There must be people who find this style of writing persuasive, but for me it has the opposite effect.
The tone is so aggressive and slanderous that even though I should nominally be on the side of the author, I find myself thinking "surely there is another side to this story" and come away with the feeling that I should step back and consider that maybe the other side is in fact in the right.
It's like reading angry anti-nuclear activists and (either side of) the climate change debate. Whoever wrote that angry irrational rant is surely not somebody I want to be on the same side of any issue with. Maybe I'll check out the other opinion to see if they have anybody sensible to articulate it.
Agreed, and I've just realized the reason why
:
1) The portmanteaus are just annoying to read, giving me a negative feeling off the bat and I start searching for flaws to justify it.
2) The portmanteaus are in-jokes for the people who already agree with the author. This makes me think that the author is so focused on their own social bubble that they haven't seriously wrestled with a well-written argument by the other side. If that is the case, then I can't trust the author to not have massively overlooked some important counter argument, so I have to go look for it myself.
3) The same as above, but also: life involves judgement calls and intuitive evaluations of situations. Sometimes, you see interpret another person's words in a way that is wildly detached from what they said. This makes you trust others interpretations less unless you can either see the primary sources yourself, or see them wrestling seriously with the other side's argument.
It would be nice if we judged all arguments just on their facts, but time is limited and so we have to make judgements like these.
I wrote this statement and want to respond to your criticism.
Firstly, I think you make a very good point. I experience a similar feeling when I read things that appear one-sided, and I try in my writing to communicate the fact that both sides of the issue have been considered, even if I think one is completely absurd. I'll take your criticism into account with future writing about EME.
FWIW, here's the other side of the argument as I understand it:
"DRM is already happening on the Web, so we might as well do it at the W3C, with the vague hope that we will win some kind of concession from the DRM companies. Also, maybe if we don't, they will take their content off the Web and into some other system (subtext -- we care more about Netflix being on the Web as defined by W3C than we do about the Web as defined by W3C being free and open.
I think the other side of the argument is primarily the following:
a) The Membership of the W3C have decided they want to work on DRM.
b) Like most industry consortiums, the W3C is ultimately beholden to its (industrial) Membership. (And it's not clear they can refuse an organisation from joining as a Member without opening themselves up to allegations of being a cartel and the legal complications that would involve.)
A lot of this comes down to the relationship between the W3C and its Member organisations, and whether the W3C can refuse to work on something its Members want to.
There's also some of what you alluded to, which I will call c) A number of Member organisations have made it clear that they will work on this in some public forum regardless of what that forum is.
Now, from a purely pragmatic point-of-view, what is gained by the W3C refusing to work on it? Apple, Google, and Microsoft will still ship DRM modules; the web will still start relying on DRM modules existing within browsers. The outcome is entirely unchanged, as ultimately because of c we've ended up with an interoperable API from JS one can use to deal with DRM modules.
Refusing the venue is purely making a political point, it doesn't change the outcome. Now maybe that political point is a goal in and of itself, but given most of the arguments people make against DRM I'd suggest the goal here isn't a political point but rather reduction of reliance of DRM on the web.
By refusing to work on it, you upset the Membership (because you're going against them), jeopardising your own future (because a industrial consortium is nothing without Members), and not changing the outcome.
This is a passionate issue, written from the perspective of a fierce activist. I participated in the march against DRM in March, and it's difficult to describe the powerful emotion bursting from the protesters, as well as Harry Halpin when he pledged his resignation should it pass.
But your perspective is important.
I encourage you to write to campaigns@fsf.org; I know personally that Zak and others will value your input.
I agree, and from the (admittedly few) opinions I've read on the topic it seems both sides at a lower level (i.e. mailing list as opposed to blogs) have quite well articulated and reasoned contents. From reading those, I feel I have a better understanding of both sides. I also feel there's little consensus, yet a choice was made anyway. The (grossly simplified) argument being that vendors implement DRM anyway so may as well have at least some spec for it.
I personally don't agree with this, and get the feeling that there's a very heavy corporate hand in place threatening to move consumers (e.g. Netflix saying people just want to watch video damnit) away from the open web by using alternative technologies. We're better off with EME than Flash and Silverlight, essentially.
I'm obviously grossly over simplifying things, but what I'm trying to say is that I think you're right, it's not as black/white as the parent article tries to make it. I'm not trying to pretend I'm some sort of expert on this topic – far from it – and certainly recommend anyone interested in this to spend some time and actually read the reasoning of both sides.
The sad-hilarious thing is that I would pay Netflix exactly as much money if the content weren't DRM'd, in fact I might pay more since they currently limit to 720p on Widevine (which is disappointing for my 1440p displays).
