Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
DRM Media The Internet

DRM In HTML5 — Better Than the Alternative? 268

Underholdning writes "DRM is coming to HTML5. The W3C published a working draft yesterday of the framework that will support the use of DRM-protected media. Ars Technica's Peter Bright reports on it with an article claiming that DRM in HTML5 is a victory for the open web, not a defeat. Bright argues that if HTML5 does not support DRM, then content providers will move their content away from open standards and implement it with native apps — abandoning the web in the process. Quoting: 'Keeping it out of W3C might have been a moral victory, but its practical implications would sit between slim and none. It doesn't matter if browsers implement "W3C EME" or "non-W3C EME" if the technology and its capabilities are identical. ... Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. Want to send DRM-protected video to an iPhone? "There's an app for that." Native applications on iOS, Android, Windows Phone, and Windows 8 can all implement DRM, with some platforms, such as Android and Windows 8, even offering various APIs and features to assist this.'"
This discussion has been archived. No new comments can be posted.

DRM In HTML5 — Better Than the Alternative?

Comments Filter:
  • by Hatta ( 162192 ) on Saturday May 11, 2013 @09:39AM (#43694895) Journal

    Neither can be used on a free platform, so what's the difference? How are platform specific encryption modules any better than platform specific native apps?

    • by magic maverick ( 2615475 ) on Saturday May 11, 2013 @10:03AM (#43695035) Homepage Journal

      Exactly. I won't be able to see restricted media on my system anyway. Because DRM - digital restrictions management - don't work without locking you out. It doesn't matter if it's an "open standard" or not. And, as noted in the article, this HTML5 thingy doesn't even provide an open standard for DRM. It provides hooks. That's it. The DRM will still be closed, will still not be a standard, and will still probably not run on open systems (most desktop Linux).

      And the W3C should have taken the pragmatic approach and said, "we don't want DRM to be associated with us, as it will tarnish our good name".

      This "standard" won't make things any better, because there will still need to be a closed blob to decrypt the restricted media. Whether it's viewable via a web browser, or not, is irrelevant.

      • The W3C is not concerned with free software. It's concerned with standardizing browser features so that the same web page will work the same in IE as it does in Firefox as it does in Chrome as it does in whatever other browser somebody made that conforms to the standard. The W3C would like to see that everything done on the internet is implemented in the web browser, including any proprietary code necessary to render a web site (such as minified JavaScript). The W3C specifically opposes the kind of Internet
        • by blackiner ( 2787381 ) on Saturday May 11, 2013 @10:42AM (#43695271)
          And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress.
          • by Jane Q. Public ( 1010737 ) on Saturday May 11, 2013 @02:30PM (#43696805)

            "And now they have paved the way for allowing only Microsoft and Google owned and patent encumbered DRM schemes. What progress???"

            There. Fixed that for you.

            For what it's worth, I agree. It has taken a while to shake out, but DRM, as a market concept, has been an almost complete failure. It simply doesn't stop people. If anything, it pisses people off and makes them more determined to break the DRM anyway.

            Look at HDMI, and CSS (DVD encryption CSS, not the web page kind). They're totally broken. It took a while for the HDMI protection scheme to be broken, but a couple of years ago a guy showed how it could be done with off-the-shelf tools, in a couple of days. (And now that the technique is known, it can be done by a hobbyist in a few minutes.) CSS was broken in even less time with DeCSS by "DVD Jon".

            Yet the industries are still using these broken technologies, and saddling consumers with the totally worthless cost.

            This has no place in an "open standard". I say get rid of it, and stop coddling the clueless, protectionist, blindly greedy corporations.

            • Correction: "it can be done by a hobbyist in a few minutes" should be "it can be set up by a hobbyist in a few minutes, and done at will".
        • by devent ( 1627873 )

          How will this be different with EME?

          With EME now you have ActiveX build in the Web. And a web browser will not be standard compliant if it can't access ActiveX.
          (replace ActiveX with the Content Decryption Module (CDM) of EME).

          Because all what EME is doing is to standardize an API to access those CDMs (aka proprietary binary blobs, Microsoft-owned patent-encumbered blobs).

          • Because ActiveX didn't have cross browser/cross platform hooks or ways of working that way. There was no way for an ActiveX control to work on a mac or unix.

            ActiveX was an API, and while open(ish), you couldn't implement it without carrying forward a ton of proprietary stuff (COM).

            • by devent ( 1627873 )

              So I ask again, what is the difference with EME? Sounds like you describe EME in detail.

              EME is an API, and while open(ish), you can not implement it without carrying forward a ton of proprietary stuff (CDM).
              Don't believe me? Prove me wrong. https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html [w3.org]

              The EME proposal don't even make it mandatory to return the decrypted content back to the browser.
              "CDM implementations may return decrypted frames or rendered them directly."
              Meaning, the C

              • The CDM isn't tied to a particular OS.
                The CDM isn't necessarily proprietary.
                CDM code can be cross platform (different OSes and different processors (Intel/ARM)).
                Additionally, the media will play within the context of the web page and should follow standard markup (styles, width, height, z-index, etc).

                • The CDM isn't tied to a particular OS.

                  Any given CDM is. Unless you expect a Windows binary to run on OS X or Linux.

                  The CDM isn't necessarily proprietary.

                  Yes it is. Oh sure, you could make it open source but you'll never get the sources for one that does anything useful.

                  the media will play within the context of the web page and should follow standard markup (styles, width, height, z-index, etc).

                  Much like how flash does now, where it's given a spot on the page but is otherwise independent of the browser.

                  Zero

              • I see you quoted "CDM implementations may return decrypted frames or rendered them directly.", however, that did not come from the specification, so I'm not sure where you got it from.

    • Neither can be used on a free platform, so what's the difference? How are platform specific encryption modules any better than platform specific native apps?

      The point is that it's not any worse. Platform-specific decryption modules may not be any better than native apps if you want everything you use to be open-source, but they have the practical advantage that if you don't need Flash or Silverlight to decrypt it anymore, you can just use a web browser. The interface is consistent and cheaper to build than

    • Re: (Score:2, Interesting)

      by Qwavel ( 733416 )

      It's about choice. If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out). That will generally be the few dominant platforms.

      If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services. This isn't guaranteed - there are various ways that Netflix (etc.) could still stop that from happening, but their support of this standard suggests that they actually want m

      • by Cajun Hell ( 725246 ) on Saturday May 11, 2013 @11:11AM (#43695539) Homepage Journal

        If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out).

        But what is being proposed, is identical to that. Consumers will only be able to use services like Netflix where Netflix deigns to create an implementation of their proprietary EME plugin.

        If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

        This is where the confusion lies. Nobody is suggesting making DRM itself a standardized part of the web; you're rooting for a side which isn't in the fight. They're talking about making a non-standard DRM component (something just as unportable as Flash and Silverlight, and subject to its ONE CREATOR'S whims) have standard API for the browser to use. This is a tiny little issue; Flash already used a defacto-standard API for the browser to inferface with. Such a defacto interface isn't maybe as good as a well-described one, so you could see this new API as a minor step forward, but it comes with the cost of legitimizing and endorsing something which is just completely ridiculous.

        I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

        That is not being offered by this HTML5 compromise, and it won't get you closer to that. If Netflix, as the one and only party in the world who will have the closed trade secret to make the Netflix decrypter, should decide to ever see fit to allow the specific non-dominant platform that you're thinking of, to join the list of platforms they support by making a Netflix plugin for it, they're just as likely to decide to allow an app on that platform.

        Allowing you to watch Netflix, is not something that is being standardized. That aspect would remain as closed as Flash's DRM. This is how all DRM must always be. The only way Netflix can ever be standardized such that you will be permitted to use it on a device of your choosing, is if they drop the DRM.

        Or if they were to standardize the DRM itself, I suppose that would work. But they wouldn't want to do that, since the whole point of DRM is to keep people from implementing it! :-)

        • The main problem I see with the "provide hooks to a DRM plugin" is this opens the door wide to malicious plugin installation using standardized dialogs and a process the end user will become familiar with. Reminds me of the issues Windows Media Player had (or might still even have) with files demanding a special codec/DRM. And what if someone spoofs Netflix or Hulu, replacing their plugin with a malicious one... it'll be interesting to see how this shakes out over the next few years. - HEX
          • by jbolden ( 176878 )

            How don't you have malicious plugin installation today? I have to make choices about browser based plugins and extensions all the time on safari / chrome / firefox...

            • All the time? I install Java and Flash, both from the companies websites, and never install anything that pops up in my browser which isn't very often. For multimedia codecs I use a curated package of codecs and once again ignore/delete anything else that gives me a "must visit website to view this file" since it's most likely fake. With proper ad blocking in Firefox/Chrome I get hardly any "helpful reminders to upgrade/install" while browsing the web, and Java/Flash releases are also not "all the time". -
      • by Microlith ( 54737 ) on Saturday May 11, 2013 @11:20AM (#43695613)

        It's about choice. If the web does not have DRM then consumers can only use services like Netflix where Netflix deigns to create an app (plug-ins are on their way out). That will generally be the few dominant platforms.

