Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

And Here We Go: Mozilla Felt Pressured Into Adopting DRM In HTML5

from the a-broken-system dept

We’ve written a few times about the unfortunate decision by the W3C to adopt DRM in HTML5 in an effort to keep Hollywood happy. While Tim Berners-Lee and others at W3C have tried to defend their reasons for doing so, they’re all based on the faulty premise that somehow the internet needs Hollywood more than Hollywood needs the internet. The reverse is true, but Hollywood has convinced too many people of its own importance to the internet. Because of that — along with the agreed-upon fact that today’s plugin/extension system is a complete disaster from technological and security standpoints — the W3C, pressured by a bunch of big companies, agreed to put DRM into the next generation of HTML (and don’t buy their argument that it’s not actually DRM — the only purpose that Encrypted Media Extensions (EME) serves is to enable DRM).

Today there’s a lot of discussion because Mozilla, makers of the popular (and open source) Firefox browser, have posted two separate blog posts about how they feel forced to adopt this DRM even though they hate basically everything about it. Mozilla’s argument is not crazy. They’re worried that by not adopting these standards, while all other browsers do, people will just shift to those other browsers. And beyond just losing market share, Mozilla has a point in noting that the way other browsers implement EME will be less secure than the way that Mozilla is doing it.

We have designed an implementation of the W3C EME specification that satisfies the requirements of the content industry while attempting to give users as much control and transparency as possible. Due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well. Mozilla selected Adobe to supply this CDM for Firefox because Adobe has contracts with major content providers that will allow Firefox to play restricted content via the Adobe CDM.

Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

Traditionally, to implement node-locking DRM systems collect identifiable information about the user’s device and will refuse to play back the content if the content or the CDM are moved to a different device.

By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.

Mozilla is also making it opt-in — so that everyone will have the choice to choose whether or not to activate the DRM implementation. Also, kudos to Mozilla for not taking the W3C path of pretending that EME isn’t DRM. Mozilla is quite upfront that this is DRM and that they’re uncomfortable with this. As Andreas Gal says:

we would much prefer a world and a Web without DRM…

But, Mozilla feels that users “need it to access content they want.” Mitchell Baker similarly notes:

The new version of DRM uses the acronyms “EME” and “CDM.” At Mozilla we think this new implementation contains the same deep flaws as the old system. It doesn’t strike the correct balance between protecting individual people and protecting digital content. The content providers require that a key part of the system be closed source, something that goes against Mozilla’s fundamental approach.

Unfortunately, it appears that even though this is the case, Mozilla still believes that the internet needs Hollywood’s locked up content more than Hollywood needs to adapt to the internet. That’s too bad. Cory Doctorow has a very detailed discussion of why he thinks Mozilla made a mistake, while acknowledging all of the reasons why they did what they did. More importantly, he lists a number of additional things that Mozilla should do to improve the situation. I’ll summarize those four things, because I agree wholeheartedly:

  1. Protect security researchers: Thanks to the anti-circumvention provision of the DMCA, any security research into Adobe’s DRM may be a form of infringement. As Cory notes, Mozilla should demand that Adobe issue a covenant not to sue security researchers or developers who find vulnerabilities.
  2. Educate users: Teach everyone (including Hollywood, but mainly the public) why DRM is dangerous and harms security and privacy online. Personally, I’d add that Mozilla could also teach people why DRM is simply not necessary.
  3. Research and publish the case for DRM: This goes back to the question of who really needs it. Hollywood thinks they do, but I don’t think that’s really true. As Cory says, Mozilla should look at the actual data to see if there truly is a use case for DRM.
  4. Formulate and articulate a DRM policy: Basically don’t make these kinds of decisions ad hoc — but have a clear policy on how and when decisions like this get made.

For years, the music industry insisted it needed DRM, and folks like Apple catered to them — and that actually just helped Apple have more power over the music industry. Finally, the music industry shed DRM and it had almost no impact. Today, the book industry has the same issue, demanding DRM… and basically handing market power to Amazon in providing that DRM. It’s amazing that Hollywood still insists it needs DRM. It does not. Unfortunately, it by agreeing to implement DRM here, it means it will take much longer for Hollywood to learn this lesson.

Filed Under: , , , ,
Companies: mozilla

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “And Here We Go: Mozilla Felt Pressured Into Adopting DRM In HTML5”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re:

I mostly do that myself, unless I happen to really like something. Now though, if it’s locked behind DRM, I’ll have to pirate it. There is no reason to punish the people who actually buy content with DRM when the pirates can just download a far more liberated version for free.

Seegras (profile) says:

Re: Re: Re: Re:

Simple. If you want to sell me something, don’t do DRM, or I’ll vote with my boots.

And I might even vote with my boots against other of your products. Like not going to the cinema if you morons push DRM. Or not buying your book on paper because the ebook has DRM.

