Tim Berners-Lee Sells Out His Creation: Officially Supports DRM In HTML

from the this-is-bad dept

For years now, we've discussed the various problems with the push (led by the MPAA, but with some help from Netflix) to officially add DRM to the HTML 5 standard. Now, some will quibble with even that description, as supporters of this proposal insist that it's not actually adding DRM, but rather this "Encrypted Media Extensions" (EME) is merely just a system by which DRM might be implemented, but that's a bunch of semantic hogwash. EME is bringing DRM directly into HTML and killing the dream of a truly open internet. Instead, we get a functionally broken internet. Despite widespread protests and concerns about this, W3C boss (and inventor of the Web), Tim Berners-Lee, has signed off on the proposal. Of course, given the years of criticism over this, that signoff has come with a long and detailed defense of the decision... along with a tiny opening to stop it.

There are many issues underlying this decision, but there are two key ones that we want to discuss here: whether EME is necessary at all and whether or not the W3C should have included a special protection for security researchers.

First, the question of whether or not EME even needs to be in HTML at all. Many -- even those who dislike DRM -- have argued that it was kind of necessary. The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5. However, this argument rests on the assumption that the web needs those content producers more than those content producers need the web -- and I'm not convinced that's an accurate portrayal of reality. It is fair to note that, especially with the rise of smart devices from phones to tablets to TVs, you could envision a world in which the big content producers "abandoned" the web and only put their content in proprietary DRM'd apps. And maybe that does happen. But my response to that is... so what? Let them make that decision and perhaps the web itself is a better place. And plenty of other, smarter, more innovative content producers can jump in and fill the gaps, providing all sorts of cool content that doesn't require DRM, until those with outdated views realize they're missing out. Separately, I tend to agree with Cory Doctorow's long-held view that DRM is an attack on basic computing principles -- one that sets up the user as a threat, rather than the person who owns the computer in question. That twisted setup leads to bad outcomes that create harm. That view, however, is clearly not in the majority, and many people admitted it was a foregone conclusion that some form of EME would move forward.

The second issue is much more problematic. A bunch of W3C members had made a clear proposal that if EME is included, there should be a covenant that W3C members will not sue security researchers under Section 1201 of the DMCA should they crack any DRM. There is no reason not to support this. Security researchers should be encouraged to be searching for vulnerabilities in DRM and encryption in order to better protect us all. And, yet, for reasons that no one can quite understand, the W3C has rejected multiple versions of this proposal, often with little discussion or explanation. The final decision from Tim Berners-Lee on this is basically "sure a covenant not to sue would have been nice, and we think companies shouldn't sue, but... since this wasn't raised at the very beginning, we're not supporting it":

We recommend organizations involved in DRM and EME implementations ensure proper security and privacy protection of their users. We also recommend that such organizations not use the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) and similar laws around the world to prevent security and privacy research on the specification or on implementations. We invite them to adopt the proposed best practices for security guidelines [7] (or some variation), intended to protect security and privacy researchers. Others might advocate for protection in public policy fora – an area that is outside the scope of W3C which is a technical standards organization. In addition, the prohibition on "circumvention" of technical measures to protect copyright is broader than copyright law's protections against infringement, and it is not our intent to provide a technical hook for those paracopyright provisions.

Given that there was strong support to initially charter this work (without any mention of a covenant) and continued support to successfully provide a specification that meets the technical requirements that were presented, the Director did not feel it appropriate that the request for a covenant from a minority of Members should block the work the Working Group did to develop the specification that they were chartered to develop. Accordingly the Director overruled these objections.

This is unfortunate. What's bizarre is that the supporters of DRM basically refuse to discuss any of this. Even just a few days ago, the Center for Democracy and Technology proposed a last-ditch "very narrow" compromise to protect a limited set of security and privacy researchers (just those examining implementations of w3C specifications for privacy and security flaws.) Netflix flat out rejected this compromise saying that it's "similar to the proposal" that was made a year ago. Even though it's not. It was more narrowly focused and designed to respond to whatever concerns Netflix and others had.

The problem here seemed to be that Netflix and the MPAA realized that they had enough power to push this through without needing to protect security researchers, and just decided "we can do it, so fuck it, let's do it." And Tim Berners-Lee -- who had the ability to block it -- caved in and let it happen. The whole thing is a travesty.

Corry Doctorow has a thorough and detailed response to the W3C's decision that pushes back on many of the claims that the W3C and Berners-Lee have made in support of this decision. Here's just part of it:

We're dismayed to see the W3C literally overrule the concerns of its public interest members, security experts, accessibility members and innovative startup members, putting the institution's thumb on the scales for the large incumbents that dominate the web, ensuring that dominance lasts forever.

This will break people, companies, and projects, and it will be technologists and their lawyers, including the EFF, who will be the ones who'll have to pick up the pieces. We've seen what happens when people and small startups face the wrath of giant corporations whose ire they've aroused. We've seen those people bankrupted, jailed, and personally destroyed.

This was a bad decision done badly, and Tim Berners-Lee, the MPAA and Netflix should be ashamed. The MPAA breaking the open internet I can understand. It's what that organization has wanted to do for over a decade. But Netflix should be a supporter of the open internet, rather than an out and out detractor.

As Cory notes in his post, there is an appeals process, but it's never been used before. The EFF and others are exploring it now, but it's a hail mary process at this point. What a shame.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Thad, 7 Jul 2017 @ 4:17pm

    Disappointing, but unfortunately entirely expected.

    Of course, the ideal solution is to fix this as a matter of law, which EFF is also working on.

    reply to this | link to this | view in thread ]

  2. identicon
    CHRoNo§§, 7 Jul 2017 @ 4:28pm

    time to go make another browser and give freely and opensourced to everyone

    and to think i was one of 60 people whom helped get the netscape communicator 5 code out to the world so this very crap would not happen....

    VERY DISAPPOINTED

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, 7 Jul 2017 @ 4:29pm

    Time to Freeze Out the w3c

    The last time the web was taken hostage by w3c (and Microsoft thanks to Internet Explorer), we had Mozilla rescue the web with new standards (nevermind the later decay Mozilla would go through the past decade).

    We need an early 2000s Mozilla to shake up the web and rescue it from this time the w3c and their corporate overlords (Hollywood).

    reply to this | link to this | view in thread ]

  4. identicon
    UniKyrn, 7 Jul 2017 @ 4:45pm

    What part of "if they want to control what you can access, they benefit more than you" still isn't clear?

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:07pm

    Betting pool time

    How long until this gets broken. I expect sooner than later.

    reply to this | link to this | view in thread ]

  6. icon
    Discuss It (profile), 7 Jul 2017 @ 5:09pm

    What part of "if they want to control what you can access, they benefit more than you" still isn't clear?

    It is difficult to get a man to understand something, when his salary depends upon his not understanding it! - U Sinclair

    reply to this | link to this | view in thread ]

  7. icon
    Anonymous Anonymous Coward (profile), 7 Jul 2017 @ 5:14pm

    Looking for a leader

    Since this is just a protocol, and not a law, aren't browsers able to forego this? I am suggesting, and betting, that one or more browser makers will forego this protocol and make themselves number one, if they aren't already. That may mean that they are no longer members of W3C, but so what?

    reply to this | link to this | view in thread ]

  8. identicon
    Thad, 7 Jul 2017 @ 5:23pm

    Re: Looking for a leader

    Chrome, IE/Edge, Safari, and Firefox have all had EME support for years. Mozilla caved last, but in the end it caved like the rest.

