"A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the "Web" technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."
They suggest the W3C may be digging itself into another hole like the one that led to the formation of WHATWG. A good read.
[1] https://www.eff.org/deeplinks/2013/10/lowering-your-standard...
I may be totally naive here, but I'm not really sure why this matters. That there is a WC3 standard does not imply that browsers have to adhere to it. If they didn't they simply wouldn't be able to access DRM protected content. From a UX perspective this seems no different from Netflix putting their content behind a login. Maybe I am being an idiot, if so please correct me, but this doesn't really seem like anything to worry about. The threats implied by EFF, that massive corporations will control content on the internet, seems only true for content published by those massive corporations (and thus are already happening now, with 3rd party DRM ie: Netflix's Silverlight player). It doesn't stop people from publishing non DRM protected content.
I would agree this doesn't belong in the spec on technical level, but it seems to be inclusive not exclusive.
1 - We'll lose the W3C. We'll have to either create another standards body, or go back to the 90's situation when nobody agreed on anything.
2 - There are a few places where actualy reading the data somebody sent to you is a crime. Despite the drawbacks on those kinds of law, some of those places are still very importantly economically, and we can't just ignore them, at least for now. If you create a code for "don't read this data" to be sent over the web, disobeying it will become a crime there.
What the hell are they even talking about here? Since when has ANY browser been "Fully, 100% W3C Compliant"?? Answer: None. Ever. Seriously.
There are rafts of non-compliant features, both legacy and newly introduced, in every single one of the most popular modern web browsers. (Even Opera!!) Certainly, with the last decade of popular support pushing Browser Vendors towards W3C compliance, the web has been more standards-based than ever before.
But this is just a silly argument. I agree with the political aim of the EFF here. But let's not just invent things or misrepresent things. It makes them lose credibility in my eyes.
It's the equivalent of standardizing the object or embed tags: it's a standard way of getting at non-standard functionality, and sites then depend on specific implementations of that non-standard functionality, the same way they depend on the Flash plugin today in ways that knowing how to implement the object tag doesn't help with.
Standardizing a single fully-specified mechanism for DRM might actually be useful (debatably), but that would break the current model in which DRM is completely unsound and relies on security-through-obscurity. "Standardizing" a means of getting at the myriad non-standard DRM implementations and their non-standard APIs is worse than worthless: it's actively harmful, and it prolongs the death of those technologies.
Right now, content providers have to choose whether to support the open web or DRM. They should continue to have to make that choice, with supporters of the open web reaching a larger audience, until eventually all the holdouts either switch or lose. This is a major step backward for that goal, and the W3C has no business claiming EME has anything to do with the open web.
Pretty much like Firefox and IE6 activeX sites, or iPhones / android and flash. DRM simply restricts playback devices.
That depends on where you think UX ends. That login will work fine from within an open source browser and/or OS you compiled (and possibly wrote or tweaked) yourself.
I haven't read the article, but if that DRM works, it wouldn't run in your browser on your OS, as content providers would not trust them. Chances are that your Chrome, Firefox, or Safari extensions wouldn't even work with the DRM (at best, they would get disabled on protected (from you) pages.)
The W3 proposals suggested do not in fact mandate browser vendors implement any DRM scheme to remain 100% standards compliant. This is myth that gets repeated on HN surprisingly often.
The issue is that some big name content providers don't want to sell you content unless they can also install things on your computer. This fact remains regardless of the technological implementation details.
The overwhelming majority of content on the web is DRM free. These proposals do not mandate nor give any incentive for that content to be protected if it is not already.
Sure, but we don't have to aid them in their quest
>The overwhelming majority of content on the web is DRM free. These proposals do not mandate nor give any incentive for that content to be protected if it is not already.
The practical effect of being able to deliver DRM'd content to every non-technical web user, without first having to get that user to download and install your proprietary software, is just massive. This is one of the biggest falloff points in the conversion funnel, so it makes this new delivery method highly attractive. As it is now, businesses have to balance the cost of losing customers against the cost of not being able to DRM their content. Take that dilemma away and I think you certainly have a new incentive. The practical effects of this are far reaching imo.
If anything this is worse than proprietary plugins because those used documented APIs that any browser could support, whereas this is integrated into the web browser itself.
