Tim Berners-Lee Approves Web DRM, But W3C Members Have Two Weeks To Appeal (defectivebydesign.org)

← Back to Stories (view on slashdot.org)

Tim Berners-Lee Approves Web DRM, But W3C Members Have Two Weeks To Appeal (defectivebydesign.org)

Posted by msmash on Friday July 7, 2017 @01:47PM from the tussle-continues dept.

Reader Atticus Rex writes: A high controversial Web standard has received a seal of approval from Tim Berners-Lee, the inventor of the Web and its chief technical decision-maker. Opponents like the Free Software Foundation and Electronic Frontier Foundation say that the standard, Encrypted Media Extensions, is a step backwards for freedom, privacy, and a host of other rights on the Web.

There's still a two-week window in which members of the W3C can appeal the decision, and the Free Software Foundation is asking people to email and encourage them to do so. Update: The W3C has announced that it would publish its DRM standard with no protections and no compromises at all.

24 of 137 comments (clear)

Min score:

Reason:

Sort:

two weeks wasted by turkeydance · 2017-07-07 13:53 · Score: 3, Insightful

done deal
1. Re: two weeks wasted by Anonymous Coward · 2017-07-07 18:36 · Score: 3, Informative
  
  This. The corporate takeover of the internet has been unavoidable from day one. I'm amazed it lasted so long. Future historians will wonder - if they will ever be allowed to do this kind of research - how a decentralized and essentially free tool of communication that put everyone on the same level ended up centralized, subverted and locked up with just negligible and ultimately ineffective opposition. There will never be another chance, corporations and governments will be on high alert to swoop down and nip in the bud any future attempts to create anything like that. We blew it. It's over.
2. Re: two weeks wasted by Anonymous Coward · 2017-07-08 01:36 · Score: 2, Insightful
  
  Ask all the people who signed up for Facebook. It appears to be what they wanted.
Who died and appointed TBL God? by mellon · 2017-07-07 14:05 · Score: 3, Interesting

Why is it just up to Tim Berners-Lee to decide yes or no on this?
1. Re:Who died and appointed TBL God? by MrDoh! · 2017-07-07 14:21 · Score: 2
  
  !Yeah, who is he and what's HE ever done for the Web?
  
  --
  Waiting for an amusing sig.
2. Re:Who died and appointed TBL God? by DRJlaw · 2017-07-07 14:30 · Score: 3, Informative
  
  Why is it just up to Tim Berners-Lee to decide yes or no on this?
  Who would you have decide this? A standards organization, and a standards committee, headed by a person who has the responsbility to announce the decision? With an appeals process?
  Ok. The W3C. The Advisory Committee on Encrypted Media Extensions. Tim Berners-Lee, the person who pretty much set up the the involved standards. With an appeals process and W3C member vote.
  Not that you care about any of that. Any process that doesn't produce the outcome that you want is the product of death and appointment to Godhood, it appears.
3. Re:Who died and appointed TBL God? by mellon · 2017-07-07 15:33 · Score: 4, Insightful
  
  I take it that you are implying that he has a right to decide because he invented HTTP and HTML. Why would that be so?
4. Re:Who died and appointed TBL God? by Dracos · 2017-07-07 15:36 · Score: 2
  
  The W3C is about as toothless an organization as can be found. All the respect I had for TBL evaporated when he acquiesced to WHATWG's HTML5 insanity. EME should not even be a thing.
  Yes, I would like a proper standards body (say... IEEE or ISO) to make these decisions rather than a weak consortium who only produces recommendations.
5. Re: Who died and appointed TBL God? by Anonymous Coward · 2017-07-07 16:17 · Score: 2, Interesting
  
  Take a look at the "members", the fees it takes to gain "membership" and the complete lack of input from the community. Only corporations get a seat at W3C. Those that aren't corps are funded by one of the existing members, so the distinction is meaningless. Standards bodies can be, and are, corrupted by the profit motive.
  This is the time to start pushing a better, more secure technology that corps cannot twist to squeeze money out of.
  Gopher is a legitimate contender, but lacks a security layer. If we put together an RFC to add TLS or OpenPGP or some other security to gopher, it can completely replace the Web for everything except Javascript, which was never part of HTTP to begin with.
  Gopher servers and clients are both simple to make and simple to debug. They just require more thought to be put into file organization.
  Everything else should be native code instead of pushing the complexity into the browser.
6. Re:Who died and appointed TBL God? by Desler · 2017-07-07 16:25 · Score: 2
  