    There are plenty of other browsers. But nobody uses them.

    reply to this | link to this | view in thread ]

  9. identicon
    Thad, 7 Jul 2017 @ 5:24pm

    Re:

    But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:26pm

    We have two weeks to stop this and use the appeals process and hopefully we will.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:28pm

    Re:

    And hopefully this appeals process will work.

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:30pm

    Section 1201

    there should be a covenant that W3C members will not sue security researchers under Section 1201 of the DMCA should they crack any DRM. There is no reason not to support this.

    I can see one: it's been said that strict enforcement of a law is the quickest way to turn people against it. If people know that DRM is going to fuck them, going to be insecure because security researchers would be sued into oblivion for looking at it, perhaps they'll be more likely to resist it. I say if the W3C is going to support DRM, let them support the most horrible user-hostile DRM imaginable.

    Security researchers should be encouraged to be searching for vulnerabilities in DRM and encryption in order to better protect us all.

    Nope, let's not help the DRM purveyors "improve" their DRM. And since they're not acting in good faith with regards to the public—they're writing DRM after all—they shouldn't expect good faith from security researchers.

    reply to this | link to this | view in thread ]

  13. icon
    Anonymous Anonymous Coward (profile), 7 Jul 2017 @ 5:33pm

    Re: Re: Looking for a leader

    I hear ya. But one of the principles of marketing is showing how one is different and better. Given some equality in other aspects, this might be the thing that brings one of those others over the top.

    I do understand that 'some equality' is possibly difficult or impossible to overcome. And for me, it has to run on Linux, yet another burden.

    reply to this | link to this | view in thread ]

  14. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 7 Jul 2017 @ 5:34pm

    Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    Since you don't agree that anyone should have an exclusive right to content merely because they spent the time and money to make it, nearly all of this piece on updating the mechanical means to protect it is your usual attempt to claim that content would be made at all without that exclusive right in law being applied to each new gadget, or system.

    But "free as in beer" or advertising supported as Youtube is pretty much proven to not work. Doesn't look as though even Youtube is actually gaining money, but is subsidized. And its "stars" are literally killing themselves off now, so the future of homemade looks bleak. Youtube would collapse without the underlying support of content stolen from major producers. One can only stand Youtube amateurs like "Stevie Ryan" (who recently committed suicide, only reason I know name), until wanting professional (meaning large high-skill, high-cost team) drama, or at least BIG 'splosions, robots, super-heroes, and car chases.

    Anyhoo, you say that wider use of specialized DRM would be okay, so why quibble about it in the new telescreen -- I mean HTML5 spec?

    Will everyone be required to use this DRM? No, don't see how. Surely still be able to take video from your own gadget while girlfriend shoots through a book with 50 cal from a Desert Eagle -- another Darwin award winner who was doing it for Youtube -- now, that's entertainment -- and put it where anyone can download.

    This is another version of your usual outrage that someone who made content has ability to control it and exclusively them get money from it.

    You've been writing this same schtick for how many years now? Aren't you the least little bit dismayed that exactly none of the changes you foresaw with Napster, of FREE as in beer content everywhere on the net, are in place?

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:35pm

    Re:

    Of course, the ideal solution is to fix this as a matter of law, which EFF is also working on.

    What I've seen from them has been purely "defensive". It's good, but we could use some offense too--like a proposal to make it a crime to interfere with fair use. Leave DRM technically legal, as long as the implementors figure out the "magic" way to block only illegal uses of the copyrighted material.

    reply to this | link to this | view in thread ]

  16. icon
    That One Guy (profile), 7 Jul 2017 @ 5:37pm

    "I'll take my ball and go home, you just watch me!"

    The underlying argument here is that certain content producers would effectively abandon the web without EME being in HTML5.

    Definitely going to agree with the response to this in the article: So what?

    If companies want to cut themselves off from such an amazing resource as the internet because they didn't get to have their DRM to 'protect' them baked into the core standard then let them leave, there are countless people and companies that would happily replace them. I imagine that much like those that threatened Google only to be de-listed as a result they'd come crawling back inside a month, after realizing that the only people they screwed over with their actions was them.

    The proper response to someone throwing a tantrum and tossing out 'ultimatums' like that isn't to cave in, it's to call their bluff and refuse to give them what they want.

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:37pm

    Re: Time to Freeze Out the w3c

    Mozilla corporate overlords were NOT Hollywood, was getting 300 million for 3 years from guess who?

    http://www.zdnet.com/article/mozilla-strikes-firefox-search-deal-with-yahoo-ending-long-partners hip-with-google/

    reply to this | link to this | view in thread ]

  18. identicon
    Pixelation, 7 Jul 2017 @ 5:39pm

    "However, this argument rests on the assumption that the web needs those content producers more than those content producers need the web"

    I say, Good Riddance! Let them leave. The vacuum will fill up quickly. There are a ton of creative people that will rise from it.

    reply to this | link to this | view in thread ]

  19. identicon
    Thad, 7 Jul 2017 @ 5:41pm

    Re: Re: Re: Looking for a leader

    The trouble is that the vast majority of users will not consider "and it doesn't work with Netflix!" to be a value-add.

    If you want to use Icecat, my hat's off to you. But you're going to have trouble convincing most people to join you.

    reply to this | link to this | view in thread ]

  20. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:42pm

    Re: time to go make another browser and give freely and opensourced to everyone

    hopefully this appeals process will work and I dont think its a hail mary process at this point like the article is saying.

    reply to this | link to this | view in thread ]

  21. identicon
    Thad, 7 Jul 2017 @ 5:43pm

    Re: "I'll take my ball and go home, you just watch me!"

    It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.

    But you're right that the correct response would have been to call their bluff. Or, at the very least, pass the compromise to protect security researchers.

    reply to this | link to this | view in thread ]

  22. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:45pm

    Re:

    "Any person having a gadget which can copy IS an enemy of those who produce content"

    So... anyone with a computer then. Judging from your ability to post here, that includes you.

    How existential can you get?

    reply to this | link to this | view in thread ]

  23. identicon
    Anonymous Coward, 7 Jul 2017 @ 5:52pm

    Re: Re: "I'll take my ball and go home, you just watch me!"

    They will never be able to wall it off into a bunch of proprietary apps.

    reply to this | link to this | view in thread ]

  24. icon
    That One Guy (profile), 7 Jul 2017 @ 5:54pm

    Re: Re: "I'll take my ball and go home, you just watch me!"

    It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.

    And watch their user/customer numbers take a not-insignificant hit as suddenly people found themselves needing to deal with a half a dozen or more different things in order to get what they had before. Make it too big of a hassle and I imagine more than a few would decide that they don't actually care enough to jump through the hoops and went elsewhere.

    reply to this | link to this | view in thread ]

  25. identicon
    Thad, 7 Jul 2017 @ 5:57pm

    Re: Re: Re: "I'll take my ball and go home, you just watch me!"

    I like to think you're right.

