Forgot your password?
typodupeerror
DRM

W3C Declares DRM In-Scope For HTML 290

Posted by Unknown Lamer
from the treacherous-computing dept.
FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.
This discussion has been archived. No new comments can be posted.

W3C Declares DRM In-Scope For HTML

Comments Filter:
  • Reality vs idealism (Score:4, Interesting)

    by Agelmar (205181) * on Tuesday February 12, 2013 @09:05AM (#42870231)

    It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences. DRM on the web is already a reality, largely using Flash or Silverlight (see e.g. Hulu, Netflix). However, both of these platforms face problems -- Silverlight in particular seems to have a rather uncertain future, Flash availability on tablets and mobile in general is largely non-existant. The poster asks us to "please use other applications when necessary" - is this really a good answer? That is going to lead to even less interoperability, and I would argue it hurts the web at a time when it's already fighting a serious battle against native apps that generally offer developers better control (of UI, no random GC pauses, actual threading models, etc). It's easy to say "DRM will harm the web", it's a bit harder to foresee what the eventualities of telling people "please go away and use native apps" are.

    I expect this is likely not going to be a popular response, but in short please realize that this is not as simple as saying "DRM is bad". Yes, DRM sucks but I'd argue that in the long run, having a hobbled web platform losing out to native apps (see e.g. iOS) is going to suck more.

    • Re: (Score:3, Interesting)

      by Skapare (16644)

      However, media via Flash or Silverlight is also broken. It doesn't work everywhere and those media executives are just too stupid to figure out a safe system that will work everywhere. They need to find some smart people that know how to make things work and stop push old ideas of trying to control the software in people's computers. It is possible to do.

      • by AmiMoJo (196126) *

        By definition you can't have a "safe system" that works everywhere. All DRM requires some secrecy at some stage, making free beer and open source implementations difficult.

        The current philosophy seems to be to make the DRM less annoying until a balance is found between restrictiveness and people's willingness to buy it. Netflix and Hulu are good example - annoying and unusual for lots of people, but apparently enough are okay with the limitations to pony up instead of heading to the Pirate Bay.

        • by KiloByte (825081)

          All DRM requires some secrecy at some stage, making [...] open source implementations difficult.

          s/difficult/impossible/

          To display the content, you need to decrypt it into an understandable form. This means, the authors would need to add an antifeature to deny some forms of use if a flag is set -- removing such an antifeature is trivial so no one even bothers.

          Effective DRM is, strictly speaking, impossible even in closed source, but the bad guys can least make it hard to pierce.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      DRM has its place, but we also have to be careful about when and how we use it. For example: I would argue that DRM is valuable for ebook lending (e.g. through libraries). However, it doesn't have a place when the goods are sold (e.g. violates the doctrine of first sale).

      In the context of the Internet, we must also be careful. One of the advantages of the current structure is openness. That openness allows adaptability to different circumstances. DRM opposes that because anyone who has the keys can reo

      • by BrokenHalo (565198) on Tuesday February 12, 2013 @10:17AM (#42870755)
        If we're going to go down the path of the internet being used solely for the purpose of a marketplace, I suspect I will continue my pattern of diminishing usage of it as the years go by. I was there right at the beginning when it was ARPANET and MILNET (and yes, I am even older than that). I understand that DRM has legitimate purposes, but so far, what I have mostly seen is its use to lock in consumers and restrict or deny (I'm looking at Amazon here) legitimate use.

        If I am put in a position where in order to purchase certain content, I have to accept DRM encoding, the very first thing I do before I use the file is strip the DRM out. I call this future-proofing, on the grounds that some content providers (Amazon again) have been known to "take back" content, and on the grounds that a digital file should be subject to the same restrictions as a physical book, CD, DVD or whatever.

        But I digress: in the earlier years of the internet, I used to spend a (probably too-)large proportion of my life online. Nowadays, having moved away from urban centres and needing to devote more time to getting a life (growing vegies, raising chooks etc) - and with an enforced bandwidth and traffic limit, I find it easier to keep a more distant perspective. So I no longer spend so many hours trawling the net for things hitherto unknown, and actually spend a few more hours at night in bed with my wife.
      • by Anonymous Coward on Tuesday February 12, 2013 @10:20AM (#42870781)

        DRM is a broken concept. If it is possible to read or display the data anywhere, then it is possible to make a copy of that data.

        No DRM schema will ever work, even if you make custom hardware to enforce it. How has custom hardware helped out the XBox? just solder a mod-chip on the motherboard and now you can run unsigned code. as soon as someone else has physical access to the hardware you can't stop them from altering it.

        It only requires a single person to break your DRM for DRM free versions of your data to leak out. and many times DRM free versions are available before the official version is even released, meaning insiders were involved, so they can't even secure their own facilities.

        In the end DRM is only punishing the honest customers and degrading their experience, it isn't even slowing down the "pirates".