But more importantly the idea of HTML5 was to get rid of proprietary closed source plugins like Flash. Adding DRM to HTML5 will make it rely on proprietary closed source plugins.
I hope the W3C reconsiders. If somebody feels the need for DRM then they should implement their own stuff outside of the open web.
What this standard actually specifies however, is only that the browser will respond to a certain tag by looking for some proprietary-ware to play whatever audio and/or video someone wants to restrict.
This is a disappointing move on the part of w3c, because it lends some air of legitimacy to DRM, and because it revives the otherwise dying plugin system under a new name. But it doesn't actually force DRM on anyone or restrict the ability to do anything on the web.
The best case would be that users are unwilling to install the black-box-ware in order to see videos or whatever, and the feature is little used and the copyright exploiters have to either unlock the content or go away with it. None of which would be bad.
I dislike DRM as much as the next person, but if it's implemented reasonably (think Steam or Netflix), then many consumers are willing to deal with it. EME was what enabled Netflix on ARM-based Chromebooks, for example; and I prefer EME to not being able to legally access media at all.
It is certainly the case that several individuals editing specs under the WHATWG banner have set out their opposition to DRM. It seems unlikely that Hixie will include it the HTML spec he edits unless, of course, we end up with something implemented in browsers that is both interoperable and open. Since "open" rather defeats the point of DRM, it's difficult to imagine that happening, however.
It's a tragic comedy that everyone's yelling at the W3C for losing their way yet again... the WHATWG, weren't they great. Yet the WHATWG is basically a proxy for Google, Apple and Microsoft. And they have driven the W3C agenda for a long while.
When you repeatedly shit on the hippies, academics, and non-browser makers that had more sway in the past at the W3C, and replace them by corporate browser makers, you weaken the antibodies that were in place. The WHATWG's presence has marginalizing other voices within the W3C and forced it to listen to its primary members - i.e. corporate, pay-to-play ones.
Makers of Flash and Silverlight were a 3rd party in the DRM battle. They had to worry about their plugins' marketshare and could not implement too user-hostile DRM. They had to balance pleasing media corporations and users.
Now there won't be anything stopping MPAA's CEOs wet dreams running in your OS's kernel. Media corps have Netflix and Google (Play Store) in their pockets and can force them to ship all kinds of nastiness — under W3C's brand name.
But they're just voices in a large game: Microsoft and Google are co-editors with Netflix of the new DRM spec.
But the moment the MPAA muscles their way into the debate, suddenly we're all about DRM.
If you want DRM, you use a plug-in or a separate application. There's no reason that an app like Netflix or whatever can't use pure-HTML for everything but the video-stream and use a plug-in based object for the stream.
Keep HTML free.
That's exactly what this standard would allow.
For example, 12 years ago W3C attempting to push "RAND" patent licensing into HTML:
http://lists.w3.org/Archives/Public/www-patentpolicy-comment...
This was 100% against the concept of a free, open web, and it took a huge effort to stop it happening. It's crazy that it even got that far.
So it's no surprise that they're pushing industry interests again today. I lost all confidence in that group safeguarding HTML a long time ago, and it looks like the they haven't changed.
It would be great if anyone opposed to this would contact an organization on this list, ask them why they're endorsing and funding DRM and the end of the free Web, and if not, when they will be resigning from the W3C.
Every name you can get stricken from the list is up to around $70,000 per year defunded from what is now most effective driver of DRM in the world. [1] Getting some public statements from the membership would be educational, if nothing else.
[1] http://www.w3.org/Consortium/fees?countryCode=US&quarter=10-...
It's not bad or good for consumers, at best, it's about the same. It's very simple, studios will not allow you to rent their movies without DRM. Netflix will not be able to function without DRM. Neither can steam. It's not up to them, it's up to the content providers, not companies like Netflix.
Is it stupid? Yes. My high school teacher, with no technical knowledge what so ever had a way to brake almost any video DRM. He would play the video on his TV, and record the image with his HD Cam. Stupid? Yes. Effective? Also yes.
The point is, as long as its a plugin type of architecture, not part of the browser binary, what's the big deal. How is it different from Flash or Silverlight?