    On the one hand, phones and tablets have proven that people are fine with downloading an app that's just a fucking browser with most of its features stripped out that can only visit one website. On the other hand, it's a mistake to assume that people are willing to accept the same behavior from their desktops that they are from their phones. (And that mistake is called Windows 8.)

    reply to this | link to this | view in thread ]

  26. icon
    Anonymous Anonymous Coward (profile), 7 Jul 2017 @ 6:13pm

    Re: Re: Re: Re: Looking for a leader

    I use Chrome and sometimes Firefox in Linux, and am not actually happy with either, this capitulation being part of my disappointment. I do not use them to watch much video, the occasional YouTube or Vimeo video in connection with some article. Icecat and other Linux only browsers don't do it for me either.

    I have my own sources for video and music and books (using OpenElec for video and music and Open Reader (Android) for reading), and have not violated any laws in my collecting these (recording off the air is not illegal). If I cannot get it legally, I don't view, listen, or read. At the same time I don't think there is anything wrong with torrents, there is nothing out there that I might want to watch, listen to, or read, that I cannot get from the library for the same cost to me. The hysteria of the copyright middlemen is out of control, but it hasn't stopped me, and won't, though I may miss out on some new content, again, so what.

    Could I live just re-reading Shakespeare or other public domain works for the rest of my life? It might just take me that long to actually understand all that was said. Much of it is quite deep. But I do look for entertainment, even if it is just background noise to some degree, and not nearly as deep.

    reply to this | link to this | view in thread ]

  27. icon
    Stephen T. Stone (profile), 7 Jul 2017 @ 6:14pm

    Re:

    Any person having a gadget which can copy IS an enemy of those who produce content.

    By this logic, anyone who fancies themselves a “content producer” can refer to the hundreds of millions of people who own or operate a smartphone, DVR, tablet, or personal computer as “enemies”. How does that make any goddamn sense to you?

    reply to this | link to this | view in thread ]

  28. icon
    Matthew Cline (profile), 7 Jul 2017 @ 6:15pm

    Re: "Any person having a gadget which can copy IS an enemy of those who produce content"

    Any person having a gadget which can copy IS an enemy of those who produce content.

    Wait, not "anyone who copies copyrighted works", but "anyone who has a device which could copy"?

    reply to this | link to this | view in thread ]

  29. icon
    Matthew Cline (profile), 7 Jul 2017 @ 6:18pm

    Research exemtpions

    Also, I'm morbidly curious as to your thoughts on there being no exemption for security researchers which would ensure that they won't get sued.

    reply to this | link to this | view in thread ]

  30. icon
    Anonymous Anonymous Coward (profile), 7 Jul 2017 @ 6:25pm

    Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    Don't let libraries get in the way of your tantrum.

    reply to this | link to this | view in thread ]

  31. icon
    Discuss It (profile), 7 Jul 2017 @ 6:46pm

    Re: Re:

    You're right, it doesn't. However, the snark in my comment was directed at the people who are pounding away trying to get it in at all. TBL did not, to me, seem in favor of this. His words strike me more as "Oh, well, do what you want. You will anyway." than a full voiced roar of approval.

    In any case, even if DRM is incorporated into HTML standards, it doesn't mean I will use it. If the content I wish to consume isn't around where I can consume it as I would like, I'll do without it.

    Worse in my opinion, are licensed text books. One I was needing for a refresher cost $2,000 for a 1 year license. After that, you couldn't read the book without purchasing another license.

    reply to this | link to this | view in thread ]

  32. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 7 Jul 2017 @ 7:00pm

    ...Yeah? Well FUCK YOU TOO, Tim Berners-Lee. I hope someone releases a sextape of you.

    reply to this | link to this | view in thread ]

  33. icon
    That One Guy (profile), 7 Jul 2017 @ 7:03pm

    Re: Re: Re:

    His words strike me more as "Oh, well, do what you want. You will anyway." than a full voiced roar of approval.

    If he was really against it and thought that his opposition wouldn't have mattered then he should have been openly against it anyway. 'You might be able to push this through despite me, but you won't get my approval or agreement while you do it.'

    That I imagine people could have respected, but his current stance of, if not agreement with the proposed inclusion of EME then at the very least an indifferent position towards it? Not so much.

    reply to this | link to this | view in thread ]

  34. identicon
    Anonymous Coward, 7 Jul 2017 @ 7:23pm

    Re: Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    Or pen(cil) and paper.

    reply to this | link to this | view in thread ]

  35. identicon
    Anonymous Coward, 7 Jul 2017 @ 7:24pm

    Re: Re: Re: "I'll take my ball and go home, you just watch me!"

    They can. It helps that there are only 2 major phone platforms... but then there are 2 gaming platforms, 2 PC platforms, plus stuff like set-top boxes.

    Still, if the browser vendors didn't give in, someone would have to write and maintain those apps. As DRM is basically pollution, the public shouldn't be paying the costs and helping them spread it; instead we should make them pay as much as possible, and hope they'll change their mind

    reply to this | link to this | view in thread ]

  36. identicon
    Anonymous Coward, 7 Jul 2017 @ 7:30pm

    Re: Looking for a leader

    Since this is just a protocol, and not a law, aren't browsers able to forego this?

    You can turn it off in Firefox, at least, though you'd still be using a browser written by people who sold you out.

    reply to this | link to this | view in thread ]

  37. identicon
    Anonymous Coward, 7 Jul 2017 @ 7:32pm

    Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    Good job exploiting someone's death for your stupid nonsensical rant.

    reply to this | link to this | view in thread ]

  38. icon
    jaquer0 (profile), 7 Jul 2017 @ 8:19pm

    Of course DRM is absolutely necessary!

    It is absolutely essential that DRM, walled gardens, release windows, movies and TV shows that mysteriously appear and disappear on Netflix and the rest of it be maintained and strengthened.

    How are we going to have robust, free, P2P file sharing sites if the media monopoly mafia suddenly makes their paid services as easy to use as a well-seeded torrent?

    I have Amazon Prime, a streaming and DVD subscription to Netflix, and a cable-like internet-based TV service.

    Yet often I will download something I see is available on my streaming services, because I had to watch it at 7:47 PM when it started but I was watching something else, or just want to make sure there are no annoying "buffering" interruptions ... thank you Comcast!

    Or I want to make sure I can see it --or see some part of it-- away from Wi-Fi access, or just repeat a scene because I didn't hear it well (high-frequency hearing loss is a common side effect of the chemotherapy drug cisplatinum, but it beats the hell out of being dead).

    People say it's "stealing" but I've already paid to watch it. All I'm doing is time-shifting and creating a reasonable accommodation for my physical limitations, given that I survived cancer and have gotten so old I'm on Medicare.

    My one difference with Tim Berners-Lee is that he shouldn't allow it in HTML, because soon enough people will break it and then all you've done is junked up the protocol with tech that will be deprecated before the year is out.

    Much better to let the media mafia stream it in an encrypted stream, and that way you can charge people for using an app at the client end to decode it (sort of like a virtual cable box). That way you can pay the app rental every month to remind you how fortunate you are that this monopoly has condescended to let you be their customer.

    Sp promote free (as in freedom, even if it's also free like free beer) video on the internet by letting the media mafiosi cut off their own heads and hold them up to show there are no brains in there.

    reply to this | link to this | view in thread ]

  39. icon
    Rapnel (profile), 7 Jul 2017 @ 9:08pm

    Web. web browser. web app. drm. not neutral net. content and network provisioning are merged and continue to merge unabated. Netflix got that taste of the fluff. App gardens and victimized search catalogs.

    That seems like a pretty clear message. The web browser horse is getting old. We need a fresh pony for the new race.