  He gets to make the decision because he's the director and that's the rules.
7. Re:Who died and appointed TBL God? by mwvdlee · 2017-07-07 17:50 · Score: 4, Insightful
  
  It's not. It's up to Google, Microsoft, Apple and Mozilla.
  If they are on board, it'll get implemented no matter how much opposed.
  If they aren't, the standard is dead on arrival.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
8. Re:Who died and appointed TBL God? by Anonymous Coward · 2017-07-07 18:46 · Score: 4, Informative
  
  ISO? you forgot how ISO ignored all of there own standards when approving the Microsoft Word data format as a standard without need for technical review and allowing thousands of Microsoft affiliated parties to become a temporary member and vote on a standard proposed by Microsoft. ISO will make any pile of shit an official ISO standard as long as someone is willing to pay for temporary memberships.
Created the Web and yet still blind by Anonymous Coward · 2017-07-07 14:09 · Score: 5, Interesting

This will destroy the openness of the Web if allowed to stay. The last hope will be with browser makers: no standard gets supported if code isn't written. This is corporate capture of the Web. Personally, I'm done with the Web. The layers of JS, security vulnerabilities out the wazoo, malvertising, and endless seas of "you must register (so we can track you) to proceed" walls make the Web a joke.
Smart people will move to other protocols that aren't so profit-driven or privacy-destroying.
1. Re:Created the Web and yet still blind by alexo · 2017-07-07 15:40 · Score: 4, Insightful
  
  The last hope will be with browser makers: no standard gets supported if code isn't written.
  What part of "EME is supported by [...] Google, Microsoft, and Apple" you did not understand?
2. Re:Created the Web and yet still blind by Bing+Tsher+E · 2017-07-07 16:03 · Score: 2
  
  We don't need to move to another protocol.
  Just use a deprecated older version. I.e. run NoScript and when pages won't work, you can either whitelist them or navigate away.
  Smart web developers won't want to lose eyes. Even Slashdot will load with javascript blocked (except mobile slashdot)
3. Re: Created the Web and yet still blind by Anonymous Coward · 2017-07-07 17:20 · Score: 2, Informative
  
  Your concern is well-placed. The answer will depend on how much bullshit the public will take before leaving.
  To start with, you're thinking in terms of an application stack. The Web was meant to be a series of documents linking to each other. Everything else was tacked on by one half-asser or another; Brendan Eich's Javascript, Microsoft's XmlHttpRequest object, Mozilla's plugin system, and Adobe's Flash (which worked on said plugin system) all contributed to the mess that today's Web is.
  Cut away all that bloat, and you get HTML+CSS. What can replace those? ...Gopher's a good start. However, it needs a security layer on top if we want any privacy or verifiability. But it has everything it needs: text and links. A gopher client could be made to show content in any way the user wanted, because gopher is pretty much pure text. Links to MIME-types that aren't already plain-text can be opened in other programs that the user already has: image viewers, video players (even streaming!), the sky's the limit.
  This also keeps gopher clients small and clean, and leverages UNIX philosophy by allowing each program to do the job it needs to.
  Will this be for everyone? Hell no. And I don't care that it meets their needs. The public allows so much bullshit in their lives, they deserve it when the curtain falls. They were warned, and they didn't listen.
  As a developer, gopher is extremely simple and easy to validate. The tooling has been mostly untouched, so there's a ton of opportunities to make better clients, etc.
  Businesses aren't interested because there's only IP addresses to base things on. No cookies to track you with, no cross-site scripting, no ads that look like content, no bullshit at all. Just Plain Text with links. Gopher, as a community, is very anti-corporation and anti-app. You can't sell anything to those people aside from maybe hosting, so businesses will only waste their time and money by building on gopher.
4. Re:Created the Web and yet still blind by infolation · 2017-07-07 18:32 · Score: 3, Funny
  
  or IRL
5. Re:Created the Web and yet still blind by Highdude702 · 2017-07-08 08:56 · Score: 2
  
  pfft IRL is over rated.
Re:I was reminded of imteresting times past... by Desler · 2017-07-07 14:23 · Score: 2

