[rlx0x]

This is all so ridiculous, rtmp for instance is as secure a DRM as its ever gonna get and that never stopped me from downloading a stream. Even things like HDMI/HDCP is broken beyond repair. And all of this should justify damaging the w3c reputation forever, what are they thinking?!

This whole concept of DRM is just idiotic, its enough if one guy breaks the DRM and releases it. Why should I even bother booting a propertary OS (windows) and buying a stream everytime I want to watch something if I can just download a release and watch it, and its not like they can do anything against that either.

Why should I bother and buy HDCP capable new hardware, bother with proprietary NSA-compliant US software I much rather buy the DVD, trash it and just download it in a open and free format (I don't even bother with ripping (and breaking CSS) anymore).

[ihsw]

> And all of this should justify damaging the w3c reputation forever, what are they thinking?!

Thinking isn't required to accept your paycheck -- in fact damaging the reputation of the W3C is their goal. There are fewer ways to fragment the standards of the internet better than undermining the integrity of the dominant standards committee by infiltrating it and proposing crap to be standardized.

Since the MPAA and her malicious allies are standing members then their propositions are considered seriously as a matter of policy, regardless of the stated goals and their actual effect.

Preventing piracy is at the bottom of a very long list of power that DRM provides, and maintaining control over your content distribution networks is at the top. The two have some overlap, but it's extremely limited (pirates don't pay, but content distributors do, so they will squeeze the distributors as much as they can).

[gsnedders]

What are they thinking? The majority of the W3C membership want this work done, and the W3C is ultimately bound by its membership. Not working on this isn't an option — take the W3C out of the picture and it'll still be done, quite probably behind closed doors, which is even worse for the web; MS, Apple, and Google are all likely going to ship this whether the W3C specifies this or not; for better or for worse, it is likely to become part of the de-facto Web Platform.

And if you read the lists (as opposed to overly emotional hearsay calling them stupid), you'll realize their concern isn't so much piracy in and of itself (they recognize DRM can and will be broken — they aren't blind), but rather "casual piracy", as it were, ripping a disc having had it lent to you, for example. The aim is to make it sufficiently inconvenient to work-around that that doesn't happen, not that it avoids release on P2P networks and the like.

[duncan_bayne]

Are you sure about that? The majority of the W3C membership is staying pretty quiet about it, at least on the list.

Even if you're right about the requirements (it's hard to say, what with their being confidential and all), is it worth breaking the Open Web to make it slightly harder for folks to pirate TV shows?

And if you're right, why then is every requirement short of non-user-modifiable client components being promptly shot down?

[azakai]

> The majority of the W3C membership is staying pretty quiet about it

As gsnedders said, it doesn't matter. The EME spec is written and pushed by Google and Microsoft, and Apple is on board. Those companies have a strong financial interest to do what hollywood asks here, and together they account for a large majority of the browser market.

The only possible thing that could stop this is pressure on those browser vendors by users of those browsers - which means, for users to stop using them. So far, the public and even here on HN there is little interest in doing that.

[higherpurpose]

I don't think Apple was initially on board. I think it may be there only since late last year.

All of this started with Netflix, and the outrage should be directed mostly at them (but definitely at W3C and the 3 companies, too).

Netflix got Microsoft (obviously, since Hastings is/was on their board), they got Google because of the Chromecast and perhaps some other previous partnerships, and also because Google is very interested in having content these days, which inevitably leads to them supporting the studios' corrupted ways to get the deals. And finally, I guess they got Apple, who saw Google and Microsoft was already on board, and thought it's a done deal, so why not?

I just can't believe that Netflix & Co would rather ruin the web than try to negotiate harder with the studios and make them understand DRM doesn't work, or just get some other kind of deal that's perhaps a little more profitable for the studios. I mean Google managed to give people the same "Match-like" service for free to the users, while Apple charges $25 a year, right? And Apple managed to make their music DRM-free years ago, no?

