Hacker News new | past | comments | ask | show | jobs | submit login
DRM Non-Aggression on the Table at W3C (eff.org)
101 points by DiabloD3 on March 16, 2016 | hide | past | favorite | 38 comments



It wasn't so many years ago that the solution would have been a proprietary patent with FRAND (Fair, Reasonable, and Non-Discriminatory) licensing and payment. Free and Open Source made the payment impossible, so companies had to change. The proprietary control through patents was tempered by standard bodies excluding such contributions (like W3C [0]), or patent disclaimers (like Microsofts Community Promise [1]), or patent pooling (like MPEG LA). So if we want to eliminate DRM, without hoping for another miracle from Apple, we should use the large market share of open source software.

Maybe that means changing licenses (like a BSD 4-clause 'no DRM' license).

Maybe it means making client/server software that just doesn't work with DRM, closing down web based DRM, and forcing Hulu etc... to each implement their own clients on every platform (as it was before EME). Maybe get a Netflix competitor to use AGPL3 server and clients, that won't work with distributors that demand DRM.

[0] https://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Li...

[1] https://msdn.microsoft.com/en-us/openspecifications/dn750984


Personally, I could care less about DRM on content; I'm far more appaled that I have to use DRM on the cable/protocol between my monitor and my video card. One of these harms my "freedom to tinker," the other, not so much.


A no-DRM clause would go against the definition of both Free Software and Open Source. Or more exactly, if you apply any restrictions on usage, then the software can't be classified as either. No exceptions.

And on distribution any copy left license would do, because it is DRM ruling itself out, as transparency of the code is incompatible with DRM. That's because all DRM accomplishes is a sort of security by obscurity so there can't be generally accepted solutions that are open-source. There's no DRM in Chromium for example. But except for the browser, it's not distribution that's relevant, which is why organizations like the FSF, the EFF and Mozilla are pissed off about W3C standardizing DRM.

I wouldn't hope for any miracles by Apple, when they are single handily responsible for popularizing DRM amongst consumers, along with Trusted Computing. Their whole iTunes / iPhone business is built on top and the rest of the industry followed.


The GPLv3 solves this by not preventing you from implementing DRM, but granting you the right to circumvent any DRM implemented with the software.


I don't think that GPLv3-encumbered software would help here. About all it would do is make companies say, "download our app to watch this." keeping the status quo the same.


How would a copy-left license force disclosure of DRM implemented in a library distributed as a binary blob?

All you'd see in the open source code is a call to that library (just like a call to a binary blob driver from the Linux kernel, for example).


> Maybe it means making client/server software that just doesn't work with DRM, closing down web based DRM, and forcing Hulu etc... to each implement their own clients on every platform (as it was before EME)

Hulu etc would not be forced to implement their own clients. Someone would develop a general, easily customizable client that Hulu etc would license that supported a plugin system for the DRM components. Hulu etc would license that.


A viral no-DRM clause in a variety of open source licenses sounds like a great idea! How could we go about promulgating such a thing?


Start using GPLv3 and AGPLv3 like you were supposed to for the better part of the last decade, and stop listening to the divisive arguments from pragmatists who don't care about the ethical consequences of permissive licensing when it comes to these kinds of things.

Even if you want to get post-copyright (I certainly do) we don't improve the situation fueling the copyright lobby with technological force multipliers through our own hard work. Keep them honest with copyleft licenses to keep users free of this kind of nonsense.


> Keep them honest with copyleft licenses to keep users free of this kind of nonsense.

... and support the GPL compliance efforts of organisations like Software Freedom Conservancy:

https://sfconservancy.org/supporter/


Gplv3 comes with a ton of baggage, though, and it still isn't clear how enforceable agplv3 is.

I suspect better content licensing would be best--have a license that forces any distributor to offer media that can be played with FOSS software.


How will GPLv3 prevent smartphone, smarttv, etc apps from using DRM? About all GPLv3 and AGPLv3 would do is give a slightly smaller corpus of software to use in implementing. How much software did Apple open up when GCC went GPLv3?


