Hacker News new | ask | show | jobs
by codebeaker 3639 days ago
I thought the general consensus amongst people, including the general HN crowd was that it was better to allow the w3c to specify a "black box" with well defined inputs and outputs. Allowing vendors to slot in their own (probably closed source) implementation than it was to slam the door in their faces whilst screaming "SCREW YOU, USE SILVERLIGHT OR FLASH".

Defective by design seems to be misinterpreting the "build the web for the users first" quote here, because the alternative to this proposal is not "no DRM", the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.

There's a time and a place to fight about DRM vs. no-DRM , but it's not here, this is the fight about how the DRM we will inevitably get works and interoperates.
7 comments
chriswarbo 3639 days ago
I wouldn't say there's concensus.

> because the alternative to this proposal is not "no DRM", the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.

Good. Everything which makes DRM easier to implement, more reliable/stable/cross-platform/interoperable/etc., more streamlined and simpler to use, just skews the cost/benefit in the wrong direction. Everyone should be Free to make whatever DRM system they like, but such anti-social behaviour shouldn't be encouraged, and I certainly don't want to see organisations (FSF, Mozilla, W3C, etc.) making that activity any easier.

Plus, the harder it is to obtain and set up a working DRM system, the easier it will be for me to avoid it. For example, online tracking is very easy to accomplish, and is supported by many Free Software browsers, which means I have to spend time maintaining black/whitelists, selectively enabling JS in NoScript, deobfuscating and reading through JS source, etc. to avoid it. In comparison, Silverlight and Flash can be avoided very easily by not installing them.

Consider an analogy to proprietary software. It still exists, everyone is Free to make it, and many say it has a better UX. That doesn't stop me from running pure Free Software systems. If, say, the FSF had caved in years ago, and accepted some proprietary software, then my choice to avoid proprietary software would have been much harder since I'd have to disentangle such blobs myself.

The point of the GPL is to make Free Software easier to write, without benefitting proprietary software.

> There's a time and a place to fight about DRM vs. no-DRM , but it's not here, this is the fight about how the DRM we will inevitably get works and interoperates.

If you've given up that's fine, but please don't get in the way of those of us still fighting.

link
robwilliams 3638 days ago
Genuine question: how should streaming companies protect against their content being stolen/ripped/etc without DRM? What's the alternative? I'm sure it's in the contract of every streaming service that they have to protect the licensed content to the best of their ability. Saying "fuck the greedy media companies" doesn't help the streaming services that need to license content to survive. Considering almost half of all bandwidth (in the US at least) is used for streaming, I'd say it's pretty important to have a well-defined solution to enable streaming companies to do what they need to do.
link
chriswarbo 3638 days ago
> content being stolen

It's duplication, not transfer, so "sharing" is a more appropriate word than "stealing".

> I'm sure it's in the contract of every streaming service that they have to protect the licensed content to the best of their ability.

I've also read many EULAs which contain onerous terms; contracts don't need to be agreed to, and negotiations are a two way street. We need more of http://news.bbc.co.uk/1/hi/entertainment/2843069.stm and less of https://www.theguardian.com/technology/2011/nov/14/bbc-hd-dr...

> need to license content to survive

> Considering almost half of all bandwidth (in the US at least) is used for streaming, I'd say it's pretty important to have a well-defined solution to enable streaming companies to do what they need to do.

Streaming companies don't "need" to do anything. If they truly "need" DRM to exist, then they should shoulder that burden themselves rather than coercing others into doing the work for them; especially organisations and structures governing the Web, which was created specifically to disseminate human knowledge.

If that's too much of a burden for media companies to handle, then they should bow to market forces and close down. Humanity has survived perfectly well for millenia without them. Perhaps that will help divert some of the entertainment industry's billions towards causes of some actual importance.

link
belorn 3638 days ago
DRM is not about protecting content, its about lock-in and keeping users on a single platform. Security researchers (schneier) has written about it. Content creators has written about it (Doctorow's Law), advocates has written about it (EFF), and of course users has written about it endlessly. The only people who argue that DRM is about protection is the publishers.

There are a few schemes, which normally do not even count as DRM, that is intended to protect copyrighted material. Encrypted TV channels is a primarily example. A streaming service could copy that scheme, but delivery physical tamper-proof boxes that do key-exchange every few minutes is quite expensive. Alternative they could what YouTube/Twitch do, which makes copying a stream about as difficult as downloading a pirated version from a torrent site (ie, you need to use a third-party software). For movies, it is the best protection as you can get without having to distribute physical boxes.

link
virtualized 3638 days ago
> how should streaming companies protect against their content being stolen/ripped/etc without DRM?

They shouldn't because it is useless. DRM can always be circumvented.

> it's in the contract of every streaming service that they have to protect the licensed content to the best of their ability

This is the only reason why DRM exists: Stupid, greedy rights sellers. They don't care why or how people consume the media. They only see licenses and money. "Protecting" licenses equals protecting money for them.

DRM is not bad because I want to "steal" anything. It is bad because proprietary software with the main goal of restricting its users leads to a bad experience. Amazon Prime Video for example is horribly buggy and hard to use. If I could use a decent player, I would pay more money for the service. Both sides would benefit from no DRM, but greedy rights sellers don't have logical thinking in their toolbox.

link
ffggvv 3639 days ago
Try IceCat.
link
dingaling 3639 days ago
> the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.

