Jump to content

W3C eun by corporations? EFF Appeal to DRM standard rejected, query to see votes denied

suicidalfranco
By suicidalfranco
in Tech News
 Share
Posted
9 minutes ago, Sniperfox47 said:

Eme is specifically only for HTML5 video elements... So sure it can be used to DRM protect video ads but what percentage of ads is that? Just use a browser with EME disabled or ripped out and the ads won't even load then...

 

And used on malicious sites... to serve you video? I get that it's a potential vulnerability to be exploited, but far less so than flash is...

 

 

idk it seems like it wont stay at video. I really think it will expand from there. Without ads reaching the majority of users, the current system of free content that generates revenue will collapse and is collapsing. 

But that's my opinion and I have no proof of that. 

 

Also, laughable that they do this to lock down video, if it's displayed on a screen it can be recorded. Sure for high quality you may need to bypass hdcp and stuff, but the burden of knowing the workarounds is on the few  pirates that distribute content, not the pirates that consume it. 

And if it DID work, one could use a high quality camera and make a shroud from the lens to the screen. How they used to take screenshots for books and stuff way back in the day. 

2s3xzJ3.jpg

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Syntaxvgm said:

to me this is almost more scary than the situation with net neutrality recently. 

My thing with net neutrality was that it was pushed mainly by companies who already have a stronghold on [insert marketplace here] with billions in the bank, so I was very wary about it.

But it's fucking scary to see that companies are trying to push DRM as it's a necessity. It's been proven time and time again that if you treat your customers like fucking customers and not slaves who are forced to buy your shit, they generally come back even if they pirated the thing the first time.

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, Sniperfox47 said:

Yeah, as much as I hate DRM, I don't understand what Lunduke et al.'s issues with this is...

 

If your options are between a black box connecting to the browser through non-standard plugin interfaces that vary from browser to browser, or a black box connecting to the browser through a defined and standardized interface specifically for sandboxing those black boxes from the rest of your junk, I don't understand why you'd choose to not suggest the standard. Especially as it's a standard pretty much everyone has already impliment anyhow...

 

For all the EFF's noise on this issue, the fact is that it's not like a DRM Free internet has ever been or will ever be a thing. That argument is long since dead, the ship sailed a looooooooooooooong time ago. If they didn't standardize something for DRM over HTML5 companies like Disney and Netflix would just fall back to another option and we'd be back where we were 5 years ago with everything running on top of flash/silverlight or some other alternative.

I see a lot of issues with this.

1) This isn't really any better than plugins or such. In fact, EME is in many cases worse because it is embedded into the browser. It's no longer a case of "browsers and web standards are free and open, but then bad de facto standards has appeared in the form of plugins". EME is basically saying "let's take all those bad plugins and then glue them to the browser so users will be even more forced to uses them". This is basically like instead of fixing Flash, W3C just made it a standard for browsers to have it built in. That doesn't fix any of the actual issues. It just means everyone is forced to use that horrible piece of shit. That's a bad thing. Not a good thing.

 

2) The W3C has stabbed everyone in the back on behalf of the movie industry. This really should be seen as a betrayal. W3C has now shown that they do value the opinions of big corporations more than the users of the Internet.

 

3) This entire thing has been very shady, with little to no transparency. That's not how W3C usually operates.

 

4) Like I said before EME was already a de facto standard, so making it a web standard doesn't really change anything.

 

5) Right now the W3C is trying to make EME sound good, while also doing things like retweeting people who attack the EFF. That's just a shitty move.

 

Basically, this means that the W3C has been infiltrated by companies who no longer share the values it was suppose to. It is no longer about making the web a better place. It's about pushing whatever large corporations want, even if it means stomping on users, and they will use shady tactics in order to accomplish their goals.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, LAwLz said:

EME is basically saying "let's take all those bad plugins and then glue them to the browser so users will be even more forced to uses them".

