash to drop that requirement. Petitioning while you still have flash enabled may be more comfortable, but it sort of misses the point.
member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations
Clearly, the W3C created the EME standard to please its "member organizations".
Actually, these days DRM encourages piracy because it gets in the way of legally purchased media.
In this case, because of the method of application, this DRM is bad.
It hijacks YOUR computer because THEY want to control what you do with "their" data. The context that could make DRM fine is if it were in control of the two people on either end of the conversation (so that Alice and Bob can stop Charlie from listening in), but this one has Alice cutting Bob out too because they're "afraid" that Bob might record the conversation.
That just does not work.
But the context of in the HTML standard, when the "DRM" bit isn't actually part of the standard? Fuck no. A train wreck of an idea.
So does this stop simple screen capture software that people have been using for years?
it doesn't work.
but makes the ecosystem for browsers a pay-to-play ecosystem.
it's basically just geared towards monopolization for the players that made this standard.
and microsoft has had it's hands in a bunch of drm solutions all of which it has promptly dropped or just decided to ignore on their products. like... you know... if ms made a video+audio drm solution.. ....and didnt use it on their phones while licensing it out with stupid, stupid licensing restrictions say to nokia say something like 12 years ago.. (the stupid licensing restrictions were that to make a multimedia plugin on symbian 7.0s nokias onwards, you had to have developer permissions granted by nokia. one of the excuses nokia used in this pay to play ecosystem of theirs was that you could break drm on shitty ringtones with it that nobody gave a shit about - also you could break the drm on shitty video clips that had already broken drm and had much better quality rips in the wild.
it doesn't work and it can't be open source for the obvious reasons so whats the fucking point - and by it doesn't work I mean it doesnt keep it off the internets - or seriously are they gonig to stop people from hooking up to hdmi ? I SERIOUSLY doubt the viability of any streaming service that does that.
world was created 5 seconds before this post as it is.
This does nothing to keep me from pointing a high-speed, high-resolution camera at my screen.
It also does nothing to stop me from doing a "tear-down" of my high-resolution, HDMI, DRM-compliant monitor and monitoring the electrical signals that make the pixels light up.
Sure, this is awkward and expensive, but I, er, I mean people like me in other countries, only have to do this once (per video) then put the results up on the Interwebs for everyone to download.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So, it looks like the open Web has a new enemy, and its name is EnEME.
Ask me about repetitive DNA
A standard is only as good as it is implemented in the wild. W3C can recommend all it wants but if web masters refuse to implement it or adopt it, it is just so much wasted documentation. This will likely result in a huge fragmentation of the web not seen since the AOL, Prodigy days of the past.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Quite true; Digital Restrictions Management (contrary to what another poster said, smart people do realize and don't allow the reframing of the language away from how most people experience DRM) doesn't affect those who get their copies stripped of the restrictions as is commonplace amongst those who share. DRM chiefly adversely affects those who participate in the process (whether they spend their own money to do it or are given it gratis).
DRM is the excuse publishers use to justify the ongoing control over one's computer, spying regime modern-day DRM schemes make possible and use, and thus pose genuine risks to everyday computer users. This is not about "balancing" rights as another poster said, this is about copyright holders and their business partners using a mechanism to get more control over your devices, your privacy, and your life than they ought to have. To publishers who claim they wouldn't engage in the process without DRM, I say that's fine but I want to see proof and lots of it; please don't publish without DRM controls you couldn't have a few short years ago (remember that DRM schemes always become more onerous over time and publishers always try to convince the public they can't get by without the higher degree of control). Let your competition distribute their work at whatever price they think they can get DRM-free and do with the reduced competition. The publisher's threat is (taken on the whole) an empty threat and everyone knows it.
Digital Citizen
If you wish to cause the current system of DRM to implode it's actually really easy, you just need to know how to play by their rules. All you need to do is simulate the CDM plugin environment of Microsoft's Edge browser and package it as a single program that can write the output to an unprotected file. It doesn't even have to output an optimized video file, a raw capture will do. They will be contractually obligated to stop using CDMs because they can no longer meet the standard of the "robustness rules".
With any other browser, it would mean only that specific browser would be unable to use CDMs but Microsoft isn't about to be left out of the game they helped fix.
Anons need not reply. Questions end with a question mark.
As with almost all technology, it depends on context.
The context of EME is the worlds Internet users.
DRM can be abused to lock up content far in excess of normal copyright protections.
DRM also makes new and useful business models practical, giving us modern replacements for old school rental stores from the likes of Netflix and Spotify, which obvious work out for a lot of people.
There is no mystery or question surrounding the result.
Content providers are somewhat limited to means of access and distribution to what people actually have unless willing or able to go out of their way. When you lower the barrier for making DRM viable the practical result is more DRM. This WILL happen.
This means more browsers downloading and executing black boxes from companies like Adobe. An outstanding trustworthy organization with an absolutely out of this world stellar security record.
