Can't we just compile a version without EME? I mean Stallman should have just pointed that at least Firefox is truly free unlike IE, chrome and others whilst reminding us that we can just recompile sans EME.
Most users are getting the binaries from a trusted source. Do you have 64 gigs of RAM? Because I compile my own Firefox, and that's what it takes -- Most users can not compile their own browser. However, I won't have the keys to make my EME plugin system work so no, even if you wanted to compile Firefox you won't have a copy of Firefox. IMO, Mozilla should build two versions, one with and without the DRM rather than having lots of folks do it themselves and waste the CPU. They could have an option pop up when the automated updater runs asking which version to use, and it can be a option in the settings for which version to install. Otherwise they'll fracture their userbase: Even my grandma and elderly neighbor are asking me if they should use something other than Firefox to avoid the spying DRM -- Snowden has changed everything. Mozilla is going to bake a closed source DRM plugin system into their browser and call it Firefox. That means my compiled version without said system will NOT be Firefox, and yes, I'll be prohibited from calling it that. Even if I wanted EME to work on my compiled version the DRM decryption modules won't recognize my version as valid. So, the answer is: No, most folks can not just compile Firefox, and those that do have not compiled a version of Firefox, as far as Mozilla and the EME system is concerned. Previously all forks could have interoperability if desired, EME changes this.
I've already figured out how to compile Iceweasel and apply most of my custom FF patches to the Debian source releases. I am one set of the many eyes that Mozilla will be losing with this move to adopt DRM. All of my friends and family look to me for recommendations about browsers, and will follow my lead, and their friends follow their lead. Apparently Mozilla has forgotten how Firefox was even able to gain traction in the first place. Why would they switch away you ask? Because hackers hate DRM, and they love a challenge. Now in addition to patching bugs more white-hats will wear gray and actively release details about how to exploit the NEW CODE (since all new code is buggy) to help ensure this move is more than a waste of time, but poison for any browser vendor to deploy this rubbish. Consider it a last ditch attempt to win back from the dark side what used to be an end-user loving browser developer.
Alienating users via Facebook-style, "Two steps towards heinous, one step back while apologizing", is not going to help adoption rate. Remember, "Take back the web"? The (somewhat bogus, but useful) grassroots meme of "Faster, more More Secure, and Free" browser can be turned on an equally "correct" dime: "Oh No! Firefox has fallen to the spying systems by adopting the EME remote DRM code execution back door", then whichever fork is most successful, be it Swiftweasel, Iceweasel, etc, will be the one that users associate with the new slogan, "Take Back Your Browser". Blam. Kiss the FF userbase goodbye, just like IE did once upon a time. Look, if you think for one second that folks like me can't develop a CDM that demonstrates how malicious this DRM system is, you need to seriously think again: Consider that other hackers don't necessarily wear white hats.
This is yet another case of failure withing the Free community; Destruction without ensuring the core values are witheld.
There's no such thing as the "Free community", this isn't a hippie commune. I'll give you the benefit of the doubt that you aren't some kind of shill, and assume you mean the Free (Libre) and Open Source Software community. In any event you're wrong: This is Destruction BECAUSE the stated core values, upon which our trust was built, were not upheld. Your comment reeks of failure to understand the technology you use and the situation at hand. For similar reasons ignorant folks are willing to accept Chrome's "snappier" connection speed: They don't understand that Chrome is not following the cert revocation protocol which checks to ensure certs are actually valid. Instead of pushing forward with honoring cert stapling, they just ignore the revocation protocol. So all those certs leaked via heartbleed? Yeah, almost all of them (including some of my revoked certs) Chrome thinks are just fine even though they're completely invalid. Google's "CRLSets" only blacklists certs from "important" targets, they'll ensure Google's services have the revocation, but who's to say yourbank.com or other competitor services are in their recovation list? Google doesn't consider my certs "important", so I tell folks to use a better browser, like Firefox or even IE over Chrome. You can turn on even more strict hard-fail cert revocation in Firefox: Options -> Advanced -> Encryption -> Validation -> Check the box "When an OCSP server connection fails, treat the certificate as invalid". How many idiots are railing on about heartbleed and are using browsers that still consider millions of those revoked certs to be valid? The same amount that is saying shit like you are about EME.