The reason I'd still pay Netflix, is that I can already pirate all of the shows they license. I pay for their reliable adaptive-rate streaming technology, the content I can get from almost anyone. In trade for the convenience, I lose quality because the widevine streams only go up to 720p. Even sadder, I could torrent good quality screencaps of the 1080p Netflix streams if I wanted to.
The publishers are just being ridiculous, so the DRM is enabled for everything. Though I wish they would put their money where their mouth is and disable the DRM for Netflix originals.
I thought the general consensus amongst people, including the general HN crowd was that it was better to allow the w3c to specify a "black box" with well defined inputs and outputs. Allowing vendors to slot in their own (probably closed source) implementation than it was to slam the door in their faces whilst screaming "SCREW YOU, USE SILVERLIGHT OR FLASH".
Defective by design seems to be misinterpreting the "build the web for the users first" quote here, because the alternative to this proposal is not "no DRM", the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.
There's a time and a place to fight about DRM vs. no-DRM , but it's not here, this is the fight about how the DRM we will inevitably get works and interoperates.
> because the alternative to this proposal is not "no DRM", the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.
Good. Everything which makes DRM easier to implement, more reliable/stable/cross-platform/interoperable/etc., more streamlined and simpler to use, just skews the cost/benefit in the wrong direction. Everyone should be Free to make whatever DRM system they like, but such anti-social behaviour shouldn't be encouraged, and I certainly don't want to see organisations (FSF, Mozilla, W3C, etc.) making that activity any easier.
Plus, the harder it is to obtain and set up a working DRM system, the easier it will be for me to avoid it. For example, online tracking is very easy to accomplish, and is supported by many Free Software browsers, which means I have to spend time maintaining black/whitelists, selectively enabling JS in NoScript, deobfuscating and reading through JS source, etc. to avoid it. In comparison, Silverlight and Flash can be avoided very easily by not installing them.
Consider an analogy to proprietary software. It still exists, everyone is Free to make it, and many say it has a better UX. That doesn't stop me from running pure Free Software systems. If, say, the FSF had caved in years ago, and accepted some proprietary software, then my choice to avoid proprietary software would have been much harder since I'd have to disentangle such blobs myself.
The point of the GPL is to make Free Software easier to write, without benefitting proprietary software.
> There's a time and a place to fight about DRM vs. no-DRM , but it's not here, this is the fight about how the DRM we will inevitably get works and interoperates.
If you've given up that's fine, but please don't get in the way of those of us still fighting.
Genuine question: how should streaming companies protect against their content being stolen/ripped/etc without DRM? What's the alternative? I'm sure it's in the contract of every streaming service that they have to protect the licensed content to the best of their ability. Saying "fuck the greedy media companies" doesn't help the streaming services that need to license content to survive. Considering almost half of all bandwidth (in the US at least) is used for streaming, I'd say it's pretty important to have a well-defined solution to enable streaming companies to do what they need to do.
> Considering almost half of all bandwidth (in the US at least) is used for streaming, I'd say it's pretty important to have a well-defined solution to enable streaming companies to do what they need to do.
Streaming companies don't "need" to do anything. If they truly "need" DRM to exist, then they should shoulder that burden themselves rather than coercing others into doing the work for them; especially organisations and structures governing the Web, which was created specifically to disseminate human knowledge.
If that's too much of a burden for media companies to handle, then they should bow to market forces and close down. Humanity has survived perfectly well for millenia without them. Perhaps that will help divert some of the entertainment industry's billions towards causes of some actual importance.
DRM is not about protecting content, its about lock-in and keeping users on a single platform. Security researchers (schneier) has written about it. Content creators has written about it (Doctorow's Law), advocates has written about it (EFF), and of course users has written about it endlessly. The only people who argue that DRM is about protection is the publishers.
There are a few schemes, which normally do not even count as DRM, that is intended to protect copyrighted material. Encrypted TV channels is a primarily example. A streaming service could copy that scheme, but delivery physical tamper-proof boxes that do key-exchange every few minutes is quite expensive. Alternative they could what YouTube/Twitch do, which makes copying a stream about as difficult as downloading a pirated version from a torrent site (ie, you need to use a third-party software). For movies, it is the best protection as you can get without having to distribute physical boxes.
> how should streaming companies protect against their content being stolen/ripped/etc without DRM?
They shouldn't because it is useless. DRM can always be circumvented.
> it's in the contract of every streaming service that they have to protect the licensed content to the best of their ability
This is the only reason why DRM exists: Stupid, greedy rights sellers. They don't care why or how people consume the media. They only see licenses and money. "Protecting" licenses equals protecting money for them.
DRM is not bad because I want to "steal" anything. It is bad because proprietary software with the main goal of restricting its users leads to a bad experience. Amazon Prime Video for example is horribly buggy and hard to use. If I could use a decent player, I would pay more money for the service. Both sides would benefit from no DRM, but greedy rights sellers don't have logical thinking in their toolbox.