No, I’m not going to use that EME for anything. And unless I can redirect streams in cleartext to my harddisk, I won’t subscribe to any service that requires it.

Anonymous Coward says:

Even if you only sip the cool aid...

you are still drinking it.

Make the browser switchable so that there is no DRM entirely until you decide to watch Hollywood DRM garbage, when when you switch to it… be sure to come up with a name for this mode that makes it clear what is going on.

Title it…

“Hollywood DRM Mode”


Shut up and put up if your only going to cry and moan, but actually do nothing.

Anonymous Coward says:

Re: EME...

“I saw it in my browser flags .. so I disabled it.”


I am under the impression that this is not implemented yet. E.g.

“Gervase Markham wrote on May 14th, 2014 at 10:51:

The exact user experience is still to be decided, but it will definitely not activate and run without you explicitly agreeing. You will be able to say No. “


Anonymous Coward says:

It’s good to see Mozilla is being transparent about how they’re implementing DRM into their web browser. I like how they’re loading the CDM (content decryption module) into a sandbox, and also generating spoofed device fingerprints that are unique for every website. In order to prevent websites from tracking people’s browsing habits.

That One Guy (profile) says:

And add another reason to the list...

To never give Hollywood so much as a dime if it can possibly be avoided.

Still, assuming every site out there doesn’t for some reason go DRM crazy, I can actually see a silver lining with this, as it’ll help people know which sites and services to avoid.

‘So I need to enable the DRM crap in order to access the site? Well, that sounds fair, let me just- oh, right, there’s more options out there than the major companies would like you to believe, I think instead I’ll just go to a different site and forget this one exists.’

John Fenderson (profile) says:

Re: Well, it could be worse

Now that I’ve read and thought more on this issue, I feel MUCH less charitable about it. I ow think that they’ve just sold us and their own ideal out. Of all of the bad decisions they’ve made about Firefox over the past few years, this is the only one that leads me to the conclusion that I need to stop using it, and that I need to stop giving money to Mozilla. If they can’t stand up for what’s right when it’s tough to do so, then they can’t stand up for what’s right at all.

They no longer share the ideals and goals of a free internet that I do. They are enabling just the opposite.

John Sullivan (profile) says:

EME is not yet approved

Mike, EME has not yet been approved by the W3C. They are allowing it to move forward, but it is important for people to know there is still a chance to stop it.

If anything, Mozilla’s announcement should embolden us in this area. We knew that W3C rejecting EME would not stop browser makers from implementing it anyway. Now that all the major ones have announced decision to do so, W3C should feel very able to reject EME to send a message that DRM is *not* part of the vision of the free and open Web.

John Fenderson (profile) says:

Re: EME is not yet approved

“Mozilla’s announcement should embolden us in this area.”

The problem is that if the major browser implement it even if it’s not adopted in the standard (as it appears they’re doing), then that basically guarantees that it will have to be adopted in the next version of the standard in order to ensure that all the implementations are in sync with each other.

Mozilla’s announcement, in other words, makes it more likely that we’ll see widespread adoption even if it never gets the blessing of the W3C.

That One Guy (profile) says:

Re: Re: Re: EME is not yet approved

Indeed, and really, it’s hard to see someone pushing for a DRM scheme like this as anything other than evidence that they’ve sold out and are just repeating what they’re told, or that they’ve fallen for the laughably bad claims that somehow the net needs Hollywood more than Hollywood needs the net.

For the first, corruption, the second, incompetence and gullibility, neither are very flattering possibilities.

Pale Moon User says:

Re: Anonymous Coward

“Firefox is open-source, right? Can’t someone just fork a version without DRM, or DRM support, or whatever the heck this stupid thing is?”

There is, it’s called Pale Moon.

I started using this web browser after Firefox started that crap with the ads in the tabs. It’s based on Firefox and all of my add-ons transfered over. Been happy ever since.

Prizm1 (profile) says:

Adios Firefox!

I said bye-bye to Firefox some months ago, following their announcement of the upcoming Firefox browser “value added feature” involving actively tracking you and using your tracking profile to provide you with relevant ads on the browser home screen.

All useful browsers now internally track you to some degree. I moved to Chrome. Chrome is faster. Although it is (yuck) Google, one of the reasons that I believe that the Chrome browser is faster is because it does not incorporate all the user tracking features that the other browsers have. Since Google has effectively become the Internet, Google does not need to have its browser internally laden with internal profiling user reporting tracking code. Whatever you surf to on the Internet, Google is already there on the server end to to collect your computer identifiable metadata.

Google’s Chrome browser allows the end-user to access the Internet, but the Internet itself is Google’s in-house browser.

John Fenderson (profile) says:

Re: Adios Firefox!

