Corporations Just Quietly Changed How the Web Works

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."

rot in hell TBL

Basically, unless you are writing a browser with decent marketshare, you defacto have no voice in making the standards. Basically, the only voices that matter are Mozilla (Firefox), Apple (Safari), Google(Chrome), and Microsoft (Edge/Explorer). Despite what any standard says, web developers are going to go by the behavior of the browsers do. The only company on the list of browser makers that really has any desire to try to exclude DRM is Mozilla, and unfortunately, if they do that, the users will switch to the browser that makes watching Netflix easiest. Also Mozilla sucks a bag of dicks these days anyway.

Re:rot in hell TBL

[Kenja]

Well yeah... standards that no one follows are worthless. W3C learned this the hard way thanks to Internet Explorer.

DRM is not open

[phantomfive]

DRM is not open. You can't have an 'interoperable' DRM standard, because its entire purpose is to stop things from being interoperable.

It's better to force companies to make their own sub-par player (with all the bugs and security flaws that come with it) rather than trying to give them first class status in the browser.

"Did you exchange
a walk on part in the war
for a leading role in a cage?"

Re:DRM is not open

[Kjella]

DRM is not open. You can't have an 'interoperable' DRM standard, because its entire purpose is to stop things from being interoperable.

Those things aren't mutually exclusive like applications can be both proprietary and cross-platform, it's a standard way to ask browsers for the non-standard DRM modules the platform offers and how to pass data to them. So for example on Windows 10 you have PlayReady 3.0 which is Microsoft's latest DRM. With EME you'll talk to it the same way using Edge, Chrome, Firefox or any other browser that talks EME. Just like you can talk proprietary protocols over standard TCP/IP or SSL. But if your platform like Linux doesn't offer any DRM modules, no content for you.

You might be pissed that the browsers agree to be the conduit for this, but the browser is also trying to stay relevant in an app world. How many people would subscribe to Netflix and refuse to install a Netflix app if that's what it takes? It's one thing if you don't want to use it at all... but if you want to use Facebook, but not the Facebook app because you don't trust apps only the browser then you're choosing an odd place to draw the line in the sand. To use Spotify I've installed Spotify. To use Steam I've installed Steam. I wouldn't install any random potential malware, but I'm not allergic to installing things.

Re: DRM is not open

[computational+super]

Why not both?

Re: DRM is not open

[Miamicanes]

Properly-implemented DRM can have totally open control & ui software... it's just that historically, control-freak content owners and their enablers aren't content to merely prevent you from copying and redistributing their precious content, they ALSO want total control over the way you *consume* it & your viewing experience.

Copy PREVENTION is child's play. Any video subsystem created after Vista & Protected Video Path can prevent copying, because everything from key exchange to hdmi output is done in hardware. Every SoC used by Android & iOS has the same capability.

So, why does Google & Apple still fuck with your ability to watch videos on a rooted/jailbroken device? Because they don't JUST want to prevent you from copying the video, they also want to make sure you can't fast-forward over commercials (or play commercials in a subwindow while you do something else). If they could get away with forced-engagement ads (tracking eye movement & pausing the commercial if you weren't paying enough attention to it), they'd do it in an instant.

Re:DRM is not open

[arth1]

The browser is trying to take over the app world. It doesn't need to be an app VM.

What browsers were designed for and used to excel at is information sharing. The more, the better. Filling people's brains.
Apps, on the other hand are not about sharing information, but condensing it and turning it into entertainment. Filling people's time.
Two very different goals.

Re:DRM is not open

[drinkypoo]

Calling that open is bullshit.

Open only means documented (conforming to standards) and interoperable (not so legally encumbered that you can't actually use it.) It doesn't mean free or Free. That's why we have the distinct concept of Free Software (et al) as opposed to Open Standards, or Open Source. In that sense, the DRM plugin mechanism is open. However, its intent is poisonous, because the goal is to permit closed binary blobs whose goal is to restrict user freedom. On the gripping hand, the alternative is to not be able to consume most media in the browser, and if you don't like it, you can always turn it off or even get a browser built without it.

Then let them make their own apps

[H3lldr0p]

Not everything needs to be accessed through a web browser. Seriously. I have trouble imagining why that was the solution in the first place. Let them make their own apps and when they fail to move eyeballs away from the web, let them come back and play nicely with the rest of us.

And if these apps don't fail and provide unique, worthwhile experiences that people are willing to pay for DRM or whatever scheme included, then that's the way it will be. We computer people are the minority here. Just because it may ruffle a few ideological and dogmatic feathers doesn't make the situation any worse than it already is.

Re:Then let them make their own apps

[sinij]

Exactly! Instead, they opened up WWW to all kinds of abuses by DRM.

I think it is time to move on from W3 as it became damage.