Hopefully browser devs will add a button to switch it off totally like nowadays plugins... :D Or just straight up "forget" to implement it.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
18 minutes ago, LAwLz said:

 

5) Right now the W3C is trying to make EME sound good, while also doing things like retweeting people who attack the EFF. That's just a shitty move.

 

sounds like something an ISP opposed to net neutrality would do. 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
17 minutes ago, jagdtigger said:

Hopefully browser devs will add a button to switch it off totally like nowadays plugins... :D Or just straight up "forget" to implement it.

That's what Firefox did (make it a button to turn it off).

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 minutes ago, LAwLz said:

That's what Firefox did (make it a button to turn it off).

Its a shame they dont treat it as what it is, an optional plugin which shouldnt be preinstalled exist.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Now this is what all those people who whine about google's "censorship" should actually be fighting, but I guess it made less headlines.

5 hours ago, Sniperfox47 said:

Yeah, as much as I hate DRM, I don't understand what Lunduke et al.'s issues with this is...

 

If your options are between a black box connecting to the browser through non-standard plugin interfaces that vary from browser to browser, or a black box connecting to the browser through a defined and standardized interface specifically for sandboxing those black boxes from the rest of your junk, I don't understand why you'd choose to not suggest the standard. Especially as it's a standard pretty much everyone has already impliment anyhow...

 

For all the EFF's noise on this issue, the fact is that it's not like a DRM Free internet has ever been or will ever be a thing. That argument is long since dead, the ship sailed a looooooooooooooong time ago. If they didn't standardize something for DRM over HTML5 companies like Disney and Netflix would just fall back to another option and we'd be back where we were 5 years ago with everything running on top of flash/silverlight or some other alternative.

The difference is I can choose not to install that black box in the first case, whereas now it's baked in the page and will run without my knowledge or permission. So no, it is not the same thing.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, jagdtigger said:

Its a shame they dont treat it as what it is, an optional plugin which shouldnt be preinstalled exist.

At least they took some steps to try and prevent it from being abused/misused. (Link) I can already see other browsers not sandboxing it though, allowing more of what previous people in this thread have said.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
49 minutes ago, Sauron said:

The difference is I can choose not to install that black box in the first case, whereas now it's baked in the page and will run without my knowledge or permission. So no, it is not the same thing.

Except you can just choose to not use a browser that includes it... Midori for example...

Or use a browser that includes it and just turn it off...

 

1 hour ago, LAwLz said:

I see a lot of issues with this.

1) This isn't really any better than plugins or such. In fact, EME is in many cases worse because it is embedded into the browser. It's no longer a case of "browsers and web standards are free and open, but then bad de facto standards has appeared in the form of plugins". EME is basically saying "let's take all those bad plugins and then glue them to the browser so users will be even more forced to uses them". This is basically like instead of fixing Flash, W3C just made it a standard for browsers to have it built in. That doesn't fix any of the actual issues. It just means everyone is forced to use that horrible piece of shit. That's a bad thing. Not a good thing.

 

2) The W3C has stabbed everyone in the back on behalf of the movie industry. This really should be seen as a betrayal. W3C has now shown that they do value the opinions of big corporations more than the users of the Internet.

 

3) This entire thing has been very shady, with little to no transparency. That's not how W3C usually operates.

 

4) Like I said before EME was already a de facto standard, so making it a web standard doesn't really change anything.

 

5) Right now the W3C is trying to make EME sound good, while also doing things like retweeting people who attack the EFF. That's just a shitty move.

 

Basically, this means that the W3C has been infiltrated by companies who no longer share the values it was suppose to. It is no longer about making the web a better place. It's about pushing whatever large corporations want, even if it means stomping on users, and they will use shady tactics in order to accomplish their goals.

1) nobody's forced to do anything... A lot of FOSS browsers have no intentions of implementing it, it's just a suggested standard. And even if you're using a web browser that has it, it's also *much* easier to sandbox than flash, because it rides directly stop HTML5 video elements and is restricted to just those elements.