“All useful browsers now internally track you to some degree.”

Firefox’s tracking for those ads is entirely internal to your browser and machine. There are no plans to do the kind of tracking that web ads do. Moving to Chrome to avoid the Firefox ad plans is kindof dumb, as you’re moving to a browser that does much more invasive tracking.

John Fenderson (profile) says:

Re: Re: Adios Firefox!

“Mozilla changed their minds about ads in firefox.”

No, they have not. Look at what they’re saying again: they’re promising to experiment with the ads until they find a way to do it that they’re happy with, then they will roll them out to everyone.

The only thing they’ve changed their mind about is that they’re not rolling them out on their original timetable. They’re still going to roll them out.

That Anonymous Coward (profile) says:

I’d just like to point out the justification.

But if we don’t, our competitors might and gain more users.


If all of the other browsers jumped off a bridge…

Perhaps having the balls to tell Hollywood NO, might have pushed the others to opt to not support it. Cause like there was this set of really fucking stupid laws and a buncha people got together to stop it… but it took someone to say No first.


The Wanderer (profile) says:

Re: Re:

Do you really believe Mozilla has that much leverage?

You’re right about the justification for this, though you’ve spun it backwards, but I think they’re probably right in their reasoning: if everyone else supports this and Firefox doesn’t, then the vast majority of people who encounter a video they can’t play in Firefox and can play in something else will just use something else, and Firefox gets weaker (giving it even less leverage for next time).

There are counterarguments to that; I saw one person already specifically state that the only reason he’s stayed with Firefox over Chrome is Firefox’s respect for his rights and his privacy, and that now with that dropped he will have no reason not to switch. It’s very likely, however, that such people are by far in the minority.

I do think Mozilla is trapped between a rock and a hard place here. The decision to incorporate EME support at all is a bad one, yes, but it may very well be the least of the available evils – and given that they implement it, they seem to be taking most reasonable measures to limit or otherwise minimize its negative impact.

That Anonymous Coward (profile) says:

Re: Re: Re:

Perhaps if people actually stopped accepting this intrusive sort of crap, they might stop pushing it.

At some point consumers need to say enough, no more and mean it. Do you think Netflix would keep pursuing this system if a large portion of their subscriber base cancelled the service specifically because of this reason?

Everyone likes to talk about how this and that DRM are crap and horrible… but how many are willing to stop paying them money to make it clear it is not acceptable?

We are allowing 1 industry unheard of control over everything to appease them. No matter how much we give up and accept from them, it is never enough. They want the impossible, and we keep humoring them instead of saying enough we’re done.

How much more are we willing to give up to appease groups who have expanded their rights well beyond what was ever imagined or intended? If a car maker demanded that we all had to use only 1 brand of tire to protect their “rights”, there would be dramatic backlash… why are we so freaking meek to a group who create entertainment, gets the full price and still demands the right to control over how, where, when you are allowed to use what they sold you.

It is time to stop shielding them from the reality that what they are doing is unacceptable, and we will no longer pay them if they continue the same course. They understand when they stop making money, and we should use this to finally get their attention and get change.

John Fenderson (profile) says:

Re: Re: Re:

It’s not so inexplicable. I think there are two things going on here. Firefox’ market share has fallen so that it is no longer the most-used browser. They want to reclaim their position as top dog, and the approach they’re taking is to duplicate the current top dog as much as they can. I think this will backfire for the reasons you say, and we’ll see Firefox’ market share fall even further as a result.

The other thing is that Mozilla is really trying to turn Firefox into something that it was never meant to be (and, in my opinion, shouldn’t be): an operating system. Again, they’re looking at Chrome and are trying to emulate Google’s efforts in that direction.

It’s truly sad to see Mozilla screwing things up as badly as they are. They used to be a leader and a real force for good on the internet. They have pretty much given up both of those things now.

Andypandy says:


Seriously, how blind can people be, this is not only about movies this will be a dream for the news sites where they demand people pay up before getting the news from their regular free sources, more sites will demand payment to view their content and use the drm to enable a system whereby you pay to access a bunch of sites.
Yes, it will also be used for access to video and used to lock down some websites unless people pay, but even then if it is used to block pirate sites or news sites that do not join the middlemen and pay up there will be a way very soon to hack into the drum structure and create an internet that has absolutely no payment systems,
I would advise the hackers not to release the hacks immediately, wait until Hollywood has created a few sites where there is content that can be downloaded and then once they have spent millions on releasing drum content break it open for everyone to access these sites with absolutely no payment, damn, I am sure just a simple few changes will break this drm just as every other form of drm has been broken , including the supposedly unbreakable Blu Ray DRM which was broken within days of it being released.

No worries everyone the pirates will keep the internet free from being locked down and content will only be more available than before.

