If you're worried about Net Neutrality, you should be worried about web DRM, too


#1

Originally published at: http://boingboing.net/2017/07/13/its-the-same-fight.html


#2


#3

How does having DRMed videos allow big incumbents to decide which legal actives we can and cannot do on the web? Not providing any rational argument to back such a huge claim is a bit concerning.

The W3C decided to standardize the automatic discovery of Content Decryption Modules, the DRM is in no way standardized, nor has any effort been made to do so.

Making it EME a standard opens it up for anyone to interact with it, create new CDMs etc. It levels the playing field for new CDM makers and new software that wants to consume CDMs. Since it is a standard and anyone can interact with it without anyone else’s approval and interoperability won’t be limited to the big players. that is the entire point of standards. that is the opposite of pre EME when only the big players could participate.

nope, nope, nope. the media industry doesn’t have any power over who can create CDMs. It opens up who can create encrypted content (previously locked to the big players) and who can create systems that consume encrypted content, which was previously limited to whomever the big players wrote plugins specifically for. the effect is the exact opposite of limiting or reducing opportunities for small players and new players.

The DRM is neither embedded nor standardized.

The w3C careful considered all these concerns and discussed them at great length to make sure that any valid concerns were addressed prior to standardization. One can read their much more informed and balanced perspective here. and the full spec here. One can see that they intelligently refute all these false claims and the excellent work they are doing in this area, they should be applauded. They are actually engaging in the conversation and trying to address the points of detractors, but the detractors keep repeating the same misinformation and keep trying to inject their agenda into a consortium whos primary goal is to remain neutral.

EME has existed in all the major browsers for years already, it just wasn’t officially standardized. Standardizing EME doesn’t change how the browsers were already doing it, in otherwords it has no real world impact, all the browsers already had EME years before standardization was even being discussed. The sky is falling, well it fell years ago but no one noticed because absolutely nothing happened.


#4

How dare you respond to Cory’s Holy Crusade with facts? /s

Seriously, thank you for providing a rejoinder. It seems most BB commenters who haven’t drunk the EFF cool-aid have gotten tired of debunking Doctorow’s bullshit on this matter and given up.


#5

I am fairly certain that worrying does not accomplish much of anything.


#6

Except in all the ways the article mentioned that legacy industries have tried in the past. A number of movie studios refused to sell movies to wholesalers that supplied Netflix and Redbox, attempting to starve them out of the industry. However the first sale doctrine defeated this in the end since they could end run the wholesalers by purchasing retail and supplying those to rental customers.

Digital goods are different, the law currently supplies no first sale rights, so a new streaming video start up can’t buy a copy of a new movie and rent it to a user, they can’t even buy a Netflix subscription for each and every user and stream the video from Netflix to their data center and then to the user.

Could I write my own CDM? I could, but it would never be used by anyone but me. There is no chance that Disney will ever allow a streaming service to use my CDM to protect their content. Distribution contracts already contain rules about only using certified secure systems to distribute content. This effectively allows the current media industry to serve as gatekeepers for new entrants into the field.

Except that the premise of that blog post is based on a fallacy.

Study after study has shown that if you want to increase sales of digital goods then offer more legal ways to acquire those goods. DRM has always been a limiting technology, not an enabling technology. Removing DRM in iTunes boosted sales instead of harming them, it also reduced the cost to Apple to distribute those songs.

I’ll grant you that it’s too late to do anything about EME, but let me turn that statement on it’s head. What does making it a standard accomplish? I don’t see a world where there is an open source CDM that any developer could fork on GitHub and set up a new streaming site with some cool new feature enabled by their changes to the CDM and get a license to the latest Hollywood blockbusters. Making EME a W3C standard does nothing meaningful to open up CDMs to the masses. It could have stayed a defacto standard championed by Google, Microsoft, and Adobe with no change to the ability to build a CDM that no one will use. All the W3C standard does is it makes it ‘acceptable’ to the open web instead of ‘tolerated’ in the open web.


#7

Don’t worry, I’m constantly worried about basically everything all the time these days.