    The only thing I can see that can cut deeply into this, media horror show, is to decentralize onto protocols that will enable you to regain control.

    The Web is tough act to follow and, ho boy, good times, but we got to move on.

    reply to this | link to this | view in thread ]

  40. identicon
    Anonymous Coward, 7 Jul 2017 @ 9:31pm

    Re: Re: "I'll take my ball and go home, you just watch me!"

    It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.

    You mean like how they're instead walling off their content behind the inappropriately endorsed DRM provided by EME? Either way, the content's not properly accessible. If it's going to be inaccessible either way, I'd rather my browser not be carrying around EME code that security researchers cannot legally investigate to see how badly written it is.

    reply to this | link to this | view in thread ]

  41. icon
    techflaws (profile), 7 Jul 2017 @ 9:44pm

    The main point still is that DRM just DOES NOT WORK. All the content 'protected' by DRM is still freely available? So why do these clowns still put their money on it?

    reply to this | link to this | view in thread ]

  42. identicon
    Erin, 7 Jul 2017 @ 10:10pm

    Re:

    Two problems with this:
    1) Laws are not global, while the web is. At best you'll end up with competing laws all over the place which is already a mess with existing standards. Adding another layer won't make that better.

    2) Lawmakers in many -- perhaps most -- countries seem to be firmly in the pockets of the people pushing DRM. That is, you're more likely to see "DMCAv2.0 now with even more consumer rights destruction!" than you are to see a pro-consumer law. Not that the latter _couldn't_ happen, but its not the most likely outcome should politicians start digging their hands into the situation.

    reply to this | link to this | view in thread ]

  43. identicon
    Erin, 7 Jul 2017 @ 10:33pm

    Re: Betting pool time

    Probably a long time, since EME isn't actually a DRM system itself -- its a container protocol to create a standard interface for third party DRM systems to pass through.

    Essentially, the "breakable" parts are still proprietary and not part of the standard. The only required "encryption" scheme the standard outlines is cleartext, which doesn't really take a lot of work to crack. Beyond that, its still up to each DRM provider to come up with their own actual encryption method -- they just have to build it in a way that works with the newly defined protocol/APIs.

    reply to this | link to this | view in thread ]

  44. icon
    Mike Masnick (profile), 7 Jul 2017 @ 11:32pm

    Re: Re:

    But his salary doesn't depend upon his not understanding it. He's Tim Berners-fucking-Lee. He could have pushed one of the compromise proposals and it wouldn't have cost him a dime.

    To be fair... there have been some quiet murmurs and rumblings and rumors that... his salary kinda does depend on this. That is, the W3C, as currently structured costs a fair bit of money and at times it's been a bit hard up in finding enough support. Along come the likes of the MPAA, willing to be paying members... and things are more stable magically. So... without EME in DRM, the W3C might lose paying members like the MPAA and that might make it more difficult for it to stay in operation (at least at its current levels).

    That, at least, is the story I've heard from a few people, but it may be somewhat exaggerated.

    reply to this | link to this | view in thread ]

  45. identicon
    Anonymous Coward, 8 Jul 2017 @ 12:30am

    Re: Re: Re:

    In any case, even if DRM is incorporated into HTML standards, it doesn't mean I will use it.

    The problem is that unless your browser does not incorporate support, or that support can be turned off, you have no choice in whether or not a module is loaded and run on your computer. Also, unfortunately I can see advertisers jumping on this to 'protect' their adds by increasing their ability to track people around the Internet.

    reply to this | link to this | view in thread ]

  46. identicon
    frank, 8 Jul 2017 @ 12:51am

    We need new OS's

    In computing in general, the user is the 'enemy'. That's what causes 9 out of 10 security flaws on private computers.

    reply to this | link to this | view in thread ]

  47. identicon
    Anonymous Coward, 8 Jul 2017 @ 2:33am

    Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    >This is another version of your usual outrage that someone who made content has ability to control it and exclusively them get money from it.

    You obviously do not understand how DRM will work, the DRM owner will be the publisher, and take control, via copyright assignment,or work for hire contracts, of creators works before wrapping them in DRM. In other words DRM is a means whereby the middlemen can gain control of works created by other to their great profit, with a few crumbs given to the selected creators that they publish.

    reply to this | link to this | view in thread ]

  48. identicon
    Anonymous Coward, 8 Jul 2017 @ 3:47am

    DRM is anti-consumer, anti-privacy, anti-security. Do you want any more reasons against it? Fuck off, Tim Berners-sell out.

    reply to this | link to this | view in thread ]

  49. icon
    MyNameHere (profile), 8 Jul 2017 @ 5:52am

    Answer me this (everyone except Thad)

    I have to ask, because nobody ever seems to answer it properly:

    How does adding the provision of DRM to the html standard suddenly "break" anything? Can't sites that choose not to use DRM just keep going as always?

    It's a serious quesiton, because the claims of "breaking" the internet always seem to come off as "taking away our free lunch". So I am open to hearing the real reasons why (without insults, thanks, it's a serious question).

    reply to this | link to this | view in thread ]

  50. identicon
    Anonymous Coward, 8 Jul 2017 @ 5:57am

    Hows this for drm

    If you dont want unauthorised people viewing your shit, dont put it into the public stratosphere

    Money dictating the privelaged few who can view every public arts if they so chose.......expanding the divide between those with a higher percentage of a nations/global wealth, and those that get by from paycheck to paycheck

    Rich folk creating laws for rich folk, class systems havent gone away....they've just had a makeover

    reply to this | link to this | view in thread ]

  51. identicon
    Anonymous Coward, 8 Jul 2017 @ 6:10am

    Any time the MAfiAA is involved it IS about M.O.N.E.Y. they're clearly throwing it at him like it's buckets of water since it is 1) against his convictions 2)not being open and transparent about it and refusing to discuss any of it.

    It's about time to start blocking port 80/443 and move to a new one.

    reply to this | link to this | view in thread ]

  52. identicon
    Anonymous Coward, 8 Jul 2017 @ 6:39am

    Re: Answer me this (everyone except Thad)

    The problem with DRM is that it means that the corporations need to control your devices to make it work, as otherwise it is easy to bypass. Further in means that they can run arbitrary opaque code on your devices which can be doing anything, and if you think that they will not use it to gather data on you you, and force adverts on you, you are sadly delusional. Just look at what they made unskippable on DVDs, anti piracy messages, and adverts for 'future' releases which get old rather quickly.

    reply to this | link to this | view in thread ]

  53. identicon
    Anonymous Coward, 8 Jul 2017 @ 8:06am

    The world needs fewer TBL and more RMS.

    reply to this | link to this | view in thread ]

  54. identicon
    Rekrul, 8 Jul 2017 @ 9:43am

    It's easy to explain: Tim Berners-Lee is a sell-out.

    reply to this | link to this | view in thread ]

  55. identicon
    Anonymous Coward, 8 Jul 2017 @ 9:51am

    Re: Re: Re: Re:

    The problem is that unless your browser does not incorporate support, or that support can be turned off, you have no choice in whether or not a module is loaded and run on your computer.

    If you're using a browser where it can't be turned off, and whose source code you can't modify, you've already agreed to give up control. As long as source is available, someone will release a non-DRM version. Many Linux distributions like Debian and Fedora have policies against non-free software, so they'll pretty much have to disable it if they're going to ship the browser.

    reply to this | link to this | view in thread ]

  56. identicon
    Anonymous Coward, 8 Jul 2017 @ 9:56am

    Re: Re: Re:

    there have been some quiet murmurs and rumblings and rumors that... his salary kinda does depend on this.

