[untog]

No, I am saying that browser manufacturers should slightly increase their vulnerability surface area (and maybe not at all - I don't know the internals of EME) in order to provide a locked-down feature to users that they would only otherwise get by downloading a native app that has access to their local file system, amongst other valuable things.

It's the same logic that leads to them to support JavaScript.

[4bpp]

Assuming the motivating reasoning here is that the overarching goal of the browser vendor should be to protect the user, the question still is what timeframe it is appropriate to consider. If the browser does not implement DRM, the user may download an infected native app to watch Netflix or porn from some far shadier website or whatever, sustaining more harm in the short run; however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root. This will maybe chip away at the addictive convenience of Netflix and co, and so they won't be able to dictate terms to the computing ecosystem as they evidently can right now, benefiting the user in the long run.

[WorldMaker]

The "garbage-piled-up-on-grandpa's-computer bad" isn't an isolated incident, and is a relatable category, as you imply in your usage, because it is a common problem. IE toolbar plugins and "special download managers" have never gone away and likely never will, those sorts of malware will continue to just change shapes. Your grandpa probably just wants to play poker with his buddies and his buddies are on Joe's Terrible Malware-Infested Poker Site. Convenience, pragmatism, and social network effect immediacy beats theory, logic, and "long term thinking".

Replace "play poker with his buddies" with "watch movies his buddies are talking about" and "Joe's Terrible Malware-Infested Poker Site" with "Netflix's DRM-Infested Site" and the results are the same every time. Your grandpa isn't likely to care if Netflix has DRM or not so long as it doesn't stop him watching movies. If Netflix, because it's the brand he and his buddies trust, tells him to install a thing to keep watching movies, he installs the thing.

Maybe, maybe you might be able to convince your grandpa to stop watching videos using that thing he installed because it's bad for his computer's health... but there are a lot of "grandpas" out there, it's a huge category of people that "I just want to do the thing and I don't care how so long as it works and is convenient".

I don't think this a question of timeframe, it's a question of do the right thing for the most users. There are a lot more "grandpas" than there are DRM-fighting or at least DRM-wary concerned citizens like you or me.

[emodendroket]

> however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root

This is clearly written from the perspective of somebody who never did help desk work or helped family or friends with computer problems.

[4bpp]

Your point being... that I underestimate how people will keep downloading them anyway? I haven't done help desk work, but have been asked to do plenty of the latter; over the years, at least in my vicinity, skepticism about downloadable plugins had certainly developed to a level where I would only ever see the "half of the window is toolbars" IE screenshots in 4chan /g/ snark threads anymore.

[emodendroket]

Yeah, that was my point... unless things have like drastically changed in the last few years I think you're overestimating the level of user education.