For those who think restricting access and encouraging proliferation of closed proprietary bullshit is bad widespread EME in browsers does exactly this.
Protocol/standards designers have very little actual power to dictate terms to anyone yet they are hardly powerless. While capacity for mitigating unchecked commercial interests is often severely constrained the capacity to cause damage by letting them run rampant is not so limited.
When organizations like W3C allow themselves to be corrupted ICANN style it's time for those who care to divest themselves and support a competing structure. W3C is VOTING for the legitimacy to go ahead with this knowing full well there is nothing approaching broad consensus on the subject. The procedures they are using to achieve the desired result (DRM) is explicitly against their own stated principals.
The only question remaining is whether protected content will be accessible through a general purpose web browser. If not, subscribers will abandon the browser for the app.
The app that has already been integrated into their smartphone, tablet, HDTV, video game console, set top box, etc.
The streaming music service I use has 30 million tracks to explore. It would be very tempting to settle in there to stay. If you want me to have a look at what can be found elsewhere, don't make it anymore difficult than it needs to be.
This mostly seems to be a combination of paranoia and slippery slope fallacies, and for someone who wants to see "proof and lots of it", your own argument is remarkably devoid of any supporting evidence.
I suggest to you that the existence of services like Netflix is beneficial to a great many people, who now get to enjoy more content at lower cost than they otherwise would have. I also suggest that services like Netflix would be much less practical without DRM, since obviously anyone could just sign up for whatever the minimum period is these days, download huge amounts of unprotected content to keep them going for a while, and then immediately cancel their subscription so they don't have to keep paying even though they're still enjoying the content. And finally, I suggest that the average Netflix user doesn't even know what DRM is or "experience" it at all.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Ye'll nevarrrrr stop me ye scurvy dogs!
Is if your endpoint audio/video devices support HDCP and negotiate a connect with the remote server.
Anything less that that (notably relying on the Intel ME, AMD PSP, Arm Trustzone, or other TPM module implementation) allows the possibility of the stream being intercepted while still in digital form.
Even excluding all of those, all that is required *WITH* all this DRM in place to copy it is analog output of the audio to a capture device, and capture of the video stream from a monitor via a camera of sufficient resolution to capture the detail you want in the ripped video. Basically 'camming' like in the movie theater but off your local device.
The irony is all this shit can be ripped right now because of exploitable 'dedicated' devices, such as the TV sticks and roku boxes and such, which are how all the high quality rips ending up on the internet are getting there.
If they were serious about protecting their own intellectual property they would skip these web standards for about 3-5 years and revisit them with the lessons learned from making all those other devices airtight.
In the meantime it is just a violation of my security and my liberty for a bunch of assholes who haven't ever created anything, and who are still rehashing actual creators 'bought' ideas for the nth time (Matrix, Star Wars, etc all) Much like the discussion about patent law, it is about time to revisit copyright law and see about severely curtaining its money and power so it can return to being limited time private property for the good of the *CREATOR* (and not simply producer, publisher overpaid actors and other leechs, as it often is today) and after a sufficient time to recoup their expenses and a tidy profit towards producing a slightly more grandoise venture next time, returning it to the public where it can be built upon like so many other folk tales, tall tales, legends and other cultural works and respun into creations that would either reinspire their own creators or mollify them at how their work was reinterpreted. The more fluid culture is the faster it can grow, expand and refine itself. The current constrictive nature of copyright is only holding back the full potential, especially in regards to helping original creators shake off their own presumptions about what their own works mean.
Could somebody please explain to me how any DRM thingy can ever hope to prevent a dedicated individual from simply recording what is on his screen with another device? Just stick your HDMI cable into a recorder, no? What is this trying to achieve, exactly?
Might makes right irrelevant.
And it would be the first nobody on the internet gives half a shit about.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
All DRM should be automatically disengaged for pre-determined events: 1. expiration of key patents or copyright 2. loss of validation server 3. judicial events removing DRM Anymore continues the DRM abuse.
If I create some original digital content should I not have the right to set the terms of use and distribution?
Nope. You should not.
In the grand scheme of things, what you should have the right to, is to be paid for the act of creation of the content.
(you should get remuneration for your work. not be entitled to use it as a rent)
But for historical reasons, the point at which money got collected was traditionally at the distribution, because back at the time when copyright laws were emerging, duplicating and distributing content was hard (if not the hardest part of the pipeline). And thus it was a happy chance that it could also help finance upstream creation.
But nowadays, once we're out of the dark ages and into the information age, with everything going digital, duplication and distribution is boringly trivial and can't be justified any more. Artists still need to get paid to create (They need to eat, after all), but the point at which the money is collected doesn't make a fucking sense anymore in the modern setting.
(Also note that a few small indie artists are moving out of this business model, and going back to older concepts of patronage. See platforms like Patreon, Tipee, etc.)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
It's about time we stopped expanding DRM to "Digital Rights Management". I don't need anything to manage my rights, digital or otherwise. I pay for content so I consume it. DRM is all about restrictions - it is Digital Restrictions Management.
