"We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM."
which is an active protection of the user against malware.
You should look at how Mozilla implemented EME then. The CDM is sandboxed, in a much stricter sandbox than the rest of the browser even. So no, the CDM potentially being dangerous (for privacy or security) isn't actually that much of an issue.
Of course, someone might at some point claim that the privacy features harm the copyrights protection, at which point choices will have to be made.
History provide ample evidence that Mozilla will make the choice their users ask for (which is, by the way, not necessarily the choice some users will voice the most loudly).
To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
I'm not saying this is a good thing, but "people should just not watch DRMed video" is not an actual answer to the problem at hand.
that's the whole point: if your product is so amazing that your users will do that, then it's great! but those of us who are NOT your customers will be able to exist without the attack surface on our machine.
So you claim that Firefox (and other browsers) should implement malware or a malware interface into their browser so that users don't have a reason to download and install some other malware?
I don't know about the GP. I claim that a form of DRM that Mozilla begrudgingly accepts into Firefox has better odds of not turning out to to be "Sony Rootkit" literal malware than if everybody else is rolling their own.
This battle is lost, let's not lose the war to have our little Alamo moment.
No, I am saying that browser manufacturers should slightly increase their vulnerability surface area (and maybe not at all - I don't know the internals of EME) in order to provide a locked-down feature to users that they would only otherwise get by downloading a native app that has access to their local file system, amongst other valuable things.
It's the same logic that leads to them to support JavaScript.
If Firefox doesn't support DRM Video Mozilla dies. Users will not use a browser where they can't watch the videos they want to watch and those videos are under DRM.
You can't solve this problem at the standard level or the browser level. You can only solve by education users enough that they see no DRM as a feature and at the legal level by enshrining user protections in law.
> To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
False dichotomy.
Instead of exposing a small percentage of users to large attack vector (native app), you are exposing a very large percentage of users (close to 100%) with a lower attach vector. THe potential for damage is much, much higher, since it would affect about everyone using the Internet with major browsers.
For all the DRM Netflix has pushed down our throats, they still serve many titles (mainly movies and not their own productions) in piss-poor quality with those browsers whose users' freedom they have crippled. And I do mean absolutely awful quality as some titles clock in at less than 1000 kbps which isn't even nowhere near DVD quality.
What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place. Firefox staying relevant in the browser market is a better strategy in the long run than a hard line stance against DRM.
I can't tell if this is satire. Does anyone seriously believe that surrendering the war when you've lost one battle is an intelligent strategy? Mozilla contributes a whole lot to OSS, including providing a browser that can be trivially used without any black-box DRM-enforcement code hitting your system.
I didn't mean to suggest I categorically disagreed with the decision, in this case. I simply note that you can't extend that logic indefinitely, or you lose the thing you're fighting for.
> What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place.
This was rather the point of Fall of Men ("Zeitpunkt des Sündenfalls") in Firefox' history to me. It was also the point in time where I stopped donating to them.
Firefox is, AFAIK, the only browser vendor that decouples the EME module from the browser, allowing the browser to be downloaded without any DRM support at all. See the various "EME-free" directories here: http://download.cdn.mozilla.net/pub/firefox/releases/55.0/
Mozilla opposed EME very strongly. But when it was clear that Google, Microsoft and Apple all supported it and were shipping it, Mozilla was forced to ship it as well (with a flag that makes it easy to disable for users that want to).
Mozilla is playing a double game of pretending to be on the users side while completely being in Google's pocket. For Google this ensures they cannot be accused of being a monopoly.
And those working for Google attempting to divert attention to Hollywood are symptomatic of the reality distortion field and self deception of SV. Google is a spyware company engaged in mass surveillance and creepily following everyone on the planet for profit. There are no redeeming values here. SV is basically a gold rush with greed and money being the primary driver glossed over with dollops of pretension.
The world just has to step up to take control and diminish the ideology that drives SV. So far be it open source, web services, standards or regulations there is no contribution. Why are there no alternatives to Firefox, Google, Facebook and others? You can't be completely dependent on these companies and then claim victimhood.
That deal may be over but Mozilla still gets money from Google for search. Why is user advocacy so low key and half hearted, this being just one of them. What do they have to lose?
They have consistently thrown in the towel while diluting the very things that users would choose them over Chrome for.
There are many ways to exert influence in this world. Mozilla is in SV and is very much part of the culture and ecosystem. We need genuine alternatives and activism against entrenched interests.