Apple has never included the GPLv3 version of GCC on OSX themselves. For years they were shipping the outdated last GPLv2 release, and then they put all their effort into LLVM to replace GCC entirely because they refused to give up their DRM and Tivoization.

GPLv3 has this clause:

Some countries have adopted laws prohibiting software that enables users to escape from Digital Restrictions Management. DRM is fundamentally incompatible with the purpose of the GPL, which is to protect users' freedom; therefore, the GPL ensures that the software it covers will neither be subject to, nor subject other works to, digital restrictions from which escape is forbidden.

And has a definition corollary:

Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications. It also includes any decryption codes necessary to access or unseal the work's output. Notwithstanding this, a code need not be included in cases where use of the work normally implies the user already has it.

The GPL "stops" apps from using DRM because to use DRM is to violate the license and be liable for copyright infringement.

On OSX specifically, I imagine the Apple had some leaky GPLv3 code somewhere, because they open sourced a lot of Darwin between 2007-2010.


That's my point. The GPLv3 did less than nothing in encouraging reasonable sharing, it made companies wall things off more. When you're even a moderate sized company, there comes a point where it's easier to just write your own than to deal with the restrictions software licenses bring. It's happened with a ton of commercial code, and it happens with Free code as well.


Don't tell Blizzard that. They use a tons of free libraries in their flag ship products, including LGPLv3 in Starcraft 2. Im sure they would just love to delay the release date swith a year or two in order to avoid FOSS licenses and rewrite their own XML parser, fonts, or HTML/CSS code parsers.

That is, unless they can do cost-benefit. Some markets is just to competitive that you can't waste developer time in order to be afraid of licenses. The game market is very saturated, but there might be places where you can afford to entertain peoples fear.


> Start using AGPLv3 like you were supposed to for the better part of the last decade

What if I care about freedom zero? AGPLv3 is incompatible with freedom zero.

I'm not sure you can criticise other people for failing to care about ethical consequences when you are casually prepared to throw away one of the core principles of free software.


It's a non-starter called GPL3. While I'm not a lawyer, my understanding is that many businesses consider the GPL3 and its extended anti-tivoization, anti-patent provisions dangerous.

They may be misguided, I won't comment on that here. I will just say that my impression is that such an anti-DRM clause exists, and the license that uses it has many detractors.


Was it tested in court in US ? Were some businesses sued for violation of a GPL3 license ? if yes by whom ? it's just a question.


DRM is a disease. They might mitigate symptoms (corrupted anti-circumvention laws), but this sickness must be uprooted at its source to be really fixed. W3C made a great disservice for the Web by accepting DRM in the standard legitimizing it in the process.


DRM is a symptom. Perpetual copyright is the diseas.


The disease is using technical measures to enforce laws.


yeah, I don't know. For an imagined law "government can't violate privacy" I'd feel much better with strong encryption (a technical measure) then trusting government to prosecute and jail its employees when they violate law.


Using technical measure to enforce law is a necessity, the over-stepping of bounds is the disease.


One pragmatic approach would be to continue to support existing DRM -- but only for the largest most established existing players like Netflix.

This would make DRM a problem for the content providers, because Netflix would then have a monopoly on the ability to distribute content with DRM. That's not good for their ability to have any leverage while negotiating.

A similar situation played out with iTunes, and we've got DRM-free music available for sale now.


> Netflix would then have a monopoly on the ability to distribute content with DRM

To rephrase Archer, "Do you want the DOJ to be involved in the creation of (global) web standards through antitrust lawsuits? Because that's how you get the DOJ involved in the creation of web standards through antitrust lawsuits."


I'm not sure there would be market harm from this outcome, which would be required for the DoJ to intervene.

Content creators would remain free to license their content using their own technologies.

Apple has successfully shut down people that created implementations compatible with Apple's DRM. To be clear, these people were not breaking Apple's DRM. They were "protecting content" using DRM that was iTunes/iPod compatible, and Apple shut that down.