Oh, and to everyone that proclaims that DRM is bad. Many of you are developers for startups. Is your startup all open source? Why not? Isn't compiling code or running it only on your servers just another type of DRM? Ask your self, would you have a job if your company was forced to share all the code you write? All of it, even the stuff that you write from scratch and only run on your servers.
I think many people hate DRM because of how bad it's implemented, not because of the fact that its there in the first place. Well implemented DRM should be completely transparent to the end user who paid for the content. Steam and Netflix do a pretty good job of it.
It'd make no sense to let people roll their own browsers that circumvent DRM.
What exactly do you think will prevent them from building their already-existing in-house DRM (three different systems, note!) into their own browsers?
Would that somehow lead to Hacker News or Facebook encrypting their site's source code with that DRM? I sort of doubt it. They could do that now with Flash if they wanted to, but no one thinks Flash websites are a good idea.
Right now we have Flash and Silverlight everywhere and it's a PITA. How open are those two? This adds the option of moving this stuff out of plugins. If you want to live in some everything-is-free utopia, just never visit netflix.com.
Why should we care? The web is not supposed to restrict users. If Universal does not like it, they can go somewhere else -- they have the cable TV system with all its restrictions and anti-freedom design.
I assume you mean that the browser shouldn't restrict users? Like, if I stream a movie from Netflix, I should be able to also save it locally so I can take parts of it to use in my fair use arts project? Sorry. Never going to happen. Forcing this use case that _people want_ off into plugins isn't going to make anything more "free".
That's like selling a Roku box that can only play Ted and Youtube videos and saying that it's better because it's totally free, and open, and doesn't restrict its users. Well, sure, that is the best kind of correct. But only because you yanked everything that wasn't free. You didn't actually add any value over the standard Roku box that plays Netflix and Amazon.
You don't complain when you can't decrypt PGP, even though PGP implementations are open source. This is the same thing.
They should be. Because I'm going to continue getting my DRM free video from the Pirate Bay until they do. They might have a chance at revenue if they'd just get over themselves. Dinosaurs.
Simply put, the movie/television is much more diverse than the music industry and won't see its lunch eaten.
The biggest hurdle in getting DRM content in the contract games that are being played with all the major providers right now (remember the TWC/CBS dispute). In these contracts are clauses for all content to be DRM'd. Even if everyone understood that DRM is bad UX, no one gives a shit about fighting those clauses when TWC is removing CBS over contract disputes. It just currently doesn't make sense to risk hundreds of millions of dollars for a moral issue that 99% of users simply don't care about.
Are the people pushing for this hoping it's just too much hassle?
These questions aren't rhetorical: I'm interested in what exactly the DRM people are pushing and how they expect it to work. Just not interested enough to read about it myself :D. (Also, I think this makes for a great conversation topic.)
Hence a browser developer or OS developer or developer of whatever software is in question wouldn't be permitted (by the DRM system's inventor or administrator) to get decryption keys if they didn't promise to implement these restrictions.
Some of the people who invented the modern DRM business ecology called this "the intersection of technology, law, and commercial licensing" (the title of a 1996 article by Dean Marks and Bruce Turnbull). Here, the "technology" is DRM implementations -- including software obfuscation and other measures; the "law" is anticircumvention laws like the DMCA §1201 that make it risky for people to use the decryption keys in ways that industry dislikes; and "commercial licensing" is the permission from a DRM developer to interoperate with that DRM, including "compliance" rules (about the functionality of the technology product) and "robustness" rules (about tamper-resistance), that result in the licensee being issued decryption keys.
In my view (I worked on EFF's objection) this is a deliberate attack on software interoperability: the whole point is to allow someone to try to prevent interoperability with software that hasn't been "approved". And it's also in extreme tension with the idea of having browsers that end-users can modify (their individual instances of).
If a proper open source system has a component that enforces DRM, and is functional when I download it, then it includes those keys; but gives me an unconditional right to use and modify it. And I am physically able to modify it, un-implementing those restrictions.
If part of the system cannot be modified by me, then the whole is not open source, and any open source system such as Firefox shouldn't include that part or standard.
Excellent!
Probably with a client-side file (or binary?) that gets delivered to the browser from the server and accessed locally in a sandboxed environment. This handles keys, auth, etc natively with the browser. This might be seamless to the end user.