        • by jellomizer (103300) on Tuesday February 12, 2013 @11:04AM (#42871279)

          DRM isn't fool proof. However it is a case of keeping the honest, honest.

          How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

          Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

          Are you willing to solder a chip to your hardware, risk breaking it?

          • by bzipitidoo (647217) <bzipitidoo@yahoo.com> on Tuesday February 12, 2013 @11:51AM (#42871833) Journal

            DRM is 100% nonsense. Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data, the ones that use the term "intellectual property" disingenuously. Of course authors deserve compensation. But being fair to content creators does not mean we should accept costly measures to prop up business models that are clearly broken. Abandon the Internet? Submit to inspections by piracy police paid for by ourselves? Ridiculous! The honesty most lacking is not the people's, it's the proponents of these copy protection schemes.

            How much work are you willing to do to watch that movie for free

            You're thinking of it wrong. It's not how much work any one person is willing to do, it's how much work we all are willing to do. Amortized over a world population of about 7 billion, the amount of work required to break DRM is trivial. Only takes one crack to break the DRM for everyone.

            Is it worth trying different patches made by people of questionable ethics

            The people with the more questionable ethics are the ones trying to impose DRM. I'm more worried about what their unpatched software does than the viruses that could be present in cracks. Remember the Sony BMG rootkit fiasco? The Turbotax boot sector mod? Windows Genuine Advantage, particularly the false positives it raised against legitimate installs? Ernie Ball's experience with the BSA? And once again, you're looking at it wrong. How long can a crack with a trojan go undetected? Only takes one person out of those billions to discover the problem. As soon as it's found out, it's game over for that trojan.

            Are you willing to solder a chip to your hardware, risk breaking it?

            I'm not willing to buy that hardware in the first place.

            • by AmiMoJo (196126) *

              Such schemes are bait for suckers who persist in thinking that ideas and laws for material goods are applicable to data

              Actually that would be a lot better than what we have now. If I buy a chair it's mine to do what I like with. I can modify it, sit on it backwards, sell it to someone else, make copies myself. The carpenter who made it can't take it back, can't charge me on-going fees to sit on it, can't break into my house and smash it up because his license to the design ran out, can't prevent it being used in public etc.

          • by Microlith (54737) on Tuesday February 12, 2013 @12:29PM (#42872283)

            it is a case of keeping the honest, honest.

            So punishing the honest while doing nothing against the dishonest.

            How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00?

            For those willing, all they have to do is wait. Eventually it will be released sans DRM.

            Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

            If I'm forced to use an OS I cannot trust, then probably.

          • Reality (Score:4, Interesting)

            by Sloppy (14984) on Tuesday February 12, 2013 @01:48PM (#42873173) Homepage Journal

            How much work are you willing to do to watch that movie for free where you can pay a $10 a month subscription or rent it for $2.00? Is it worth trying different patches made by people of questionable ethics, perhaps having to rebuild you OS every once in a while until you find the good patch.

            Arrghh.. Really? People can still totally misunderstand the situation this badly, in 2013?

            The people who endure the things that you're talking about, also pay. The fact that they paid for the DRMed media, is why they have DRMed media. Nobody does anything like what you're talking about, to avoid paying.

            People who don't pay, don't go through any of that. How much work am I willing to do to watch that movie for free? NONE. The free content is what works on a computer without any patches, rebuilding, soldering, etc; it works under normal conditions with normal hardware and software. That's the smooth, reliable case, and since anyone and everyone can work on it, there are many players competing against each other to be The Best.

            The non-free DRMed content, is the stuff where the computer is always abnormal in some regard. Either the computer is actively hostile to its user (i.e. the user just accepts the absurdity of the DRM-compatible players' artificial limitations and their general lack of competitive features), or it's schizophrenic and (possibly) unreliable, due to needing to [appear to] serve two masters (the case you seem to be harping on).

            There's not even a grey area worth speaking of. It's not a matter of "some non-payers have to deal with DRM and some customers don't." These are truly all-or-nothing scenarios, where the exceptions are so rare that it's not worth speaking of. Everyone who makes use of pirated media, is free from having to deal with DRM bullshit while they use that media. And similarly, everyone who does struggle with DRM, is always working with a non-pirated copy, which was paid for, unless you're talking about some fringe case of shoplifting or something like that. Don't you understand that?

            So it's not a matter of keeping the honest honest. It's a matter of punishing and discouraging the honest for the "crime"(?) of being honest, constantly tempting them with the promise of how much nicer and easier things will be, if they defect.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      DRM won't harm the web, it will divide it. See Facebook.

      iOS is just a trend, a fading one, otherwise it's percentages wouldn't shift that easy.

      • iOS is a trend. However the idea of low end cheap apps are still growing. A lot of them are in essence just a webbrowser with a couple of security features implemented in it.