So I refuse to believe this is the only way around not using Silverlight and nothing can be done about it. There is a way - they just found it much easier to corrupt W3C, and I think this was MPAA's goal from the beginning. MPAA are the people who want to make IPSs all over the world police the web for them (ACTA/TPP), and want to be able to censor the websites they want off the web at will, with no judicial process (SOPA).

So you can only imagine what they have in mind for the browser vendors. Bringing DRM to the web is merely Step 1. Protocols like WebRTC's Data Channels that can make file-sharing easy through the browser, the way https://www.sharefest.me does it? Well, I guess that needs to be banned and discarded now. We can't have such piracy-aiding tools in the browsers, now can we? And so on.

It's clear MPAA runs the show already, if they got W3C, and 3 of the major browser vendors to do what they want. So expect more of this. MPAA member to take over after a "sudden" retiring of Tim Berners Lee from W3C in a couple of years? Wouldn't surprise me at this point.

[eridius]

> I just can't believe that Netflix & Co would rather ruin the web

People keep repeating this. How is it ruining the web to remove the requirement for crappy (and, at this point, end-of-lifed) browser plugins in order to play Netflix content? The only reason I, and I suspect most people, even bothered to install Silverlight was for Netflix. If I can get a pure HTML5 video-watching experience with no browser plugins, and get Netflix content, that is unambiguously a win for users everywhere.

You're acting like DRM didn't exist on the web prior to EME, and would continue not existing without EME. That's flat-out wrong. It existed and continues to exist using proprietary software that is shoved down users' throats.

[duncan_bayne]

But you can't get a pure HTML5 DRM experience! All the HTML5 bit is, is a Javascript API to a CDM decryptor that is every bit as crappy, proprietary, closed-source, insecure and buggy as Flash or Silverlight.

[fafner]

> How is it ruining the web to remove the requirement for crappy (and, at this point, end-of-lifed) browser plugins in order to play Netflix content?

Because then the Web will rely on proprietary binary crappy blobs in its basic functionality. Something which can't be implemented in an open source way. A plugin like Silverlight is no necessity for the web and if Silverlight is crappy and dying then that's really a problem of its users and Netflix. It shouldn't be my problem as a non-Netflix user. If the Web however starts to depend on such a crappy binary blob (which is the result of the EME proposal) then we all have to suffer and it will be a problem for us all.

In other words: If Netflix insists on DRM then they should write their own crappy plugins and applications but not ruin the open Web for all of us.

> You're acting like DRM didn't exist on the web prior to EME, and would continue not existing without EME.

No, we are not. We are just saying that EME will make the open Web depend on crappy proprietary binary blobs and hence no longer be open or libre.

> It existed and continues to exist using proprietary software that is shoved down users' throats.

EME is exactly that! It's proprietary crap software which is forced down everybody's throat because it makes the former open Web depend on it. It's not only something Netflix customers will have to deal with. It's something every web browser and web implementation has to deal with somehow. Which is impossible for open and libre implementations. Thus it will be the end of the open web.

[fafner]

> I don't think Apple was initially on board. I think it may be there only since late last year.

Didn't Apple already ship an implementation of that API in Maverick?

[gsnedders]

(Disclaimer: I haven't read the lists actively in quite a while, and no longer have access to Member-Only lists.)

There have been votes about whether this is in-scope of the AC. As you can tell by work continuing, the vote passed. How many abstained (explicitly or by not voting)? I cannot remember, and cannot check.

The requirement to merely make it more difficult, but not impossible, has been stated on several occasions. Forgive me for not looking up references for this, but it's almost 4am and I ought to sleep. :)

And they believe, rightly or not, non-user-modifiable client components are needed to make this sufficiently difficult — as otherwise someone could easily make a tool to make it sufficiently easy to violate the licensing terms (assuming, for now, all content is licensed — which is itself questionable; if it's not then in many jurisdictions they cannot place restrictions).