Probably easily crackable like, say SteamWorks, but good enough to keep low-hanging fruit safe and copyright holders happy as we begin to retire flash entirely. Joe User won't be able to 'right-click and saveas' but he'll be able to view HTML5 video.
I think TBL is stuck between a rock and a hard place, just like Gabe Newell was with Steam. Users hate DRM, but he can't sell games without it. Some crowd-happy DRM scheme that's unobtrusive might be the only winning move here.
I'm quite surprised to see Tim Berners-Lee approve this in fact, I wonder what made him say yes to this.
If you ask me, the only reason DRM has worked up to now, is because code/file formats/protocols were secret. People didn't have access to the source. But now they do, in the open source browsers.
But PLEASE enlighten me. I wants to know.
Ten years from now (I know it will happen by then; probably sooner), if I grab my Apple smartphone and press "record video" and point it at a piece of DRM-protected content playing on my computer, it will not record. Will not record. There will just be a black spot in your recording. The recording audio will cut out as well, if an audio watermark is detected.
It's an ANALOG hole. Film cameras will always be able to record your screen. Cassette recorders will work fine. But your digital equipment? No.
As far as I can tell DRM has only ever punished, and still only punishes, legitimate users.
Imagine a browser refuse playback video or audio clip based on Cinavia DRM plugin, and also a website requiring such plugin -- via the DRM API -- to provide any content.
So I just make a media player that ignores the watermark, based on the open source code I found in the browser... DRM hacked.
[0] http://www.engadget.com/2010/09/14/hdcp-master-key-supposedl... [1] Key: http://pastebin.com/kCA3dFDv
Everything we've spent the last 20 years building and standardising. Now ruined. Tainted.
They have now lost all legitimacy among anyone who calls themselves a proponent of the open web. We need a new leadership as the old one can't be trusted. We need an open web action group to start over.
Thanks for fragmenting the web, W3C. Thanks for nothing, assholes.
The W3C was always a pay-for-play organization led by corporate interests. The full time staff of the W3C were MIT academics trying to foster conversation so that the openness of the web could be preserved among the reality that most funding for browsers was between competitors looking to make a buck. It took enormous pressure and nearly a decade (1994-2004) to foster web standards to the competent mediocrity they are today.
The WHATWG only solidified the corporate interests, by making browser makers The Only Ones Who Matter: Google (who also funds Mozilla), Microsoft, and Apple.
You can claim you want new leadership, but who has the credibility and legitimacy you claim has been lost? Students? Government workers? All competent engineers are working for for-profit companies (or are funded by them) that want to monetize your eyeballs. You could look to academia and government-funding, I suppose, like the original web. But the web is here, now. It's likely not going to be replaced.
Starting over is a loser's game.
In the end what browser vendors do matters the most, not what w3c thinks. Just look at the history of WHATWG.
OTOH, with a little help from the OS to guard the path through to the HDMI spigot (which is probably already in place) I may be able to see all my Amazon Instant Prime content via my browser in HD. :-)
There's an upside to the downside. Some things will be closed by this and some things will be opened. The impact on the non-pirating media consumer will mostly be positive.
The impact on the cable companies and other parasitic channels through which content must now pass will, to our benefit, be negative since content producers will need them for nothing to maximize the returns on their investment. Many hands that dip into the revenue stream between the producer and the consumer to merely protect the stream can be easily eliminated. The same is true of all the various music channels from the labels through iTunes to Spotify.
I like this because artists and producers will be able to negotiate with us directly which will lower the cost and the motivation to pirate. I'm all for artists and producers making money on their work, but not all the various middle men this can remove from the picture.
I'm very concerned, however, about the possibly negative effect on things other than media content like the general flow of news and information. Any item of information can now easily carry a price for internet access independent of the channels through which it moves.
Verdict: mixed bag.
What a bizarre discussion. Should have been laughed out from the first proposal.
And yet it wasn't. Can certainly make you wonder about the health of the W3C as a whole.
All i see now is the corporate internet.. people may not remember this but AOL and the like tried to create privates corporate internet's and lose in the long term.. the world was too big to be contained.. to be controlled..
This is the beginning of the end of what internet was supposed to be?