    • by Anonymous Coward on Tuesday February 12, 2013 @09:23AM (#42870327)

      No. HTML, Hyper Text Markup Language, is a standard for describing documents. It is NOT the place to implement or enforce Digitally Restricted Media(DRM). Other applications already exist for this purpose and new application will also follow that can all be integrated into your HTML document if you insist on using it. But it belongs in an external application, not HTML.

      • by Phrogman (80473) on Tuesday February 12, 2013 @09:47AM (#42870477) Homepage

        I couldn't agree more. HTML is for marking up the content we want to serve on a webpage. It should not be a means to enforce corporate digital rights, particularly when we have seen other instances where enforcing those rights meant "deny by default". Implementing something like this will require even more monitoring of every web browser. I am already tracked enough by dozens of websites who do so without my permission, then sell the results to corporations.

      • by AwaxSlashdot (600672) on Tuesday February 12, 2013 @10:53AM (#42871143) Homepage Journal

        The proposal is to extend HTMLMediaElement (which is an ALREADY existing part of HTML) so it supports DRM in a standard way.
        HTMLMediaElement is a specific DOM element that correspond to media elements (audio, video) and extends the standard element with media specific features: play, pause, length, volume, etc ...

        The proposal is to recognize that DRMs are an widespread feature used in conjunction with media elements. As such, it is worth standardizing.

        If the DOM accepts having play/pause features on a media element, it could also support DRM methods on a specialization of this element.

        As you said, the implementation and enforcement of DRM is EXTERNAL to the DOM/HTML. Have you read the proposal ? I guess you didn't because the ONLY thing this proposal adds is a bunch of events and methods to allow javascript to provide the key to decrypt an encrypted flow.

        • Ah. So we should just go along with building the guillotine because the blade is not included. Right.

    • Anything that breaks the cross-platform nature of the web is a breakage of the web. We've got enough shit that does that now.

      • by Merk42 (1906718)
        How are DRM and cross-platform mutually exclusive?
        • by Anonymous Coward on Tuesday February 12, 2013 @09:55AM (#42870529)

          Because cross-platform implies open standards so that everyone is able to implement it on his platform. OTOH, DRM implies a secret component, so that only licensees can implement it. So DRM will only be available on platforms which are popular enough that the implementation pays off the licensing cost (assuming he is even able to get a license). And it will be completely unavailable on open source platforms because it is incompatible with open source.

          • by gutnor (872759)

            Not really, the weakness of most DRM platform is that they can be used offline. Meaning that the key to decrypt the content is yours and common to a lot of people. Secrecy is necessary for those algorithm to prevent hacker to find the key too easily.

            On the other hand, constant connection to the internet is a perfectly reasonable limitation for streaming over the internet. It is therefore possible to generate a unique encryption key for the content streamed to you that you retrieve from a license server u

        • by h4rr4r (612664) on Tuesday February 12, 2013 @09:56AM (#42870543)

          Because how would they not be?

          DRM requires that there is some secret that you do not share with me. This means the implementor would have to port it to every OS and architecture since no one else could.

          • by tepples (727027)
            That or people will end up choosing a particular platform because it supports the DRM. That's what video game consoles have done for decades with exclusive titles, and that's what Amazon is trying to do by restricting Kindle Owners Lending Library books and Amazon Prime videos to work on Kindle Fire and no other Android tablet.
        • It doesn't have to be, but it usually is. I use Linux as my regular desktop OS, and there are PLENTY of things off limits because of bad DRM design or designers that don't care about Linux.

    • by Anonymous Coward on Tuesday February 12, 2013 @09:30AM (#42870371)

      DRM being bad is a not a "idealism". It's not some persons *opinion*. It's not like arguing about whether Inception was a good movie (it was).

      DRM is faulty *by design*. This is a mathematical truth. And you either accept that truth, or you live in denial. This isn't a "weelllll, it's really annoying for business". Ok, so what? Gravity is really annoying for the American Airlines. Those are the breaks.

      The hardware, at the most bottom layer (assembly), has the instruction: mov eax, ebx. This instruction copies data freely. All digital hardware has an equivalent function. You cannot do anything with computers without this basic function.

      When you hold a computer, you are physically holding this magical copy instruction. This copy instruction does not know about copyright, or rights holders, or fair use, or DRM, or business models. It simply duplicates a digital value. No computer could exist without it.

      So, how do you propose to remove this function, without destroying the computer in the process? It's, ultimately, impossible. You can make things very difficult -- that's fine! Because all you need is one bored determined hacker to break it (which must always be possible, as long as computers exist), and "unlock" the media. Then it will be traded freely.

      The only way to stop it is to destroy the computer. Destroy the `mov ax, bx` instruction, that freely copies digital data. But the computer provides so much *other* value, that you can't do that either.

      So you just have to live with it. And the sooner you realize that, and realize that this isn't about "idealism", but instead about a mathematical truth that people are living in denial about, the sooner you stop propagating this delusion that DRM is some sort of "solution". It's snake oil. Get over it. I know it sucks. It sucks for me too -- I make music. It sucks. Adapt, or die.