 

2) ...they're a member organization of big corporations... Why would you expect them to value the opinions of users over that of themselves...? What?

 

3/5) Yeah, that's been a bit of a dick move. That doesn't really have anything to do with EME itself though...

 

It's not like there wasn't a majority that wanted to push forward with this. Would it have been nice if they had reconsidered allowing explicit legal exceptions for security researchers? Yeah, woulda been nice. Was there any realistic expectation that they would, considering how screwed up and abusable US law is? Not really.

 

What's the better solution here? I've heard lots of people going "DRM eww! Yucky!" and not a whole lot of people suggesting alternatives for other ways they could handle it without plugins.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Anyone who doesn't see a problem with this has a short memory, remember lenovo and superfish? remember sony and the CD rootkit malware?  Any user must be allowed to have the choice not to use something they can't have independently verified.    It is one thing for telemetry data, but another completely to force closed standards onto everyone's browser in order to continue using the internet in a free and unhindered manor.

 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 9/18/2017 at 5:38 PM, Syntaxvgm said:

It truly does make me sick. This is the twilight of the open internet 

Tis a sad day indeed.

Ketchup is better than mustard.

GUI is better than Command Line Interface.

Dubs are better than subs

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, Sniperfox47 said:

Except you can just choose to not use a browser that includes it... Midori for example...

Or use a browser that includes it and just turn it off...

 

That's what people said when cookies started to become a thing,  you can just turn them off.  right up until you can't use a single website without them enabled thus giving all your browsing habits up to any third party who's willing to pay for it.

 

It won't be long before websites require this closed DRM to be enabled before you can view it.   It's more than just content consumption that I am worried about.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 09/19/2017 at 2:55 AM, hey_yo_ said:

No more screenshots and screen recordings ?

So we're going back to Screenshots and screensharing via camera pointed at the monitor? :)

Intel i7 5820K (4.5 GHz) | MSI X99A MPower | 32 GB Kingston HyperX Fury 2666MHz | Asus RoG STRIX GTX 1080ti OC | Samsung 951 m.2 nVME 512GB | Crucial MX200 1000GB | Western Digital Caviar Black 2000GB | Noctua NH-D15 | Fractal Define R5 | Seasonic 860 Platinum | Logitech G910 | Sennheiser 599 | Blue Yeti | Logitech G502

 

Nikon D500 | Nikon 300mm f/4 PF  | Nikon 200-500 f/5.6 | Nikon 50mm f/1.8 | Tamron 70-210 f/4 VCII | Sigma 10-20 f/3.5 | Nikon 17-55 f/2.8 | Tamron 90mm F2.8 SP Di VC USD Macro | Neewer 750II

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, mr moose said:

It won't be long before websites require this closed DRM to be enabled before you can view it.   It's more than just content consumption that I am worried about.

Umm... What? This is not a DRM in and of itself... It's just an API for sites such as Netflix and Hulu to allow DRM on straight HTML5 Video Elements... It's not allowed to touch any of the page other than the video element it's decrypting...

 

Will those sites require it to view their videos? Yeah, they already do. Right now if you disable Google Widevine or Adobe Primetime, Netflix straight up will not work. This has been the behavior since *2015*.

 

This specification is nothing new people. It's been in wide use for literally years now...

 

All that this move does is put it forth as a suggested spec, in that they suggest that if you're doing DRM on your videos on the web you do it this way, via a standardized implementation.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
15 hours ago, Sniperfox47 said:

Except you can just choose to not use a browser that includes it... Midori for example...

Or use a browser that includes it and just turn it off...

Of course, but now that it's a web standard it's likely that a lot more websites will require it to be enabled even if they don't really need it. Before, forcing a plugin on the user might turn them away unless your service was something very specific. Now, most users will have it enabled by default and won't know or care how to disable it. It's perfectly possible one day you won't be able to access, say, youtube if your browser doesn't support or blocks EME, despite the fact that there is no real need for it. Why would google want that? Because running their closed software on your machine is an excellent way to collect even more information than they could previously, and now that there's virtually no obstacle they might as well reap all the data they can get.

