Don't worry about it!
The NSA and GCHQ will ensure that the crypto's flawed and, as soon as the weak points are discovered, it's back to the usual free-for-all. See, they are working for our benefit after all!
Digital Rights Management isn’t just coming to HTML5 but also HTML 5.1 in 2016 – despite objections from critics. World Wide Web Consortium (W3C) director Tim Berners-Lee has signed off on a new charter for the HTML5 Working Group that puts DRM as one of its goals. Support for “the playback of protected content” – W3C speak …
This is a tricky one - is hacks me right off that things like lovefilm are great on the locked down ipad but not available for android - for whatever reason but the media giants paranoia and misguided love of drm. I think the main problem is that us tech's all expect to get it all our own way - whether you think it or not we do - I'm as guilty as the next man and we don't like any kind of lock in.
Its a shame that the media companies can't learn from the whole MP3 thing. As it turns out that if you sell drm free MP3's you get loads of customers - it doesn't eradicate piracy (something that will never happen imho) but you sell enough legitimate stuff and reduces it to a level that you can almost ignore the piracy. (I subscribe to the theory that a pirated track does not (always) equal a lost sale - they probably wouldn't have bought it anyway - but it may encourage a future sale) - I never used to used the DRM riddled itunes etc and used to just buy and rip CD's until the arrival of MP3 services.
However, if streaming services are rolled out an encourage the market to progress quicker then this will be for the most part good. And while I accept this may cause a brief backwards step as everybody tries to lock down all they can - eventually a new thinking market leader will pop up and steal the customers from the old media companies. Just like companies like Amazon MP3 changed the market.
And ultimately for those of us that don't mind paying for their media - this shouldn't be a problem - as long as I've still got access offline. (and this will be the hurdle with this one). So YAY for perhaps getting more but BOO-HISS to the media companies for being so backwards and getting a bit too much of their own way!
I agree, if I was able to download DRM free TV & movies, I would be more likely to buy them, as it is now I buy blu-rays with DRM encumbered Digital Copies, then still rip the blu-ray for watching on the move, I can't be arsed with jumping through their DRM hoops just to try and watch it on my mobile, tablet, laptop or TV.
Often I am in another country with an unknown brand of TV, no internet connection and no blu ray player (and no luggage space for my collection if I had one) so what do I tell my kids? No you cannot watch your favourite TV show/Movie because of media companies greed, or do I just put it all on a memory stick and let them watch it whenever I let them? big media still gets their money, and I have my freedom.
The issue is much worse then the browser, as the goal of DRM is to control *your* hardware according to someone else's agenda. What this will mean is you still won't get decent services on most platforms irrespective of the browser because only the likes of MS (and possible Apple), and maybe certain hardware, will be deemed 'secure enough' for content delivery.
Shame they are not secure enough to protect your own data or privacy...
And that is the real issue here. Flash was dropped from Netflix because it was not deemed to be 'secure enough' and as a result no more sales to folk running platforms that don't support silverlight. Oh yes, and its days are numbered as well.
Also it is not just video that will be "protected" but forced adverts and, in very little time, malware that uses the strong DRM to make monitoring it difficult or near impossible.
A pox on all of them!
First point is you can't really have an open-source DRM module, since it would be easy to modify to render it worthless. So you will either need a closed and untrusable browser, or the DRM to be another plug-in along the lines of flash/silverlight.
Then you get the issue of the anal executives who demand that the only DRM they will use has to be tied to the OS and hardware of the machine, so you lose further freedom as no open OS or graphics drivers will be allowed.
Final point is MUCH more impotent: I have no problem with the basic concept of protecting content against casual copying, but that is not what will happen. It will, if a "standard" be used by web sites and other miscreants for all sorts of other things.
And all of the is a damned big bit of a difference!
"First point is you can't really have an open-source DRM module, since it would be easy to modify to render it worthless. So you will either need a closed and untrusable browser, or the DRM to be another plug-in along the lines of flash/silverlight."
True but then most browsers are closed source anyway. And for the likes of Firefox could ship the DRM / video as a separate DLL if it had to. I don't see any difference between running a proprietary NPAPI plugin DLL (which could contain DRM) and running a proprietary DRM DLL.
Worse case is you don't have any DRM support in your browser, you're no worse off than you were before. You'd still have to use a proprietary plugin to watch the content or choose not to watch it on principle.
Of course Firefox or Opera could pledge to boycott encrypted media extensions but it would blow up spectacularly in their faces. Remember what happened when they chose to boycott h264.
"Then you get the issue of the anal executives who demand that the only DRM they will use has to be tied to the OS and hardware of the machine, so you lose further freedom as no open OS or graphics drivers will be allowed."
We'd have to wait and see. HTML 5 doesn't actually implement the DRM - the specification is just a few extra events and attributes for sniffing for possibly encrypted content and plugging a key into the video object to resolve it. Everything else is behind closed doors so it could take any form in the implementation.
Having said that I expect most browsers and streaming vendors want their solution to be as widely usable as possible. Being anal about it would be self-defeating. Most likely the requirements will be no different from Flash / Silverlight - enough to protect the content from casual ripping with perhaps a server or client side watermark for anyone video capturing it.
"Final point is MUCH more impotent: I have no problem with the basic concept of protecting content against casual copying, but that is not what will happen. It will, if a "standard" be used by web sites and other miscreants for all sorts of other things."
Like what? Implementing DRM on the server side is not a non-trivial operation. Each outgoing stream has to be encrypted, keys have to be switched in realtime, a side channel must provide the client with decryption key(s), the client machine needs a strong session in order to supply these keys, the client side code more complex, licences have to be paid to the servers running all of this. Companies would avoid it if they could.
thats an easy problem to solve.
the browser provides an API for talking to encryption modules, those modules are closed source and distributed for various platforms by various vendors.
therefore, it'll be like the old days with windows only decryption modules and games like this, the browser will still be 100% open source, but the API will allow you to talk to an externally loaded binary module, like a firefox plugin which the source code is not distributed and dynamically linked, therefore sidestepping any legal problems.
this is in fact no different than the current situation, if you enable the API and use a website which uses it, you need to play by their rules, if you don't use that website, it won't make the slightest difference to you, but if you don't have the API installed, you are still no better off, since the websites which want to make it available will still encrypt their data, but you'll have it delivered by Internet Explorer only ActiveX controls and things like this.
so the situation hasn't changed and never will change, it's just that you can do these things in HTML5 now without, moving a large part of the problem into the browser and leaving JUST the final decryption stage in the binary only section, whereas before the entire thing was binary only, player included.
this is actually a better situation from a programming perspective, since it might be possible to use a WINE like wrapper around the binary module, or even build a firefox plugin which includes a virtual machine to interpret and wrap up the binary module, whereas before it was much more difficult because the problem was larger.
so probably this is a step up, even though it's not the end game the freetards wanted...
Will it? You'd hope so, but considering the history of DRM and how it encourages piracy (by making pirated copies perferable to legitimate ones) it's difficult to agree with you. If DRM was any good they'd have worked out how to do it properly by now....
Additionally, much like it's impossible to DRM audio because people can record the output of their sound cards, pcs are now fast enough to be able to run video grabbers in real time. So DRM for video is just going to go the same way, if it's on your monitor it's in your video ram and therefore it's ripable.
So, at best, this won't make a damn bit of difference, but most likely the outcome will be legitimate users having to jump through hoops to get things working while the pirates just get their content direct with no faffing about, as usual.
Still, got to applaud your positive perspective!!!
Yes it will make a difference. It will mean that we can't compile our own open source web browsers anymore. That may not matter to you, but it certainly does to me.
With the exception of my Windows installation that exists only for commercial games, I refuse to use any software that I can't compile myself, especially not web browsers.
I don't do "DRM" so it doesn't really hurt me in that respect. There's no way I would ever pay for something with such strings attached.
"Yes it will make a difference. It will mean that we can't compile our own open source web browsers anymore. That may not matter to you, but it certainly does to me."
Utter twaddle. Did the presence of Netscape browser stop you compiling Mozilla? Answer - no. Does the presence of Chrome stop you compiling Chromium? Answer - no.
It is quite possible to compile and run your own version of the browser if you wish. You would miss out on stuff like any DRM support, but it seems some people don't want it, so I don't see the problem.
Some people around here seem to be ignorant not only of the problem that EME is there to solve, but of the options even should some browsers choose to implement it.
And you're an idiot.
What we're worried about is a return to the bad old days when you needed to run proprietary software to see content that you do want to see. We've always been able to compile our own browsers, but we haven't always been able to view content using them.
In the old days, it was DHTML and then ActiveX. In the less remote past, it was Flash. Java was there, too, but its bloated runtime always kept it from being dominant. Web sites built on all those technologies were unavailable in open source browsers. That is a problem when the web site is for your bank or your home security system, for two examples that I've encountered recently.
Now, because of Firefox and then Steve Jobs, those proprietary technologies are fading away. Good riddance. But the evil people at Google, Microsoft, and Netflix are trying to bring proprietary back, and now they've got Berners-Lee's blessing to put it into the official standard. I'm severely disappointed at how shortsighted that is.
you're the idiot I'm afraid, those "bad old days" aren't "old" at all, they are the status quo and have existed and will continue to exist into the future.
all that will change here in the browser is a bunch of new events and a new API for talking to external decryption modules, that's it, you're browser is still 100% open source, nothing in it will be even close to being secret.
this is what you get for commenting on topics which involve programming knowledge where you demonstrate that you don't have much of it.
when a DRM provider wants to play back their content on your browser, they'll need to provide a closed source, binary only module that will load into the browser and do the decryption using whatever login/key/secret your browser provides through the API.
this is 100% identical to the current situation, there is absolutely no change in the arrangement that currently exists and it never was disappearing. Netflix is currently 0% along their plan to go DRM-free and I would doubt they even had a plan to do such a thing
you wouldn't be disappointed, if you understood how the technology REALLY WORKED
"What we're worried about is a return to the bad old days when you needed to run proprietary software to see content that you do want to see. We've always been able to compile our own browsers, but we haven't always been able to view content using them."
Uh, no. Netflix and other streaming services are contractually obliged to protect the content. It's also in their own interest that they stop people just ripping files. They will never, ever support DRM free streaming of the content. Never. They will either use a plugin, or a standalone app, or a DRM plugin. Under no circumstances whatsover will they stream the content in a fashion which lets all and sundry rip it.
If you think different you clearly have no comprehension of how the business works. Protesting against EME is quite frankly stupid. The current situation is far worse, and if you on principle don't subscribe to such services at the moment then I fail to see how it affects you in the slightest. Use a build without EME, or delete the DLL or uncheck the box or whatever option is provided by the browser that prevents it from working with those sites. Big deal you're no worse off than if you refused to install Flash or Silverlight.
Then they're going to have to shut up shop then. If it's on the screen it's in video ram somewhere, if it's in video ram it's rippable. If it's going down an HDMI cable to a display it's rippable. If it ends up on a screen you can point an HD camera at it and rip it that way.
DRM does not work and it doesn't matter how many hoops you jump through, the final output can always be ripped. No matter how much big business may want it there is no way to deliver it.
The industry needs to do a Valve and worry about being the easiest, most convenient way to get content, not waste time chasing impossible dreams that just piss off consumers.
No they don't have to shut up shop. DRM is not perfect by any stretch and nobody has ever said it was. But it is a contractual obligation and it does substantially reduce casual copying and acts as a timesink for anyone who wants to rip the movie, i.e. if I want to rip a 2 hour movie I have to play it from the beginning, capturing the result in real time (e.g. through a HD-PVR device connected with component leads) and if I'm lucky I have a rip at the end which is watchable. Even then the quality is degraded and I might suffer dropped frames, lead-in/out mess to trim, screen tear, a hardcoded letterbox, subtitles, Buffering... or alerts or other artifacts baked in the stream which mean I have to edit the file or even start over again.
So yes someone can exploit the analog hole. With enough time, money and inclination. But the large majority of people wouldn't bother. The same cannot be said if there was no DRM at all. People would rip pristine copies straight to disk and no doubt browser add ons akin to FlashGot would appear to facilitate it with a few clicks.
Trouble its so easy to just rip the blurays and the professional bootleggers wont bother with shitty downloads but go right to the original. Its pointless. I have Netflix and watch it on a variety of devices. I still buy movies and favourite shows on bluray and they get ripped and the bluray stored. I could pass on the content to others but I don't. I wouldn't rip it from Netflix even if I could because I don't need to.
I wonder how far the standard goes. Hopefully this is just a fancier version of the object tag;, but maybe you know better than me?
Maybe people will finally be able to insert unblockable ads, and prevent view source, copypaste, save image and indeed any kind of right-click shenanigans for all time.
Good times, eh?
Right, if that is what is in W3C's mind then the internet should do what it is supposed to do when faced with censorship.
Treat it is a damage and route around it.
Just because W3C is the loudest kid on the block, that's no reason to be forced to do as they say.
Just look at what WHATWG are doing for example:
So no need to panic, just be vigilant.
Exactly. I just don't see the point in most DRM. You can get the content some other way, so you just step over the tiny hurdle that took a group of amazing developers months to perfect.
Oh, you have unbreakable DRM on a games console that stops me grabbing your content? I guess I can't just pipe the HDMI to a hard drive, right? Oh, I can? Sweet.