#8

None of the things mentioned in the article actually apply to EME, that is a fact.
I agree there are issues with DRM and am all for fair use, ownership rights, and the lot, I regularly speak out against DRM, but what I don’t do is spread misinformation, and i feel that doing so weakens any legitimate argument in the space, so i feel compelled to speak out when anyone is misrepresenting the facts for an agenda, on either side.

I do agree with your points about digital goods, and how we as a society need to rethink things. I’ve even given a talk against the dangers of the idea of IP as a whole, its history, and the struggles we face in the modern world finding a balance that meets all needs. I think the copyright system is broken etc.

That is a misunderstanding, the point is not if you as the user could write a CDM, or which CDM is used to distribute the content. Using your own CDM to distribute another persons content means you’d have to have a DRM free copy to start with AND distribution rights, it just doesn’t make sense for an individual, but iTunes video and Netflix video already does this exact thing, because they can afford distribution licenses and agreements to get access to the sources.

The real point is if small new startups can or cannot create their own CDMs for their own content (they can contrary to cory’s claims) or if small new startups can access other people’s CDMs to interact with other people’s content (again they can contrary to corys claims) so rather then further limiting the ability of small players and new players it dramatically opens up and levels the playing field (again this is directly contrary to cory’s claims) and greatly improves the landscape for new and smaller players. EME is a huge win for them and for the consumers.

That blog post is the official w3C statement on the issue, and is very accurate. I work in this field directly and none of the companies involved are pushing out misinformation through the w3C, that is crazy. many of the best minds on the internet are involved in and have weighed in on this subject and what they are saying is accurate, but if you don’t believe me read the ACTUAL SPEC which i also linked to and determine for yourself. I have.

It is crazy to think that the group that standardized the open internet is lying about one of its specs that they openly publish for anyone to look at. Look at its members. Yeah. You’d have to go full tinfoil and not be able to understand the spec and its impact for yourself by looking at it to mistakenly think they are in any way misrepresenting things. Their statements are accurate and address all the mentioned concerns. Why do you think the EFF didn’t try and amend any specific flaw in the proposal instead of just block it? The answer is obvious really, they have not been working with the W3C on making sure the spec is good, they been obstructionists with the single goal of blocking it facts be dammed, full stop.

Are you kidding me? Standards, specifically the w3c standards are the foundation for the open web, the web as you know it could not exist without them. it levels the playing field so that anyone can implement or interact with the standard in a know expected way. we could not have the internet without standards. what does standardizing the EME do? it allows future browser makers to connect to or use any CDM, before all plugins were proprietary and interacted with the browser in a proprietary way, a chrome plugin cannot run in safari, opera, firefox, etc. it allows small players to create CDMs that work automatically without depending on a big players proprietary plugin being installed. EME increase interoperability, it increases system security, it increases user privacy, it runs in a sandbox and can’t be used to exploit your system unlike plugins like flash.

The alternative to having it be an open standard is having it be a close proprietary thing which is no good for anyone. Most new technology from canvas, to 3d, start off as proprietary browser experiments then then get pushed towards a unified implementation then an official standard. it is how all these web technologies work, and for very good reason.

Nope. If you know the history of the open web the open web has always allowed for and accommodated both open and closed content, since the very beginning. Thinking it hasn’t is complete misunderstanding of what the open web is.

There are several.

no i doubt very much that an individual could obtain or afford such a thing, netflix barely can.
but again that is a misunderstanding of how this is all supposed to work. anyone could write software that interacts with other people’s CDMs to consume their content, or create their own CDMs for their own content. No one anywhere is suggesting that anyone should be able to DRM other peoples content unless they have distribution rights to do so, in which case they could.

But it does when you understand it. Both for consuming third party CDMs and for creating alternate CDMs.


#9

Thank you for your detailed responses on this. Very much appreciated.

There are some points where I don’t think I follow your argument.

VenTatsu made the point that while the industry may not be able to control who can create CDMs, they can (at least try to) control who can actually make any use of them.

It seems to me that you basically agree with that. You clearly state that while individuals or small businesses could create their own CDM or software that interacts with other people’s CDMs, in practice there would be no point because they wouldn’t have the rights to the content and couldn’t get it because they can’t afford it.

