United Airlines Requires You To Install Special Brand Of DRM To Watch Movies On Flights

from the yeah,-that's-not-happening dept

On Twitter yesterday, Brian Fitzpatrick, a tech entrepreneur, noted that while trying to enjoy the in-flight entertainment on the United Airlines flight he was taking, the in-flight Wi-Fi system told him he need to install its special brand of DRM. They didn't even try to sugarcoat it with some fancy confusing name. It's literally called the DRM plugin:
In case you can't see the image, it says:
Click 'Okay' to download the latest DRM Plugin.
After installation playback should resume immediately,
if it doesn't then you may need to restart your browser.
Fitzpatrick kindly sent me a bunch more screenshots and details. That little error message pops up -- along with other error messages -- when you go to watch a movie:
This is part of United's "beta test" of its "Personal Device Entertainment" option, that allows you to apparently fuck up your computer, just to get access to the short list of films and TV shows that United has contracted to allow you to watch while in flight. The "requirements" on United's website only shows "the latest version" of various browsers (oddly, Chrome is excluded -- which we'll get to) and Flash Player 15 or higher.
Notice that it doesn't say anything about "our own personal malware." The only indication something may be up is in this infographic that says "you may be prompted to download a plug-in." No biggie.

Fitzpatrick also realized that if you don't have Flash (which is actually a good security practice) United will helpfully offer to install it for you as well:
Because what's flying the friendly skies without the opportunity to push multiple pieces of software that might put your computer at risk!

At this point, United will provide lots of detailed instructions on how to install the DRM-you-never-wanted on your machine:
Notice the more detailed instructions to get it to work in Chrome (and the earlier note about how this system doesn't support Chrome)? That's because the plugin is using NPAPI, which is a security nightmare and is no longer supported in Chrome for security reasons. As the Chrome team has noted: "NPAPI is a really big hammer that should only be used when no other approach will work."

So, not only is United trying to install unnecessary and annoying DRM on your computer, it's also doing so in a way that it is recognized as being a security nightmare. That's encouraging.

In the interest of science, Fitzpatrick dug a little deeper and discovered that the "DRM plugin" in question is actually Panasonic's Marlin DRM -- something we actually wrote about years ago, as an attempt to create an "open source" DRM. Though, amusingly, Fitzpatrick notes that the DRM comes with strong copyright warnings itself:
This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Panasonic Avionics Corporation or its subsidiaries, affiliates, ad suppliers (collectively "PAC") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").
How sweet. You need to abide by Panasonic's rules when you install its security nightmare of a DRM you didn't want, just to watch an in-flight movie.

And, really, after all this, people should be asking but why? What "threat" model requires United to force dangerous malware onto your computer? And the answer is likely that Hollywood requires it, because to Hollywood everything is a threat, and the idea that someone might be paying hundreds of dollars for flights and they might also then make a copy of a movie... well, that's just too much to handle, and they have to first ask you to break your computer and put all your data at risk. Isn't that sweet of Hollywood? Oh wait, no I didn't mean sweet. I meant insane.

I'm sure that United Airlines didn't think through much of this and the details when it agreed to these ridiculous terms. It just thought it was adding an option that sounded nice. Letting people have access to more entertainment options, including on their own devices sure sounds like a nice option for some passengers. But if it comes with forcing people to put their computers and information at risk, it gets problematic fast.

Filed Under: drm, flash, in flight entertainment, marlin, marlin drm
Companies: united airlines


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. icon
    Jeffry Housre (profile), 22 Jul 2015 @ 11:09am

    Re: Re:

    Firefox only blocked Flash for a day until Adobe fixed the security problem in Flash--which was within 24 hours after they vulnerability was made known publicly.

    All software has similar flaws--even Firefox.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.