[dannyeff]

We (EFF) raised a formal objection to whether content protection was in-scope for the new HTML WG charter; our objection was overruled by the Director, but there was no vote of the AC.

[duncan_bayne]

Hmmm. I think a vote would be a good start, but as an interested third party I don't think I have any way of encouraging that short of advocacy.

[duncan_bayne]

In which case they're being supportive in private, and utterly quiet in public. That's a neat trick in itself.

But I don't think it's an issue of what they believe, it's an issue of what the actual licensing terms are. Those are the real requirements, and so far they've not been made available.

[gsnedders]

I don't think there's any WG which includes all W3C members — most members simply don't care enough to wish to dedicate resources to every WG, not to mention the extra obligations it makes them take on via the patent policy. The situation isn't at all unusual — just a more contentious subject matter!

[duncan_bayne]

That's true ... but this is a most fundamental issue. I'd have expected that the companies that have benefited historically from the Open Web would be at least a little concerned. Like Google. Oh, wait.

[higherpurpose]

> What are they thinking? The majority of the W3C membership want this work done, and the W3C is ultimately bound by its membership.

When they accept organizations like MPAA on their board, no surprise this is the sort of decisions we get, and the sort of decisions we can expect for the web standards from now on.

W3C has been corrupted, and it's only going to get worse for the web if people keep listening to them.

[duncan_bayne]

No, it's perfectly reasonable that the MPAA be allowed membership. It'd be worse if the W3C got to choose who could join.

The issue is the 'crisis of representation' - i.e., some voices are heard more clearly than others.

[Fasebook]

It becomes the defacto standard when it's adopted by developers, it's adopted by developers when their boss hires them to adopt it, they hire people to develop it because they are assured a return on their investment. Why are they assured a return on their investment? Because they decide what the standards are.

It's the same old regulatory capture game since before, but now it's divorced from government support.

[Fasebook]

W3C's reputation went out the window in the minds of all serious software developers with the concept of HTML5's "living standard" aka, no standard. This is the kind of standards we can expect from a standards body in the industry. The only solution is to start again from scratch, maybe on top of TCP/IP only.

[robin_reala]

W3C have never been an official standards body; the most they’ve ever made is a ‘Recommendation’. That’s not necessarily a bad thing.

[rimantas]

Standards matter only as much as the implementations adhere to them. Making HTML living standard thas the right thing to do, because only this really reflects the reality: browser vendors implementing differnt bits of the functionality described. Feel free to start from the scrach.

[Fasebook]

and now they are changing HTML5 to "HTML," the purpose is clear, to sew more confusion into the so called standard and hide the debacle that is w3c.

"this reality reflect the reality"

please... why have a standard at all then. What a joke and perversion of terms. Orwell would be proud.

[mcot2]

I don't care how it gets done, but if we need this to finally kill off flash than I am for it. This problem is solved technically so let's just get it done. Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

I don't understand why purists on the email list end up holding up something that will ultimately be a positive thing from a number of perspectives. Security, battery life, and script-able/touch friendly controls.

[nitrogen]

We want to kill Flash because it's proprietary and closed source (just like HTML DRM). Replacing Flash, which at least works on Linux, Windows, and Mac, with platform-specific DRM, is a huge step backward for the web.

[mcot2]

Not really. I want to get rid of Flash because of security, battery life/performance and because it is not touch friendly.

[espadrine]

Security, battery life and touch-friendliness aren't necessarily the most renown features of a DRM binary blob.

Communicating with the blob in an open-source project will be particularly fun.

[duncan_bayne]

Because those purists - and I'm one - care very deeply about the principles of the Open Web, the very principles that are touted on the W3C website itself.

The fundamental issue is this: up until now, anyone with the will to do so and a general purpose computer could build a browser that could display all the content on a W3C-standards-compliant website.