Assuming I’ve understood your view there correctly (and it seems self-evident), I don’t understand your response to:

I think VenTatsu’s point was that if no one outside of the current big players has any chance of using the standard to do anything meaningful, then what useful benefit has been achieved by having the standard. The big boys could just simply carry on doing what they have been so far and using their own proprietary stuff.

As best I can work out you are saying that while no one (without access to massive resources) would be able to set up a new Netflix thanks to this, there are some things that small start-ups could do.

Could you give some examples? What sort of things could small start-ups do with this standard that they can’t do without it?


#10

No, I get and disagree with his point entirely.

He was saying that an individual should be able to access any big media companies content DRM free and use their own CDMs to add DRM to it and distribute it, which doesn’t make any sense whatsoever. (everything else they can do, any streaming service could use their own CDMs to distribute any content they have rights to.)

They can’t. Any entity can make a CDM, any entity can interface with another entities CDM to consume their content. The industry has absolutely no control over who makes or makes use of CDMs. The only thing they can do is control which CDM they distribute their OWN CONTENT under. Previous to EME and CDMs the industry had complete control over who could use their proprietary distribution systems, and charged an arm and a leg for them knowing that they were they only choice widely installed and usable. The bar was such that no one else could compete or even get any sort of market traction. EME resolves this and opens the playing field to anyone, the “industry” has no control over anyone else, only which CDM they use themselves.

BUT they do.

The standard is what gives anyone a chance to participate. You could create a new browser and instead of having to wait for Microsoft or Adobe to write a plugin for your specific browser, you can implement the EME standard, and ONE of the the things EME allows you to do is connect with other peoples CDMs so that their content can be consumed on your device.

The standard is what allows new people to create CDMs so if you have a bunch of unique content you could create your own CDM, and anyone could use it automatically without having to install anything, which is what kept small players out of the market, and you wouldn’t have to license Adobe’s or Microsoft’s CDMs.

Those are the two most meaningful things anyone could do with such tech, and they are a HUGE improvement.

That is true, but not thanks to anything EME or CDM related. That is due only to not being able to afford the distribution licensing for the original copyrighted content. The same thing that stops them without EME. Anyone with original content, or with content they have the rights to distribute is free to start a service to do so. Nothing is stopping anyone anymore.

Saying that anyone couldn’t become Netflix is a big duh, who thought that could happen? Whether or not EME is a standard, that is a silly idea. It isn’t a technological limitation, rather a licensing and resource limitation.

Sure. I’d be happy to.
Anyone can do the two most meaningful things with encrypted content that they were previously blocked from:

  1. Make their own in their own control without needed to go through or have the permission of one of the big companies.
  2. Make a device or browser that interacts with other people’s content without them having to implement their own proprietary system on your browser or device.
    (Neither of these are possible without a standardized way of interacting with this type of content and EME unblocks small and new players which previously could not participate, now they can, which is the OPPOSITE of cory’s claim.)

Additionally EME allows the CDMs to be sandboxed which:

  1. Prevents the CDM from doing anything to your system besides decryption media content. Previous plugins were some of the biggest vector points for malware because they had system level access.
  2. Increase user privacy, so that whomever created the CDMs cannot get information about a user that they are not supposed to. Mozilla has a great article about how EME enables this to happen. Previously plugins like flash and silverlight allow for things like supercookies that can track your activity across all sites, etc. and were a huge breech of user privacy.
  3. Consumer choice. Freedom to choose what device and system you use. You won’t be limited to the few that a major plugin has been ported to.

These are all huge positive leaps forward that vastly improve many of the pain points in DRM. This is why the EFF is so adamantly wanting to block it, they are hard line anti-drm which is fine, and they see improved DRM without the consumer issues that they’ve used as talking points against DRM as a major loss in their war against DRM. So they are trying to block all these huge improvements for consumers, content creators, small new companies, using blatant misinformation. Their view is that if it stays shitty for everyone they will have an easier time killing it, whereas if all the pain points are resolved then they’ll have to fight it on an intellectual argument, which is much more difficult to gain traction on. That is fine if they are honest about what they are doing. I think spreading misinformation and being dishonest about their stance hurts their cause tremendously and is the opposite of their charter to do what is best for users. This is also why the EFF did not engage with the standard to improve any issues, but rather proposed an impossible addition to the consortium member agreement, one that could never be legally binding because contracts cannot superseded laws and drm circumvention is covered under the law currently. The contract would NOT be legally enforceable so it wouldn’t add the protection they are falsely claiming it would.

