1. 39
  1.  

  2. 6

    A lot of DRM arguments have been around slippery slope arguments like this, but I don’t feel like it gives the current context enough weight.

    DRM on the web exists already, people install plugins to watch streaming services. This is giving a way to avoid having to install arbitrary plugins, instead boxing things into a bit of a safer environment.

    Meanwhile , no one seems to be clamoring for hiding their CSS stylesheets , mainly because no tech company is under contractual obligations from Hollywood to do so.

    1. 12

      A lot of DRM arguments have been around slippery slope arguments like this, but I don’t feel like it gives the current context enough weight.

      We’ve been sliding down that slippery slope for about two decades now. And it has been getting considerably worse. In the early 2000s we saw people outraged about the first appearances of DRM’ed music and movies. Nowadays people seem to accept it, and are even moving towards accepting even more dramatically absurd forms of DRM from coffee makers to cars.

      And every time someone complains about DRM someone says “well yeah but people are okay with this one step that’s not as bad, what’s so bad about this one step worse”, which is exactly how the slippery slope works.

      1. 4

        My recollection of things is that the DRM situation has gotten better, not worse, over the past 15 years. Not for everything but for a lot of things

        It used to be that when you bought music from an online store, you had a DRM mess. Streaming video had to go through weird windows Media player DRM, which ended up being a whole virus vector.

        Nowadays I don’t ever see DRM’d MP3s, and video tends to work relatively sanely. Lots of games still have anti piracy stuff, but most companies just opt for some Steam DRM . I remember rootkit DRM.

        Granted it’s not always forward progress. But it’s felt more effective for my personal situation

        1. 3

          My recollection is that DRM itself has gotten better, and more pervasive. It’s still there, it just happens to work without getting in your face or breaking your system, so people accept it.

          I’ll reserve judgement on whether that is a good thing.

          1. 3

            It was really cool that we won the DRM’d MP3 battle, but I think businesses don’t even care because they can DRM up their music easily now because everyone uses streaming services.

            1. 1

              Other than, say, the iTunes store (which sells high quality recordings without drm).

              No major providers though, right?

              1. 1

                From what I understand, Google Play Music gives you the option to download music you buy DRM-free a total of 3 times. However, you don’t have any rights to the music which you save for offline play, but don’t buy, in the Play Music app.

            2. 1

              I agree. Things improved a lot on content availability. Whereas, the UEFI and App Stores were a step back on the technical side.

          2. 3

            A lot of providers don’t do that, though. Whereas, a default DRM in the browser would probably make the number go up since the worst part is already there.

            1. 1

              This is giving a way to avoid having to install arbitrary plugins, instead boxing things into a bit of a safer environment.

              Do you have to install any plugins for Netflix? EME already works without being in the standard, it’s supported by all major browsers.

              1. 1

                Just because malware already exists and will continue to exist doesn’t mean we should make things easier for malware authors.

                The correct response to DRM plugins is exactly the opposite of what you said: browser vendors should constantly break DRM plugins by changing the unofficial APIs those plugins use.

              2. 4

                This stuff again.

                I fully expect with EME that we will see application authors begin to lock down HTML, CSS, Javascript, and every other bit of their web applications down with DRM.

                It’s literally called “Encrypted Media Extensions”. It’s directly tied into HTMLMediaElement, and the whole point is that encrypted video frames get passed through HDCP and decrypted on your display.

                It WILL be contained to movies. Because it’s IMPOSSIBLE to use for anything else.

                Look at the prevelance of DRM in proprietary applications elsewhere

                What prevalence? Professional applications like, say, AutoCAD still use a simple serial number, and every new release gets cracked on day one. Some games use DRM, but often just drop it after it’s been cracked.

                Anyway, here’s a real actual threat to the free open web where you can view the source of everything. It’s called… proprietary code on the server side, and it’s been there since forever.

                1. 13

                  So first off, I was talking more about the endorsement of DRM for images/video/audio will open the floodgates for DRM’ing of other technology. Whether or not it uses EME isn’t the point as much as the ok of DRM for the web from the W3C.

                  Second, while EME provides interfaces directly into HTMLMediaElement, the payload delivery mechanism seems like a reasonably generic DRM’ed message bus, and it isn’t hard to see how it could be used as a foundation to deliver other DRM’ed content. Am I wrong that interfaces couldn’t be exposed to use EME for other things as well?

                  1. 12

                    The strategy is called Fate Accompli where they break a larger goal into smaller ones that seem individually justifiable. Companies such as Microsoft have used devious techniques like that many times. The Trusted Computing Group was a good example where they told the masses TPM-like stuff was about security where it was mostly about DRM. So, there’s plenty of precedent for anything aiding DRM to be a stepping stone to much worse things.

