Google quietly makes "optional" web DRM mandatory in Chrome


#1

Originally published at: http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html


#2

IIRC, it’s the other way round: Chrome is built on Chromium.

Also IIRC, Chromium is open-source. so I’m guessing/hoping a fork with optional (or no) EME will appear shortly. (This does not, of course, excuse Google’s actions.)


#3

Brave is built on Chromium too. Hopefully this doesn’t impact them.


#4

Can Chromium be built without EME support?


#5

Aren’t we almost at the point where nobody “needs” a browser for Netflix anymore? Let the content vendors build their own apps with whatever DRM they want and leave the browsers alone?


#6

There isn’t an official netflix app for MacOS (or, i would guess, Linux), but that is a smallish market share and such apps could probably be made quite easily.


#7

Good question. Don’t know.


#8

Update: Don’t be REALLY evil.


#9

They already do that. The app is called Adobe Flash, which happens to run inside your web browser. The problems are that adobe flash is a festering pile of security vulnerabilities held together with spit and string, that it is not usable on mobile, and that it is being depreciated, along with all other plugins, on every desktop web browser, both because of security concerns and because it’s horribly power inefficient. Flash was stillborn on mobile and it is dying on PCs. Aside from browser games, it gets used mainly for delivering ads and DRMed media content through a web browser. Ad companies are happy to switch to HTML5. Media companies, not so much.

Cory and the EFF have the noble but quixotic goal of destroying DRM. Hollywood has the goal of not getting napsterized by file sharing, and they have latched onto DRM as an essential tool in their quest to avoid the fate of the music industry. Lost in the battle between these two is the W3C.

The W3C’s goals are to finish killing Adobe Flash and to keep hollywood media content from departing the open web and being delivered solely through siloed apps. Adobe flash is a complete programming language (which is why it is such a malware playground). Maybe 0.1% of it gets used by Netflix to provide the hollywood mandated DRM. So the W3C is creating an API (basically a stripped down plugin protocol) for interfacing with a media decrypter package (that does nothing but decryption, so it’s 0.1% the size of Flash and inherently far more secure), said package to be provided by the media companies.

The Cory and the EFF have declared war on the W3C for the mortal sin of being pragmatic and saying, well, DRM isn’t going away anytime soon, but meanwhile we need to get rid of Flash and we need to enable the companies who insist on DRM to deliver their stuff over the open web so they don’t go app-only.


#10

Ecch, like I would trust that piece of badware.


#11

Who’s to say Hollywood doesn’t have the more quixotic goal here?


#12

A multi-billion dollar industry that has been writing the laws in its favour for the past 40+ years, and has the entire government on its side, vs a tiny NGO of geeks and nerds? Clearly not an equal battle. So, is it a David vs Goliath fight, or a Don Quixote vs windmill fight? Here’s a clue: David had God on his side. Somehow I don’t think the EFF is going to get divine intervention on this one.


#13

Citation?


#14

So what’s the thinking on what’s best to use? Brave? Firefox?..


#15

Initially I had no idea what you meant by that but after a quick search I can only assume you’re referring to how Brave is supposed to be replacing ads on sites with ads of its own. Which I agree is a bit skeevy (they claim to be sharing the income with the sites but who decides pricing?).

I haven’t noticed this practice in the mobile version I’m using and since the only other ad-blocking mobile browser I’m aware of is put out by Adblock Plus (who have been accused of skeevy behavior of their own) I’m kind of limited in my choices.

I’m always open to suggestions though.


#16

I’ve been using Chrome and Adaway for a while now but was prompted to try Brave thanks to this thread.

Adaway is good but because it replaces the hosts file you need Root to use it. Not really a problem depending on what flavour of Android you are using but it can be a bit of a barrier to entry. The only real issue with Adaway is that it can be a bit overzealous (all images on xkcd suddenly started being blocked for me the other day) and adding things to the whitelist can be a bit of a chore, in that you have to figure out the domain for the wanted images while still blocking the garbage.

Brave is like a breath of fresh air to me; each site has individual settings and tailoring them (or switching them off completely) is just a matter of bringing up an in-browser menu. It’s functionally the same as Chrome but with a lot more options for tweaking privacy and adblocking.

I haven’t noticed any adverts at all on mobile; the only feature I want to carry over from adaway is the ability to blacklist entire domains so that I don’t accidentally click a link to the Daily Mail or any of the Murdoch empire.


#17

Yeah I’ve really enjoyed Brave. I like the other features they include in addition to basic ad blocking that all serve to address the issue of surreptitious malware (HTTPS Everywhere, script blocking, fingerprint blocking).

Plus it seems so much more efficient and stable than all the other browsers I’ve tried other than Chrome.


#18

Yeh; after I posted the wall of text above I started to think that the blacklist is unnecessary given all of the features you mention.

I mean, if I’m not fingerprintable, I’m not being served any ads and there aren’t any scripts tracking me, doesn’t that mean I’m just server load?

Anyone with a better understanding of how click revenue works want to clarify? If I switch off all these things, do I still count as a pageview? I desperately don’t want to generate any money for Murdoch et al but I’m not sure if this prevents them profiting from my visit…


#19

They include their own “adblocker” that replaces ads with their own ad network.

A move that apes malware and gives me zero trust over their intentions.

I don’t care what sort of shitty Bitcoin faucet satoshi trickle they offer me, it’s shady.

Doesn’t hurt how Brendan Eich feels about gay rights either.


#20

I understand the value of getting rid of Flash. My point was that 3 or 4 years ago, it made perfect sense to say, “Who would use a browser that couldn’t play Netflix?” Now we are getting close to the point where you might say, “Who watches Netflix in their browser?”

Sadly, the people who are the most worried about DRM in their browser will probably be the last ones to watch Netflix in an app.