    If Tim were fired for taking a moral stand, it would be great for his reputation and potentially disastrous for the W3C's. He would have absolutely no trouble finding another well-paying job.

    reply to this | link to this | view in thread ]

  57. identicon
    Anonymous Coward, 8 Jul 2017 @ 10:02am

    Re: Re: "Any person having a gadget which can copy IS an enemy of those who produce content"

    > Any person having a gadget which can copy IS an enemy of those who produce content.

    Wait, not "anyone who copies copyrighted works", but "anyone who has a device which could copy"?

    Yes, absolutely, if we're referring to the opinion of the "big copyright" content producers. See Sony v. Universal where they tried to kill the VCR, or Digital Audio Tape which they successfully killed.

    Of course, essentially all "content" is copyrighted and nearly everyone produces it these days.

    reply to this | link to this | view in thread ]

  58. identicon
    Anonymous Coward, 8 Jul 2017 @ 10:31am

    Re:

    So why do these clowns still put their money on it?

    Consumers are paying them to.

    reply to this | link to this | view in thread ]

  59. identicon
    Thad, 8 Jul 2017 @ 10:33am

    Re: Re:

    Definitely a fair point. I support the EFF in continuing to attack this issue on all fronts.

    reply to this | link to this | view in thread ]

  60. identicon
    Anonymous Coward, 8 Jul 2017 @ 10:35am

    Re: Answer me this (everyone except Thad)

    Aww, you're pretending to be interested in serious discussion.

    reply to this | link to this | view in thread ]

  61. identicon
    Thad, 8 Jul 2017 @ 10:36am

    Re: Re: Re:

    Yeah, I'm sure he was worried that if he hadn't passed EME, it would have meant the end of W3C and we'd be looking at some other industry-backed standards body, or no standards compliance at all.

    reply to this | link to this | view in thread ]

  62. identicon
    Thad, 8 Jul 2017 @ 10:39am

    Re: Re: Re: Re: Re: Looking for a leader

    I understand, and, like I said, my hat's off to you. I'm just saying that most people have a different set of priorities than you do, and I can't see a path to a browser advertising itself as EME-free and getting more pickup that way until some kind of crisis occurs -- some EME implementation has a major data leak, or there's a major security compromise, or becomes associated with major performance/stability/battery issues, or something along those lines.

    reply to this | link to this | view in thread ]

  63. identicon
    Thad, 8 Jul 2017 @ 10:46am

    Re:

    There are a couple of reasons.

    One is that they're lying about the purpose of DRM. It's not to prevent copyright infringement; it's to prop up middlemen, and allow them to use DRM -- its legal implications, not its technical ones -- to lock customers into a monopoly and wholesalers into a monopsony.

    Another is best described in Cory Doctorow's 2012 article, With A Little Help: Digital Lysenkoism. Basically, the engineers who write and support DRM know that shit doesn't work, but the bosses want it so the bosses get it.

    reply to this | link to this | view in thread ]

  64. icon
    discordian_eris (profile), 8 Jul 2017 @ 11:31am

    Re:

    No. He is a coward, plain and simple. Physical courage isn't hard to find, it is abundant amongst us humans. Moral courage however is much rarer. TBL just proved he lacks any semblance of moral courage and should no longer be in charge of anything, let alone W3C. He just agreed to screw over billions of fellow humans, and for what? Hmmmm. I wonder if this proposal violates the ECHR?

    reply to this | link to this | view in thread ]

  65. identicon
    Anonymous Coward, 8 Jul 2017 @ 11:34am

    Re: Re: Re: Re: Re: Looking for a leader

    I am heavily against DRM and do not support EME, but I don't want my browser deciding what parts of a protocol they're going to implement. I have no issue with Firefox lobbying W3C to drop this "feature" but if it's in the protocol, I expect them to implement it.

    I know since we're talking about DRM, it's really easy to support Firefox and Chrome ignoring EME, but if we leave it up to the browsers, we'll have another IE6 fiasco all over again. Protocols and standards (especially open ones) have been beneficial to the internet's growth and I support them wholeheartedly, but the browsers should not be deciding this. Otherwise, what's the point of having and agreeing to a protocol at all.

    reply to this | link to this | view in thread ]

  66. icon
    orbitalinsertion (profile), 8 Jul 2017 @ 1:10pm

    Re: time to go make another browser and give freely and opensourced to everyone

    Yeah i would definitely support a browser that does not implement any of this.

    And as someone who uses the descendant of communicator, i thank you and everyone else who helped make that code open source.

    reply to this | link to this | view in thread ]

  67. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 8 Jul 2017 @ 1:18pm

    Re:

    Yes, DRM must be made illegal, because I have the right to steal music and movies. Uh huh.

    reply to this | link to this | view in thread ]

  68. icon
    MyNameHere (profile), 8 Jul 2017 @ 1:22pm

    Re: Re: Answer me this (everyone except Thad)

    I don't think any of that really answers the question. You have concerns, most of which depend on implementation.

    However, you didn't answer the question: What of the existing internet is suddenly "broken" with the addition of a DRM layer to html5? What suddenly will not work anymore?

    reply to this | link to this | view in thread ]

  69. identicon
    Anonymous Coward, 8 Jul 2017 @ 1:27pm

    Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    He's been writing the same schtick for so many years because...
    it's the only schtick he has. Pretty sad, actually.

    reply to this | link to this | view in thread ]

  70. identicon
    Anonymous Coward, 8 Jul 2017 @ 1:36pm

    Re: Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    I think you will find it says to make copies, which is different from control copies.

    reply to this | link to this | view in thread ]

  71. icon
    orbitalinsertion (profile), 8 Jul 2017 @ 1:40pm

    Re: Re: Re: Re: Looking for a leader

    Yeah, I still know no one who uses IceWeaselCat or SeaMonkey. Never mind for anti-EME reasons on the Debian Linux side of things. And good chance the OS is going to enforce something chosen against with a browser, if there were a such browser in the win10/osx world.

    reply to this | link to this | view in thread ]

  72. icon
    orbitalinsertion (profile), 8 Jul 2017 @ 1:45pm

    Re: Re:

    Anyone who produces content must automatically refer to themselves as an enemy, by that logic. Unless they only do live performance something, maybe.

    reply to this | link to this | view in thread ]

  73. icon
    orbitalinsertion (profile), 8 Jul 2017 @ 2:28pm

    Re: Answer me this (everyone except Thad)

    One thing i haven't seen mentioned, but another important one, never mind what those providing DRM might do: It's and increased bugload and an increased attack surface.

    For something that does not belong in HTML standards at all, it is an awkward bolted-on thing from the start. The increased code in implementing the "standard" adds further complexity, and therefore, bugs and vulnerabilities. And this at a time when browser extensions are becoming less useful for anything serious because the API model is "too vulnerable". So square those two things. Add to that the exposure EME adds, never minding the horrible awful problems and security holes any actual DRM plugin provides. (And which may be installed or downloaded and installed silently.)

    If I want to run your service, and you demand DRM, then provide me an installer or whatever. There is no particular use in it being a web "standard" - which will fluctuate and require constant fixes and updates, rendering previous browser versions (and probably OSes) "obsolete" by DRM standards, once they all figure out how crap their standard and implementations are in the real world. Whether it is because it breaks other things, introduces grave vulnerabilities, or because people will keep breaking their DRM. The EME spec will never be enough. Watch it "evolve" faster than any other part of W3C standards ever.

