One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

Originally published at:


Don’t implement it. Use a technology that has DRM removed by default. Build. Build. Build. License it to make content, source code, and specs open by default. F^&* them because they don’t matter.


Now that the W3C has greenlit web-wide DRM, what has changed? It would be nice if we could catalog the direct consequences of this action to use as examples in the next fight.


Is the headline connected to the post in any way?


I’m not sure in what spirit you meant this, but regardless, to be fair, the W3C decision shouldn’t be judged on whether it made the existing problem worse; EFF was hoping the W3C could use its (debatable) influence to make things better, and that didn’t happen.

What does seem to be missing from the post and article is more on how, exactly, DRM-likers did defend their opposition to the “don’t sue security researchers” proposal. Presumably they used words in these meetings.


…but we got farther than we had any right to.

Methinks Cory is directly missing the point. We had (and have) EVERY right to do so.


That’s spinning it a bit. When Cory says an important freedom canary died that’s more than just expect more of the same.

Tim Berners-Lee wrote about it a little bit:

There was an attempt at one point in the W3C process to refuse to bring the EME spec forward until all the working group participants would agree to indemnify security researchers under this section. To cut a very long story short, the attempt failed, and historians may point to the lack of leverage the EME spec had to be used in this way, and the difference between the set of companies in the working group and the set of companies which would be likely to sue over the DMCA, among other reasons.

That’s from here:


I don’t think that “we lost completely and then quit the game on a huff” is what devastating means.

I read it. It’s not so much as a postmortem as yet another editorial on how righteous you & the EFF are about DRM and how everyone else is wrong so there!

There’s nothing about tactical lessons learned, what gained ground or why the EFF lost. I can only hope the EFF’s internal after action report is in any way useful.


I don’t doubt the basic claim (repairing >> recycling), but this factoid is odd:

recycling a ton of e-waste creates 15 jobs; repairing it creates 150 jobs

Recycling or repairing that ton requires a certain, finite amount of work, then the job is done. Creating jobs usually means something more permanent.


A hyperbolic title that totally misstates the rant from Cory?

Forget it @Boundegar it’s BoingBoingtown…


I think the argument there is that if repairing is the norm, you’re creating jobs 1: at the repair shops, 2: creating the parts which are used to repair the phones, and all the infrastructure bridging 1 and 2. If you’re recycling, you’ve got the guy driving the truck, the guy piloting the ship to the developing world, and the lead-exposed child disassembling the tech.


Actually there’s one good thing here. Next time someone asks why I won’t donate to the EFF I can point to this as an example of where the money (or as claimed in the article “blood & treasure^1”) is wasted.

1 holy hyperbole Batman!

In all seriousness, is it possible to form a second consortium with a new set of standards that puts users before corporate interests? Hard fork that shit?

I feel like web DRM is something that could quickly spiral out of control and become frustrating for users.

Given the choice, wouldn’t many people prefer browsers without that? Wouldn’t developers prefer to work on open source projects that don’t involve DRM?

1 Like

I’d love to see @W3C chime in with a counterpoint.

I fail to see how having DRM in my car engine and my coffee machine will help against music and movie piracy.


I think a good Plan B might be for EFF to try and play a coordinating role between security researchers and major media outlets, both traditional ones like NYT as well as places like Wired, Motherboard, or other outlets I am not aware of but who are widely read in the tech/security community. Get them to contribute to an EFF-administered legal defense fund in exchange for getting rights to the scoop. The researchers would still face the threat of being hauled into court, but they would have deep(er) pockets and legal expertise backing them up. And companies would have to contemplate whether the self-inflicted PR wound of a messy lawsuit against someone trying to help their customers was really worth it, rather than simply using the threat of legal action to silence people as they can do now. Not a perfect solution, but after a few noisy cases exposing companies’ shitty security practices, they may rethink their position, and other companies might see a competitive advantage in actually taking security seriously.

1 Like

Yes. Yes, it is.

But we love it here.

1 Like

Luckily EME is a separate module which someone doesn’t have to implement an interface for. I think the best solution is to use browsers that make it explicit what EME does on sites that use it. Also, keep pushing open platforms and the idea of the commons as part of the Internet (basically anti-propertarianism).

This topic was automatically closed after 5 days. New replies are no longer allowed.