Forgot your password?
typodupeerror
DRM

W3C Declares DRM In-Scope For HTML 290

Posted by Unknown Lamer
from the treacherous-computing dept.
FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.
This discussion has been archived. No new comments can be posted.

W3C Declares DRM In-Scope For HTML

Comments Filter:
  • by Anonymous Coward on Tuesday February 12, 2013 @08:13AM (#42870271)

    It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.

    I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.

    The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.

  • Trust Us (Score:5, Insightful)

    by overshoot (39700) on Tuesday February 12, 2013 @08:17AM (#42870301)
    Well, so much for open-source W3C-compliant browsers.
  • by Anonymous Coward on Tuesday February 12, 2013 @08:19AM (#42870305)

    DRM has its place, but we also have to be careful about when and how we use it. For example: I would argue that DRM is valuable for ebook lending (e.g. through libraries). However, it doesn't have a place when the goods are sold (e.g. violates the doctrine of first sale).

    In the context of the Internet, we must also be careful. One of the advantages of the current structure is openness. That openness allows adaptability to different circumstances. DRM opposes that because anyone who has the keys can reopen the Internet, so those keys will be carefully guarded. This would result in vendors be marginalized, from the application to the system software level. Not only does this limit options for the market as a whole, it limits options for specialized products (e.g. accessible web browsers, utilities for people who don't have access to broadband due to location/affordability).

  • by Anonymous Coward on Tuesday February 12, 2013 @08:23AM (#42870327)

    No. HTML, Hyper Text Markup Language, is a standard for describing documents. It is NOT the place to implement or enforce Digitally Restricted Media(DRM). Other applications already exist for this purpose and new application will also follow that can all be integrated into your HTML document if you insist on using it. But it belongs in an external application, not HTML.

  • by Anonymous Coward on Tuesday February 12, 2013 @08:24AM (#42870331)

    Flash, Java, Silverlight, take your pick.

    As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
    Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
    The information I am able to find and use is also about the same.
    The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.

    Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
    It's a web PAGE, pal. It should look and work like a PAGE.

  • by Anonymous Coward on Tuesday February 12, 2013 @08:30AM (#42870371)

    DRM being bad is a not a "idealism". It's not some persons *opinion*. It's not like arguing about whether Inception was a good movie (it was).

    DRM is faulty *by design*. This is a mathematical truth. And you either accept that truth, or you live in denial. This isn't a "weelllll, it's really annoying for business". Ok, so what? Gravity is really annoying for the American Airlines. Those are the breaks.

    The hardware, at the most bottom layer (assembly), has the instruction: mov eax, ebx. This instruction copies data freely. All digital hardware has an equivalent function. You cannot do anything with computers without this basic function.

    When you hold a computer, you are physically holding this magical copy instruction. This copy instruction does not know about copyright, or rights holders, or fair use, or DRM, or business models. It simply duplicates a digital value. No computer could exist without it.

    So, how do you propose to remove this function, without destroying the computer in the process? It's, ultimately, impossible. You can make things very difficult -- that's fine! Because all you need is one bored determined hacker to break it (which must always be possible, as long as computers exist), and "unlock" the media. Then it will be traded freely.

    The only way to stop it is to destroy the computer. Destroy the `mov ax, bx` instruction, that freely copies digital data. But the computer provides so much *other* value, that you can't do that either.

    So you just have to live with it. And the sooner you realize that, and realize that this isn't about "idealism", but instead about a mathematical truth that people are living in denial about, the sooner you stop propagating this delusion that DRM is some sort of "solution". It's snake oil. Get over it. I know it sucks. It sucks for me too -- I make music. It sucks. Adapt, or die.

  • by ByOhTek (1181381) on Tuesday February 12, 2013 @08:31AM (#42870381) Journal

    What exactly would you consider a better technology?