Re:Then let them make their own apps

[crtreece]

The web hasn't changed here, your non-EME-compatible browser can still access stuff.

I was all set to do some moderation in this thread until I saw this. I don't think you are looking at the bigger picture. This isn't just about streaming netflix and hulu in a web browser. Pretty soon every website is going to have a DRM component to "protect their IP". That means ad-blockers, noscript, flashblock, firebug, and any other plugin that is used to modify the functionality, or display of a website, or controlling the loading of content from third parties is going to be worthless. You want to watch Netflix? You need our DRM, which excludes all that other stuff. Want to read your favorite news, tech, sports, entertainment, clickbait, or any other website? Same thing. The DRM plugin will force the full volume flash ads, malware-laden click-the-monkey crap served up by an ad network, and anything else the site wants down your throat.

This is going to turn the internet into cable TV. 47 gazillion channels, and it's all commercial filled crap.

Re:Then let them make their own apps

[drinkypoo]

You want to watch Netflix? You need our DRM, which excludes all that other stuff. Want to read your favorite news, tech, sports, entertainment, clickbait, or any other website? Same thing. The DRM plugin will force the full volume flash ads, malware-laden click-the-monkey crap served up by an ad network, and anything else the site wants down your throat.

There are already two WWWs, as far as I'm concerned. One is the one I can browse using Palemoon with noscript and ublock, and permitting only the things that the site actually needs to function (not including things which are there only to advertise to me and/or spy on me.) The other is the one that I have to dip into when I want to use some site that doesn't fit that description, where I just go ahead and use Chrome. Oddly, my bank is in the first (real) one. But so are all the sites I actually care about, like google and ebay and amazon and even netflix. They already have the option to not be part of that web, but they choose to stay on the side that doesn't alienate people like me who will just consume some other media. What makes you think that having another way to piss people off means they're all going to use it? I already don't give two shits about forbes or business insider.

It's still proprietary apps. Nothing accomplished.

[Cajun+Hell]

If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps.

But that's happening anyway. It's just that the "proprietary apps" are called EME modules or drivers or whatever.

They're also going to be awesome for spreading malware. Instead of "install this CODEC to watch this porn" it's "install this EME module to watch this porn" and it'll be a normal and "legit" thing for the user to do, 90% of the time. (Because every service needs its own.)

That other 10% is going to keep us all working full time. Job security for anyone who makes money on when users lose. We'll be like construction contractors in a full-year hurricane season. The more broken windows, the better.

Fuckwits. We all need to be running browsers such that everyone can see user agent strings where they know this DRM fiasco isn't implemented. The server logs themselves need to say "you're going to lose money on this customer if you require EME, because they're just going to switch to pirating in order to be able to view the content."

Life isn’t perfect

[jellomizer]

I am sorry that the W3C had to approve DRM. However most of the arguments against it are rather lame. Most people just want to watch their movie. They don’t want to copy it or use it unfairly. But the thing with digital media is if it is too easy to copy and share. That is what will happen. Old anolgies with VCR do not apply because that is an Analog copy so every copy is degraded. While every copy of digital data is the same. And now with high speed networking it is rather efficient to share previously too much info. Even weak DRM is enough to stop most people and going to court it is easy to prove malicious intent.
Does it goes against Open Source Standards? Yes it does. However the world doesn’t rotate around open source standards.
If you want to get rid of it you will need to blacklist all the sites that use it. And properly boycott the DRM material. This doesn’t mean pirating the content. But going without it in terms of protest. Pirating the content will only show there is a demand for their product and double down on the DRM to fight piracy more.

Re:Life isn’t perfect

the world doesn’t rotate around open source standards

It kind of does actually. Are you aware just how much open source software is running everything in the world right now? Most of the web and backend Internet services have tons of open source dependencies that the end user is unaware of, but they're there, happily chugging along moving all the world's data.

Re:Life isn’t perfect

[JohnFen]

I am sorry that the W3C had to approve DRM.

I think your premise is wrong here -- they didn't have to approve the EME. They wanted to.

Re:Life isn’t perfect

[Billly+Gates]

The problem is not watching the movie. Yes, DRM is here to stay regardless as Hollywood won't release media without it and that is not negotiable.

What bothers me is people changing standards at a whim to enrich corporations without the consequences. Another poster for example mentioned malware. THIS IS AWESOME FOR RANSOMWARE. No Anti virus product in the world can scan for it as the DRM protects it's contents from being viewed or scanned.

You just go to pornhub.com or xhamster and an infected h.264 codec with executable code embedded in runs on unchecked as your systems security is prevented from stopping it by DRM.

New Malware can use HTML 5 with EME embedded in for the payload and won't be able to be stopped or scanned or researched either. A nightmare is an understatement. What's next? Facebook might use EME version 2 which bans 'view page source' to protect it's intellectual copyright. Javascript will be undebugable next. More malware can come in as a result and people will not know how the web works anymore as you can't debug or view javascript or HTML 5 anymore.