The Wanderer (profile) says:

Re: Re:

I had the same thought, and it should be entirely possible to recompile the “sandbox” wrapper (which is apparently going to be a separate component, not part of Firefox directly although it may be shipped with it) to just provide the same ID in all cases, or do other things as you see fit.

However, from what’s said in the second of the two linked Mozilla blog posts, there appear to be claims that the black-box “Content Decryption Module” will in some way take steps to verify the “sandbox”; if it doesn’t match what the CDM expects, the CDM will refuse to decrypt the stream.

It’s not clear how the CDM will go about doing that, since allegedly the only information the CDM will have access to is what the “sandbox” provides it via the EME API, but I imagine the people behind the system would already have thought of that; if they’re still confident that they can do it, they’re probably right.

Even if that verification is as simple as a basic hash, it would be prohibitively difficult to modify the “sandbox” in a way that would do what we’d want but would still validate the same way as the unmodified one.

John Fenderson (profile) says:

Re: Re:

And once that device ID is blacklisted, none of the browsers using it will be able to show that content anymore.

The better solution is for people to use browsers that don’t implement EME or that let you turn it off, and to actually turn it off. For extra impact, don’t pirate the stuff either. Screw the bastards demanding this abomination. They don’t deserve your money.

Anonymous Coward says:

Re: Re: Re:3 Re:

Hmm, ‘kiddies that have no clue about what they’re talking about’…

For everyone’s sake, you need to take some English classes. Theft is not defined the way you seem to think it is. DRM only affects anyone with DRM-containing content. Believe it or not, kiddie, there are actually people who pay for things, then get the DRM-free version so they can actually use and enjoy what they paid for. Claiming that people of any given age have no clue what they’re talking about, and then claiming that DRM doesn’t prevent anything, simply makes it clear that you have no clue. Try harder.

That One Guy (profile) says:

Re: Re:

You are aware that no-one other than really gullible morons in suits actually believes that DRM in any way prevents piracy, right?

DRM doesn’t do squat to stop pirates, as it has to be cracked all of once before it’s no longer an issue, the only people DRM actually affects is legitimate customers, so really, you can stop with the ‘DRM is to stop piracy!’ myth, no one’s buying it.

Anonymous Coward says:

Sad that they cite "market share" as a major concern...

…when so many of their other recent changes seem actively designed to reduce market share, by angering their long time users for no real gain. As examples:

– Australis
– Frequent UI “change for the sake of change” with no actual improvements
– Copy whatever Chrome did this week
– Add social networking as a core feature, but drop popular features with the justification that “you should just install an add on to put it back”

Also, obligatory since no one has mentioned it here (credit to LWN post by pabs for the link): http://ebb.org/bkuhn/blog/2014/05/14/to-serve-users.html

The Wanderer (profile) says:

There’s discussion going on on the mozilla-governance mailing list (also accessible as the mozilla.governance newsgroup, on news.mozilla.org) about this, including participation by Mozillians, both ones involved in this decision and ones who were not. There have been some interesting points brought up there so far, and I think it may be worth following.

John Fenderson (profile) says:

Re: There's an easy answer

In effect, they are doing exactly that, only with a single executable. What they’re talking about is including the EME framework but not enabling it by default. If you want to use it, you have to specifically opt in.

But that doesn’t address the two major problems with this: the betrayal of their own principles, and the fact that they’re helping to guarantee that EME will be a part of the HTML standard.

John Fenderson (profile) says:

Re: Re:

Because unless they do this, you won’t be able to use Firefox to watch Netflix and such. Their (probably justified) fear is that since Netflix and Hulu are incredibly popular, if you can’t use them with Firefox, people will switch to a browser that you can use them with.

It’s understandable for a company that is in it to make a profit. Mozilla, however, is not supposed to be about that. They style themselves as defenders of a free and open internet. That they are willing to throw that under the bus to avoid taking a hit in terms of market share is just hypocrisy.

Lee Reynolds (profile) says:

Nothing new here

Mozilla has a history of capitulating to squeaky wheels, just ask Brendan Eich.

That being said, I can’t really say that I care one way or the other about this issue. I’m not hostile to the concept of intellectual property, but neither do I believe it should be perpetual. The problem with DRM is not that it protects IP, but that it provides a technological means to make that IP defacto eternal, even after the copyright has expired.

Yoshord says:

I mostly use Internet Explorer. However, cheezburger.com comments don’t work in IE, so when I want to see cheezburger comments, I use Iron or Firefox (whichever one the feature happens to be working with on that day’s particular phase of the moon) for Cheezburger, while still using my main for everything else.

I imagine a similar situation would occur if Firefox were my main, I actually cared about Netflix and Netflix didn’t work on Firefox; something not-Firefox for Netflix and Firefox for everything else.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...