20 minutes ago, Sniperfox47 said:

All that this move does is put it forth as a suggested spec, in that they suggest that if you're doing DRM on your videos on the web you do it this way, via a standardized implementation.

If that were the case there would be exactly 0 reason for this to be a web standard approved by the w3c. They could already agree on whatever standard they liked without the w3c's contribution. What they're actually doing is sneaking it in as something that is enabled by default (in popular browsers) rather than by user action. On top of that this opens up quite a few security risks - now you simply won't know if a website is running whatever closed DRM software on your machine and that code may be outdated, exploitable or even malicious.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It seems like people forgot about this but, this is a MASSIVE slap in the face for disabled people.

The W3C (at least the W3C before this decision) allowed disabled people to easily navigate through webpages and basically used the web as everyone else.

 

Tools usually require access to the source code so they can do their magic, and because everything is standardized (and devs put a bit of effort into it) disabled people can basically use every website in a similar way.

 

For normal people the DRM isn't a big issue, however if you are deaf for example a program could take the audio from the video and make a transcription of it (not ideal but with a bit of training it's enough for most people to understand most of it). With this DRM, nope! You can't extract the audio so deaf people will have a very bad experience.

If you want my attention, quote meh! D: or just stick an @samcool55 in your post :3

Spying on everyone to fight against terrorism is like shooting a mosquito with a cannon

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, Sauron said:

Of course, but now that it's a web standard it's likely that a lot more websites will require it to be enabled even if they don't really need it. Before, forcing a plugin on the user might turn them away unless your service was something very specific. Now, most users will have it enabled by default and won't know or care how to disable it. It's perfectly possible one day you won't be able to access, say, youtube if your browser doesn't support or blocks EME, despite the fact that there is no real need for it. Why would google want that? Because running their closed software on your machine is an excellent way to collect even more information than they could previously, and now that there's virtually no obstacle they might as well reap all the data they can get.

Umm, what do you mean? YouTube has very legitimate reasons to have EME, specifically for their Widevine CDM to prevent you from just downloading their videos with a third party tools. Bad example maybe?

 

And again, this is only active on an HTML5 video element. Have you read the spec for EME? It's kind of garbage, but it's limited and highly sandboxed garbage.

 

What would be the point of locking out a webpage to people without Widevine enabled? Preventing access for all of the people using Edge, Vivaldi, Opera, and Safari? Chrome and Firefox are the only two major browsers that implement Widevine. If it's to convert people over to Chrome, they'd be hit with an anticompetition lawsuit in the EU faster than you can say "Wet Noodle".

 

21 minutes ago, Sauron said:

If that were the case there would be exactly 0 reason for this to be a web standard approved by the w3c. They could already agree on whatever standard they liked without the w3c's contribution. What they're actually doing is sneaking it in as something that is enabled by default (in popular browsers) rather than by user action. On top of that this opens up quite a few security risks - now you simply won't know if a website is running whatever closed DRM software on your machine and that code may be outdated, exploitable or even malicious.

Umm... what? It's something supported by the W3C because it's HTML5 related and made by W3C members (Google, Microsoft, and Netflix among others). It was important (back in 2014 when this was made) for there to be a way to play back encrypted media in HTML5 in order for it to reach feature parity with Flash.

 

Could it have been a rough standard Google and Netflix worked out just between them for Netflix to work with Chrome? Sure. But that doesn't help Netflix on any other browser, and doesn't help other companies like Hulu or Pornhub.

 

And again, EME has been a standard since 2014 and has been widely used since 2015... This is not about making it a W3C Standard. It already is and has been for years. This is just them saying "Yeah, it's mature and stable in modern browsers so drop Flash and move over to HTML5".

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, Sniperfox47 said:

Umm... What? This is not a DRM in and of itself... It's just an API for sites such as Netflix and Hulu to allow DRM on straight HTML5 Video Elements... It's not allowed to touch any of the page other than the video element it's decrypting...