> the alternative is a worse UX from a plethora of more hostile, wider reaching proprietary DRM implementations.
But we're going to have a plethora of proprietary DRM implementations, each self-important vendor writing their own plugin targeting the EME API. And end-users will still have to track-down the correct combination of architecture and OS for each plugin, except multipled now for every streaming-media vendor that they use.
For example, look here at the most-deployed DRM plugin currently available:
Nothing available for *BSD, Sailfish, FirefoxOS... whereas current users of those platforms at least have Flash.
The W3C's argument is that without EME, DRM-protected media will move off the open web into its own app-silos. But that's exactly what will happen with EME, too, except the apps will be hosted within browsers.
Wouldn't this be a good opportunity to draw the line with browsers-for-the-open-web and apps-for-secret-stuff?
Silverlight and flash both work on Linux. The youtube experience is today identical on linux, android and windows. Do you think there will be a open-source alternative to each of the new closed source DRM implementations done by different sites?
Welcome to the new world where depending on the number of users your system has, some websites will work and others won't. If its worth for the company to develop to your platform, you might be worthy the time. If not, well, thought luck, go out and buy a platform which is supported.
Games has had this wonderful (sarcasm) idea of platform exclusives. Publishers could not do that with flash, but with unique DRM platforms for each site, its both convenient and easy. Wonder how well Mozilla and Google can compete in that space with Microsoft, an entity well experience in platform exclusive dealings.
> Welcome to the new world where depending on the number of users your system has, some websites will work and others won't. If its worth for the company to develop to your platform, you might be worthy the time. If not, well, thought luck, go out and buy a platform which is supported.
If you're implying that the world wasn't like this before, you're simply wrong. I was unable to give good faith recommendations of Linux systems to people for _years_ because Netflix wouldn't run on them, at a time when Netflix access was important to pretty much everyone I knew. This only really changed after mobile devices became ubiquitous and thus more or less obsoleted the complaint.
Holding up silverlight as an example of a closed source plug-in that works on Linux is a terrible one, given how long it took for that to be the case.
The websites that are platform depended are so few that we know the names of them, and it is currently very expensive to make platform exclusive sites. Is the case of Netflix the reason why we want more of them?
Linux has flash, it has silverlight, it has java. In the beginning they worked terrible, but thanks to the effort of open source developers, sooner or later it they got ported. When each publisher has their own DRM platform, copying the business model of the console market and earning money on the concept of exclusivity, how many open source ports do you expect to see?
If there is a plethora of hostile, wide-reaching proprietary DRM implementations, then surely this scenario will suck from the average end user's perspective, hindering the adoption of DRM. Helping the W3C create a standard, friendly and well-engineered DRM solution just means that the opposition to DRM will be reduced to a handful of internet freedom extremists who don't constitute a significant market segment anyway.
Where did you read about this consensus? I certainly haven't seen one.
The EME stuff is a proprietary plugin by any other name. If evil Corp wants a root kit for you to watch movies evil Corp gets one. There is zero difference between EME and other plugin systems from the pov of the vulnerablility it exposed your system to to the depth it can infect your OS to enforce itself.
It's not inevitable. Every single bit of data that enters a user's machine from the internet, that user has a right to store and re-examine at their leisure. Anyone who says otherwise is a crook of the 'old ways'.
The internet does not belong to those people, it belongs to us. It should remain free and open and sane. A monopoly by giant corporate media conglomerates is not inevitable.
> it was better to allow the w3c to specify a "black box" with well defined inputs and outputs.
But they didn't! EME is a spec for only for inputs, and no outputs.
EME entirely depends on CDMs, and their interface is deliberately left completely undefined (W3C uses that as an excuse to say they didn't—strictly speaking—define a DRM).
Plug-ins at least had an open NPAPI interface that anybody could integrate with. CDMs don't have any public interface. The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins).
So now it's illegal under DMCA to write your own browser that plays EME-protected video with CDM compatible with Chrome's, Safari's or IE's.
It's a loss of freedom, and no DRM has been removed or even relaxed in the process.
> The spec allows them to be anything, including kernel modules or hardware (and in practice they're… plug-ins).
On mobile platforms, they generally are system-integrated (and hardware-supported) components, often running at privilege levels exceeding the running Android/Linux kernel.
See the recent Qualcomm case where a DRM component (Widevine) running in TrustZone context[0] was used to attack Android's full disk encryption scheme.
[0] TrustZone is an ARM architecture feature for running code in a different execution context not accessible from the "normal" running kernel. Useful for running small amounts of code dedicated to protecting crypto keys, but horrible if you load gigantic DRM blobs into it that no one could reasonably audit due to sheer size even if their source code was available.
Actually. I realized that any party that would want to put their content behind this kind of obstruction does not really have anything interesting to show anyway. So better of without that particular content anyway! Same with sites that block you when using Privacy Badger. Good riddance.