    Pure HTML is nothing more than an SGML derivative, like XML, and for the use of formatting, is not bad.
    CSS, as a way of taking some of the ambiguity and potential for different interpretations on formatting, is also not bad.
    JavaScript... OK, yeah, this language could be better. It has a lot of nifty features that can do more harm than good, and is missing one or two nice features (like good type identification, rather than prototype checking, which can have quirks in different browsers).

    Everything else is a non-standard and/or proprietary add-on.

    Can you think of a better alternative out there that fulfills all the same needs? About the only thing I can think of doing to improve it is replace JavaScript with python (mostly to fix the missing features), Java or C# - and then tweak CSS and HTML a bit to add a few extra features.

    By the way, the needs of HTML, as far as I can observe:
    To present data on a wide variety of systems, where presenting the data accurately is more important than minor (and even major) variances in formatting, as may be called for by the platform presenting the document(s).

  • by petermgreen (876956) <plugwash.p10link@net> on Tuesday February 12, 2013 @08:32AM (#42870387) Homepage

    Open standards and DRM are fundamentally incompatible. If you know how to decode something to display it to the user you also know how to decode it and save the results of that decoding to a file. Therefore any standard that includes drm will either be trivially broken (see conventional pdf "usage restrictions") or not truely open.

  • by blcamp (211756) on Tuesday February 12, 2013 @08:37AM (#42870403) Homepage

    Because this will break it beyond repair.

  • by the_B0fh (208483) on Tuesday February 12, 2013 @08:37AM (#42870405) Homepage

    Because you will get royally fucked over. That is why DRM sucks. You will now hand your over identity in order to be able to browse sites, etc. Google, Facebook, etc will now know who you are. Anonymity will be gone forever. Your browser will report on you all the time. Do you know what are web bugs? Do you think the equivalent DRM'ed version will not be there? Except now, because of DRM, it will know exactly who you are.

    And don't even think of using different browsers, etc. Because of DRM, you will establish an identity through each of them, or you won't get to use DRM encumbered crap.

    Seriously, this is really fucked up.

  • by GeekDork (194851) on Tuesday February 12, 2013 @08:39AM (#42870423)

    That's pretty much all.

    The best that this idiocy can possibly produce is further fragmentation of "The Web": right now, we have "kinda sane" standards in HTML 4.01 and XHTML 1, as well as CSS 2.1; everything beyond that are half-baked hacks in the form of several implementations of HTML 5, CSS 3 modules, their DOM APIs, and whatever browser vendors decided to implement. Adding DRM to the fray will not help things, since no matter how you look at it, you will end up with content only available on specialty browsers like Chrome, IE, or fringe mobile platforms, all the while still blissfully carrying the "HTML" tag.

    At the end of the day, it will be cheaper for content peddlers to just cut out the bullshit and keep doing things in Flash, and I can't even say that I'm sad about it anymore.

    Oh, and the W3C? They can go die in a car crash FWIW, it wouldn't be a huge loss beyond the humanitarian impact. Not like they did anything useful in the past 10 years.

  • by Anonymous Coward on Tuesday February 12, 2013 @08:40AM (#42870435)

    It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences.

    It's not about the evilness of DRM, it's about the fact that it's useless. Has there been a DRM in history that has not been cracked? Why spend energy on a useless endeavour?

    The people pushing for this may believe it's worthwhile and useful (or rather the content licensees do), but I think most people on Slashdot are clueful enough to know better.

    So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?

  • by allo (1728082) on Tuesday February 12, 2013 @08:41AM (#42870445)

    no, it can be another way. just think of a trusted media path (using trusted computing and a TPM). Then the TPM chip can negotiate a shared secret between your monitor and the site serving the video. then the whole software can be opensource, just as it can with SSL, and it will always see only the encrypted data. In this way, trusted computing is good for opensource, because there is no need for security by closed source (obscurity) anymore.
    The only problem ... every company can use this to sell a minimum only, like pay-per-view business models instead of pay-per-download models. But the problem here is the business model, not the tech.

