[jgust]

> The web needs these media companies more than the media companies need the web

When you hear about the multi-billion dollar fines and the immense amount of resources spent chasing down and punishing pirates, I have a hard time following this argument. I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares or this

> other revenue paths that they're perfectly happy with

won't continue to exist.

[kelnos]

> I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares

Right, and that's exactly what EME is. Because DRM-free content is a show-stopper for them right now, but they recognize that DRM is a pain point for customers.

[mozumder]

Do us a favor and actually think your cunning plan through for a minute.

Why should content owners post their products for free consumption? What is the incentive for them to do that? How much money do you think they will make?

In case you haven't noticed, the web is losing to apps at every level, from things like Facebook/Instagram/Snapchat to shopping apps. Even newsreaders are being turned into apps. My parents only use the Apple newsreader, for example.

Do normal people even use the web anymore? It seems the web is only used by tech developers.

Such a sad loss for the web..

[imtringued]

Requiring a server to playback the media is already the strongest form of DRM possible. If that's not enough they can just make their own native applications that implement all the DRM that they could possibly want. The only disadvantage of a native application is that they are not crossplatform and EME CDMs aren't exactly cross platform either. They are native code that require the module to be ported to the operating system that.

What's the point of the web if it's just another crappy proprietary platform? EME is basically Flash 2.0.

>Such a sad loss for the web..

What loss? Is the only purpose of a software platform to devour everything without any integrity and it's worthless if it fails to adhere to the will of multibillion dollar companies?

[kelnos]

> EME is basically Flash 2.0.

That's a gross exaggeration; it's nothing of the sort.

Flash is a generic application framework that gets more or less unfettered access to the network, local machine, and browser state (Chrome's Pepper Flash improved a lot of this, fortunately). EME is a heavily-sandboxed decryption and display engine, and nothing more.

[slrz]

Heavily sandboxed, eh? On most devices that implement EME, the DRM implementations run with privileges exceeding that of any user code, e.g. in the TrustZone environment on most Android devices.

The Microsoft DRM implementation is built into Windows (and made available to Websites via EME) and requires cooperating device drivers or no highres video for you.

[kelnos]

Huh? TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.

"Cooperating device drivers" isn't really the right way to look at it. The drivers themselves don't have any code that will refuse to play high-res video. The EME is just able to use the trust chain to validate that the output path hasn't been tampered with.

Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.

[slrz]

> TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.

Right, which is why you might want to use it for handling key material or other sensitive things. Except you now have some gigantic DRM blob (the Widevine trustlet is huge compared to most saner ones) running in your "trusted" environment, able to access your actual sensitive data. That privilege should not be given out like candy (and generally isn't, except when DRM is involved).

> "Cooperating device drivers" isn't really the right way to look at it.

At least video vendors used to claim that DRM-related obligations prevent them from publishing specs for and/or open-sourcing those parts of their driver code that deal with video decoding/output.

> Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.

So, I've just finished writing my trustlet. How do I get it to load on common consumer devices? The ones I have all seem to require that I get it signed by the vendor which doesn't reply to my mails. How should I proceed?