Any corporation can come in and buy it's seat and voting right to protect it's self interests of more profit without consideration from anyone else.

Re:Life isn’t perfect

[burtosis]

You forgot to add that non-porn sites (yes they exist on the net too I think) will use them to further erode the rights of individuals and spy on them as well. The line between corporate invasion of your personal data and outright malware is often quite blurry or nonexistent.

Re:Life isn’t perfect

[crtreece]

Think about how this is going to apply to the general web, not just streaming netflix and hulu in a web browser. Pretty soon every website is going to have a DRM component to "protect their IP". That means ad-blockers, noscript, flashblock, firebug, and any other plugin that is used to modify the functionality, display, or control the loading of content from third parties is going to be worthless.

The DRM plugin will force the full volume flash ads, and malware-laden click-the-monkey crap served up by an ad network. Sites will become channels, with their DRM required to view the content; ads, videos, and all. You're non-EME browser will simply display a message that it's not compatible with the site.

Re:Life isn’t perfect

[Jeremy+Allison+-+Sam]

And you You seem to be operating under the presumption that EME (and all DRM) is designed to stop piracy. It isn't.

Read Ian Hickson (author of html5 spec) on this:

https://plus.google.com/+IanHi...

"The purpose of DRM is not to prevent copyright violations.
The purpose of DRM is to give content providers leverage against creators of playback devices."

He makes a compelling point.

"best stuff on the Internet"

[DogDude]

The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher.

The "best stuff on the Internet" isn't movies and TV. Those can be gotten lots of different ways, or can be left, altogether. It's just stupid corporate entertainment crap, by and large.

The "best stuff on the Internet" in my opinion, is still there, and isn't going to be effected in any way by DRM.

Makes no sense

[JohnFen]

From TFS:

The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers

This argument makes no sense. Essentially, the argument is that it's better to have the best stuff on the internet hidden behind walls in the browser rather than hidden behind walls in apps.

Either way, it's hidden behind walls -- so from my point of view, it's a distinction without a difference.

But I will confess, I don't think this idea that the browser should be a one-stop portal to everything on the internet is a good one. I think that it pretty much guarantees that the utility of the various services is reduced.

I think email and file servers are a good example of what I mean.

HTML Object tag

[PineHall]

HTML already has the object tag, which allows one to put any binary proprietary code one wants to use into a web page. So as I understand it all this EME tag does is standardize what was already available for DRM.. I don't like it but they already had the power with the object tag.

Re:I don't get it

[arth1]

Because they are closing that hole with Windows PlayReady. Now the OS explicitly controls what content can and cannot be recorded.

Until Windows PlayReady can interface directly with the brain, bypassing a screen and speakers, the content can still be copied.
How good quality depends on the equipment used. By capturing a 1080p display with a 2160p camera and condensing it back to 1080, the quallity is indistinguishable from the real thing. Similar for sound - de-amping a speaker signal and feeding it to a mixer, you get a copy that you can't tell the original from a first-generation copy.

In other words, it stops the average home user, but does nothing to stop the real pirates.

go back to Flash

[izzo+nizzo]

I read Tim's blog post to try to open my mind to this. It said "people want to comment on Netflix". I'm a bit tired of the idea that we need to reshape the web to help Netflix. But in the comments there was a gem: if the vendors want this functionality, all they have to do is go back to Flash!

I was never a fan of Flash and I'm glad that HTML5 has taken its place. However, this suggestion does seem both appropriate and viable to me. If the vendors want this level of brokenness, they can work on Flash until it works. Technology that makes things break intentionally is not a useful part of a web standard. The only likely result is that people who have truly paid will still not get their content. Shocker. Use Shockwave Flash if you want to attempt to make a system like this.

Not really a change...

[Fringe]

There's a lot wrong with the headline.
The alternative to EME isn't no DRM; it's Adobe Flash. Which we've had, and suffered with, for a very long time. EME standardizes, so some degree, DRM so that we can dump Flash.
Of the EME-producers, it's Apple that's the evil one... regardless of using Flash or using a non-Apple EME... such as Widevine in Chrome... you cannot detect HDCP; Apple does not document that and yet uses it in their Fairplay CDM. So neither Flash or Widevine in Chrome can enforce HDMI per the OPL, and yet the Safari Fairplay EME CDM can, meaning you need to go full Apple to see HD on an external monitor unless a toughened custom viewer is used.
EME doesn't really freeze out other browsers either. Firefox has supported Widevine for years. Mostly what this does is allow us to dump the enormous vulnerability surface of Flash.
But of course "evil corporations are corrupting the internet" does SOUND better than "EME helps you migrate from Flash."