United Airlines Requires You To Install Special Brand Of DRM To Watch Movies On Flights

from the yeah,-that's-not-happening dept

On Twitter yesterday, Brian Fitzpatrick, a tech entrepreneur, noted that while trying to enjoy the in-flight entertainment on the United Airlines flight he was taking, the in-flight Wi-Fi system told him he need to install its special brand of DRM. They didn't even try to sugarcoat it with some fancy confusing name. It's literally called the DRM plugin:
In case you can't see the image, it says:
Click 'Okay' to download the latest DRM Plugin.
After installation playback should resume immediately,
if it doesn't then you may need to restart your browser.
Fitzpatrick kindly sent me a bunch more screenshots and details. That little error message pops up -- along with other error messages -- when you go to watch a movie:
This is part of United's "beta test" of its "Personal Device Entertainment" option, that allows you to apparently fuck up your computer, just to get access to the short list of films and TV shows that United has contracted to allow you to watch while in flight. The "requirements" on United's website only shows "the latest version" of various browsers (oddly, Chrome is excluded -- which we'll get to) and Flash Player 15 or higher.
Notice that it doesn't say anything about "our own personal malware." The only indication something may be up is in this infographic that says "you may be prompted to download a plug-in." No biggie.

Fitzpatrick also realized that if you don't have Flash (which is actually a good security practice) United will helpfully offer to install it for you as well:
Because what's flying the friendly skies without the opportunity to push multiple pieces of software that might put your computer at risk!

At this point, United will provide lots of detailed instructions on how to install the DRM-you-never-wanted on your machine:
Notice the more detailed instructions to get it to work in Chrome (and the earlier note about how this system doesn't support Chrome)? That's because the plugin is using NPAPI, which is a security nightmare and is no longer supported in Chrome for security reasons. As the Chrome team has noted: "NPAPI is a really big hammer that should only be used when no other approach will work."

So, not only is United trying to install unnecessary and annoying DRM on your computer, it's also doing so in a way that it is recognized as being a security nightmare. That's encouraging.

In the interest of science, Fitzpatrick dug a little deeper and discovered that the "DRM plugin" in question is actually Panasonic's Marlin DRM -- something we actually wrote about years ago, as an attempt to create an "open source" DRM. Though, amusingly, Fitzpatrick notes that the DRM comes with strong copyright warnings itself:
This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Panasonic Avionics Corporation or its subsidiaries, affiliates, ad suppliers (collectively "PAC") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").
How sweet. You need to abide by Panasonic's rules when you install its security nightmare of a DRM you didn't want, just to watch an in-flight movie.

And, really, after all this, people should be asking but why? What "threat" model requires United to force dangerous malware onto your computer? And the answer is likely that Hollywood requires it, because to Hollywood everything is a threat, and the idea that someone might be paying hundreds of dollars for flights and they might also then make a copy of a movie... well, that's just too much to handle, and they have to first ask you to break your computer and put all your data at risk. Isn't that sweet of Hollywood? Oh wait, no I didn't mean sweet. I meant insane.

I'm sure that United Airlines didn't think through much of this and the details when it agreed to these ridiculous terms. It just thought it was adding an option that sounded nice. Letting people have access to more entertainment options, including on their own devices sure sounds like a nice option for some passengers. But if it comes with forcing people to put their computers and information at risk, it gets problematic fast.

Filed Under: drm, flash, in flight entertainment, marlin, marlin drm
Companies: united airlines

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Rekrul, 24 Jul 2015 @ 11:28am

    Re: Re: Re:

    Companies can want me to use anything they like. They can even recommend their preferences to me.

    What's not OK, ever, is to sneakily install software.

    Which is why I hate the practice of making the extra software opt-out and often making the options themselves quite small at the bottom of the page so that people can easily overlook them.

    Many years ago, when the official DivX codec was actually still being used by people, their site originally provided a codec-only download. Then they started bundling it with the DivX player, which wasn't optional and which they forced users to install over many objections.

    Finally, they started bundling the Google Toolbar with the download. Several people, myself included, had the toolbar install without ever seeing any notice that this would happen. The developers swore up and down that this was impossible. One user eventually figured out that the page in the installer that contained the Google Toolbar options didn't show up immediately when the Next button was clicked. Instead the previous page remained displayed for an additional five seconds or so, leading people to think that the click hadn't registered and so they would click again "agreeing" to the Toolbar page without ever having seen it. Of course the next page came up immediately. This was all posted to the official DivX forum. I personally verified that this is what was happening and also posted this on the forum. The only response was silence.

    After a month or two and many more complaints of the Toolbar being installed without permission, one of the DivX developers "discovered" a "rare" condition that could result in the Google Toolbar options not being displayed for a "tiny percentage" of users. When I pointed out that this problem had already been documented by a user in their forum months ago and confirmed by others, I was told that THAT problem didn't exist and that THIS problem was completely different!

    When I asked why they were even including the Google Toolbar (bundling third party software was a new idea at the time) in the first place, the developers insisted that it was just because they thought it was such a great piece of software that everyone should have it. I made a royal pain in the ass out of myself (hard to believe, I know!) over this and finally after a lot of nagging and arguing, they admitted that they were getting paid to include the Toolbar.

    I've been against bundled software ever since. When I download a program I only want that program and nothing else. I won't even use a "download manager" as is required by many formerly respectable download sites. They promote such programs as being more reliable and faster than using the browser's download option. I already have a generic download manager/accelerator. Theirs is just a way to push advertising and other crap on the user.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.