This seems like a good idea in principle. However, the people most likely to bring a DMCA suit are not participating members of the W3C and thus not subject to this pact. The major media production houses can sit back, let others build EME for them, use it, and wield the DMCA over that use.


Widevine (Google) and PlayReady (Microsoft) are the top EME DRM providers. Google and Microsoft are both on the EME working group.

The critical question is whether rightsholders can use the DMCA (or local equivalent) to sue someone for circumventing DRM technology that isn't their own.

If not, if the only party capable of enforcing anticircumvention is the DRM vendor itself, then this could be very effective.


As a sort of external observer who doesn't really 'do' big media, I'm left wondering why content providers even bother with DRM at all.

Any insiders about to provide some sort of perspective?

All of the content is all over torrent sites. The general public are 'non-savvy', or unwilling to take the risk, and seem to continue paying to netflix'n'chill.

So I don't really understand why this is even a thing. It feels like anyone savvy enough to save a HTML5 video and copy it to a USB drive would be savvy enough to open a torrent site. What gives?


DRM isn't effective at stopping the data from getting out into torrents, but it is effective at other things, one of which is mentioned by the article: it makes researching copying and bypassing copy restrictions illegal. There are few other I explained in my answer here: http://security.stackexchange.com/a/25175/15712


Ethics.


As long as major content providers want it, there is going to be DRM one way or the other. It is not in fact within W3C's power to prevent that.

The only influence W3C has on DRM is the form it takes: is it implemented through (somewhat) standardized means, using the building blocks of web technology provided by browser vendors, or is it implemented through black-box plugins that we know, after 15+ years of experience, end-users will install.

I have never really understand the role W3C is supposed to play as a pressure point for DRM.


> As long as major content providers want it, there is going to be DRM one way or the other.

It's not so simple. Content providers want to distribute on the web. Yes, they have the ability to just pull out and avoid that space entirely, but that's not good for them. The web needs their content, but they also need the web.

In other words, the W3C saying no to DRM would apply pressure in the right direction.

That suggests positions can be shifted. And we have seen them shift before, with music downloads, which used to be DRM'ed, but no longer are.


Except the web doesn't really need their content. The web exists and will continue to flourish regardless of the availability of commercial hollywood films and television on it. It got this far without ruining open standards, and the MAFIAA lobby forced DRM bullshit upon it because they fear for their long term viability.

That is a sign they were losing the battle, and they absolutely were with the rise of youtube, facebook video, twitch, etc - alternative video sources were / are starting to get professional, with many major youtube channels having production crew and proper film / showmaking.

The web would have been absolutely fine without them, but they knew they would not survive without the web long term, especially internationally.


In exactly what way would the W3C "saying no to DRM" apply any pressure at all? The W3C cannot ban plugins.


I have never really understood why people continue to instist that EME is not filled with "black box plugins"

EME is enabling black box plugins, simply calling them "extensions" does not magically make them something other than a Black Box binary blobs loaded by the browser.

Functionally they are really no different than the Flash or Silverlight plugin, they simply contain less stuff and are more specialized

W3C is suppose to be promoting the Open Web, that means open regardless of Operating System, Browser Choice, or Nation

EME violates all 3 of those by locking you down to only commercial, or commercially supported browsers (no open source EME, even Mozilla had to pay Adobe to create them a Commercial non-free plugin for FF)

Free/Libre Operating Systems are Excluded from the new w3c vision of the web

EME/DRM enables Geo-fencing of content

In short the EME is a complete bastardization of the w3c mission


Overall, this whole argument seems like the web being well behind the curve and debating about approaches to take to yesterday's problem (or perceived problem, I've yet to see real harm done by DRM on Netflix) when meanwhile things are largely passing them by. Consumption is moving to smart TVs, Rokus, iPads, etc.

So if you want a threat to the "open web" the appification of the world is where you'll find it. I'm not sure it'll be stopped either way (or even that this trend is so terrible), but religious objections to DRM - to push things that way even faster - aren't going to do anything to slow that train down.


Some past discussion on this topic:

https://news.ycombinator.com/item?id=7055016




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: