Much as I despise DRM and what these clowns are trying to do with it and HTML5, I understand why. Hollywood won't allow online rental or purchase without DRM. Microsoft, Google and Netflix have little choice if they want to deliver content.
With tech companies abandoning the proprietary Flash and Silverlight media players for HTML5, it was inevitable somebody would try to inject DRM into the virgin spec. Microsoft, Google and Netflix are that “somebody”, having submitted a proposed modification to HTML5 to the World Wide Web Consortium (W3C) for “encrypted media …
I have issues with DRM of content I've purchased because it's usually so over-zealous as to remove large swathes of legitimate functionality.
On the other hand, with services like Netflix that explicitly supply short, time limited rentals I think DRM is entirely appropriate. The ephemeral nature of your access to the product is explicitly part of the deal.
So I don't think it's an unethical thing to add to the spec and I'd much rather it's figured out by a broad forum like W3C, with a number of sceptics in the room, than by the highly partisan interested parties alone.
Think of how DRM works, and what it requires. Identification of reader, authentication, access control built into the fundamental layers. With end-to-end security to make sure nothing gets copied.
Every HTML server will be identifying its readers, just to enable some pages that have commercial content on them.
If the infrastructure is put in place, it could make any form of whistleblowing, etc. impossible.
Hence its quite reasonable to say, "fine, if you want to do b&m, but go do it somewhere else with consenting adults only, rather than making it compulsory".
> Every HTML server will be identifying its readers, just to enable some pages that have commercial content on them.
Um... Every HTTP server already identifies its users via its IP address + port number combo. Then the application can send you nicely crafted cookies to identify you better. You can add a layer of behavioral analysis on top of it, etc. Go to http://panopticlick.eff.org/ to see how anonymous you are on the Internet.
> If the infrastructure is put in place, it could make any form of whistleblowing, etc. impossible.
That's why we have TOR + Privoxy and the almighty Seven Layers of Proxies, which the open wireless network of some random guy living on the other end of the city is the zeroth.
Posting as an AC just for the icon. Honest.
Every HTTP server already identifies its users via its IP address + port number combo
No they don't - they identify IP addresses and ports; they've got bugger all idea who's sitting behind the keyboard... the best you can do is narrow it down to a handful of potential people by going through the ISP. Less helpful if that IP address resolves to hundreds of computers behind a corporate/public router of course.
Even less so, if as you imply, you're piggy backing on someone else's open wireless network.
Exactly. I should also point out that many ISPs out there won't provide static IP addresses to home packages, for the reason of 1. Discouraging home users from setting up their own servers in hopes of selling them webhosting at an extra (often used alongside capping and upload throttling), and 2. there's more users than IP addresses available out there in the world today (some ISPs have even resorted to natting their users at the exchange), and not many are going to go IPv6 so soon because it will cost them millions to change their hardware. And that many websites are still inaccessible over IPv6 natively.
Part I (due to 2,000 char limitation per post...)
No, I think you could be mistaken.
Our writing styles identify us. When keyloggers get into our machines, then every press or release of keys with time intervals monitored reveals who we are. Some type blindingly fast and edit after the fact. Many type while thinking, pause, edit mid-stream, and alter chunks of text.
Those who do not use TOR, and who log in to sites, and receive HTML or crawler-infested content-rich messages on our desktops, laptops, and wireless devices, the cookies/bots/crawlers/pixels/invisible overlays, our typing/pausing/word-choice patterns, and our rather limited log-in times and locations will give away who we are.
Oh, and, many of us repeatedly recall anecdotes, and pretty much tie us to posts we make in other forums, too. But, since some enjoy competition, personalities will be part of dissemination. At some point, as normally-non-detectable agitator, whistle-blower, or Good Samaritan will out him/herself.
So... (Part II of II, due to 2,000 char limitation per post)
Unless you type like a soulless machine, and just list bullets in order of complexity, or in chronological fashion with causes and effects in some military or scientific manner, you'll most likely inject emotion, feeling, senses, expectations and a who lot of other "markers" that will fingerprint you iron-clad.
So, it does not MATTER that all they get is an IP and port address, since at some point, most of us will slip up. For the rest, those who ARE paranoid or ultra-secure for whatever reason. Just use a wireless router in a coffee shop while pondering your browser's ability to be told to get your machine ID, the CPU ID, the HDD ID, and a few random bits, and soon any sleuth with enough authority or the right connections will know the lot, manufacture date, import date, sales date and time, and most likely the purchaser -- by name as individual or as corporation, and such devices can be screen scraped to cobble together enough corroborative details to nail down the ID of the TRUE originator and dissemination source of pretty much anything posted. Well, unless you use plain text and have one machine strip down and reassemble text so no digital watermarks or super-compressed pixels hide inside fonts themselves.
DVDs and BluRay discs have DRM. Implementing that did not require any changes to the fundamental data distribution network — I can still walk into a shop, pay with cash and walk away with a disc that I can play on my player, which needn't have any sort of network connection of its own.
One would therefore assume that a minimal form of DRM might be simply to transmit video using asymmetric key cryptography, with individual vendors given a key derived from a common route that can decrypt the stream.
Encryption and decryption keys would be protected contractually. So to obtain a key you guarantee you're not going to publish it.
Mozilla would presumably opt out and Google would probably simply reserve it for the binary release. At least in Mozilla's case, I expect they'd provide some sort of mechanism to allow third parties to provide a binary blob that could push decrypted video in place of the normal video playback mechanism. The blob would be much simpler, and hopefully therefore much less error prone to implement, than Flash. There would be commercial value in making sure that someone supplies the blob for companies like Netflix, Hulu, etc, so it's reasonable to expect that someone would.
Of course the scheme can be broken — as others point out, DRM can always be broken because it's an inherently conflicted technology, and I'm aware that both DVD and BluRay have been broken — but as it'd be at least as secure as BluRay it'd presumably be secure enough for content providers to continue to provide content.
"Hollywood won't allow online rental or purchase without DRM."
Fine, let them do without the revenue. No skin off my nose, which is more than can be said for DRM.
Seriously, there is *no* up-side for me in this (or in HTML5 generally, but that's mostly a different story), so fuck 'em.
If DRM was mathematically possible, you might have a point. But it isn't, and you don't. Because ultimately, you have to deliver both the ciphertext and the decryption key to the recipient; and you don't know what they are going to do with them. You don't know that there won't be a camera pointed at the screen, or a mic at the speakers (desperate people do desperate things). Whatever convoluted scheme you can come up with to make it harder to access the content, it's simply a matter of time before someone manages to reverse-engineer it; and then it's rendered instantly useless, because as long as there is one copy in the wild without your Digital Restrictions Management, there are potentially infinitely many copies.
Hollywood are going to have to learn to do without the revenue, I'm afraid. They've had it all their own way for too long. Let them take their ball and go home. Creative people will still create.
Whatever your ideologies or utopian dreams, the hard reality of the Web is that if rich media is going to become more commonplace, it's going to be large corporations providing most of the content the mainstream audience want to watch.
That's not going away. Ever.
Home made YouTube clips of your cat falling in the bath are funny, but people want to watch proper TV shows and movies that need to make their creators money.
So why can't the W3C just face up to that and allow encrypted content? Whatever they say of think about it, it's going to happen, and then HTML 5 starts to become proprietary. At least if they made the effort to standardise something, all the browsers and STBes could roll out the same thing.
First it was WebM Vs h.264, now it's encryption. Soon, the tags that bind it together will be so trivial, that the fact all browsers support them the same will barely matter.
Or even better, the W3C can tell the DRM-mongers to fuck off and come up with their own solution, as they will not be used by the media industry to turn an open platform for communication and information dissemination into a locked down nightmare that only works if you jump through the right hoops while holding chicken entrails in the air and reciting a prayer to Saint Ballmer.
Read that, and you might be able to understand just how wrong baking DRM into the html spec is.
If Content distributors are forced to come up with their won scheme for DRM, then what was the point of HTML5?
We'll either see Flash, Quicktime, etc live for many more years or another set of third-party plug-ins (Which will inevitably cause security issues and crashes).
You end up with a choice:
An internet where there is DRM in the HTML5 spec
An internet with just as many crappy codecs and plug-ins as there are now
Don't you mean.. commercial video sites with as many crappy codecs and plug-ins as there are now? Personally I would rather that, than bake DRM into the HTML spec. See, the DRM will have to be revised every few months/weeks/days/hours to play catch-up with the crackers. That means everyone's browser will have to download the latest, potentially bug-ridden, hastily-programmed-to-get-it-out-on-time DRM scheme, every few months/weeks/days/hours.
How is that any better? Thanks but I'd rather have the choice to tell Silverlight and its DRM component to GTFO my system.
"That's why Chrome is on version 1294 and Firefox has gone from version 3 to version 947 in less than four months*."
Exactly, and MicroGooflix (I like that portmanteau) want yet another round of updates on top of that. To finish it off, knowing Microsoft this'll be a tentacle in their Palladium plan, so there'll be a hardware and probably firmware component too, if you want to view MicroGooflix-protected videos or any other MicroGooflix-protected content. Browser codebases are huge enough without having yet more headaches to deal with, and if the purveyors of DRM wish to peddle their wares, then they are quite capable of creating their own encryption layer and dealing with the headaches themselves.
Oh yeah, Microsoft and Google make browsers, don't they? Shame about all the others.
"If Content distributors are forced to come up with their won scheme for DRM, then what was the point of HTML5?"
It is to provide a platform that can be used by all those whose business model does not depend on them charging for content delivery. Advertisers, for example, would have no reason to lock down their ads so that they weren't seen by most of the target audience. Neither would anyone using the web as an application platform.
The music, film and TV industries may be large, but they are not the whole world. They certainly aren't the whole of the web. They've come to the web about 20 years after its original designers devised it as a way of distributing information freely, and they've tried to retrofit precisely the opposite mentality onto the design. Now they are sad (and surprised) that this is neither feasible nor popular.
"the W3C can tell the DRM-mongers to fuck off and come up with their own solution"
Then that's exactly what they will do. It's what they ARE doing now. Happily.
The fact you want the W3C to tell people to "fuck off" shows you think they're the boss of the Web, there to push people around.
They tried this in the 90s and became a complete irrelevance. Netscape, Microsoft, Macromedia and others simply ploughed ahead adding whatever they needed, unwilling to wait 10 years for someone to give them permission to progress. Netscape 4 had multi-column support whilst IE4 supported embedded fonts. Both in the 90s.
The W3C would be a memory on the Web today if it weren't for a bunch of people working in the real world coming together and working on HTML5. In the end, they agreed to become part of the W3C, and that's the only reason the W3C regained some relevance. Perhaps if they'd stayed as the WHATWG, we wouldn't still be watching petty squabbles about codecs and DRM.
The W3C don't even support a video format, yet <video> remains part of the spec, and it's not harming the element being rolled out across the Web. That shows the cracks appearing, cracks that will eventually lead us to the same situation as before, where no one cares about the W3C, they get their specs from MSDN or Mozilla.
But if the W3C are happy to offer <video> without a codec (as they offered an <img> tag without any format support), why can't they also provide whatever generic mechnism is needed for DRM and leave the browser makers to implement whatever DRM system they want. Just nest a fallback element for failures.
DRM doesn't give the creators any money. It only makes distribution more expensive.
Look at "The Register". There is no DRM on this site, yet it makes money and can afford something similar to journalists. Look at newspapers, those make money, without DRM. Look at TV stations, you can easily record their programmes, yet they still make money via commercials.
DRM does not help the creators, it only harms them. One should also note that DRM is fairly expensive. If you have Pay-TV a good portion of your money goes directly into the pockets of companies like Nagravision. If you buy a DVD-Player, the licensing costs for the DRM now is a good part of the hardware price.
What creators need to do is to offer the content in a convenient form with not to much advertisement or some option to pay for turning it off. As long as it's DRM free, this will become popular.
It would be interesting to see what would happen if The Register introduced a subscription model which would add nothing to the user, and have no effect on non-paying users. I guess even then, they might get a few hundred paying people. Now consider allowing them to turn off advertisements and you'll probably have a good chunk of your users paying.
That Microsoft tries to infect something with DRM is par for the course. That Netflix does so is not really any concern of mine.
That Google puts its name to such a proposal is the proverbial final nail in the coffin of "do no evil".
The next time anyone comes in defense of Google I will from now on be forced to remember that it proposed DRM. The two are now irrevocably associated : Google = DRM.
Thanks Google, it was nice while it lasted.
Not a huge surprise, Google already used DRM for their Android movie rental service, in the form of Flash.
With Flash going away soon (gone in the next revision of Android, according to Adobe) they needed to figure out an alternative quick, if they hope to keep video rentals going after ICS.
Separating you from content you've not paid for, or preventing you from distributing it, is not evil. People whose business model depends on being able to do this will not use HTML5 if it is not compatible with their business model. Instead, they'd probably release an app for everything and the web as we know it would be left to die.
Because nobody ever streamed video over the web before. Leave DRM to the proprietary plug-in bullshit mongers. The rest of us can view the Web on any machine we like, without having to worry about whether MicroGooflix DRM v3.4 has been released for the platform yet.
MGale The fact that people have streamed non-drm video using non-standard technologies pretty much blows your excuse of position out the water. If there is a standard DRM built into your browser then you won't need to worry about having the right plugins - that's the whole point of this. Why not sit and think about this for a while? Standards means that anyone can view the web on any machine they like, even people who aren't you.
Or maybe you're right. Maybe even there should be no standards which allow only the intended recipient to see the content. Let's ban SSL! After all, it was invented by a evil private company, not a standards body, so it can't be part of the *real* web, can it? We should ban that and any of those bank account access bullshit websites can just release an executable so their customers can do what they need to whilst the rest of us live in 1995.
Mmm, those evil private companies eh? This would be called "putting words into mouth".
Tell me how you are going to implement your DRM solution and show everybody the code and the keys so they can make their own version please.
If not, keep it in a plugin.
A standard DRM means that no-one can claim to be a complaint browser unless they've paid the licence fee and joined whatever consortium owns the decryption keys. Historically, that has proven to be quite a barrier to deployment. Look at JPEG 2000, for example. Dead in the water for a decade, and not because the world didn't need a revised JPEG standard.
Or is this some new kind of "open source DRM", where anyone can decrypt the content? That would be nice.
Or perhaps you are happy to have it "in" the standard, but undocumented and optional? That's the current position.
There is a place for DRM, but slap bang in the middle of a class of applications, 90% of which would be harmed by it, is not the place.
I can live with that since I don't consume any form of commercial content over the Internet. If the web as we know it will die it will be precisely because of those corporate commercial interests. Heck, you want do distribute commercial content then write and maintain your own client. Don't try to enroll the whole www to advance your agenda.
AC. I don't have an agenda, except that the web should not be fragmented. If people don't want you see stuff without paying for it then they will find ways to make that happen. But if you force them off the web to do that, then then web will lose more than just the paid-for stuff.
They're not preventing anybody from seeing the stuff without paying for it. I doubt there's a new-release movie or popular show that's not widely distributed in HD mere days after it first airs in the theatre or on cable. If people wanted it for free, they could get all of it for free. People don't want it for free. People want to pay for it, or nobody would ever buy a DVD or a movie ticket because you can already get the content for free. We just want it not to be a pain in the ass to use when we buy it, and we'll buy a hell of a lot more. And that means no DRM. Look at what that did for music. Cutting the DRM BS cause online music sales to boom. In January 2008 iTunes dropped DRM - and everybody else who had it soon followed. Global online music sales in 2007: $2.9B. 2011: $6.3B (more than double, in 4 years.)
The media giants are just avoiding selling their product to the people who would prefer to buy it. We're here - with out wallets out - to pay for video that's already ubiquitously available in unrestricted formats for free. All we want is to be able to play it however we want, on whatever we want, to skip the commercials when we're paying cash, to transcode or backup or whatever. Is it so hard to understand that if they quit trying to prevent people from enjoying the content they buy they could be doing a booming business?
And that FBI warning is stupid. Imagine if they put that at the front of every music track.
It has also separated people who were prepared to pay from the ability to play legitimate content.
HDMI DVD player plugged into non HDCP digital monitor - Homemade DVDs play, cheap DVDs from the market play, ROMs with video files play. Full price shop bought DVDs didn't play. (the player got returned as not fit for the purpose, for a full refund)
Asus o-play with BD-ROM drive. A copy of a BD or DVD created with anydvd plays perfectly.
Originals do not.
DRM, or any other lock placed on electronic goods, only harms legitimate customers. The *only* people who will suffer loss or limitation of digital goods are the people who paid for them. Those who want to steal will always find workarounds - that fact will *never* be changed. And most people take the completely straightforward approach of legitimately purchasing the goods they want.
Businesses should make it easy, painless, or even rewarding for paying customers. I'm saying this from personal experience - I use some (expensive) software that imposes a USB key plug on customers to ensure it's legitimate. This doesn't stop the pirates - I could easily obtain a cracked copy if I wanted to run the risk. But I don't, and neither do any of my colleagues. And yet we have to struggle with the daily hassles caused by this tiny, frail keyplug that has to be carted around with us everywhere. If it fails, or is lost, or you leave it behind one day, or countless other hassles, we - the paying customers - suffer loss. It makes us feel like the enemy, not the customer. We put up with it because it involves a single item, but imagining that spread across all my media makes me feel ill.
This issue requires a concerted, focussed campaign to bar companies from employing these methods. We already have laws to cover the theft of media - we shouldn't also be caged as if presumed to be a criminal. DRM wants to take away our freedom to choose to act responsibly. Governments need to represent the people who are harmed by DRM, not the wealthy few that devise it. We need to lobby the government to remember who they serve. We need to name, shame, and *boycott* the companies who employ it (not to confuse them with the stores who are merely resellers - they can't change much alone). But who do we rally around? Can anyone identify a campaign underway?
Biting the hand that feeds IT © 1998–2019