It would also force an INTENTIONALLY NEUTRAL consortium, the one responsible for standards and the open web, to take a hard line side, and such contracts would not be signable by many of its members. Would the EFF be okay with EME and DRM if the W3C added such an unenforceable clause to its charter? Of course NOT!!! It is a dishonest attempt to block the standard from moving forward, period.

What they should be doing is focusing on the real problem, changing the LAWS, like the DMCA, which are what remove most of the rights we should have. None of these other actions will make any difference unless we can change the laws that are the underlying problem.


#11

I wasn’t really thinking of me the individual, but me the software developer at an S&P 500 company where I do development and developer support for various internal and external web properties. Could we build a CDM and market it to Netflix?

I’m not sure this is a reasonable scenario. If we look at the pattern of the past decade or so we see far more startups that build a business by identifying and licensing content under valued by its owner and delivering it to those that do value it. That then bootstraps them into being able to bank roll their own content creation.

And for most small startups creating content DRM provides a negative value. Their threat is not piracy (a debatable threat for any content creator), but obscurity. Can they even get enough people to view their content? If they can how can they turn those viewers into revenue? Throwing your own CDM into this has to be one of the most colossal speed bumps imaginable to achieving that conversion.

Your telling us your offering all the drowning small content creators a free glass of water.

I didn’t say “misinformation” that implies some an attempt at deception, which I didn’t intend to imply. I did say “fallacy” as in a logical mistake. I’m also not addressing the technical aspects in my criticism of the blog post, nor was I trying to imply it was in any way not the official or authoritative position of the W3C. You try to counter every point I didn’t try to make, but you didn’t rebut any of the points I did try to make.

I feel like this argument is from a South Park episode.
EME supporters:

  1. Easier (or more open) DRM on the Web
  2. ???
  3. More creator profits!

Except as I said and you seem to have ignored, DRM does not improve profits. You can look at any BitTorrent site to see DRM does not stop piracy. And time and time again removing DRM has boosted sales.
What DRM does do is it consolidates control. DRM has been used to create vendor lock in. DRM has been used to retroactively revoke access to purchased content (and some times physical goods).

That seems a bit revisionist history to me, I recall back in the old days almost every browser adopted the Netscape Plugin API. The most popular DRM method prior to EME/CDM was a NPAPI plugin. Yes NPAPI is now dead, but to make the claim that it didn’t work that way before is dishonest.

If EME was instead a generic media plugin interface, or discover system for them I don’t know that i would have any issues with it, even if it was clear that DRM would likely be the major use. But EME near as I can tell serves only to connect the browser to a non-NPAPI method to do DRM.

It’s funny that about a year ago the EME proponents I interacted with were trying to tell everyone that EME was not DRM, it was totally technology agnostic, and could totally be used for things other than DRM, just no one has though of them yet. But now I rarely see that argument made.

Allowed or tolerated? I’ll admit to not knowing ever standard, RFC from the W3C or IETF, but I can’t recall any off the top of my head that were specifically designed to deliver content to an end user with the explicit expectation that they would be prevented from using that content in any legal manner they chose.

And don’t try to tell me that DRM serves any purpose other than to limit the ways a end user can use content without regard to that users legal rights to use that content. It may be primarily intended to prevent illegal uses, but I have yet to hear of a DRM scheme that doesn’t also sacrifice legal uses to accomplish that.

Do you have any links? I’d genuinely like to take a look.

So wait, could I make a CDM that consumes the content from the Widevide CDM to say save the full quality stream to disk for off line viewing?