  • by Agelmar (205181) * on Tuesday February 12, 2013 @08:44AM (#42870459)

    The reality of DRM is that, absent having a TPM that enforces some sort of software integrity that reasonably ensures that the player is sending the video to a trusted display (TPM validating OS validating player software validating HDCP connection), you're going to be stuck with some security-by-obscurity closed source components, or "plugins". It's unfortunate but I can't honestly see a way around that without much larger changes (like trusted computing, but in a slightly less evil implementation hopefully). The "better alternative" to native apps then becomes allowing DRM to be done in the browser in the least intrusive manner possible -- that is, use as much of the browser's code as possible and have the plugin footprint be as small as possible. Today Flash and Silverlight are used not just for DRM but for the entire player application, ideally the player application could be mostly in HTML and using the browser's stack as much as possible, calling out to the DRM module only for either decryption or saying "Please composite this decrypted stream into that div".

  • by Phrogman (80473) on Tuesday February 12, 2013 @08:47AM (#42870477) Homepage

    I couldn't agree more. HTML is for marking up the content we want to serve on a webpage. It should not be a means to enforce corporate digital rights, particularly when we have seen other instances where enforcing those rights meant "deny by default". Implementing something like this will require even more monitoring of every web browser. I am already tracked enough by dozens of websites who do so without my permission, then sell the results to corporations.

  • by Anonymous Coward on Tuesday February 12, 2013 @08:55AM (#42870529)

    Because cross-platform implies open standards so that everyone is able to implement it on his platform. OTOH, DRM implies a secret component, so that only licensees can implement it. So DRM will only be available on platforms which are popular enough that the implementation pays off the licensing cost (assuming he is even able to get a license). And it will be completely unavailable on open source platforms because it is incompatible with open source.

  • by h4rr4r (612664) on Tuesday February 12, 2013 @08:56AM (#42870543)

    Because how would they not be?

    DRM requires that there is some secret that you do not share with me. This means the implementor would have to port it to every OS and architecture since no one else could.

  • by Cenan (1892902) on Tuesday February 12, 2013 @08:57AM (#42870555)

    That only moves the point in the pipeline where you need to insert code to do the ripping. No matter what scheme is thought up, the end result will always be breakable, simply because you need to output unencrypted content to the end user. You don't even need to break the encryption or do anything at all, all that is needed is to intercept the unencrypted signal before it is presented to the end user. This has been shown time and time again.

  • by gl4ss (559668) on Tuesday February 12, 2013 @09:13AM (#42870707) Homepage Journal

    are you suggesting we move movie decode to monitors? and then what about the open source browser being tweaked to save the stream to disk and replaying it... and to combat that the monitor would also need to have network - the whole thing would end up being running in the monitor. might just as well buy a tv with a binary only inaccessible properiaty content browser in which case there is nothing open about your content flow. DRM inherently depends on black boxes - sw or hw - and that is incompatible with open systems, be them hw or drm.

    the tech is definitely a problem - it's in direct odds with anything open source being in the flow. you can already do crappy drm plugins(silverlight) for your browsers and stream via them(like netflix) so I fail to see what would be the point of trying to put this shit into the general open source portions of the browser.

    remember the point isn't about controlling access to the media but controlling what the browser does with that media. and that needs total control over the browser - which means you wouldn't be able to compile your own.

  • by Anonymous Coward on Tuesday February 12, 2013 @09:20AM (#42870781)

    DRM is a broken concept. If it is possible to read or display the data anywhere, then it is possible to make a copy of that data.

    No DRM schema will ever work, even if you make custom hardware to enforce it. How has custom hardware helped out the XBox? just solder a mod-chip on the motherboard and now you can run unsigned code. as soon as someone else has physical access to the hardware you can't stop them from altering it.

    It only requires a single person to break your DRM for DRM free versions of your data to leak out. and many times DRM free versions are available before the official version is even released, meaning insiders were involved, so they can't even secure their own facilities.

    In the end DRM is only punishing the honest customers and degrading their experience, it isn't even slowing down the "pirates".