    Also, you seem to think everyone who ever has a problem with any of these things does so because they want to infringe content. That's your problem. There are people with copyright concerns i can take seriously, and those who i cannot, and it is fairly clear why they have a concern: Either they want to have some comfort they will make a living from their hard work, or they are abusers or corporations that make an exorbitant living off other people's hard work while usually paying the creator little or nothing. That is, some have concerns in good faith, while others do not. Can you for a moment just imagine that at least some people who have issues with copyright and protections schemes have these concerns in good faith? People would engage more constructively with you. Unless you don't operate in good faith at all.

    reply to this | link to this | view in thread ]

  74. identicon
    CHRoNo§§, 8 Jul 2017 @ 3:25pm

    perhaps us guys that helped get communicator 5 out ought to gather up and SHOUT NO DRM

    perhaps us guys that helped get communicator 5 out ought to gather up and SHOUT NO DRM

    thing is of the 60 or so of us only like 20 were not companies or corporations....

    funny part is i still ahve my complete copy of communicator 5
    all way back the netscape 3 gold

    firefox is getting less useful every day as i dont upgrade

    g+ wont let me share my images no more
    neither will facebook ( for people to download and use as they wish)

    the entire web is walling itself off and im sick of it....

    remember folks supporting facebook, google plus microsft and twitter are all now aligned with drm and the nsa and federal agencies that are dead set against anyone having freedom anymore on the net....they use the words terrorism when there are no cases terrorists use it(encryption) and in decade all the fun i had and friends i met will be walled off from me....and YOU.

    I can see a time perhaps 5-10 after that when people jsut turn away form it cause its just the way everything in your commercials on cable are shoved at you that the promise of cable was there was not to be any....

    i havent had cable tv since 96....
    good luck everyone ....im old now and they want us all ot just die and go away ....

    reply to this | link to this | view in thread ]

  75. identicon
    Anonymous Coward, 8 Jul 2017 @ 3:45pm

    Re: Re: Re:

    A quick look at the W3C website shows that the membership dues for a nonprofit like the MPAA is a mere $7900. Doesn't seem like enough $$$ to move the needle. Corp level dues are a different story.

    reply to this | link to this | view in thread ]

  76. identicon
    Anonymous Coward, 8 Jul 2017 @ 4:13pm

    Re: Re: Answer me this (everyone except Thad)

    Don't you think that lije flash or java you can just turn it off? It would be weird not to have tgis easily disabled.

    reply to this | link to this | view in thread ]

  77. icon
    Stephen T. Stone (profile), 8 Jul 2017 @ 4:48pm

    Re: Re: Re: Answer me this (everyone except Thad)

    Much like disabling Flash, if you were to disable that DRM, you would disable everything that requires you to run said DRM. Disabling the DRM module that would allow you to watch Netflix, for example, would disable your access to Netflix. At that point you would have a rather hard decision to make: Run the DRM and watch Netflix in a compromised browser, or run a browser without any DRM modules installed and never watch Netflix again.

    reply to this | link to this | view in thread ]

  78. identicon
    Anonymous Coward, 8 Jul 2017 @ 5:06pm

    Re: Re: Re: Re: Answer me this (everyone except Thad)

    Turn it on when you need it and turn it off when you are done.

    Its your choice.

    reply to this | link to this | view in thread ]

  79. icon
    Stephen T. Stone (profile), 8 Jul 2017 @ 5:38pm

    Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    You would compromise your broswer every time you run the DRM. Which would you rather have: the most secure browser possible, or a browser that you personally open up to attack each time you want to watch some Netflix?

    reply to this | link to this | view in thread ]

  80. identicon
    Anonymous Coward, 8 Jul 2017 @ 6:05pm

    Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Just use a netflix app rather than a browser. Your problem is resolved.

    You also make tge assumption that Netflix wants to sonehow infect your machine. Seems hopelessly paranoid.

    reply to this | link to this | view in thread ]

  81. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:19pm

    Re: perhaps us guys that helped get communicator 5 out ought to gather up and SHOUT NO DRM

    If they want you all to die and go away I'd say that represents a clear and present threat to your survival, no? There's usually something that always happens when such a group feels that backed into a corner...

    reply to this | link to this | view in thread ]

  82. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:21pm

    Re: Re:

    Brussels is absolutely swarming with lobbyists these days. The ECHR will be neutralized in due time.

    reply to this | link to this | view in thread ]

  83. icon
    Stephen T. Stone (profile), 8 Jul 2017 @ 7:22pm

    Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Netflix would not be the problem. The DRM used by Netflix—DRM that might have security holes which could not be disclosed or even discovered by security researchers—would be the problem. And as others above have said, “apps” for services such as Netflix are actually one-site-only browsers customized for that service.

    Which would you rather have: a browser that lessens your chances of a malware attack, or a browser that leaves your device open to malware by way of ineffective, shoddily-written, easily-cracked DRM that cedes control over part of your computer to the people who own and operate that DRM?

    reply to this | link to this | view in thread ]

  84. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:24pm

    Re:

    Why? People wouldn't even listen to one. What good would ten do? Or 100? Or 1,000?

    reply to this | link to this | view in thread ]

  85. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:26pm

    Re:

    He has no convictions if money can sway him this readily.

    reply to this | link to this | view in thread ]

  86. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:29pm

    Re: Re: Re:

    If that's true then this was not only entirely foreseeable, but inevitable.

    The only question was "When?".

    reply to this | link to this | view in thread ]

  87. identicon
    Anonymous Coward, 8 Jul 2017 @ 7:31pm

    Re: Re: Re: Re:

    As somebody else pointed out further down the comment chain, taking such a gamble would require moral courage.

    Tim doesn't have it in him.

    reply to this | link to this | view in thread ]

  88. identicon
    anonymous, 8 Jul 2017 @ 8:22pm

    Pragmatism, vs. folding up and crawling into a corner.

    Depends what you want the web to be. Some want it to just work. And what's that going to cost?

    Others just want it to just work, and how much can we get from that?

    I think they're both expecting more than they should be. Square pegs, round holes; nothing new here. If they wanted it to work their way, they should have built their own. They'll never be satisfied by a generic, provided, standards compliant version.

    Dumbth.

    reply to this | link to this | view in thread ]

  89. identicon
    Lawrence D’Oliveiro, 8 Jul 2017 @ 9:04pm

    Re: It's not that they'd "leave the Internet", it's that they'd wall it off into a bunch of proprietary apps.

    We already went through that phase.

    Before the Internet, there were the proprietary dialup services, e.g. Compuserve, Prodigy etc. They had content available nowhere else, and they charged accordingly. Where are they now?

    Gone.

    Then in the early days of the Web, several companies scoffed at the crude nature of HTML at the time, and put a lot of effort into their own proprietary, “superior” alternatives: remember Quark Immedia, or Microsoft’s Project Blackbird?

    No, nobody else does either.

    The lesson of history is clear: when it comes to a showdown between content and connectivity, connectivity wins. The Internet is all about connectivity. That’s why it wins.

    reply to this | link to this | view in thread ]

  90. identicon
    Anonymous Coward, 8 Jul 2017 @ 10:42pm

    Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Your question is loaded. You feel everything drm will be bug filled. Yiur answers are based on fear mongering.