Stop being a pedant about compiling shit and use your damn brain: That we can leave Firefox isn't the problem, that we should leave is. FSF even acknowledges that Mozilla is doing this reluctantly, they likely have no choice. We've only ever needed a slightly better reason than "UI team is ignoring user input, again" to attract critical mass of devs to a polished up fork of Firefox and point users at it instead of Mozilla's FF, and EME is that reason. The loss of Mozilla to the dark side should be the message you take away, forks are a given, everyone with an ounce of gray matter knows there's existing forks out there. It would have been nice for Mozilla to have stuck to their mission statement and released EME as an optional plugin. See, it would have been trivial for them to have a signed plugin that allows EME to work with Firefox INSTALLED AT THE USER'S OPTION. This would mean CDMs deployed would simply validate the browser and plugin signature. Mozilla's current change of stance on integration of proprietary systems creates a situation where there's no way to NOT get Firefox with EME inside. EME is the ActiveX of DRM, "What can possibly go wrong?" This move is in direct opposition to Mozilla's own mission statement. It would be prudent to consider Mozilla part of the surveillance infrastructure, as RMS likely does, and everyone who talks about browsers with me from here on out will -- I'm not 100% sure about anything, but this breeches my trust threshold so why risk it when there is an alternative?
As usual, despite the heated discussions there's a dearth of explanation about what EME is on the web. To help dispel the ignorance: Encrypted Media Extensions is a client side system which coordinates with closed source Content Decryption Modules that work with the browser to display encrypted content. The content producers consider the browser "untrusted" and have pushed to move descrambling of the content out of the browser to the proprietary CDM Digital Restriction Managment. FYI, the HTML5 EME DRM API allows CDMs to be part of the browser bundle (which makes no sense since the browser is "untrusted"), or it can be a component of the OS or in hardware firmware like the TPM or TrustZone (which means users without an "approved" OS wouldn't get to view the content), or the CDM can be downloaded separately (which means a closed source blob running amok in your system ala ActiveX) CDMs can opt to run on "approved" browsers only since a user compiled browser could snag the keys and log the media to disk.
The CDM may do anything it wants including, but not limited to, validating the fingerprint of the browser running (hope they update as fast as FF does ;-), checking if unapproved screen-grabber software is installed, decryption and passing back buffers of encoded content for display by the browser; It may handle both decryption and decoding and pass back raw frames for the browser to paint, or decode and transfer pixels to the OS and bypass the browser -- YAY SECURITY -- or even bypass the OS by working with the GPU hardware directly to decrypt and decode the data. If this shit doesn't send up every red flag in your inventory, get a checkup from the neck up. Aside: would be nice if the GPUs supported FLOSS video standards so the browser could just offload, oh, say webm, themselves, eh?
This HTML5 DRM scheme does nothing to address the fact that anything I can see or hear on my computer I can capture in near perfect quality either via my own software, external screen / audio capturing cables, or a 4K digital camera pointed at the screen. Thus it solves nothing and only introduces what will surely be horrible user experiences and the inability to know exactly what your computer is doing. For more reasons why DRM is bogus, simply ask PC gamers.
Since the FBI prioritizes copyright violation higher than missing persons you can see why folks would be angry that Mozilla would switch their stance now when they previously firmly rejected H.264 for far less reasons. The whole HTML5 video debacle is particularly suspicious since the browser could just ask for an OS or plugin supplied <video> element and use whatever codecs the user has available, thus leaving it up to the user or OS vendors to install optional DRM laden codec packs... The only "advantage" the EME protocol offers over said embedded elements is that EME allows built in ActiveX-like DRM whereby servers send you non-sandboxed code to run on your system.
As always, look for technologies to be adopted and standardized across the board AFTER working implementations become popular if said tech might be good for users; However, if there is unilateral adoption of a technology without said popularity of implementation and user demand first, then you are witnessing an anti-capitalistic collusion to deploy something that is against the citizens' best interests (see also: automobile, PC, or phone remote kill switches). If Mozilla was alone in not adopting EME then users would likely flock to that platform in a post-Snowden world, making EME pointless. Think about it: Isn't it odd that none of the mainstream browser vendors are even holding off on EME just to differentiate themselves in case everyone hates the DRM so they can capitalize on the situation and gain more users? I mean, they could quickly deploy EME after the fact without much fuss if it becomes necessary. Nope? No one hedging their bets, eh? Oh, and this game isn't rigged? Yeah right. They needed near unilateral browser support to force this non-feature on users.
Given the stance of all major browser vendors across the board and the fact that there is no EME enabled content out in the wild yet to gauge adoption or user demand, known reluctance to switch to a forked browser, along with the fact that Mozilla has built a trusting rapport with users (lending much needed weight to EME if they adopt it), and that Mozilla is jeopardizing this trust in reversal of their prior stances: It is far more than merely questionable that the pressure to adopt EME has legitimate sources -- much in the same way that "theft prevention" is not a legitimate explanation for MANDATORY hardware kill switches. Either let the market decide if they want these "features" rather than force adoption by legislature or collusion, otherwise the "features" should be considered harmful and rejected. In this light, it's hard to rationalize any other reason for EME to exist except to compromise end users' systems.
If folks like J. Random Hacker or the FSF don't send a strong response to such behavior then other user friendly systems may not see any down side in allowing the exploit of their users by antagonistic 3rd parties.