That’s how you guarantee to get a zero day since those updates fix security bugs that directly affect you.
You should then be terrified, because Adobe designed most of Mozilla’s current plugin architecture and we’ve been using it for the better part of a decade.
It will likely be more secure now, as the plugin methodology currently in play was developed by Adobe and passed on to Mozilla so that Adobe felt comfortable letting Mozilla embed a PDF viewer in the code. Previously most corporations and security companies ripped on NPAPI for that reason. Google even invented a newer, more secure / pro-user plugin platform called PPAPI (Pepper). Adobe backed out completely on flash development to this plugin architecture because they objected to it. Google now develops the better part of the flash plugin.
Seriously, this is a massive upgrade for the end user and their privacy. No longer will these DRM modules get the free reign they’ve had for so long. I understand why people are objecting to this if it was what they are saying it is, but what they’re saying it is has been the status quo in firefox for a good long while now. Just read the code.
The scuttlebutt on that actually is that they pulled a lot of Reddit apps because Conde’ Nast is asking them to, since a commercial Reddit app (or free if you have Gold) is coming out real soon now.
The only ones hit were the ones that had Reddit in their name.
Sorry, but no. The notion that the open web is dead because Firefox added a sandbox for Adobe so that content providers can copy-protect audio and video, or that a Guardian writer is nursing a broken heart over the issue…c’mon. It’s so over-the-top emotional. No reasonable person got their heart broke over this.
You keep propping up straw men and false arguments. Why keep doing this if the truth is on your side? This isn’t just about Firefox implementing Adobe DRM (who is absolutely notorious for security issues), it’s about Mozilla trashing their principles in implementing DRM instead of taking a stand. If Mozilla skirts their principles today, whose to say they don’t continue to blow off more tomorrow? It’s a slippery slope.
I see that as a separate issue from how much it sucks that DRM is being built into HTML, though.
I agree with you on that to an extent but, once again, I think it’s about broken principles more than it’s about specific DRM implementations at this point.
Not only are they capable of circumventing the open Web, they already are and are growing in popularity
The Apple iOS devices you’ve shown are losing massive market share to the more open Android devices. That’s not to say that’s the only factor, but it’s something to consider beyond just price differences. That’s also not to say that Android is open enough, either, but it’s vastly more open than iOS products are in most respects. As far as mobile overtaking PC’s, that has very little to do with DRM and everything to do with form factor, pricing and simplicity.
And for some reason Apple gets a free pass among the BoingBoing crowd. I don’t get it.
You just gave me quite a chuckle there, thanks.
Small sampling and I can’t even begin to count all the negative comments towards Apple over the years in the forums/bbs…
I truly, honestly see DRM for media files as the lesser of two evils. I also don’t see this ultimately working out well for either producers or consumers.
If what you’re saying is that Mozilla’s opt-in implementation is better than opt-out or mandatory, I agree. They’ve also pledged to attempt to make this DRM slumming business a temporary solution until they can figure out something else. But, we’ll see since sticking to their word via principles isn’t looking too bright at the moment.
So what choice does that leave me?
I went into a Mac folder, since that’s what I have.
To avoid security issues? Whatever browser you run, keep it up to date. An out of date browser is a 0 day browser.
Or, you know, just don’t opt-in and install it. The support for the EME is there by default. The DRM is not. You have to opt in for it to be installed and activated.
And, Ian Hickson enters the fray…
Discussions about DRM often land on the fundamental problem with DRM: that it doesn’t work, or worse, that it is in fact mathematically impossible to make it work. The argument goes as follows:
- The purpose of DRM is to prevent people from copying content while allowing people to view that content,
- You can’t hide something from someone while showing it to them,
- And in any case widespread copyright violations (e.g. movies on file sharing sites) often come from sources that aren’t encrypted in the first place, e.g. leaks from studios.
It turns out that this argument is fundamentally flawed. Usually the arguments from pro-DRM people are that #2 and #3 are false. But no, those are true. The problem is #1 is false.
The purpose of DRM is not to prevent copyright violations.
The purpose of DRM is to give content providers leverage against creators of playback devices. …
It’s Chrome’s fault really. That’s who Mozilla are afraid of.
It came on the market and surpassed them in no time. It forced them into adopting a weird versioning system - I’m pretty sure they did it in a misguided attempt to compete with Chrome’s rapid “major” releases.
So yes, they are very much afraid they’ll lose even more market share and they may be right.
(I’m not making excuses - I hate this as much as anyone here and I’m typing this in Firefox)
Or as someone mentioned above - do your browsing in a sandbox. Of course, that still leaves problems such as browser history not being saved (if that’s something you find useful) and possibly the chance of a browser-flaw leaking passwords etc…
So I can avoid security issues or DRM. Pick one.
No because the DRM is opt-in, which folks would know if they bothered to read the specifics of what is going on. There is no DRM software on a Firefox user’s system unless they install the DRM plugin. All Mozilla did is make a framework available for it so the Adobe plugin could be installed if the user chose to do so. It isn’t there by default.
Thanks. I’ll be careful.
The fact is that DRM is in the HTML spec now. It’s not likely to leave the spec, even with massive objection from everyone. It got into the spec initially over similar, massive objection. That’s done. Mozilla has two options: refuse to participate or adopt and improve.
In the past (e.g. with h.264 or WebSQL), what’s happened is that they have refused to participate and floated their own, open, alternative approaches. The result has usually been that the proprietary implementations (in many cases already de facto standards) have gone ahead anyway, gained user and developer acceptance and Mozilla has later had to back pedal into supporting those or risk losing their users. What’s more, not participating in initial implementations in the past has left them unable to influence the nascent standards and the implementations suffer as a result. Anyone who has ever tried to use Web SQL for anything can certainly attest to that.
This time, they have opted to take a seat at the table, participate in the initial implementation, yell obscenities as necessary, call out the bullshit as it is floated into the evolving spec by proprietary interests, and influence the implementation’s future. This also has the neat side effect of letting people continue to use Firefox to do all the inherently proprietary, currently-plugin-based things which have become normal and expected things to do on the Web, like watch Netflix. And all of this without yet another plugins governed by single corporate entities, which are certainly not good for the Future Web.
Tim Berners-Lee ensured this would be a lose / lose for Mozilla and for the Open Web last year when he came down on the side of DRM and it went into the spec in the first place. It is a bummer, it’s almost certainly the objectively wrong thing to do, but I’d definitely rather have Mozilla in the conversation and bringing the fight directly than locked outside holding a protest sign while Comcast is in there with donuts and a suitcase full of brand new thirty dollar bills with George Bush’s picture on them…
The Web is changing, but that’s not new. It has always changed and it will continue to change. More great things will happen. More terrible things will happen. The critical thing is to continue to participate. Ditching Firefox in protest (for… which DRM-free browser, exactly?) is not actually helpful, and likely hurts the cause in the long term. But you know what? It’s the Web: at any point, if you don’t like what’s happening with the browser scene, please write a new one!
I’m pretty sure that bug has been closed as “wontfix.”