[andrepd]

It is opt-in AFAIK.

[wolfgke]

There is no option I have to opt in whether I want a malware interface (EME) installed in my browser or not.

[kibwen]

Yes, there is an option, and it has been linked repeatedly in these threads. The irony being, of course, that if Firefox didn't yield to the other browser vendors in implementing EME they wouldn't have the marketshare to keep development going, which means there would be zero browsers rather than one that make it trivial to forgo DRM.

[jayshua]

What makes EME a malware interface?

[wolfgke]

DRM is malware (I don't seriously believe I have to explain why) - so EME is a malware interface.

[jayshua]

I'm completely unfamiliar the entire discussion (I've just ignored it in the past), and I don't actually know why you think that. Could you elaborate?

[imtringued]

A EME module is basically a proprietary closed source plugin just like silverlight and flash and shares the same potential security issues.

[acdha]

That's a gross oversimplification: Flash and Silverlight were rich platforms with complexity on the same order as the entire browser. EME has a much narrower interface which provides stream decryption – it doesn't even have the video codec, whereas Flash/Silverlight had complex video, audio, image, PDF, font, etc. implementations with a long history of exploits.

This really matters because so many of those exploits relied on other features to actually run the payload. Not having any of those in the first place is a big attack surface reduction, even if the politics are legitimately debatable.

[Dylan16807]

It makes your computer stop responding to your commands in a bunch of ways.