The danger will be in it becoming normal for everyone to use EME, or that the most used audio/video devices and tools will by default enable this and make it hard/impossible to disable it. So if you shoot a video of police violence with your phone and decide to publish it that it can be blocked by e.g. government. Of course, pushing for integrating this with your video camera will be done to protect the children.
The ETSI thing doesn't solve problems. It creates a layer of abstraction that in theory makes the key acquisition protocol defined by whatever runs on the ETSI layer, but now you have the problem of remotely attesting the tamper-resistance of the ETSI layer itself. It would make more sense to standardize the protocol than to define an execution environment for arbitrary protocol engines.
Agreed. That's one of the reason why this initiative stalls. However the back idea is to standardize a DRM protocol that would be accepted by the copyright owners and that's a step in the right direction.
I'd like it if this happened. if the web has some standard way to ensure DRM that means it will be possible to sell media (and hopefully possibly software) on the web without requiring people to be online at all times. It would be even better if the entire thing was managed by the w3c, not just the endpoints. that way everyone could make use of it. I do not think everything should be free although it's good if there is an option to give things away. but in general, developers and content creators have to eat.
EME doesn't define the critical CDM component required for it to actually work. It's like a spec for `<object type="application/x-shockwave-flash">` tag saying it defines Flash.
So in practice you still have to license CDM integration from Google (for Chrome's CDM only) and Microsoft (for IE's CDM only) and Apple (for Safari's CDM only) and Adobe (for Firefox's CDM only).
It doesn't even define how the browser communicates with the CDM, which makes it strictly less good than NPAPI and the Pepper API, because at least they have a definition that allows you to get Flash working with your browser (well, assuming they provide a binary for your platform—or you pay to license it to port it yourself).
Web developers can always ignore this. I personally wont implement it at all cost. It's a reason for me to quit my job and show the finger to the DRM supporters.
You must remember that also before EME, Netflix & co. were using DRM.
EME makes it possible to view the DRM'd content (that is there with or without EME) without installing horrible and unaccessible generic binary add ons (Silverlight, Flash) and thus gives more freedom to users. Now a Netflix heavy user can choose to consume the content on Linux, too.
I am not sure how this is going to effect me. While I use FSF Icecat (their Firefox version) and should be OK with that, I do use Chrome for Netflix, Google, FB, and Twitter.
Will DRM black box plugin threaten the security of my laptop? Will many mainstream sites stop working with IceCat?
Will Youtube use it for cat videos? Coursera for lectures? Bandcamp for indie projects? Probably not. Consumers of Hollywood junk on various netflixes deserve malware. They eat shit already, now they'll eat it with tasty DRM sauce.
They are probably going to lock things down so that you won't be able to use the services without DRM. It's just for them. It was always for them. Nobody cares for the user. Even the fucking w3c just cares about companies' money. Nothing more.
Netflix today is using EME. If you access Netflix on Chrome (including in Linux), or IE11 in Win8 or higher you will be using the Netflix EME based Player, using MS PlayReady, or Googles Widvine CDM.
"We" certainly don't control the web; for the most part, the organizations that develop the most influential browsers do, with some input from the W3C, which is itself controlled by its 420 members.
The population at large mostly has a say by deciding which browser they use, and as long as people use DRM-friendly browsers, DRM is what they'll get.
Your comment first says that Mozilla, Google, Microsoft, and Apple control the web and then says actually people control it by which browsers they use.
Truth is it's a mix. Mozilla, Google, Microsoft and Apple are corporations of people who's influence is small and meaningful just like yours or mine.
When I read this article it seemed to suggest that the W3C is not fitting within this mostly open society.
History has shown us that DRM benefits only the largest richest and most single-minded corporations, and usually at some detriment to the user.
I'd be surprised if that were true. (Do they donate anything? I'd be surprised if they did, I suspect they merely pay their membership dues.) The membership fees come at five levels, mostly dependent upon annual revenue; Apple, Microsoft, Google all pay the same as Adobe, Boeing, Dell, Facebook, HP, LG, Netflix, Siemens, Sony, Disney…
You're right, I meant "contributors". It is not only a question of money: these companies can dedicate people to lead the standardization tasks and push their own interests. That's mostly visible at MPEG with patents (yet another hot subject).
Standards are very important. But the way we make them is still highly improvable.
The tone is so aggressive and slanderous that even though I should nominally be on the side of the author, I find myself thinking "surely there is another side to this story" and come away with the feeling that I should step back and consider that maybe the other side is in fact in the right.
It's like reading angry anti-nuclear activists and (either side of) the climate change debate. Whoever wrote that angry irrational rant is surely not somebody I want to be on the same side of any issue with. Maybe I'll check out the other opinion to see if they have anybody sensible to articulate it.