Hacker News new | ask | show | jobs
by yarrel 3203 days ago
People who are not fooled by the ideology of DRM are fully aware that DRM is a legal strategy, not a technology.

That doesn't change the technological harm of DRM. Putting a DRM-shaped hole in web standards makes browsers less secure, less stable, and less maintainable.

iTunes copy protection used to be broken in a few hours, Blu Ray is long since cracked. DRM is neither secure nor cryptographically sound ( http://craphound.com/msftdrm.txt ). The business models that work online keep on being built without DRM.

But DRM remains an irresistible fantasy for corporations who haven't worked out the economics of getting Apple, Amazon or Netflix to add locks to their content.
2 comments
tptacek 3203 days ago
I don't know a lot of software security people who work on browser security that agree with this. The prevailing sentiment is the opposite: that standardize DRM reduces the attack surface of proprietary DRM down to that of a CDM, rather than full-featured browser plugins. By doing so, EME is improving security, not damaging it.
link
icebraining 3203 days ago
We could have neither, though.
link
tptacek 3203 days ago
By what, banning plugins? Now you're asking the anti-DRM people to do exactly what they're angry at the pro-DRM people for doing: preventing people from running a particular kind of program on their computer. It's an incoherent position.
link
Furmark 3201 days ago
Not banning, simply not providing api for them.
link
tptacek 3201 days ago
That doesn't work. Look what happens with AV providers: they hack their own plugin interface into the browser, and everybody loses more security.
link
madez 3203 days ago
You can have arbitrary exceptions to ensure coherency. There is no reasonable need to have a position without exceptions. Reality isn't that simple.
link
IncRnd 3202 days ago
> DRM is neither secure nor cryptographically sound

That's similar to saying words don't communicate well.

It makes no sense to say that DRM is cryptographically unsound - for the very reason you state, DRM is not a technology.

There have been non-optimal algorithmic choices and weak key-management, but those are entirely separate from saying DRM is cryptographically unsound.

link