The intent was to recognize the Web world for what it was: filled with competitive interests with no interest on the integrity of the architecture that had been created. The W3C was a way to bring their engineers together to save the Web from the various marketing departments that were escalating an arms race of proprietary browser features. It was to create a legitimate channel to drive agreements across competitors without antitrust concerns.
It didn't entirely succeed, only somewhat. But this decision is consistent with its history. The W3C is only a reflection of its members.
EME is not DRM. It's a standard spec for plugins that provide DRM. Essentially it means that someone like Netflix could still use the HTML5 video element for playback while interacting with a browser plugin just to handle the DRM aspect of things.
with video DRM having a foot inside, who dares to venture a guess at what the next victim will be? DRMed js? DRMed html?
Yes, it would be a travesty if those things actually happened. Yes, I think DRM is ultimately pointless and silly. Keep in mind, though, that this is just a transition from one method of DRM playback to another, not a leap to DRM for things that didn't previously have it.
I really think allowing this to happen in the first place is just like opening the Pandora box. You give these guys an inch, they never stop demanding for more censorship.
Building a browser that ignores EME would be functionally equivalent to building a browser that can't use Flash.
Edit: How can it be DRM if the algorithms/formats/protocols are open? Or aren't they open?
They're not. IIRC, the only open parts are the hooks the actual DRM plugin (but we're not calling it a plugin!) will utilize.
If you really want to undermine DRM in an honest and ethical manner, you should leave those DRM'd properties to their owners and support non-DRM media.
How many of you listen to itunes media and are raging about this...
I seem to remember reports that iTunes sales increased quite a bit as they removed the DRM, indicating that removing DRM does indeed make the most business sense, not just the most moral sense or whatever. The best source I've been able to come up with quickly is this: http://www.theinquirer.net/inquirer/news/1022890/emi-drm-fre...
CLOSED SOURCE
icon
on top so that we know we are about to visit a site where we can't see the source of the javascript that is being run on our computer.
The idea is to develop a culture for people to prefer OPEN SOURCED site vs a CLOSED SOURCED one.
Time to fork HTML5.
Edit: The interface between the DRM servers and your backend code isn't standardized either, so content providers still have to do a bunch of DRM-scheme-specific development work. Basically, they standardized just enough to allow sites with DRM to claim they're 100% HTML5, it barely improves interoperability at all.
There are issues to come when consumers only have access to encumbered media, but at the moment, they pretty clearly benefit from the access.
We'll make a new W3C. One that can't be bought so easily.
I doubt they'd even try again, seeing as they've already seen this movie and know how it will end.
It won't stop piracy, even if it means holding a camera up to the screen to capture the data.
However locking down the browser itself is simply ridiculous. it reminds me of snopes.com disabling right click.
I mean, look at what Steam has done to the video game industry; or iOS/Android app stores. When it's easier to buy the copy pretty much nobody is going to bother stealing it.
With a digital good you can copy over and over, and never subtract the original author of its own copy..
The industry itself tried to implant this wrong concept on the peoples mind so they would think its the same.. only its not..
i think the best approach from them would be to accept that new reality in the digital age.. and try to collect money from good customers, the buyers, and try to collect from the people that have made copies of the work by stating they have obligations, and expenses to do that work, and ask for the users the support..
i think thats pretty much what microsoft did with windows.. trying to fight with a possible customer treating him as the enemy, will only hurt them in the long term..
They need to think with a new perspective, not with the same ideas as the XX century.. it will only cause them more damage than good.. people will see them as the enemy, much like we are seeing now
This is doomed before being born (or I missed something).
'By contrast, W3C has now put its weight behind a restrictive future: let's call it "DRM-HTML".'
That's money and time they will not spend doing something useful for their interests.
DRM is a non-starter, for me. Keep your shit out of my peanut butter.
They would be better off having some sort of plugin archetecture that allows this kind of development for specific platforms...
How does this standard prevent that?
You can still get the entire page, it comes in over the wire. If they do this, I would assume we can just capture the raw data, and new apps that decode that raw data and give the same tools as the browser developer tools offer.
If not, hopefully there are browsers who refuse to implement, and hopefully it takes less time than it took Adobe to learn their lesson.
Doesnt change anything for the client.
The providers will swap an object tag for a video one ,that's what it is all about.
It's basically a Flash or Silverlight for video and sound only.
I think I threw up a little in my mouth when I read that.