For the EFF - "electronic rights" seem to come down to being able to pirate content without consequence. They've been muted to the point of whispering about all the NSA stuff and our right to privacy. You don't see them shouting from the rooftops about that - the only thing that gets them excited is if someone suggests stopping the torrenting of Game of Thrones.
Bullshit. The EFF have been going nuts over the NSA spying stuff. See here as one example. There are lawsuits in play, too.
Just because you, personally, haven't read about it in your daily dozen doesn't mean that the EFF aren't a great organization that actually stands up for individual liberties. They are easily one of the world's top civil liberties organisations, and I'm so sorry (read: eat a dick) that their work opposes the "rights" of middle-man monopolistic douchenozzles to screw joe everyman out of yet another bag of bent coppers.
In short: EFF #1. If you'd like to help uphold individual civil liberties in the digital age, why don't you donate now? It take only a moment, and you can rest easy knowing that you've actually done some good for the world.
This post has been deleted by its author
happy with this, because it will work as follows...
1) DRM Added
2) Lots more content.
3) DRM Broken
4) Media sheeple moan that they cannot believe it didnt work - after seeing DRM never, ever works. *EVER* They are mental, no really they are. Doing the same thing over and over and expecting the out come to change.
5) Web says - told you it wouldnt work, you wanted it, now live with it sheepletards.
DRM never, ever works - ever - i know that is stating it twice, but its a really important fact.
It seems to me that if people don't want to use media which is HTML 5 DRMed, then they should do this by simply not using services which provide this delivery method.
I'm not sure what I'm missing here, lots of people want services like LoveFilm or what have you on Linux/Android devices and these services would surely love a way of delivering protected content to those devices/OSes they currently can't support so what's not to like unless you're ideologically opposed to DRM? For those that are ideologically opposed to DRM, and that's a perfectly valid position to take, you're not going to be using services like LoveFilm in the first place, so you don't lose out. It seems to me that the "freedom" that's being required here is the "freedom" to dictate to a service provider how they will provide their service and to take open standards away should they not co-operate.
" the "freedom" to dictate to a service provider how they will provide their service"
On the contrary, what is getting peoples' back up is that the content industries seem hell-bent on dictating to the service providers how they will perpetuate the tired old business system that the likes of RIAA, MPAA and the BPI would like to cling on to.
It seems that the content industry is so short of funds that they want everyone else to pay to keep them in business.
Good luck with that!
As to your point that if you disapprove of DRM then you won't use the likes of Lovefilm, Netflix etc. Do you really think that there are not others waiting to see if this work and fight to get their snouts into the trough?
The is a point of principle, if one doesn't want to have anything to do with DRM and wants to protest about it one has to put one's money where one's mouth is and not use DRMed material/services. Buying DRMed material and ripping it or just downloading it from a torrent site, gives the impression of wanting to buy it. The company producing it only sees the sale or missed sale, they don't know why you downloaded or what you did with the media after your purchased.
Currently streaming services aren't generally available on Linux or Android, I suspect that the amount of people who want them (particularly for Android) are far higher than those who don't. So we currently have the situation where EFF et al are trying to prevent the adoption of a standard for ideological reasons when countless people just don't care or have made a value decision and would really like to use the technology. To this end, surely DRM specified into HTML5 has to be better than countless plugins like Flash, all of which have different problems and open common attack surfaces on multiple platforms.
If one wants to put and end to DRM, a complete cessation of use of DRMed material and services, with a series of petitions and organised - polite, respectful - letter writing needs to take place.
Although I loathe DRM, that won't likely prevent it; there will be media distribution with various kinds of DRM attached. It may be that the question worth answering in the context is whether there should be a standard agreed on way to stream DRMd medial. Given a choice between having to manage a number of extensions produced by the media vendors individually and a coherent framework, maybe with the extensions from the browser developers, I have no trouble deciding. The EFF is a fine organization, but they aren't going to win on this one, whether or not HTML5 has EME. And as little as I trust Google, Microsoft or Apple, I trust them much more than the RIAA, MPAA and their ilk, which I assume would include Sony, purveyor of rootkits.
My biggest worry is that once you start trying to support DRM, it can cause design decisions that impact other parts of the product. A good example (which I may have used before) is a certain generation of portable music players (neither the first, nor the current one). Most of them couldn't just connect to a computer as a mass storage device, you had to use some fool proprietary program to manage the device. I even had one that did let you designate a portion of the flash memory for direct file storage but couldn't play music from it.