So the pirates will need to spend $20 on one of these:
https://smile.amazon.com/ViewH...
The security community strongly objected to the W3C terms when they were proposed, but their concerns have explicitkly beeen discarded. Vendors can now criminalize bug reporting and whistle-blowing. See also http://boingboing.net/2017/03/...
davecb@spamcop.net
One of my very most favorite old-timey sins! Hubris.
"The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams."
Sounds an awful lot like "The Titanic is Unsinkable" doesn't it?
Weaselmancer
rediculous.
You lost me. Why should I "keep paying" to "keep enjoying" something?
Because that was the deal you agreed to when you signed up. Why did you have to return a video to the rental store instead of keeping it? After all, you paid for it.
Not all commercial agreements involve a permanent sale, and sometimes a different model involving temporary access at a lower price might benefit everyone involved.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
If it's DRM on something that was presented as a permanent sale, I'm inclined to agree.
If it's DRM to enforce temporary access when that was known to be part of the deal up-front (PPV, subscription libraries, and so on) then I think it's a different matter.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
DRM is the excuse publishers use to justify the ongoing control over one's computer, spying regime modern-day DRM schemes make possible and use, and thus pose genuine risks to everyday computer users. This is not about "balancing" rights as another poster said, this is about copyright holders and their business partners using a mechanism to get more control over your devices, your privacy, and your life than they ought to have.
If you really need the latest rehashed, "reimaged" Hollywood trash then run it in a VM, problem solved.
I want to see proof and lots of it
What proof do you have to back up your statements of them getting control of your life? That sounds like a pretty ominous statement so how about you strip away the hyperbole and give a concrete example of what you mean.
I mean do you really think anybody is going to take you seriously when you say things like that in reference to a piece of software that just enforces end-to-end encryption? Yes I do understand that in theory it could do many things, but that's no different to any piece of proprietary hardware or software, this has been the case for as long as computers have existed and the solution is still the same: If you're worried about it then don't use it or seek out, fund, promote an alternative.
That's funny, because we don't seem to see any of those things here. Maybe we're just lucky and Netflix serves our videos without DRM. Or maybe you're just making stuff up. Who knows?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
From me in 2001 posted to gnu.misc.discuss: https://groups.google.com/d/ms...
I definitely do not want to see a future world of only proprietary ...
intellectual property where basically everything I want to do requires
agreeing to endless licenses and royalty payments, such as described in
"right-to-read". My wife and I released a six person-year effort under
the GPL (a garden simulator application) around 1997
so I am obviously sympathetic to encouraging free sharing of some
information and allowing derived works of some things.
However, on a practical basis, living in our society as it is right now,
any software developer is going to handle lots of packets of information
from emails to applications to program modules under a variety of
explicit or implied licenses. If a developer is going to do this in a
way that makes his or her work most useful to the community (under the
terms he or she so chooses), proper attention must be given to the
licensing status of all works received and distributed, especially those
that form the basis for new derived works to be distributed. Note that
even in the case of purely GPL'd works, one still needs to know that a
user contributing an extension to a GPL'd work was the original author
and/or he or she has permission to distribute the patch (if say an
employer owns all the contributor's work).
My question is: should software tools, protocols, and standards play a ... ... Usually license management tools (e.g. for music or DVDs) are thought of
role in easing this required "due diligence"
license management work (at least as far as copyright alone is
concerned)?
as keeping the end user from doing something they might wish to with
content they have paid for. Does it make sense as well to look at
license management tools from the perspective of allowing
(non-technical, non-lawyer) casual users to do things they otherwise
might not be legally sure they can do? Similarly, would such tools help
someone filter out proprietary content with licenses he or she does not
approve of (and would this provide incentives for artists to release
free versions if they want to reach people through those filters)? And
most of all, would such tools allow creative people to be more certain
that they could legally use certain freely licensed materials found on
the internet in making derived works? Would this provide a legitimate
defense of due diligence to minimize copyright infringement suit costs
(or reduce related liability insurance costs)?
For example, when you get an email it could come with a machine-readable
license (e.g. "redistribution OK in entirety", "for your eyes only",
"open content", "GPL"). Likewise, what if every file or zip archive came
with a specific machine-readable license? In effect, this would make the
license a fundamental part of the work.
In part, you may think, perhaps correctly, this it the "right-to-read" ...
nightmare. Such information could be used to prevent you from making
copies of things you might want to copy (legally or not) under some
notion of "fair use"
if the system enforced the license by preventing say you forwarding or
quoting an email that comes in with a license of "for your eyes only" or
with no explicit license at all. Perhaps the feeling that copy
protection systems will prevent fair use underlies much of the
resistance to such automation. It is not my point in this note to
advocate either for or against the enforcement of licenses by the end
user's system. Obviously though, enforcement would certainly be made
easier by machine-readable licenses, and this is a problematical issue
as far as "fair use" is concerned.
On the other hand, license management tools might force everyone to be
explicit about licenses for thing
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.