      • And let's not foget one important thing.

        Any series of bytes, of any arbitary length, can be viewed as representing a number. In the case of a file containing (say) 100,000 bytes that's a large number but the point holds that the byte sequence can stil be viewed as a number.

        And what's more ridiculous than trying to prevent people sharing a number ?

        If that number, represented as a sequence of bytes, can be interpreted by some music playing software to produce sound well... that's just magic :)

      • by sootman (158191) on Tuesday February 12, 2013 @11:33AM (#42871607) Homepage Journal

        Or, as Bruce Schneier so briefly and eloquently put it, "Trying to make bits uncopyable is like trying to make water not wet."

    • by petermgreen (876956) <plugwash&p10link,net> on Tuesday February 12, 2013 @09:32AM (#42870387) Homepage

      Open standards and DRM are fundamentally incompatible. If you know how to decode something to display it to the user you also know how to decode it and save the results of that decoding to a file. Therefore any standard that includes drm will either be trivially broken (see conventional pdf "usage restrictions") or not truely open.

      • Re: (Score:2, Insightful)

        by allo (1728082)

        no, it can be another way. just think of a trusted media path (using trusted computing and a TPM). Then the TPM chip can negotiate a shared secret between your monitor and the site serving the video. then the whole software can be opensource, just as it can with SSL, and it will always see only the encrypted data. In this way, trusted computing is good for opensource, because there is no need for security by closed source (obscurity) anymore.
        The only problem ... every company can use this to sell a minimum

        • by Cenan (1892902) on Tuesday February 12, 2013 @09:57AM (#42870555)

          That only moves the point in the pipeline where you need to insert code to do the ripping. No matter what scheme is thought up, the end result will always be breakable, simply because you need to output unencrypted content to the end user. You don't even need to break the encryption or do anything at all, all that is needed is to intercept the unencrypted signal before it is presented to the end user. This has been shown time and time again.

          • by devent (1627873)

            That will all be changed by brain implants [infowars.com]. Now we can ensure the trusted path: Internet, local Computer, HDMI connection, Monitor, Eyeballs. The monitor will output an encoded picture that the eyes will register and the brain implant will decode it to your occipital lobe [wikipedia.org] Later it will erase any memory of the video if the producer set the broadcast flag [wikipedia.org].

        • by h4rr4r (612664)

          If you move the software into hardware that does not make it opensource. Trusted computing cannot be opensource, it must hide data in the TPM.

        • by gl4ss (559668) on Tuesday February 12, 2013 @10:13AM (#42870707) Homepage Journal

          are you suggesting we move movie decode to monitors? and then what about the open source browser being tweaked to save the stream to disk and replaying it... and to combat that the monitor would also need to have network - the whole thing would end up being running in the monitor. might just as well buy a tv with a binary only inaccessible properiaty content browser in which case there is nothing open about your content flow. DRM inherently depends on black boxes - sw or hw - and that is incompatible with open systems, be them hw or drm.

          the tech is definitely a problem - it's in direct odds with anything open source being in the flow. you can already do crappy drm plugins(silverlight) for your browsers and stream via them(like netflix) so I fail to see what would be the point of trying to put this shit into the general open source portions of the browser.

          remember the point isn't about controlling access to the media but controlling what the browser does with that media. and that needs total control over the browser - which means you wouldn't be able to compile your own.

        • So I can just make my own TPM chips based on the standard right?

      • by devent (1627873) on Tuesday February 12, 2013 @10:22AM (#42870813) Homepage

        No it is possible: with legislation. That is why the BBC is calling for legal sanctions.
        This will result in invading your privacy at home just like any DRM:

        However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

        Television is generally a more expensive medium than music to produce due to the amount of labour involved, and therefore for consumers to purchase. Business models that enable content to be available to them on a temporary (or rental) basis are usually able to do so at significantly lower cost than would be the case for permanent copies.

        That is definite not true on the Internet. "Television" on the Internet is cheaper then permanent copies. Once the infrastructure is in place, you just pay for the bandwidth.

        An example of this effect in action can be seen with the BBC’s iPlayer – by limiting the window of availability, the BBC is able to make content available for no additional fee to UK licence fee payers.

        Yes because the current copyright model is broken. If the copyright terms were not astronomical high, the producers wouldn't be so greedy and would not impose artificial limitations by hiking up prices for unlimited availability. That is the only reason public entities like the BBC needs to artificial limit availability. There are no real cost in making a video available once or unlimited on the iPlayer.

        We require the ability to securely identify a type of device, and enable or disable video playback based upon the answer.

        Goodbye free operating system and free browsers. I can see a future where Mozilla needs to negotiate a license with the BBC (or any other producer) to be able to play their videos.

        The ability to pass further restrictions to the graphics rendering path if available.

        Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

        Instead, the high-quality video content that the broadcast industry produces will be made available only to closed devices and application stores where such security can be implemented.