The Web is not the Internet. Hurr hurr...
Re:Easy by Anonymous Coward · 2017-07-07 18:30 · Score: 2, Interesting

Good or bad, all DRM is still technically broken since you receive the encrypted data along with the decryption keys. Sending encrypted data to a browser without the keys is just as ridicules.
The whole standard is based around the browser promising to the server that it will decrypt the data and show it to the user, without making the decrypted data or the (encrypted data with the keys) available to the user in any other way.
- The browser is code that runs on the hardware owned by the user, and can't be trusted to tell the truth. Advertising has made users switch to browsers that can ignore what the webserver wants, and do what the user wants instead. Once this new DRM is used for advertising (and you know it will) browsers have a legitimate reason to ignore what the webserver or the standard tell it to do.
- The browser has no control over the encrypted data and keys, and the decryption code must run on the hardware that is owned by the client, so the user can copy and decrypt the data without the browser even knowing about this.
- The browser has no way of knowing that the decrypted data send to the OS video or audio drivers isn't copied by the operating system or its drivers. It only takes one person with an open source OS, and that in a world where almost everything runs on Linux.
- Analogue hole: putting a camera in front of the screen and feeding the audio into a tapedeck will result in a quality that is way better than a recording made in a cinema, and most people are only interested in an 800 MB video and youtube audio-quality. Many devices also have digital outputs for audio and video, so a digital copy can be made too with the right equipment.
- once a copy has been made, it can be shared with everyone, modified browsers can be shared with everyone and modified drivers can be shared with everyone running an open source operating system. Maybe we will see a lot more dual-booting in the future.
Re: Like Linus, Bjarne, etc by Anonymous Coward · 2017-07-07 19:00 · Score: 4, Insightful

Negotiation is like alcohol: a little bit can jazz up a night. Too much, however, and the next thing you know you're waking up to a whore snorting lines off of your belly.
Never go full retard. This decision, if maintained, is an unambiguous "fuck you" to the community that made the Web worth building to begin with. EME is no different than trusting a black box. Given its purpose, it will only gain telemetry abilities and OS lockouts. Do you want a Web that forcibly blocks functionality of your machine? That's what these businesses are willing to do to protect their "assets". They believe their rights trump all others'. Their view of the Web is toxic and cannot be anything but bad for the general public.
So, are you advocating for a few dozen companies having remote control of millions of devices? They'll just bake it into their DRM, and bam, anyone watching a stream 'protected' by EME would be vulnerable to remote attack.
This is the part where you no longer own the device, and bills will be written to attempt to make that legal. I'd rather not live in that world.
Re:I was reminded of imteresting times past... by drinkypoo · 2017-07-08 00:47 · Score: 2

I immediately thought of one of my most popular vice presidents, Al Gore, who stated, that he "invented the internet."
And I immediately think that you think you're smarter than Vint Cerf, in spite of voluminous counter-evidence (your posting history)

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What gives W3C its power? by pedz · 2017-07-08 01:48 · Score: 2

Is it time for a new standards organization that listens to the people rather than the corporations?
Why not have a true free web standards committee and browsers and various entities would try to comply with it rather than W3C.
Remember, W3C is the place that gave us XML and XHTML (two rather hideous abortions) and they sat on their hands with HTML 5 until other groups (WhatWG.org in particular) came along and started to make progress. Then W3C jealously took it back over. Why? It baffled me at the time. Who cares about W3C? They are obvious a compromised organization.
Adobe vulnerabilities now a web standard by WaffleMonster · 2017-07-08 05:36 · Score: 4, Insightful

If you've loved the last two decades of comically insecure Flash players and PDF readers your going to love the future where anyone's systems can now be owned by closed source adobe CDM modules.