        It will be the same with this, because instead of having to compile their app for a platform they'll have to compile their EME module.

        If DRM is a standardized part of the web then anyone with a standards compliant browser can access those services.

        Unless they're on an unsupported platform.

        their support of this standard suggests that they actually want me to be able to use their service on my Playbook.

        I suspect you won't get Netflix on your Playbook unless Blackberry negotiates a licensing agreement with Netflix for their EME module.

        I want the choice to be able to stray beyond the dominant platforms and still use Netflix.

        And I sincerely doubt you will. This is about taking control, not granting you choice.

    • If they all move to proprietary apps away from open standards, then what's the problem? It'll be like back when everything was quicktime and you had to upgrade weekly to get the right version necessary to play that week's videos. The result in that case was that smart people learned to just not watch the stupid videos. If youtube dies from not having DRM in HTML then that sounds like a very good thing to me.

  • by twocows ( 1216842 ) on Saturday May 11, 2013 @09:43AM (#43694911)
    No.
  • Time to fork W3C (Score:3, Insightful)

    by Anonymous Coward on Saturday May 11, 2013 @09:43AM (#43694913)

    It would be nice to have a grass roots standards body which impletments the good works of standards bodies but chooses not to implement shill standards. Then grass roots software development can choose to use these standards rather than give in to the corruption of the standards process.

    • HTML5 was already formed as the result of a fork of the W3C called the WHATWG.

      • Re: (Score:2, Troll)

        by Hentes ( 2461350 )

        The problem is that WHATWG wants to throw web standards out the window instead of coming up with a better alternative.

    • Re: (Score:2, Insightful)

      Translation - the standards bodies should do what I want and listen to to one else. What I want is more more important than what anyone else wants.

      • They seem intent on listening to a very, very tiny base when it comes to ramming EME through. Apparently what Hollywood wants is more important than what anyone else wants.

        • No really, because having EME available and *you* as a developer not using them is exactly the same as EME not being standardised and *you* not using them.

          The addition of EME to the spec in no way changes your position, whereas the lack of addition to the spec does affect another developers position. Not including EME negatively affects other developers who want to use it, while including EME doesn't affect other developers who don't want to use it.

          If you cannot see the difference between those positions,

          • having EME available and *you* as a developer not using them is exactly the same as EME not being standardised and *you* not using them.

            Nope. I will undoubtedly be forced to use EME modules, not as a developer but as an end user. Of course, this is a redundant standard.

            The addition of EME to the spec in no way changes your position, whereas the lack of addition to the spec does affect another developers position.

            No it doesn't. It just means they have to use the existing plugin APIs. Or they have to do the w

    • It would be nice to have a grass roots standards body which impletments the good works of standards bodies but chooses not to implement shill standards.

      Now all you need is a product with mass market appeal and shelf space at Walmart which implements the geek's "grass roots" standards --- but can't play the Netflix, Amazon, Hulu or Google subscription video. Nothing Disney, Pixar or Marvel Comics.

      No Downton Abbey, no Game of Thrones.

  • Oh the horror! (Score:5, Interesting)

    by maxwell demon ( 590494 ) on Saturday May 11, 2013 @09:45AM (#43694917) Journal

    There would be content on the internet that is not on the web? Oh the horror! </sarcasm>

    Seriously, I want them to provide their own programs for DRM-protected stuff. That stuff just doesn't belong on the web. After all, even if it were made with HTML5+DRM and accessed through web browsers, it would still not really be part of the web, because I could not just fire up any web browser and watch it; I'd first have to install their proprietary DRM. So what is the big difference, if I have to install some proprietary code anyway? If it's a separate program, I'll at least know up front that it's not part of the web.

    Also, in my experience, native programs tend to have the better interfaces anyway.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      It's always the same bullshit. Make it easy for us by making your lives harder.

      It's long past the point where everyone should be telling the content barons to eat shit and die.

      The rest of the world generates masses of traffic, money and innovation - far more than the thugs in the content industry.

      Yet all we ever hear about is how everyone else should dance to the entertainment industry's tune.

    • Why doesn't DRM-protected stuff belong on the web? I dare you to answer my question without resorting to meaningless tautologies (such as 'DRM stuff doesnt belong on the web because that's not what the web is!').
      • by Motor ( 104119 )

        You can put what you want on the web.

