United Airlines Requires You To Install Special Brand Of DRM To Watch Movies On Flights

from the yeah,-that's-not-happening dept

On Twitter yesterday, Brian Fitzpatrick, a tech entrepreneur, noted that while trying to enjoy the in-flight entertainment on the United Airlines flight he was taking, the in-flight Wi-Fi system told him he need to install its special brand of DRM. They didn't even try to sugarcoat it with some fancy confusing name. It's literally called the DRM plugin:
In case you can't see the image, it says:
Click 'Okay' to download the latest DRM Plugin.
After installation playback should resume immediately,
if it doesn't then you may need to restart your browser.
Fitzpatrick kindly sent me a bunch more screenshots and details. That little error message pops up -- along with other error messages -- when you go to watch a movie:
This is part of United's "beta test" of its "Personal Device Entertainment" option, that allows you to apparently fuck up your computer, just to get access to the short list of films and TV shows that United has contracted to allow you to watch while in flight. The "requirements" on United's website only shows "the latest version" of various browsers (oddly, Chrome is excluded -- which we'll get to) and Flash Player 15 or higher.
Notice that it doesn't say anything about "our own personal malware." The only indication something may be up is in this infographic that says "you may be prompted to download a plug-in." No biggie.

Fitzpatrick also realized that if you don't have Flash (which is actually a good security practice) United will helpfully offer to install it for you as well:
Because what's flying the friendly skies without the opportunity to push multiple pieces of software that might put your computer at risk!

At this point, United will provide lots of detailed instructions on how to install the DRM-you-never-wanted on your machine:
Notice the more detailed instructions to get it to work in Chrome (and the earlier note about how this system doesn't support Chrome)? That's because the plugin is using NPAPI, which is a security nightmare and is no longer supported in Chrome for security reasons. As the Chrome team has noted: "NPAPI is a really big hammer that should only be used when no other approach will work."

So, not only is United trying to install unnecessary and annoying DRM on your computer, it's also doing so in a way that it is recognized as being a security nightmare. That's encouraging.

In the interest of science, Fitzpatrick dug a little deeper and discovered that the "DRM plugin" in question is actually Panasonic's Marlin DRM -- something we actually wrote about years ago, as an attempt to create an "open source" DRM. Though, amusingly, Fitzpatrick notes that the DRM comes with strong copyright warnings itself:
This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Panasonic Avionics Corporation or its subsidiaries, affiliates, ad suppliers (collectively "PAC") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").
How sweet. You need to abide by Panasonic's rules when you install its security nightmare of a DRM you didn't want, just to watch an in-flight movie.

And, really, after all this, people should be asking but why? What "threat" model requires United to force dangerous malware onto your computer? And the answer is likely that Hollywood requires it, because to Hollywood everything is a threat, and the idea that someone might be paying hundreds of dollars for flights and they might also then make a copy of a movie... well, that's just too much to handle, and they have to first ask you to break your computer and put all your data at risk. Isn't that sweet of Hollywood? Oh wait, no I didn't mean sweet. I meant insane.

I'm sure that United Airlines didn't think through much of this and the details when it agreed to these ridiculous terms. It just thought it was adding an option that sounded nice. Letting people have access to more entertainment options, including on their own devices sure sounds like a nice option for some passengers. But if it comes with forcing people to put their computers and information at risk, it gets problematic fast.

Filed Under: drm, flash, in flight entertainment, marlin, marlin drm
Companies: united airlines

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Josh in CharlotteNC (profile), 22 Jul 2015 @ 11:45am

    Re: Re: Re:

    It's not just that the DRM plugin itself isn't something you would voluntarily want on your system.

    The entire infrastructure and method of distributing these kinds of plugins (NPAPI) being used has been recognized as a security nightmare for years.

    What NPAPI does is allow any random website that has something embedded that requires a plugin to point to any random location the website wants as a source to get that plugin. Depending on browser settings, it may download and install the plugin automatically, or pop up a window like what is described. The large majority of users will just click accept on the window. This is why Chrome does not allow it. Mozilla has greatly modified how it works in Firefox to only point to Mozilla's trusted plugin library. I believe Opera does not allow it either (they use something similar to Chrome).

    United's solution to how to play video on someone's device looks identical to one of the most popular ways to spread malware from a decade ago - the "video codec plugin" scam.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.