All the was almost certainly because they prioritized support for the various DRM schemes that were popular at the time (e.g. encrypted WMA) over convenience for the user. So I was impacted, even though none of the files I wanted to play actually had DRM. It's not unimaginable that we'll see similar compromises made in web browsers. Like suppose a browser maker decide it's not worth providing an option to save HTML5 videos anymore because "most will be DRM-protected anyway" and they would have to add extra logic to keep the feature available for DRM-free content.
Ahhh, yes, THAT's what we need: an Internet which no longer permits code examination, because everything we visit is nice and safe, and should just be accepted at fa(r)ce value. At last, a way for Google to hide it bypassed restrictions in Safari, at last, a route for malware agents to hide their malware from security scanners.
Ah, what a lovely new word we're facing. Thank God the Americans have already come up with nice cushy expression to camouflage the impact of things going pear shaped: "collateral damage".
I am very disappointed the W3C doesn't see this coming.
How many people against the inclusion of DRM in HTML5 are happy to keep installing / patching Flash / Silverlight / AIR?
I don't know what world the EFF live in, but by blocking DRM from HTML5 they are not going to force even one company to give up their precious DRM. This isn't about the EFF fighting for freedom, this is about them restricting the availability of content in some sort of bizarre war against copyright.
No DRM in HTML5? - the current plug in's will keep being used - not a sudden change in the use of DRM.
To work properly DRM requires that the receiver has a key that can be used to decrypt the data.
Either this key has to exist in the browser or it has to be retrieved from a source on the Internet.
If it's the former I just need to look through Fire Fox's source code for
const char* W3C_DRM_Decrypt = ...
If its downloaded from the internet I just need to find
const chr * W3C_DRM_IP_addr = ...
Either way I now have the key needed to decrypt the content and can write my own code to download it, decrypt it and save it.
It seems there's no decision on DRM going into HTML5, it's just simply that Berners-Lee has decided it's "in scope" to talk about. I assume he recognizes no matter how much DRM sucks, that you do have to talk about it and what to do about it. You can't just ignore the elephant in the room, no matter how much you want to.
As I see it the standard proposes being able to pass an encrypted stream through a 3rd party plugin before handing off to the video renderer, basically think along the lines of adding a netflix plugin to your browser to enable viewing netflix content via any browser that will support the plugin.
if that is all it is then I don't see it causing any harm
"As I see it the standard proposes being able to pass an encrypted stream through a 3rd party plugin before handing off to the video renderer, basically think along the lines of adding a netflix plugin to your browser to enable viewing netflix content via any browser that will support the plugin.
if that is all it is then I don't see it causing any harm"'
That causes great harm... HTML is supposed to be platform-neutral. If this is how this works, it is an abomination. I already have flash for this purpose, thanks. These plugins will be: 1) Probably badly written. 2) Probably Windows-specific. 3) Probably x86-specific. 4) Probably have security flaws both in plugins and infrastructure, so you'll get exploited again and again. Whose to even say a site that *claims* it needs a rights restriction plugin even does? It may just be passing the video straight through while running spyware on the system.
and it can be used for good or bad. OK, let's stick to neutral and bad.
Taking Netflix or other media companies. They aren't obligated to provide their contents for free. Nor to rely on us being honest and not pirating. I totally, totally, get that a $150m blockbuster movie is not "information that wants to be free". Established artists and media workers, surprisingly, do want to earn a living.
On the other hand, I don't buy music over the internet because I like to be able to run it as darn well please, once I have bought it. And that includes (Apple), not being saddled with a proprietary codec only usable on some manufacturer's devices.
I subscribe to Netflix, which I consider a much better deal than the $40/month I'd have to pony up for basic cable. If they want to rent me stream-based access and want to rely on some form of protection to ensure they are not pirated, what's the big deal? I haven't bought the film, just rented it. If for some reason I don't like their systems I will not buy from them.
Some media offerings may not have a realistic business model without copy protection. Or, just as importantly, those companies may perceive that they need DRM before they offer those services. iTunes was hard enough for the music studios to swallow, even with the DRM it came with at the beginning.
If the DRM does turn out to be too onerous (which would not surprise me), I will not buy those products. But it's my choice then not to buy DRM-locked products, and I don't see how not having DRM technology available at all on the browser will necessarily increase my options.
If you don't like your browsers coming with DRM capability, install non-DRM browsers, knowing you won't be able to get some services. I will support you in your right to exercise that option. But don't pretend you have a right to choose for me by blocking my options. Choice is where it is at.
In a way, how different is this from Steam/Valve coming to Linux? Obviously you won't playing the latest Diablo unless you pony up some cash and convince Steam's servers that you are bona fide.