                    1. 9

                      It’s fait accompli. <3

                      1. 1

                        Funny thing is I originally wrote that but though I misremembered spelling. It seems I did but only when I “fixed” it. Haha.

                      2. 4

                        TPMs are about security. And some of the most amazing TPM usage comes from Free Software. Check out tpmtotp and its usage in Heads.

                        Modern movie DRM uses HDCP — passing encrypted video frames to your monitor to be decrypted there.

                        1. 5

                          TPM’s were a product of the Trusted Computing Group that involved a number of monopolist, defense contractors pursuing their goals. The security claim, done for NSA’s IAD, was that the device could supplement a security-enhanced endpoint such as General Dynamics TVE or Dell Secure Consolidated Solution by protecting the boot process or any pre-OS software such as disk encryption. It was also pushed by entertainment industry asking Microsoft et al to make it technically impossible for users to view content without authorization. In other words, copyright monopolists would partly dictate what runs on our computers to suck more money out of us. They had already bribed politicians for DMCA for legal part. Now they just needed the technical part.

                          Let me illustrate what it was conceived to do to let you decide if it was more about security or companies’ profits (esp DRM & lockin):

                          1. The TPM ensures secure boot of BIOS’s made by (two?) companies that kept their products insecure on purpose for extra profit. These companies are an oligopoly with OEM deals that try to shut out competition. Initially, only their products will be signed as “trusted.”

                          2. The next, major part is an OS designed by monopolists who kept their product insecure on purpose for extra profits. This company was battling free software everywhere it could. Initially, only its OS would be signed for x86 systems as the “trusted OS.”

                          3. The OS then loads apps from various companies, esp Microsoft, that are deliberately left insecure to keep profits high. If it’s an app for movies or music, peripheral projects will force it to use a “protected media path” to ensure nobody can record it. Proposals of the time also included using virtualization or separation kernels to run media player outside the OS so no user software could touch it at all. Microsoft begins implementing whatever was cheapest/easiest.

                          So, it looks like a board-level, whitelisting solution designed by monopolistic and oligopolistic companies to force users to either use their DRM-laden, expensive software or switch to “insecure boot” modes with no protection at all. Your example of HDCP is one of many forms they had planned that were mostly closed-door discussions but slipped to public in various ways. Those slips led to a big backlast plus campaigns against them on DRM and user control side. We succeeded in forcing them to back way down from original goals.

                          The resulting chip barely does anything since it was designed to be dirt cheap above all else per what a member of Steering Committee told me. He said limiting it to weak form of trusted boot in special-purpose ASIC was only way to get Intel & desktop vendors to go along. Nonetheless,lots of CompSci and FOSS work built interesting stuff on it with the commercial sector moving first on that. Most of the better teams doing R&D have switched focus to TrustZone now given how mobile is still laying groundwork for how it does security. Lots of prestige, maybe profit, to be had if Apple or Samsung picks up a team’s solution. TPM-related schemes continue to get investment, though.

                          Far as the projects you bring up, they’re both really cool. I’ve bookmarked them for future evaluation or use. :)

                    2. 0

                      WebAssembly, on the other hand, is a legitimate threat to View Source. I think the OP is paying attention to the wrong W3C working group…

                      1. 7

                        No, it’s not. It doesn’t do anything new. It was always possible to compile native code to JS. (Or manually write “low level” JS that used one TypedArray of integers for all of its memory, LOL.) Wasm is a performance optimization, like asm.js was, but now with an efficient binary representation instead of messy JS code annotated with | 0 (or whatever it was) everywhere. Devtools could show the decoded source tree – that’s better view source than asm.js code.

                        1. 4

                          WebAssembly is just faster asm.js which is just faster compiled JS. That problem has existed long before WebAssembly has.

                          1. 1

                            But asm.js was not the topic of a W3C working group…WebAssembly is. We’re talking about being outraged because the W3C endorses an idea.

                          2. 2

                            WASM is just a way to encode JS into bytecode in a form that is just more handy in terms of encoding, decoding and compilation. It may even translate verbatim into JS.

                        2. 0

                          So basically the old unencrypted web would stop working once DRM is released?

                          Every user has a choice to not accept DRM and every publisher/author has the choice to publish their work whichever way they want.

                          Just vote with your time and money and don’t expect the ‘general public’ to vote the same way you do.

                          1. 2

                            Every user has a choice to not accept DRM and every publisher/author has the choice to publish their work whichever way they want. Just vote with your time and money and don’t expect the ‘general public’ to vote the same way you do.

                            A nice way to abdicate choice by blaming the ‘general public’. The thing about this reasoning is that it works equally well by switching “DRM” with anything else.

                            1. 1

                              The thing about this reasoning is that it works equally well by switching “DRM” with anything else.

                              such as?