        It's just the same anyway. Either you close up the Web with DRM or you use closed solutions like Flash or Silverlight. What is the advantage for the Web again? There is no way under those conditions from the BBC that an open source browser like Firefox or open source system like Linux can operate.

        • by devent (1627873) on Tuesday February 12, 2013 @10:28AM (#42870873) Homepage

          PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman [guardian.co.uk]

          Now the DRM from the cloud services will be standardize. That will give legislators only more excuses to push such laws as the DMCA, SIPA or SOPA. "The proposed law will only make compliance with the W3C Media Source Extensions more easier. You do want your Youtube videos, no?"

          • PS: Of course Richard Stallman was again all correct about cloud services: Cloud computing is a trap, warns GNU founder Richard Stallman

            Actually, Stallman was wrong on that, starting with confusing out "renting out services run on someone else's computers" (which is the actual source of the "trap", insofar as it exists, that he refers to, and is a practice nearly as old as business use of computers) with "cloud computing" (which is a set of technologies relating to dynamic allocation of resources -- virtu

        • Goodbye your privacy, goodbye open source. Now every component needs to be verified that it is "trusted".

          Only if you want to watch their movies.

    • by the_B0fh (208483) on Tuesday February 12, 2013 @09:37AM (#42870405) Homepage

      Because you will get royally fucked over. That is why DRM sucks. You will now hand your over identity in order to be able to browse sites, etc. Google, Facebook, etc will now know who you are. Anonymity will be gone forever. Your browser will report on you all the time. Do you know what are web bugs? Do you think the equivalent DRM'ed version will not be there? Except now, because of DRM, it will know exactly who you are.

      And don't even think of using different browsers, etc. Because of DRM, you will establish an identity through each of them, or you won't get to use DRM encumbered crap.

      Seriously, this is really fucked up.

    • by the_B0fh (208483)

      Also, why do I have to give up my privacy just so that you can get off on your hate of iOS? IF someone wants to give up their privacy and use a native app, that's their bloody business.

      Why do I have to use a DRM encumbered web? It won't be just movies or songs or ebooks, it will be used for other things. If someone can put a tracker shit in flash, you think they won't do it with DRM?

    • by Anonymous Coward

      It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences.

      It's not about the evilness of DRM, it's about the fact that it's useless. Has there been a DRM in history that has not been cracked? Why spend energy on a useless endeavour?

      The people pushing for this may believe it's worthwhile and useful (or rather the content licensees do), but I think most people on Slashdot are clueful enough to know better.

      So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?

      • by gl4ss (559668)

        So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?

        getting licensing on browsers so browser (trio, whatever, doesn't matter)monopoly can be created.
        then they can create browsers without adblockers, cache flushing, cookie flushing etc..

        it's both a technical and ideological explanation. not a pretty one.

    • by MeNeXT (200840)

      DRM is bad especially when it is not disclosed. As an example, I though like you, back in the old DVD days and did not think that CSS was such an issue. The problem was that the DVD not only were encumbered by CSS they also had bad sectors or tracks which created problems for computers. Now the reality was that it also created problems with DVD players which implemented CSS but were a little too old. One day day I bought a Disney DVD and sat down with my kids to watch the movie. It started and would constan

    • by fuzzyfuzzyfungus (1223518) on Tuesday February 12, 2013 @10:02AM (#42870605) Journal

      The trouble is that the properties that make a DRM system actually useful(ie. some degree of robustness, enough information about their environment to 'rights manage' in some granular way, and so on) require fairly extraordinary powers over the client system.

      The 'Encrypted Media Extension' itself doesn't; because it defines almost nothing(one 'baseline' encryption mechanism that is little more than a toy obfuscation system, along with standardization of some interfaces for asking the non-joke DRM module questions); but it is designed to plug into DRM systems that do, which is the only reason that it has any support at all.

      Consider, for example, the BBC's little request list [w3.org]:

      Unless it is 'sufficiently secure that there would be the possibility of legal action in the event of bypassing it.', no go.

      Unless it 'securely identifies a type of device', no go(browser UA is explicitly noted as not being good enough)

      Unless it allows 'identification of the context in which the content appears', no go.

      And 'The ability to pass further restrictions to the graphics rendering path if available'.

      A set of requirements like that is both a fairly stock summary of what a DRM system should be capable of to be worthy of the name and a set of demands that certainly aren't going to be met in any non-tivoized OSS implementation, and wouldn't even be particularly easy to meet on something that isn't a closed box.