 

Will those sites require it to view their videos? Yeah, they already do. Right now if you disable Google Widevine or Adobe Primetime, Netflix straight up will not work. This has been the behavior since *2015*.

 

This specification is nothing new people. It's been in wide use for literally years now...

 

All that this move does is put it forth as a suggested spec, in that they suggest that if you're doing DRM on your videos on the web you do it this way, via a standardized implementation.

 

 

I'll rephrase then"

 

It won't be long before websites require you to have this active, a piece of non open software that they pushed through even though there seems to be no need (becasue as you said primetime and google are already doing it).    I'm sorry but you are not making a very good case for it,  closed/proprietary software standards in a browser only spells trouble.  When that occurs there is no way to ensure consumers are protected, this is why governments have forced MS to hand over the source code for windows, this is why Kaspersky is facing the US senate to prove his software is secure.   There is a time and place for closed software, but as I pointed out already with superfish and sony rootkit, it's not on everyday standards that people have to trust in order to function.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
23 hours ago, Sniperfox47 said:

1) nobody's forced to do anything... A lot of FOSS browsers have no intentions of implementing it, it's just a suggested standard. And even if you're using a web browser that has it, it's also *much* easier to sandbox than flash, because it rides directly stop HTML5 video elements and is restricted to just those elements.

You can't honestly believe this. They are not forced at gunpoint but that's like saying you don't need to allow cookies, or that you don't need to allow JavaScript. If you decide to disable then the vast majority of websites will stop working.It's in theory not forced, but in practice it is.

It's like saying nobody is forcing you to pay rent. It is technically true, but you kind of need a place to live in order to survive, and without paying rent that won't work (in before "durr you don't have to pay rent if you own a house" or whatever).

 

Also, how is this much easier to sandbox than Flash exactly?

And can you prove that it is restricted to only HTML5 video elements and have no access to anything else? I certainly can't, because the implementations of the DRM are all closed source (and they have to be).

 

23 hours ago, Sniperfox47 said:

2) ...they're a member organization of big corporations... Why would you expect them to value the opinions of users over that of themselves...? What?

Because the goal of the W3C is not to serve big companies at the expense of the users.

This is the first time that the W3C has mandated that browsers include closed source components in order to be compliant with what's suppose to be open standards that foster the growth of the Internet.

The entire purpose of the W3C forming was to make sure all the vendor-specific web technologies would get replaced with standards that anyone could aim to comply with. This goes against the entire reason W3C was formed to begin with. All of a sudden we are back to relying on closed source blobs pushed out by a handful of companies. Anyone who does not bow down to the likes of Adobe or Google will be cut off from a significant portion of the web.

That was already the case with Flash, but this decision from the W3C doesn't actually improve the situation. It just solidifies the terrible status quo that yes, if you want to watch videos on the Internet then you have to run it through a closed source program developed by for example Adobe (what Firefox uses).

They might as well have made Flash a web standard. It would have served the exact same purpose.

 

Just look at the discussion about which format would be the standard one for <video>. Not even in that debate did the W3C settle for a closed source standard. That's because they have up until now believed that being free and open is a crucial part of the Internet. Too bad they seem to have abandoned that philosophy though.

 

23 hours ago, Sniperfox47 said:

What's the better solution here? I've heard lots of people going "DRM eww! Yucky!" and not a whole lot of people suggesting alternatives for other ways they could handle it without plugins.

How about simply not making EME a standard? It was already a de facto standard, so the only thing this move does is cement DRM as a core part of the Internet. Something no sane user should be defending or applauding.

It's one thing to keep your hands clean and not pick side. The W3C has clearly picked side on this though, by promoting and encouraging the use of DRM.

 

 

 

8 hours ago, Sniperfox47 said:

This is not a DRM in and of itself... It's just an API for sites such as Netflix and Hulu to allow DRM on straight HTML5 Video Elements...