    Not really useful.

    reply to this | link to this | view in thread ]

  91. icon
    Stephen T. Stone (profile), 8 Jul 2017 @ 11:28pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    You feel everything drm will be bug filled.

    When has any form of DRM ever not had bugs? When has any form of DRM ever worked 100% consistently? When has any form of DRM never been cracked?

    DRM cedes control of some part of your device to an outside party. It opens up your device to whatever holes can be exploited by malicious actors who have cracked the DRM and weaponized whatever holes they can create. I fail to see how opening up your device to that sort of security risk outweighs the benefits of being able to watch Netflix—especially since you can already watch Netflix without any extra DRM.

    reply to this | link to this | view in thread ]

  92. identicon
    Anonymous Coward, 9 Jul 2017 @ 12:45am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    I patch unix server bugs all the time. There is almost always issues to be resolved. By yiir logic anything that has had a problem in the past should be thrown away and never thought of again.

    Thats just fear mongering.

    reply to this | link to this | view in thread ]

  93. icon
    MyNameHere (profile), 9 Jul 2017 @ 3:19am

    Re: Re: Answer me this (everyone except Thad)

    Okay, I take the point that DRM has been a bit all over the road in the past. However, that is in no small part because it's been all non-standard. Standards by their definition improve things dramatically.

    I would also say that browsers, OSes, and various web serving platforms all have bugs and all need patching. You are way more likely to get a virus on your computer by opening a bad or fake PDF file. Should we ban PDFs?

    Good faith means to me working with standards. Adding DRM in a standard implementation rather than a series of patches, installers, and bloatware that would work in an entirely different fashion for every website. The more variation you have at that level, the more likely that one or more of them will be a failure and will instead root kit your machine or open a back door so big... insert Ron Jeremy joke here.

    So, beyond that, you still really didn't answer the question: What is suddenly "broken" if DRM is added to HTML? Remember, nobody is going to force web developers to use it. So what is suddenly magically broken?

    reply to this | link to this | view in thread ]

  94. icon
    Stephen T. Stone (profile), 9 Jul 2017 @ 3:46am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    UNIX’s bugs can be researched and disclosed and fixed in a timely manner. No one has yet said the same about any DRM cooked into HTML5. And even if someone did, that assurance would still not explain why HTML5 needs DRM—especially when no DRM system has ever been effective in stopping piracy.

    reply to this | link to this | view in thread ]

  95. icon
    Stephen T. Stone (profile), 9 Jul 2017 @ 3:49am

    Re: Re: Re: Answer me this (everyone except Thad)

    What is suddenly "broken" if DRM is added to HTML?

    The idea that everyone could agree to a single DRM standard.

    reply to this | link to this | view in thread ]

  96. identicon
    Anonymous Coward, 9 Jul 2017 @ 4:01am

    Re: Re: Re: Answer me this (everyone except Thad)

    This is not a standard form of DRM, but rather a standard framework to allow content providers to insert their own DRM system into a browser, worse this allows the decoder software to be loaded when a stream is opened. Consider this proposal to be a sandbox in which DRM software will run, and like all sandboxes it will fail to fully contain its contents.

    Besides which at heart DRM is incompatible with the user having any control over their own hardware, as otherwise screen recorders etc. will defeat it totally.

    reply to this | link to this | view in thread ]

  97. icon
    That One Guy (profile), 9 Jul 2017 @ 4:32am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    UNIX’s bugs can be researched and disclosed and fixed in a timely manner. No one has yet said the same about any DRM cooked into HTML5.

    Especially given the refusal to provide an exception to security researchers that might otherwise find bugs in the DRM so they can be fixed. Without that explicitly spelled out any researcher is risking legal action if they try to pick apart the DRM in order to look for any bugs or exploits that could cause problems and/or be used by more nefarious individuals.

    reply to this | link to this | view in thread ]

  98. identicon
    Anonymous Coward, 9 Jul 2017 @ 5:00am

    Re: Re: Looking for a leader

    I still use Konqueror. There are places with broken HTML that it doesn't like, so I don't go there. It's like driving a Ferrari; it doesn't like bad roads much. But it's so fast that running Chrome or Firefox feels like your computer just turned into a 286, and its built-in support for ad blocking and bad hosts is so convenient, every time I've tried moving to a more mainstream browser, I wound up going back to Konqueror.

    "Speed thrills."

    [bear in mind, my first browser was NCSA Mosaic on SCO V, before it became Netscape...]

    reply to this | link to this | view in thread ]

  99. icon
    MyNameHere (profile), 9 Jul 2017 @ 7:54am

    Re: Re: Re: Re: Answer me this (everyone except Thad)

    It still does't make anything "broken". Please follow on with an answer that makes sense.

    reply to this | link to this | view in thread ]

  100. identicon
    Anonymous Coward, 9 Jul 2017 @ 9:55am

    Re: Re: Re:

    are you high?

    reply to this | link to this | view in thread ]

  101. icon
    Munch (profile), 9 Jul 2017 @ 10:00am

    Re:

    Maybe Tim Berners-Lee believes in copyright to an extent.

    If he strongly opposed copyright I doubt he would support such a proposal.

    reply to this | link to this | view in thread ]

  102. identicon
    Anonymous Coward, 9 Jul 2017 @ 12:21pm

    Re: Re: Re: Re:

    Are you?

    reply to this | link to this | view in thread ]

  103. identicon
    Anonymous Coward, 9 Jul 2017 @ 12:40pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Each actual DRM module will be developed by the smallest team possible, and under conditions of maximum secrecy, as those who desire the use of DRM are paranoid about it being broken. This is guaranteed recipe for building in security flaws, and hiding code that are not related to DRM, but rather taking control over the users machines. The Sony Rootkit was not an aberration, but rather a clumsy attempt to achieve what the Proponents of DRM desire, total control over end user machines.

    reply to this | link to this | view in thread ]

  104. icon
    MyNameHere (profile), 9 Jul 2017 @ 7:18pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Actually, what is funny here is that you guys seem to be confusing a single DRM with a DRM framework. The framework itself isn't going to be some state secret.

    reply to this | link to this | view in thread ]

  105. icon
    Stephen T. Stone (profile), 9 Jul 2017 @ 8:07pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Yes, and the framework will be built into every Internet browser possible so that they all keep up with the same HTML5 standard. Only a relative handful of total Internet users will ever use a “non-compliant” browser. The rest of the Internet will use a browser that has those standards built into the code.

    And if the DRM framework can be exploited, it will be exploited. So on top of being ineffective at stopping piracy, it will also open up millions of devices to hostile attacks from malicious actors. Why would you think any browser developer would want to make their browser less safe?

    reply to this | link to this | view in thread ]

  106. identicon
    Anonymous Coward, 9 Jul 2017 @ 8:29pm

    Re: Answer me this (everyone except Thad)

    Denuvo has become a standard, apparently. And yet it's both easily broken and overly taxes the machines that run the software that contains Denuvo.

    If it contributes nothing to the consumer's experience and actively makes it worse, it's called "breaking".

    reply to this | link to this | view in thread ]

  107. icon
    MyNameHere (profile), 9 Jul 2017 @ 11:11pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    If you are worried about exploits, don't use the internet. The amount of code you have to use just to view this page, there is likely some bug in there somewhere that could delete your entire hard drive!