      Essentially, once the pointless little baseline case is immediately ignored by anybody who would ever actually use the system(since, if you don't want DRM, you won't want the hassle, and if you do, the baseline is far to pitiful to be worth anything), EME is a 'standard' for 'how to use javascript to talk to an entire black-box video rendering mechanism, upon which there will be enough demands that it will almost certainly be platform specific'. Pretty much exactly the same situation as having the video player stuck in a blob of Silverlight or Flash, except that (because this is HTML5, man) the wicked 'browser plugin' has been renamed a 'content decryption module'(which, as the spec notes, 'CDM implementations may return decrypted frames or render them directly, and 'CDM may use or defer to platform capabilities'). In all but name, it's the definition of a few javascript APIs for interacting with a black-box video path more or less identical(if not worse, given the more robust support for invoking the hardware-protected 'platform capabilities' now present on a lot of consumer gear, which something like Flash was always too dubiously competent to do in any serious way) to the plugin-based video player arrangements of the past.

    • DRM IS Evil. You seem to think that everyone should be able to put anything on the internet without any concern for what happens to it. The internet, at its core, is about the free transfer of information. It's like someone started up a food fair where you could come out and try all these free home cooked meals, learn new recipes, and trade ideas. Then Pizza hut put up a booth. "Hey! All these people tried our pizza and then went out and made it themselves! How dare they!!!"

      If you don't want your content do

    • by Hentes (2461350)

      My problem is that the W3C has already bit off more than they can chew, so wasting resources implementing DRM is quite extravagant when we still don't have HTML5.

    • Digital media has brought on new problems.
      Creating quality content is still expensive. Mass distribution is easy.
      So we have good old economics 101 of Supply and Demand. With Digital Media Supply reaches a level so high that Demand has barely any effect, and the price per unit is 0. So 0 times any number is still 0, which is less money then it makes to create the content.

      Pre Digital media we could control this. Books required to be printed, Music on records or tapes. If you were to mass Pirate books or

    • by mwvdlee (775178)

      DRM hurts paying customers and merely temporarily inconveniences non-paying users.

    • by erroneus (253617)

      Yes... move the bad [DRM] into HTML and into the browser. We can then more easily write a Firefox patch and/or plugin to suck down DRM'd content.

      We know that DRM is unpopular with users and that the first adopters are also the first droppers. DRM'd music formats already a thing of the past are they not? It amazes me that DRM'd gaming still persists.

      DRM in HTML standards can never be effective and can certainly be more easily circumvented. So I say "go ahead, do it." It just makes things easier.

    • I would rather the DRM stay in Flash, Silverlight and other dying technologies and refrain from tainting the HTML standard.

      DRM has no place where technical competence exists.

  • by Anonymous Coward on Tuesday February 12, 2013 @09:13AM (#42870271)

    It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.

    I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.

    The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.

  • by AmiMoJo (196126) * <mojo@world3. n e t> on Tuesday February 12, 2013 @09:14AM (#42870285) Homepage

    The BBC is not calling for legal sanctions to be in the standard or anything silly like that. They are merely saying that any DRM standard for online video must be executed in such a way that existing copyright infringement laws apply to it. In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

    • by OzPeter (195038) on Tuesday February 12, 2013 @09:29AM (#42870355)

      In other words there should be a "copyright" field in the metadata, so there is no doubt about it.

      Ah .. so they finally want to implement the (almost) ten year old RFC 3514 [ietf.org] IPv4 header!

    • "However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

      Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopp

      • by FireFury03 (653718) <slashdot.nexusuk@org> on Tuesday February 12, 2013 @09:53AM (#42870511) Homepage

        "However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

        Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

        The BBC has a rather bonkers idea about DRM anyway. For example, HD Freesat receivers are required to implemtn DRM on their output (i.e. HDCP on the HD output, no analogue HD output, etc.), even though the DVB-S signal they are receiving is transmitted in the clear anyway. All it does is inconvenience legitimate consumers - anyone planning on copyright infringement is going to find it more trivial to record the raw DVB-S stream rather than an HDMI stream anyway.

        Similarly, iPlayer's DRM is so weak as to be completely useless, and yet they still use it and therefore insist on using the terrible Flash player instead of making the video streams available in a standard format that would work on all platforms. (The flash player is so bad that I invariably just use get_iplayer and then play it with mplayer).

        • by Ash Vince (602485) *

          "However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."

          Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.

          The BBC has a rather bonkers idea about DRM anyway. For example, HD Freesat receivers are required to implemtn DRM on their output (i.e. HDCP on the HD output, no analogue HD output, etc.), even though the DVB-S signal they are receiving is transmitted in the clear anyway. All it does is inconvenience legitimate consumers - anyone planning on copyright infringement is going to find it more trivial to record the raw DVB-S stream rather than an HDMI stream anyway.

          Similarly, iPlayer's DRM is so weak as to be completely useless, and yet they still use it and therefore insist on using the terrible Flash player instead of making the video streams available in a standard format that would work on all platforms. (The flash player is so bad that I invariably just use get_iplayer and then play it with mplayer).

          BTW, get_iplayer does not bypass DRM since the BBC do not use any.

          http://linuxcentre.net/getiplayer [linuxcentre.net]

          From the link above:

          "get_iplayer, does the recording, indexing and searching of the iPlayer TV/Radio programmes and podcasts available. It can even stream the iPlayer TV programmes while recording them to mplayer, vlc or xine, etc. It does not circumvent any digital rights management security (see the BBC’s website on how to do that with the Windows-only DRM content they provide)."