  • by devent (1627873) on Tuesday February 12, 2013 @09:22AM (#42870813) Homepage

    No it is possible: with legislation. That is why the BBC is calling for legal sanctions.
    This will result in invading your privacy at home just like any DRM:

    However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

    Television is generally a more expensive medium than music to produce due to the amount of labour involved, and therefore for consumers to purchase. Business models that enable content to be available to them on a temporary (or rental) basis are usually able to do so at significantly lower cost than would be the case for permanent copies.

    That is definite not true on the Internet. "Television" on the Internet is cheaper then permanent copies. Once the infrastructure is in place, you just pay for the bandwidth.

    An example of this effect in action can be seen with the BBC’s iPlayer – by limiting the window of availability, the BBC is able to make content available for no additional fee to UK licence fee payers.

    Yes because the current copyright model is broken. If the copyright terms were not astronomical high, the producers wouldn't be so greedy and would not impose artificial limitations by hiking up prices for unlimited availability. That is the only reason public entities like the BBC needs to artificial limit availability. There are no real cost in making a video available once or unlimited on the iPlayer.

    We require the ability to securely identify a type of device, and enable or disable video playback based upon the answer.

    Goodbye free operating system and free browsers. I can see a future where Mozilla needs to negotiate a license with the BBC (or any other producer) to be able to play their videos.

    The ability to pass further restrictions to the graphics rendering path if available.

    Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

    Instead, the high-quality video content that the broadcast industry produces will be made available only to closed devices and application stores where such security can be implemented.

    It's just the same anyway. Either you close up the Web with DRM or you use closed solutions like Flash or Silverlight. What is the advantage for the Web again? There is no way under those conditions from the BBC that an open source browser like Firefox or open source system like Linux can operate.

  • by devent (1627873) on Tuesday February 12, 2013 @09:28AM (#42870873) Homepage

    PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman [guardian.co.uk]

    Now the DRM from the cloud services will be standardize. That will give legislators only more excuses to push such laws as the DMCA, SIPA or SOPA. "The proposed law will only make compliance with the W3C Media Source Extensions more easier. You do want your Youtube videos, no?"

  • by serviscope_minor (664417) on Tuesday February 12, 2013 @09:54AM (#42871159) Journal

    I understand that DRM has legitimate purposes,

    No it doesn't.

    What it does is annoy the paying customer and serve as no impediment to the pirate.

  • by jellomizer (103300) on Tuesday February 12, 2013 @10:04AM (#42871279)

    DRM isn't fool proof. However it is a case of keeping the honest, honest.

    How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

    Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

    Are you willing to solder a chip to your hardware, risk breaking it?

  • by Catbeller (118204) on Tuesday February 12, 2013 @10:11AM (#42871361) Homepage

    Our browser engines will now become secrets. Cracking those secrets will be a felony worldwide.
    This is the end of the world wide web. The network is now a commercial sanctuary, guarded by businesses for businesses.

    I never understood why banks and such were even allowed to be on the web. It was obvious then, and now, insanely obvious, that they would envelope and digest the protocol, and make it their own. They should have stayed on their own closed lines. The web was not designed for secrets.

    Except now, it will be.

  • by sootman (158191) on Tuesday February 12, 2013 @10:33AM (#42871607) Homepage Journal

    Or, as Bruce Schneier so briefly and eloquently put it, "Trying to make bits uncopyable is like trying to make water not wet."

  • by jbolden (176878) on Tuesday February 12, 2013 @11:18AM (#42872133) Homepage

    It is not banks that are driving this. What banks what is generic HTML with security. Brokerages pretty much the same. Banks want your session to be secure, they are very well setup for securing their network against you.

    Consumer entertainment is what is driving DRM.

  • by Microlith (54737) on Tuesday February 12, 2013 @11:29AM (#42872283)

    it is a case of keeping the honest, honest.

    So punishing the honest while doing nothing against the dishonest.

    How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

    For those willing, all they have to do is wait. Eventually it will be released sans DRM.

    Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

    If I'm forced to use an OS I cannot trust, then probably.

Support bacteria -- it's the only culture some people have!

Working...