    Seriously, a single framework is generally a whole lot better than piecemeal creation and re-creation of unchecked and untested individual hacks to get DRM to "work". By your logic, everything beyond the basic html 1.0 tags is too exotic and risky to use.

    To use the techdirt phrase, you appear to be freaking out over DRM.

    reply to this | link to this | view in thread ]

  108. icon
    That One Guy (profile), 10 Jul 2017 @ 3:45am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    If you are worried about exploits, don't use the internet.

    That's as nonsensical as saying 'If you're worried about car safety, don't drive'. It is entirely possible to point out that a planned change is unneeded and/or likely to be detrimental without jumping to the extreme of abandoning what's to be changed entirely.

    The amount of code you have to use just to view this page, there is likely some bug in there somewhere that could delete your entire hard drive!

    ... And cause your car to explode, your house to catch fire, and a hurricane to flatten your town, don't forget those 'possible side-effects' too.

    That there's already a lot of code involved in a 'simple' page does not mean adding more code, code designed to make it easier to add in additional code specifically designed to take away control of your browser to varying degrees magically becomes no big deal.

    Seriously, a single framework is generally a whole lot better than piecemeal creation and re-creation of unchecked and untested individual hacks to get DRM to "work".

    Well there's your problem/misconception: Unless your goal is to screw over paying customers and/or make things worse for them, DRM has not, and likely never will, 'work'. That browsers will have an easy way to add in any number of different takes on it is not likely to change that, but it is likely to result in even more companies/sites jumping on the 'let's screw our customers/visitors with DRM' bandwagon and spread the 'joy' of DRM even further.

    By your logic, everything beyond the basic html 1.0 tags is too exotic and risky to use.

    No, because his logic isn't 'code is code, and more is bad', that's all on you.

    reply to this | link to this | view in thread ]

  109. icon
    MyNameHere (profile), 10 Jul 2017 @ 4:52am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Still not feeling it. Your objections seem entirely based on the theory that adding support for any extension in the HTML5 standards is a bad idea.

    The truth is you consider DRM to be some sort of death sentence for the internet. Yet, I haven't seen or read anything here that explains it. Rather than going off on a soft of general "DRM sucks" rant, can you perhaps explain what specifically you think is suddenly going to break if DRM is (optionally) available to be supported in the HTML5 standards, no different from a whatever is currently replacing flash?

    reply to this | link to this | view in thread ]

  110. icon
    XcOM987 (profile), 10 Jul 2017 @ 5:20am

    Re: Re: Stealing?

    The objection to DRM has nothing to do with the ability to steal products, for me it's more to do with the fact I want to have the right to do what I want with what I've bought.

    If I want to convert a file so it can play on a device of mine I should be allowed to do so, I don't see why I should be beholden to using a set of approved devices just so I can do that.

    DRM has been shown time and time again not to work and if anything have a bigger impact for legimate customers where as pirates get a better experience. (https://arstechnica.co.uk/gaming/2017/06/rime-denuvo-cracked-faster/)

    Also as has been said elsewhere DRM will section off a part of your system which you will no longer have control over, part of which will be your browser, given the issues with browser exploits being used to turn machines in to drones for botnets, take over the brower experience or do download more nefarious things such as Cryptoware I would rather these not be locked in to a DRM safe zone where I can't remove them or prevent them in the first place, just for a minute, think of the damage that could be done if some malicious code were to be in some advert as they are now, but this time it's protected by DRM so your AV, Malware protection or whatever can't see or stop it, just think of the damage this could do wide scale.

    reply to this | link to this | view in thread ]

  111. icon
    SirWired (profile), 10 Jul 2017 @ 7:00am

    Convert what file?

    Content viewed over the web is, by definition, streaming content and therefore is transitory. There's no file to buy or convert. The arguments against DRM for, say, e-books, or downloaded music do not apply here.

    There certainly ARE arguments against web-based DRM, but the "I want control in perpetuity over the content I paid for" isn't one of them.

    reply to this | link to this | view in thread ]

  112. identicon
    Anonymous Coward, 10 Jul 2017 @ 7:44am

    Re: Any person having a gadget which can copy IS an enemy of those who produce content. Fundamental to copyright, why Constitution states "exclusive right" to control copies.

    Kind of curious how you figure no one is making any money off of Youtube advertising and how it is proven not to work when there are so many Youtube stars who got their start on Youtube and that is their main/only source of income.

    Also, on Youtube not gaining money and being subsidized, got a source for that? Pretty sure it wouldn't exist if it wasn't making money on its own.

    reply to this | link to this | view in thread ]

  113. icon
    XcOM987 (profile), 10 Jul 2017 @ 8:04am

    Re: Convert what file?

    I will agree with you in what you said, my view of DRM still stands, I should have clarified that I was talking of DRM in general to get my point over of why it's just a tool for control of content more than anything else and how it causes more harm and such than any benefits it brings.

    The other things I mentioned about the likes of the brower being in a DRM enviroment where code is downloaded and run without your control or intervention opens you up to many many risks.

    reply to this | link to this | view in thread ]

  114. icon
    Stephen T. Stone (profile), 10 Jul 2017 @ 10:18am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Your objections seem entirely based on the theory that adding support for any extension in the HTML5 standards is a bad idea.

    Why would adding DRM into the HTML5 standard be a good thing?

    reply to this | link to this | view in thread ]

  115. icon
    That One Guy (profile), 10 Jul 2017 @ 2:24pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Your objections seem entirely based on the theory that adding support for any extension in the HTML5 standards is a bad idea.

    Again with that strawman? Seriously, if you're actually interested in a conversation stop strawmaning the positions of people that reply to you. Continuing to do so just indicates that you're not interested in an honest discussion, despite any claims to the contrary, and as such it's a waste of time to respond to you.

    'Any' extension? No, if something is being added for a good reason, like to make things more secure, and it can be properly vetting by people to check that it is secure then I wouldn't really have a problem with it.

    Built-in support for extensions that cannot be vetted, that by design are intended to take control away from the user to varying degrees and that historically have never worked and have screwed over legitimate customers while the ones intended to be hit carry on just fine? Yeah, that I have a problem with.

    reply to this | link to this | view in thread ]

  116. identicon
    Thad, 10 Jul 2017 @ 4:43pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Seriously, if you're actually interested in a conversation stop strawmaning the positions of people that reply to you. Continuing to do so just indicates that you're not interested in an honest discussion, despite any claims to the contrary, and as such it's a waste of time to respond to you.

    Ding ding ding.

    reply to this | link to this | view in thread ]

  117. identicon
    Thad, 12 Jul 2017 @ 12:36pm

    EFF has appealed. I expect we'll see an article on that subject here soon.

    reply to this | link to this | view in thread ]

  118. identicon
    Anonymous Coward, 12 Jul 2017 @ 11:23pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Answer me this (everyone except Thad)

    Let's also remember - this is the same guy who rants about Google and complains about how a lot phones run Android, therefore: MONOPOLY. But for some reason he can't jailbreak or run another OS or just flat out not use Android phones.

    Yet he expects the only permitted solution for avoiding DRM exploits in HTML5 to be "don't use the Internet".

    reply to this | link to this | view in thread ]

  119. identicon
    Anonymous Coward, 13 Jul 2017 @ 10:24am

    Re: Re:

    So you are saying that Tim Berners-Lee, aka sellout, prefers copyright over freedom and security.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.