          • BTW, get_iplayer does not bypass DRM since the BBC do not use any.

            http://linuxcentre.net/getiplayer [linuxcentre.net]

            From the link above:

            "get_iplayer, does the recording, indexing and searching of the iPlayer TV/Radio programmes and podcasts available. It can even stream the iPlayer TV programmes while recording them to mplayer, vlc or xine, etc. It does not circumvent any digital rights management security (see the BBC’s website on how to do that with the Windows-only DRM content they provide)."

            Not entirely true. iPlayer uses SWF verification. It's a pretty worthless DRM mechanism, but its there.

  • Trust Us (Score:5, Insightful)

    by overshoot (39700) on Tuesday February 12, 2013 @09:17AM (#42870301)
    Well, so much for open-source W3C-compliant browsers.
    • Re:Trust Us (Score:4, Informative)

      by xaxa (988988) on Tuesday February 12, 2013 @09:31AM (#42870383)

      Well, so much for open-source W3C-compliant browsers.

      The linked BBC email says:

      Previous discussions on the W3C mailing list have looked at if the CDM itself should be defined or mandated to be open-source. We do not believe this would be helpful, primarily because it is difficult to see how an open-source CDM would have any hope of staying secure for any length of time at all. However, we would evaluate any open-source solution that did come along fairly against our criteria, and hope that adoption of a standard like the Encrypted Media Proposal will increase the amount of vendors offering CDM modules from the number of plug-in vendors that exist today as there would be a lower cost of entry. This may enable an open-source solution that we have not yet conceived to come to market.

      That suggests a fundamental misunderstanding of encryption.

      On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M [wikipedia.org]. That compares to £3606M [wikipedia.org] of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)

      (Other broadcasters with different funding models might still want this system.)

      • by xaxa (988988)

        That suggests a fundamental misunderstanding of encryption.

        Yes, it suggests my fundamental misunderstanding of the obvious.

        The point is to prevent the owner of the computer from accessing the data, so it probably is incompatible with Free Software.

        http://www.w3.org/community/pua/wiki/Digital_Rights_Management#DRM_is_against_open_source_software [w3.org]

      • by tuppe666 (904118)

        On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M [wikipedia.org]. That compares to £3606M [wikipedia.org] of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)

        (Other broadcasters with different funding models might still want this system.)

        More importantly those that *pay* for the content should simply get unrestricted access to it. The fact that the BBC make 5% profit on what is for all intended purposes a tax, simply shows how poor the content is. As for being taxed higher for the privileged something, how about they get paid a little less.

        • And those that don't want the content should not have to pay the ridiclous licence fee.

        • by Ash Vince (602485) *

          On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M [wikipedia.org]. That compares to £3606M [wikipedia.org] of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)

          (Other broadcasters with different funding models might still want this system.)

          More importantly those that *pay* for the content should simply get unrestricted access to it. The fact that the BBC make 5% profit on what is for all intended purposes a tax, simply shows how poor the content is. As for being taxed higher for the privileged something, how about they get paid a little less.

          Poor content? Compared to 90% of the bland shit that is produced by the other big commercial producers (Sky, HBO, ITV, etc) the BBC stuff is far better. It is also very different and be more likely to appeal to niche markets and be more experimental.

          On top of that the news the BBC produces is what also makes it stand out. It might fuck up occasionally, but so does everyone. The important thing to my mind is that it is a news network not solely driven by the point of view of a single (exceedingly rich) propr

          • Poor content? Compared to 90% of the bland shit that is produced by the other big commercial producers (Sky, HBO, ITV, etc) the BBC stuff is far better

            I would disagree. In fact if I was legally allowed the option. I would cancel my TV license and subscribe to netflix which is less than half the price :)

            • I would disagree. In fact if I was legally allowed the option. I would cancel my TV license and subscribe to netflix which is less than half the price :)

              So do it then, that's perfectly legal. I own no TV (i.e. broadcast receiver), but watch plenty of non live stuff online and DVDs. It's 100% legal too.

      • If every licence-payer paid an extra £7 we wouldn't need to protect that content.

        selling DVD and audio recordings

        They already have no need to protect it. Audio is now DRM free by default and the DRM on DVDs is so bad that it may as well not exist: there are hundreds of free and commercial programs for ripping DVDs and it's easy to buy unrestricted players off the shelf.

        Furthermore all the video and audio recordings worth anything at all are already on TPB, yet they still sell them.

        So, if every

  • by Anonymous Coward

    Web Deli - "Serving fresh websites daily"
    00:22 (0 minutes ago)

    Attn: Philippe Le Hegaret
    cc: Paul Cotton, Maciej Stachowiak, Sam Ruby

    Dear Philippe et al,

    Further to your discussion, [http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0122.html]

    Adding DRM to the open web is a dick move.