Technically true but the fact that it isn't DRM in and of itself is kind of irrelevant since the only difference that distinction makes is that different proprietary blobs can be used. It's not locked down to a single one, but it is locked down to a few specific ones.

 

8 hours ago, Sniperfox47 said:

It's not allowed to touch any of the page other than the video element it's decrypting...

Oh good. Then I guess all the sandboxing Mozilla added is completely useless since it won't be able to touch anything but the video stream for decryption. Someone should tell Mozilla, Google and the rest that they do not need to sandbox it. I mean, it is closed source so we actually don't have any idea what it is doing, but if you say that it only touches the video elements then we should totally trust that...

 

8 hours ago, Sniperfox47 said:

Will those sites require it to view their videos? Yeah, they already do. Right now if you disable Google Widevine or Adobe Primetime, Netflix straight up will not work. This has been the behavior since *2015*.

Yep, and now that it is officially a standard we should expect more and more websites to implement it.

 

8 hours ago, Sniperfox47 said:

All that this move does is put it forth as a suggested spec, in that they suggest that if you're doing DRM on your videos on the web you do it this way, via a standardized implementation.

It's not putting forth a suggested spec. That's what happened several years ago.

What they have now done is endorsed DRM use as well as made it an official standard, instead of just a suggestion like it was before.

They went from "hey this is how you can do things, but don't expect it to work everywhere" to "this is how you should do it, and you should expect it to work everywhere".

 

 

Edit: And we are already seeing deviations away from this. PlayReady which is necessary for watching 4K Netflix is not EME complaint, and I would not be surprised if other services start requiring other types of DRM as well (which don't use EME).

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, LAwLz said:

How about simply not making EME a standard? It was already a de facto standard, so the only thing this move does is cement DRM as a core part of the Internet. Something no sane user should be defending or applauding.

It's one thing to keep your hands clean and not pick side. The W3C has clearly picked side on this though, by promoting and encouraging the use of DRM.

Again, it's been a W3C Standard since what? 2014? This is just moving it from PR (Proposed Recommendation) to REC (W3C Recommendation), which is part of the life cycle of any W3C spec.

 

DRM was never *not* going to be a core part of the internet. Does it suck? Yeah. I'm not disagreeing with that. But why are people treating the W3C like criminals over it?

 

4 hours ago, LAwLz said:

Also, how is this much easier to sandbox than Flash exactly?

And can you prove that it is restricted to only HTML5 video elements and have no access to anything else? I certainly can't, because the implementations of the DRM are all closed source (and they have to be).

 

[...]

 

Oh good. Then I guess all the sandboxing Mozilla added is completely useless since it won't be able to touch anything but the video stream for decryption. Someone should tell Mozilla, Google and the rest that they do not need to sandbox it. I mean, it is closed source so we actually don't have any idea what it is doing, but if you say that it only touches the video elements then we should totally trust that...

Because it's just a content decryption system? Your browser hands it an encrypted filebuffer and it hands back a framebuffer to be displayed in the video element. It doesn't have to interact with any other part of the DOM because all messaging done with it, by the spec "MUST" be done through the browser APIs.

 

They sandbox it specifically because it can't be trusted to obey the spec. Even if it was open source it should be sandboxed. Where did I ever say it shouldn't be sandboxed? It's much easier to sandbox because there is *no* valid reason for it to touch DOM or anything other than what your browser explicitly hands it.

 

It's not like Flash where it doesn't normally need to interact with DOM, but sometimes it does, so you have to box it away, but not totally box it away in case it legitimately needs to grab something.

 

5 hours ago, LAwLz said:

Edit: And we are already seeing deviations away from this. PlayReady which is necessary for watching 4K Netflix is not EME complaint, and I would not be surprised if other services start requiring other types of DRM as well (which don't use EME).

 

Playready is exposed via EME. Netflix 4k leverages it via EME. Playready 2.0 was the only EME provider for IE and Edge until Playready 3.0 support was added to Edge.

