W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"




Is the world just that full of stupid? Why would they think this was a good idea?

a community group within W3C formed around the idea of locking away Web code, so that Web applications could only be executed but not examined online.

This is going to make virus detection a lot harder, isn’t it?

Tim, why do you hate us?


This is the kind of crap that makes me feel not so bad about being old and closer to the end than the beginning of my life. It is all going to go either the way of Big Business/Big Brother, or there will be some kind of hairy revolution. I’m ready either way.


If it hadn’t happened now, it would have in another year, or 2 years, or even 5 years. It was inevitable. The net started to become just another commercial medium even before Mosaic was developed - when the first dot com address was registered over 28 years ago. I’m surprised that it’s taken this long to close and lock the door.

I’d love to see a parallel “darknet” develop, one where openness is respected. But the truth is that the idea of a network of networks where everyone is ideally a contributor is almost impossible to maintain. People don’t want to participate, they want to be entertained.

I doubt that it’s possible to start a new, open net today. And even if we could, regardless of its initial values, soon it would be just like this one.


What’s to prevent someone from taking screenshots of ‘locked’ images using a separate application (like I can already do)? Or using an extension or plugin to disable the DRM? I can’t think of any DRM that hasn’t been successfully cracked–why would anyone think that the illusion of protection that DRM affords content providers won’t be hacked in fairly short order and instantly propagated across the web? Is there something that I’m missing here?


When “View Source” is outlawed, only outlaws will view source.


Does watermarking count as DRM? Has anyone found a way to strip http://en.wikipedia.org/wiki/Cinavia ?

We need an xkcd-style super villain to create an implausible scenario highlighting the potential abuses of this.

“The terrorists have planted thirteen bombs across the city and their locations are hidden in this website’s source code!”

“I can’t access the source code, sir!”

“Damnit! If we don’t get those locations we might as well call off the bomb squads and call in the coroners!” The timers are already counting down!"

“Hang on, I just googled a web forum where an amateur programmer offers a Firefox plugin that exploits a workaround!”

“Thank god!”

“The link’s no good anymore! It was hit with a DMCA takedown!”

“What?! Who filed the complaint?”

“…the terrorists, sir.”

“Damnit! How are they always one step ahead?!”


I stand corrected. It doesn’t prevent you from running the file on a media box hooked to a TV–you simply can’t copy it to another disk and have it run on a newer Blu Ray player (which will basically signal the demise of the blu-ray format). I imagine they’ll try to incorporate this into their web DRM somehow. However, I did find some other workarounds: http://torrentfreak.com/cinavia-video-anti-piracy-system-blocked-by-anydvd-130313/

1 Like

How many browsers are there competing for relevance? If the DRM scheme is implemented, I’m certain that at least one browser will emerge that ignores the W3C DRM specifications. If not, another will emerge. I know of at least 2 open source browsers. W3C standards are voluntary. Any browser that implements a standard that users find unacceptable will find those users abandoning their browser in short order.


On the bright side, if the DRM is standardised, so will the workaround. This should make it much easier for open-source browsers to fake compliance with the standard.


My first thought was that this is going to be quite impossible to implement for most websites. If somebody wants me to see a web page, they have to provide me with the data on it: HTML, CSS, JavaScript, whatever. Then the browser takes it and displays it. Now, as I do control the browser on the source code level, that is, I can take an open source browser, make any modifications to it and then compile and run it, I can just disregard the DRM bit in the data.
Even if the data is encrypted, if the (again, open source) browser can display it unencrypted, it can save it.

Then I began thinking the implications of this. I see a couple of options to enforce this. First is to restrict my operating systems so that I just can’t do some things with it, like, well, compile the browser. This is of course hard, because I could use an open source operating system, and if I control my computer, I can bypass things like this. I don’t think the content providers will get the access to administer our computers, though for example Blizzard seems to do that in some extent.

Secondly, and this is the more realistic and annoying option: the content on the WWW can move from text-format HTML, CSS and scripts to proprietary binary content. This would mean encrypted formats with no publicly available specification. The data would then be displayed using binary browser plugins. I see a lot of problems with this, beginning with the fact that the users of operating systems other than Windows or OS X, or probably Android, would be left without the content. An another problem is that the user’s computer would need to run this binary blob, and therefore it could be disassembled and implemented anew. Version handling and updating the binary blobs would also be a pain.

So, I can’t see a working method for implementing this. Either it just doesn’t work (os browser) or it will just recreate the Flash problems in a much larger scale. Also it might also mean dividing the Web into multiple parts with different standards and closed binaries.

I don’t see how anybody would benefit from this, except again the companies writing and selling the DRM software. Somebody will anyway decipher the encryption and share the protected content.

I’m eager to hear other ways to implement such controls - especially if they work around the “compile your own modified browser” problem which seems to be inherent to this.


Are browser vendors obliged to adhere to W3C standards? I don’t think so. While they tend to converge their APIs I’d hope that some, for example Mozilla or Opera, would look to common sense and leave this well alone (until a law comes in to force them otherwise).


That sucks. Who is the appropriate person at the W3C to contact about this?


My high levels of respect for Tim Berners-Lee have taken a bit of a hit today. How can a guy whose invention rose to success because of its openness now think locking it up is a good idea?

Also you know what movie industry? Those who want to pirate your stuff will ALWAYS be smarter than you. All this does is piss off legitimate users.


First of all, W3C is just a standards body. No software developer is obliged to a damned thing with their recommendations.

Second, I suspect that this will incent development of rich applications in the web space. As it stands, why would I, as a developer, spend a lot of time and effort to develop a really slick, robust web app if the source code can be readily stolen/modified/re-used. OSS is fine and good, but somewhere along the line, people need to make a buck.

The Internet is not a charity. Just as we’re having to learn to tolerate more intrusive advertising in exchange for access to a world of content, we’re probably going to have to accept some form of DRM for web apps if we want the web to evolve in any meaningful way.

(Full disclosure: I didn’t look over the standard. Just guessing at the intent based on the blurbs)

As someone who regularly pirates content but feigns rage under the auspices of being a legitimate user, I totally agree.


The W3C has been hijacked by BBC, Google, Netflix, Microsoft, Apple and the MPAA/RIAA.

Nobody except select shills for them in the working groups thinks it’s a good idea. But somehow they rammed this standard down the throats over the vocal objection of many other participants. And somehow they got the top brass including Tim Barners Lee to shill for them too.

It is my conclusion that the W3C is not a valid standards body anymore, and anybody who makes browsers should not regard them as such. Unfortunately the biggest makers of browsers (Google, Microsoft and Apple) are in favor of the Web DRM.

I’d suggest forking the W3C, and forking Chrome.


It’s your 10th birthday, and your favourite uncle has just turned up.

Giddy with excitement, you run to the door to see what he’s brought for you.

‘Yay-’ you start to say, as he unloads a roundhouse kick in your face.

Happy birthday, kid! Have fun eating through a straw the rest of your life.

Fuck you, TBL.