But we're going to have a plethora of proprietary DRM implementations, each self-important vendor writing their own plugin targeting the EME API. And end-users will still have to track-down the correct combination of architecture and OS for each plugin, except multipled now for every streaming-media vendor that they use.

For example, look here at the most-deployed DRM plugin currently available:

https://www.widevine.com/supported_platforms.html

Nothing available for *BSD, Sailfish, FirefoxOS... whereas current users of those platforms at least have Flash.

The W3C's argument is that without EME, DRM-protected media will move off the open web into its own app-silos. But that's exactly what will happen with EME, too, except the apps will be hosted within browsers.

Wouldn't this be a good opportunity to draw the line with browsers-for-the-open-web and apps-for-secret-stuff?

link
belorn 3639 days ago
Silverlight and flash both work on Linux. The youtube experience is today identical on linux, android and windows. Do you think there will be a open-source alternative to each of the new closed source DRM implementations done by different sites?

Welcome to the new world where depending on the number of users your system has, some websites will work and others won't. If its worth for the company to develop to your platform, you might be worthy the time. If not, well, thought luck, go out and buy a platform which is supported.

Games has had this wonderful (sarcasm) idea of platform exclusives. Publishers could not do that with flash, but with unique DRM platforms for each site, its both convenient and easy. Wonder how well Mozilla and Google can compete in that space with Microsoft, an entity well experience in platform exclusive dealings.

link
wutbrodo 3639 days ago
> Silverlight and flash both work on Linux.

> Welcome to the new world where depending on the number of users your system has, some websites will work and others won't. If its worth for the company to develop to your platform, you might be worthy the time. If not, well, thought luck, go out and buy a platform which is supported.

If you're implying that the world wasn't like this before, you're simply wrong. I was unable to give good faith recommendations of Linux systems to people for _years_ because Netflix wouldn't run on them, at a time when Netflix access was important to pretty much everyone I knew. This only really changed after mobile devices became ubiquitous and thus more or less obsoleted the complaint.

Holding up silverlight as an example of a closed source plug-in that works on Linux is a terrible one, given how long it took for that to be the case.

link
belorn 3639 days ago
The websites that are platform depended are so few that we know the names of them, and it is currently very expensive to make platform exclusive sites. Is the case of Netflix the reason why we want more of them?

Linux has flash, it has silverlight, it has java. In the beginning they worked terrible, but thanks to the effort of open source developers, sooner or later it they got ported. When each publisher has their own DRM platform, copying the business model of the console market and earning money on the concept of exclusivity, how many open source ports do you expect to see?

link
4bpp 3639 days ago
If there is a plethora of hostile, wide-reaching proprietary DRM implementations, then surely this scenario will suck from the average end user's perspective, hindering the adoption of DRM. Helping the W3C create a standard, friendly and well-engineered DRM solution just means that the opposition to DRM will be reduced to a handful of internet freedom extremists who don't constitute a significant market segment anyway.
link
greggman 3639 days ago
Where did you read about this consensus? I certainly haven't seen one.

The EME stuff is a proprietary plugin by any other name. If evil Corp wants a root kit for you to watch movies evil Corp gets one. There is zero difference between EME and other plugin systems from the pov of the vulnerablility it exposed your system to to the depth it can infect your OS to enforce itself.

link
simbalion 3639 days ago
It's not inevitable. Every single bit of data that enters a user's machine from the internet, that user has a right to store and re-examine at their leisure. Anyone who says otherwise is a crook of the 'old ways'.

The internet does not belong to those people, it belongs to us. It should remain free and open and sane. A monopoly by giant corporate media conglomerates is not inevitable.

link
pornel 3639 days ago
> it was better to allow the w3c to specify a "black box" with well defined inputs and outputs.

But they didn't! EME is a spec for only for inputs, and no outputs.

EME entirely depends on CDMs, and their interface is deliberately left completely undefined (W3C uses that as an excuse to say they didn't—strictly speaking—define a DRM).

Plug-ins at least had an open NPAPI interface that anybody could integrate with. CDMs don't have any public interface. The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins).

So now it's illegal under DMCA to write your own browser that plays EME-protected video with CDM compatible with Chrome's, Safari's or IE's.

It's a loss of freedom, and no DRM has been removed or even relaxed in the process.

link
slrz 3639 days ago
> The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins).

On mobile platforms, they generally are system-integrated (and hardware-supported) components, often running at privilege levels exceeding the running Android/Linux kernel.

See the recent Qualcomm case where a DRM component (Widevine) running in TrustZone context[0] was used to attack Android's full disk encryption scheme.

[0] TrustZone is an ARM architecture feature for running code in a different execution context not accessible from the "normal" running kernel. Useful for running small amounts of code dedicated to protecting crypto keys, but horrible if you load gigantic DRM blobs into it that no one could reasonably audit due to sheer size even if their source code was available.

link
RBO2 3639 days ago
Agreed. Some opponents of DRMs say this is the beginning of the end of open computers. We've heard recently about the Intel Management Engine.

On the other hand, almost all DRMs were broken because the content is available in clear: http://betanews.com/2016/06/26/chrome-drm-streaming-video-fl... https://iseclab.org/media/uploads/zotero/Steal_This_Movie_-_...

link