Thank you for putting words in my mouth, that was one argument from a group of related arguments about the futility of saying “Anyone can make a CDM!”, it fails to address the real issue of what DRM represents, vendor locking, and restricting rights of users. More DRM does not make DRM less bad. Being allowed to make my own DRM does not remove the negative impacts of DRM, either on the theoretical ‘me’ that wants to start a company in internet media sector, or the real me that consumes media on the internet. I’m not saying that “individual should be able to access any big media companies content DRM free and use their own CDMs to add DRM to it and distribute it” I’m saying that providing a token reduction in the bar to create new DRM does not in fact fix any of the myriad thing wrong with DRM.

Since I’m obviously ignorant, how does one get a CDM installed on a client system? Is there a portable way that works across all major browsers and operating systems? Does it work on mostly closed platforms like iOS?

How does EME/CDMs change from when we had NPAPI pluggins doing DRM? Any one could write one and ask users to download it to get access to their site. This was once stupidly common in the period between the fall of RealPlayer and the rise of Flash video (and somewhat during both of those times).

Or you support what was the defacto standard for DRM prior to the creation of EME and support Flash through NPAPI (God it feels like I’m harping on this point, but you keep trotting out that this is somehow unique and never done before in the browser space). Flash sucks, and NPAPI sucks, but at least the system wasn’t designed specifically for one purpose that many of us feel is an evil. It may be a necessary evil, but it is evil to us.

Citation needed. From my reading of the standard there is nothing that would automatically make a random developers CDM active in my browser without either my direct interaction (installation) or the intentional inclusion of it in my browser or OS by the browser or OS vendor. I read quite the opposite that Browser vendors need to vet the CDM modules they enable.


#12

Yep. But they are already working on their own, so you might not be successful in marking one you develop to them, but nothing is stopping you or them under EME. Prior to EME this would have been much less feasible.

CDMs don’t have to contain DRM. They can, but they don’t have to. Says that right in the intro. EME also allows new media formats and types to be played as soon as there is a CDM to decode it, EME is not specific to DRM and contains NO DRM, it does make using DRM CDMs easier, but it makes using any CDM easier. The w3C has been very clear that this isn’t just for DRM and does not contain DRM, its functions go much much beyond that to improve so many aspects of media interaction. For example it also improves and standardizes playback controls and assistive features for the disabled.

this is much easier for them to do under EME. New startups distributing any content, their own, other peoples, doesn’t matter, they suddenly got a lot more power and no longer are stuck using a system from one of the big three as they were previously.

I’d be happy to try if you can make them more clear. What specifically is the fallacy that the post is based upon? Those are the right words right? I’ve tried going point by point in all my replies, maybe a few points weren’t clear and i missed them.

[quote=“VenTatsu, post:6, topic:104428”]
Except that the premise of that blog post is based on a fallacy.
[/quote] it is accurate and logically sound from all accounts I can find, and from studying the spec, which is not at all surprising considering the incredible quality of the minds that worked together to create it. it sticks to the facts, if you are claiming it is based on a logically fallacy i’d find it helpful to know what specifically that was so that it has some meaning and context.

I’m saying they now have a lot more freedom then they previously had. Their situation has vastly improved in multiple ways, and gotten worse in exactly zero ways, contrary to this articles claim.

No, not revisionist, i was working in this field at that time. Please look up which browsers actually implemented the NPAPI, and what it actually achieved, and what a mess it was. It was a security nightmare and really poorly designed, cross browser plugins never worked like you’d think they would have. Also you misunderstand what it is. Absolutely nothing was decrypted using the NPAPI, that was the interface people would use for their plugins to interface with the browser, the API itself had no media capabilities at all. None. It is simply a way for a proprietary piece of code to register with and interact with the browser and browser content. The proprietary plugin code did all the decryption and displaying of the media. NPAPI was part of the browser and couldn’t do anything by itself.

One would have to install a plugin such as Adobe Flash to use their proprietary media decoder FMLE, or Silverlight to use Microsofts proprietary media decoder.

You are in luck, IT IS!!! The article with the “fallacy” points this out, as does the intro to the spec.
That is exactly what it is. DRM is just one use, IT IS NOT DRM SPECIFIC.

well not here anyway. it is pretty much considered fact everywhere else, because you can actually, you know, test it right now in browsers and have been able to do so for years. It isn’t an opinion or argument.

Designed intentionally to allow both. a rich web is open meaning not limited to any type of content, which of course means BOTH. people assume the wrong open.