 

http://playready.azurewebsites.net/Home/Hwdrm

https://msdn.microsoft.com/en-us/library/dn521040.aspx

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, Sniperfox47 said:

DRM was never *not* going to be a core part of the internet. Does it suck? Yeah. I'm not disagreeing with that. But why are people treating the W3C like criminals over it?

 

Because for a consortium who's very first principal in their mission statement is "open standards",   they are doing are very fine job of not being open to the point of hiding votes and ignoring their own members.

 

https://www.w3.org/Consortium/mission

 

I don't care how you cut the cake on DRM or this implementation, if it smells like a shit, looks like a shit it most probably is a shit.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, Sniperfox47 said:

Again, it's been a W3C Standard since what? 2014? This is just moving it from PR (Proposed Recommendation) to REC (W3C Recommendation), which is part of the life cycle of any W3C spec.

Someone should have told the W3C that. They could have skipped several years of debate and voting if they had known that all proposed recommendations will become final recommendations. In fact, why even have a proposed recommendation stage if all things that come to this stage ends up being final recommendations and standards?

 

 

3 hours ago, Sniperfox47 said:

DRM was never *not* going to be a core part of the internet. Does it suck? Yeah. I'm not disagreeing with that. But why are people treating the W3C like criminals over it?

Do you honestly not understand why people are treating them like criminals?

I posted a list of 5 reasons why earlier on this page. It's because:

1) This does not make things better because it just means the technologies we despise will now be baked into the core of the WWW.

2) The W3C has stabbed users in their back and are giving fellatio to big mega corporations that wants to control their users.

3) This entire process has been very shady with little to no transparency.

4) EME was already a de facto standard. What has changed now is that it is actively endorsed and recommended by W3C which is disgusting.

5) The W3C is currently throwing shit at the EFF.

 

 

3 hours ago, Sniperfox47 said:

Because it's just a content decryption system? Your browser hands it an encrypted filebuffer and it hands back a framebuffer to be displayed in the video element. It doesn't have to interact with any other part of the DOM because all messaging done with it, by the spec "MUST" be done through the browser APIs.

 

They sandbox it specifically because it can't be trusted to obey the spec. Even if it was open source it should be sandboxed. Where did I ever say it shouldn't be sandboxed? It's much easier to sandbox because there is *no* valid reason for it to touch DOM or anything other than what your browser explicitly hands it.

 

It's not like Flash where it doesn't normally need to interact with DOM, but sometimes it does, so you have to box it away, but not totally box it away in case it legitimately needs to grab something.

It's nice to see that you are arguing against yourself.

1) Flash has been sandboxed for ages. While they might not always have been bulletproof at all times, they have been pretty good and I doubt we will now somehow get higher security because the sandboxing is supposedly easier to implement.

2) Like you said, it is suppose to not touch anything but the video stream, but since the DRM implemented with EME has made it mandatory that it is closed source you can never know what it does and doesn't do.

3) You have at several points said that this only applies to <video>, but I can't actually find any source on that. The official documentation only defines it as "media", which could mean anything. MediaKeySystemConfiguration contains several non-video related members, including initDataTypes which fetches a list of initialization data types.

 

 

3 hours ago, Sniperfox47 said:

 

Playready is exposed via EME. Netflix 4k leverages it via EME. Playready 2.0 was the only EME provider for IE and Edge until Playready 3.0 support was added to Edge.

 

http://playready.azurewebsites.net/Home/Hwdrm

https://msdn.microsoft.com/en-us/library/dn521040.aspx

Oh, my bad. I assumed PlayReady did not use EME because if it did then EME would be a useless specification which does not ensure interoperability.

As it turns out, it is even more of a piece of shit than I thought. So what is the goal of EME exactly? I thought it was to provide standardized APIs which would ensure that browsers had a standardized way of handling DRM protected content, in order to ensure interoperability.

PlayReady does not work in third party browsers by design, so to me it seems like EME did not accomplish its goal.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×