If EME + CDM are endorsed, then that will no longer be true. The Open Web will be a thing of the past.

That is why we're trying to prevent this from going forward in its current form.

[mcot2]

I don't even understand what the term "Open Web" even means. I don't see how driving video on the web away from flash and onto a standardized system is against the principals of openness, even if DRM is a requirement for content creators.

[duncan_bayne]

Because it's not standardised! Only the interop between the browser and CDM is standardised - the CDM itself is a closed-source, proprietary blob like Flash or Silverlight.

[makomk]

Actually, it's worse than that. The interop between the browser and CDM isn't standardised at all. The only thing this standardises is the browser API that websites should use to request that the browser communicate with the CDM on their behalf.

The interface between the browser and the CDM is proprietary and unspecified, so browser vendors and CDM providers have to negotiate that themselves. The format of the encrypted binary messages passed to the Javascript API is proprietary and unspecified. The API used to communicate with the license server is also proprietary and unspecified, so it doesn't even provide much interop from the media provider perspective - they still have to write a whole bunch of DRM-provider-specific code for every DRM scheme, and it looks like every browser vendor will have their own one.

Basically, it standardises just enough to give media providers the ability to claim they're using pure HTML5, without offering any more interoperability than if every browser vendor just had their own proprietary HTML5 extension for DRM. It's a PR stunt rather than a meaningful attempt at interoperability.

[watwut]

What is exact benefit of driving web away flash? It would make sense if the alternative would be open, but it is not.

[w-ll]

> Yes, every DRM will eventually be broken, but at least it satisfies the executives enough, so what's the problem?

Executives are never satisfied, and the world doesn't revolve around them. Should we allow tapping of our communications because it satisfies our leaders.

> Security, battery life, and script-able/touch friendly controls.

And what do any of these have to do with DRM? In fact, I can guarantee DRM will offer more vulnerable entry points, require more battery on mobile devices, and not be script/ux friendly.

[mcot2]

They will be satisfied enough to offer HTML5 video. The point is killing off Flash. It is a lot easier to secure a smallish DRM module in a browser than a gigantic environment like Flash.

[fpgeek]

Not really.

"Securing" a DRM plugin means "securing" the browser it runs in (otherwise it will be cracked by the browser lying to it about whether DRMed media is being played "securely"), which means "securing" the OS the browser runs on and so on...

[duncan_bayne]

Oh yeah, and in terms of being a purist - the company I co-founded produced a DRM system for Windows software. It's still in use, and I still make money from feature enhancements and bugfixes to it.

So please don't (like a few on the W3 list) paint me as some sort of anticapitalist hippie tinfoil-hat wearer.

I know a fair bit about DRM myself, which is why I say it has no place in the W3C or the Open Web.

[mcot2]

We have basically two options here. DRM for video and audio streams will be introduced by each browser vendor separately, or we have some kind of standard. I would rather see a standards based approach... This is reality. The merits of DRM really have nothing to do with this discussion.

[duncan_bayne]

What is the purpose of a standards based approach, if one cannot implement the standard? That is the reality that EME + CDM offers: 'standards' that can only be implemented by the company that owns the proprietary, closed-source CDM blob.

[mcv]

So the only solution is to make the propriety, closed-source CDM blob independent from the browser. Something that can be plugged into any browser. Like Flash or Silverlight. Or maybe something more specialized that just handles the DRM with as little overhead as possible, to make sure it doesn't eat up more CPU than it should.

If it cannot be open, it cannot be part of browsers that are open, which a lot of browsers are.

[zobzu]

note that, flash playback is still the default at most websites because HTML5 video playback generally sucks. its less efficient and provides a lesser experience in all major browsers.

Eventually this will change, but still.

That and of course, that NO single benefit is worth giving way to DRM. NONE. DRMs are a terrible invention from all points of view.

[mcot2]

You would only see big investment in HTML5 video if big content sites could use it. Currently most of them want DRM...