This discussion first occurred when the 4th website required that images be allowed and the tag was created. Further following, 2 of the 3 image formats supported on the early web were proprietary and had to be licensed. They are still two of the most popular image formats in use in the world, their history and use are a fascinating read when you have the time. same thing went for zip compression. same for all the initial video formats. etc. open web != open source or open non-encrypted formats for media.

Sure I’d start with the Open Content Decryption Module.
but there are 3-4 others that have reached usable code bases, and a bunch more up and coming now that this is a standard.

No, not quite, you could make a browser or piece of software that implemented EME and could consume content from the Widevide CDM based on your license. If you used that to circumvent the DRM you’d be likely breaking a law in your country. Those laws have to be changed if you want the right to break DRM and not have it be illegal.

I included your quote so that your direct words would speak for themselves, what you quote me saying is just below your actual exact words.

Improving many of the user pains in interacting with DRM does make DRM less bad, but i agree with the core idea that DRM is not a good thing overall. It is possible for it to be a lot “less bad” and still not be a good idea on theory. problem is there is reality of how things are today, and where we’d like to see them be ideally, it is going to take honest factual discussions to get from a to b and we need to be realistic int he meantime. Am I for DRM? no. Do I think EME is a huge step forward in multiple ways and a huge improvement for content creators and consumers, even if it makes DRM easier? Yes, absolutely.

Did someone in 2017 really just suggest we go back to the worst idea in web history? Flash is one of the worst offenders of closed content ever created. Flash is one of the most exploited vector points for malware, and one of most worst offenders for violating user privacy. Also if adobe didn’t write a version of flash for your system you were sol. flash isn’t on ios which makes up a good percentage of web traffic and almost everyone has agreed that moving away from Flash to the much more secure web standards is a massive step in the right direction, this includes EME.

Wait what? That is EME. That is the whole point of EME, “automatic discovery of CDMs”. Have you ever been prompted to download a CDM when viewing a video that uses the tag?

The KeySystem rights negotiation is an automatic process. Similar to the way a mobile app tells the mobile os which “things it needs to be able to do”. Chrome plugins do this as well. That part of the spec is saying that it is up to the browser to enforce which permissions it will allow and deny to the CDM based on its keysystem request. This is not a reference to a manual code vetting process. CDMs run sandboxed, remember?

I’d suggest reading more about EME outside of this “reality bubble”. A lot of people have written a lot about it, and no one is making the kind of claims you’ll find here. Many people discuss the huge improvements it allows for, while still lamenting the state of modern DRM as a whole.


#13

Really? Paragraph 2

By the second paragraph that post really really strongly implies that this is about content protection AKA DRM.

Paragraph 3 proceeds to conflate usage based restrictions (content protection, copy protection, DRM, or what ever you prefer to call it) with access based restrictions.

Paragraph 4 again defines EME as a “content-protection” standard.

Paragraph 6 directly ties EME to CDM to DRM, no quibbling about other possible uses, CDMs are for DRM:

A strait up bold faced statement that CDMs are intended to be a part of DRM systems.

Again Paragraph 8 discusses how we must allow DRM into Open Web, not a direct tie between EME and DRM, but taken with the rest it’s part of a theme.

Paragraph 9 again discusses interfacing with CDMs in the context of “protected content” no alternate uses described.

Again in paragraph 10 CDMs are about implementing proprietary content protection schemes.

In an 11 paragraph post 6 of those paragraphs could by reasonable interpretation tie EME directly to DRM if we decide that the phrase “content protection” means DRM, or other usage based restrictions. Even if you reject that connection paragraph 6 make a no wiggle room direct connection between EME and DRM.

Your right that EME could be used for non DRM uses, but there is a wide gulf between what a system was intended to do and what it can be made to do.

I have already said it twice, I quoted the text I fell is logically not sound from the blog post.

One last time, the post repeatedly conflates content protection and monetary remuneration. It is possible for a service to require payment for content without EME. EME does nothing to enable payment for content. You can base an argument on saying content creator need to be paid, then introduce a ‘solution’ that doesn’t in fact help any one get paid, and remain logically sound. Hollywood may have a fetish for DRM and other anti-consumer content restriction systems, but that doesn’t mean that they are correct.