    When you are old you will look back and think... yeah we really fucked up when we did that.

    But anyway - hindsight is usually clearer than foresight - personally I would think your respective talent could be put to bet

  • by Anonymous Coward on Tuesday February 12, 2013 @09:24AM (#42870331)

    Flash, Java, Silverlight, take your pick.

    As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
    Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
    The information I am able to find and use is also about the same.
    The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.

    Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
    It's a web PAGE, pal. It should look and work like a PAGE.

  • Implement as much of the spec as you want.

  • by blcamp (211756) on Tuesday February 12, 2013 @09:37AM (#42870403) Homepage

    Because this will break it beyond repair.

  • by GeekDork (194851) on Tuesday February 12, 2013 @09:39AM (#42870423)

    That's pretty much all.

    The best that this idiocy can possibly produce is further fragmentation of "The Web": right now, we have "kinda sane" standards in HTML 4.01 and XHTML 1, as well as CSS 2.1; everything beyond that are half-baked hacks in the form of several implementations of HTML 5, CSS 3 modules, their DOM APIs, and whatever browser vendors decided to implement. Adding DRM to the fray will not help things, since no matter how you look at it, you will end up with content only available on specialty browsers like Chrome, IE, or fringe mobile platforms, all the while still blissfully carrying the "HTML" tag.

    At the end of the day, it will be cheaper for content peddlers to just cut out the bullshit and keep doing things in Flash, and I can't even say that I'm sad about it anymore.

    Oh, and the W3C? They can go die in a car crash FWIW, it wouldn't be a huge loss beyond the humanitarian impact. Not like they did anything useful in the past 10 years.

  • by MathFox (686808) on Tuesday February 12, 2013 @09:57AM (#42870547)
    Nothing in the "Encrypted Media Extension" specs prevents or forbids proxying of both the key and the encrypted media stream to an external "decryption and caching" service. And all of the usual "how do we prevent the plaintext from leaking from the user's machine" questions are still in full force. It is unlikely that the W3C will get "effective protection".
  • by Dcnjoe60 (682885) on Tuesday February 12, 2013 @10:02AM (#42870601)

    Ummm, if the DRM is in the html code, then what is to stop somebody from having html code that circumvents the DRM? Here is a better idea. If you have content that you want to protect, then protect it on your end. Yes, it is less convenient for your users, but if they value your content they will still jump through your hoops. If they don't they will go elsewhere. Most likely the content owners realize that their content isn't all that valuable and if they try and restrict it on their end, people will indeed go elsewhere. However, that is how free markets are supposed to work.

    Use online newspapers as an example. Many have paywalls and do quite well, with that model, however, those that do not want to pay, get their content elsewhere. It doesn't require DRM built into HTML to protect content.

  • by fritsd (924429) on Tuesday February 12, 2013 @10:29AM (#42870885) Journal
    Here, read this: http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0137.html [w3.org], this person puts it very clearly: WTF is the W3C doing trying to *hinder* an open accessible web? DRM is against what their purpose in life as an organisation is.

    Did "the Director" die, or something??
  • Is that the idea? That the HTML behind web pages isn't viewable? That web pages can't be printed? Or can't be viewed after three days?

    Just go use a PDF ffs.

  • by tekrat (242117) on Tuesday February 12, 2013 @10:42AM (#42871005) Homepage Journal

    The ads will load into your browser, but not the content you were trying to access. The Ads will play a video, but then the video you were trying to see will generate an error. While you're at work, an annoying sound will come from the ads, but you still won't be able to read the article you were hoping to read.

    The web has already become useless. Every site is so loaded with crap ads, you can't even FIND the content you were googling for. So go ahead, add the DRM. It won't change anything. It won't work, it'll cost more money to implement, and you'll get less ad revenue as even more people give up as I have.

    Long live the web, death to the web.

  • When the internet was non-profit, it was a community where people contributed things to be spread around. The idea was that this facilitated the growth of knowledge.

    However, once you introduce commercial information to the picture, it needs to be defended because people need to get paid or they'll stop producing it and you'll be left with less powerful alternatives. One reason that we have industries is so that we can concentrate talent and reward the best, thus producing the best products.

    At this point, I

  • We badly needed the W3C to define a codec when they defined the HTML5 video standard. They didn't. They said it was out of scope. To this day, HTML5 video isn't widespread yet because of that. Apple and microsoft are pushing their own agenda in having a proprietary, controlled, patented standard in which they hold interests used, while disregarding technically viable, free, open solutions such as Theora or WebM.

    But the motherfucking codec was "out of scope".

    And DRM is in scope? What the fuck people! You consider you have no say in the very fucking core of the video playing system, but you do get to taint the web with unnecessary shit such as DRM?

    Everyone at the w3c can go fuck themselves.

I took a fish head to the movies and I didn't have to pay. -- Fish Heads, Saturday Night Live, 1977.

Working...