I linked to which browsers implemented NPAPI, and I said it was a bad API, you seem to be ignoring what I actually said and instead imagining what I said to fit your internal narrative about people that disagree with you.

My argument was not that it was a shining bastion of wonder, just that you can’t say that no API has ever existed that allowed cross browser media format decoders (including DRM) when we can in fact point to one that DID EXIST!

NO, My point was that EME is just lipstick on a pig. It might be a more secure and technically better solution, but it is still just a way to build browser plugins, only this time it was designed with a very limited intent instead of being a general use system.

No, you quoted a rhetorical question out of context and then proceed to interpret that quote to be the thesis of my argument instead of a minor component of the argument. If that was all you had done I would have just complained about you misinterpreting me, but you said “He was saying that…”. You directly indicated that I had made and argument that I had not made. You took my rhetorical question, inserted words to change its meaning, and then portrayed it as my intent. That is “putting words in my mouth”.

On the other hand if you had said “I think he was saying that…” I would have no objection, you would clearly be making a statement of opinion about my prior statements. I could say you had misunderstood me, but I could not claim you misrepresented me.

No, I have been told I don’t have a the required components to decode a protected video, or something to that effect.

Yes, but Chrome asks me if I want to download a plugin that a site has requested, or I have to explicitly seek it out. Please tell me Chrome hasn’t started to auto run third party plugins.

Ah yes, sandboxed, the snake oil of the computer security world. I’ve never heard of almost every single sandbox technology failing in the face of a determined attacker.
The Java sandbox ensured Applets would never be used to exploit end users.
The same could be said for ActiveX, and even Flash it self. All technologies that claimed to be sandboxed.

The idea that my browser is grabbing binary code without any user interaction and executing it is not confidence boosting. Maybe CDMs will have a better sandbox and the prior attempts, but hackers are also getting better. This is not an arms race I want to be in.


I’m sure we could go on like this, and I have learned some useful things about the EME standard from you. But this thread is closing soon, and while in some ways I fell better about EME, in other I feel much worse.


#14

Yes! :slight_smile:

You have to use a CDM for DRM with EME, that is the only place DRM exists in the external third party CDMs as I’ve repeatedly said and contrary to all the articles here.

CDMs don’t have to be DRM and DRM is used in lots of places without CDM. One doesn’t follow the other.

Just because they are intentionally designed to work together doesn’t mean that weren’t designed to also work with non DRM CDMs which of course they were also designed to do. I’ve said this many times above.

Yes EME allows one to interface with CDMs that can decrypt DRM and is specifically designed to accommodate DRM and concerns that anyone implementing DRM would have, so you’ll see that language all over the spec. Pointing out bits that mention DRM like as if that is some sort of proof an, ah ha, see CDMs are designed to work with DRM, is silly. well yes duh. but it is so much more.

I appreciate the effort of finally reading the spec, we should all be as informed as we can about these sorts of things and on guard with our digital rights.

What the W3C says is exactly what i said above.

Thank you for clarifying, i was unclear what you meant. I read it very differently. The blog post basically says some companies consider content protection necessary for making money and they want to make sure that content remains accessible from the open web in a standard way. They aren’t even weighing in on the argument, let alone creating a logical fallacy. That is my read anyway…

When i read your words above, it seems like you said BOTH we should go back to it, and you’d have no problem with EME if it was a NPAPI plugin discover system.

Are you talking about plugins or CDMs? When people refer to automatic versus having to install, they typically mean if you have to download and install something or if it is done automatically. The click to activate, message is a security block on automatically downloaded content, asking your permission to run. It is another thing altogether.

Yeah, the thread is closing soon. I appreciate the conversation. It is good to be on guard about new tech, especially anything DRM related. I think the more clarity we have the better we can all weight the implications and impacts of new tech, which is why we need honest frank discussions. That is why misinformation, like those found in the articles with the weird lock image here on boingboing, is so harmful to everyone.

have a nice week. cheers.


#15

This topic was automatically closed after 5 days. New replies are no longer allowed.