        But why do you expect everyone else to pay the technical cost of it (the DRM infrastructure, lock in and lack of choice and innovation)?

        If you want DRM... then you maintain your own infrastructure and the associated costs.

      • by jbolden ( 176878 )

        I'm not sure where I stand on this But in the old days the web (really the internet since most of this was pre-web) was for the sharing of information and openness. DRM is fundamentally about selling information not sharing it. Its a bit late to talk about the days of the internet before business was on it. But I can see people wanting the open internet that existed say 20 years ago.

        There were real gains and real loses.

  • by Anonymous Coward

    There's an increasing amount of content that you can't view without DRM support, and people want to view this content. This should be enabled in the HTML standard, even if the plugins have to be platform specific.

    It's only going more in this direction in the future. I have a cousin who works for a major news agency to remain unnamed here, and there is a movement afoot in the news world to investigate DRM for protecting online news content. There is a realization that they cannot keep giving it away forev

    • This should be enabled in the HTML standard, even if the plugins have to be platform specific.

      Why?

      It's only going more in this direction in the future.

      Then things will only get worse.

      have a cousin who works for a major news agency to remain unnamed here, and there is a movement afoot in the news world to investigate DRM for protecting online news content. There is a realization that they cannot keep giving it away forever.

      So destroy web browsers and force them to betray their users and treat them as crimin

  • by mounthood ( 993037 ) on Saturday May 11, 2013 @09:50AM (#43694953)

    Maybe this will help:
    1. Open and Standardized is good.
    2. DRM is not Open. (This is simply its nature.)
    3. DRM can be Standardized with HTML5 extensions.

    The problem is confusing point one with the FOSS attitude of wanting systems that are open. Standardization is not advocated by any open source group or in any open license. Standardization is an artifact commonly associated with free/open systems, but it's presence doesn't mean the system is free or open.

    • Standardization, not openness, is the primary goal of the W3C.
    • by devent ( 1627873 ) on Saturday May 11, 2013 @11:00AM (#43695431) Homepage

      EME is not a standard of DRM. EME is a standard to access DRM via API. That is a very big difference.
      _If_ EME would be a standard of DRM, then anyone could implement the DRM and see the videos.

      But EME just make the API standard do access DRM to decrypt the content. DRM can not be standardized, it's the very nature of DRM.

    • Maybe this will help: 1. Open and Standardized is good. 2. DRM is not Open. (This is simply its nature.) 3. DRM can be Standardized with HTML5 extensions.

      The problem is confusing point one with the FOSS attitude of wanting systems that are open. Standardization is not advocated by any open source group or in any open license. Standardization is an artifact commonly associated with free/open systems, but it's presence doesn't mean the system is free or open.

      1. Open and Standardized is good.
      2. DRM does not work. (I have to see or hear the output.)
      3. DRM can not work on my OS that I compiled myself, because I control MY computer. Hardware DRM must be invoked by software, I control all the software. In a virtualized system, I also control the hardware through the software.

      The problem is ignoring point two, and trying to ramrod inherently non features into an otherwise point one compliant system, in ignorance of point three. This means the whole effort is

    • DRM is not Open. (This is simply its nature.)

      That depends how you define "open." There's no reason whatsoever that you couldn't have an open source DRM system, for example. And let's not forget that the entire point of this is to add an open standard for DRM.

      • by gl4ss ( 559668 )

        DRM is not Open. (This is simply its nature.)

        That depends how you define "open." There's no reason whatsoever that you couldn't have an open source DRM system, for example. And let's not forget that the entire point of this is to add an open standard for DRM.

        well there is the tiny reason that if you can change the code to save the decoded data then the drm becomes just transport time cryptography...

  • The central problem with DRM is that it stops only honest people. Anything that is located entirely on the user's computer in obfuscated form and plays from there can be cracked, and crackers will crack it, whereupon the cracked goods will quickly find themselves on BitTorrent and other sharing networks.

    The thing is, competing with free isn't that hard. If you offer high-quality goods for a reasonable price, using an open format, at a convenient location, customers will buy from you. How did Tower Record

  • by rbprbp ( 2731083 ) on Saturday May 11, 2013 @10:30AM (#43695189) Homepage
    "Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. "
    So what is wrong with this, exactly? If you want to distribute DRMed content, you are fully free to use your own means. Let the web stay DRM-free, as it should be.
  • by westlake ( 615356 ) on Saturday May 11, 2013 @10:36AM (#43695225)

    The reality is that every Internet enabled device in your home or car supports subscription services and protected media content. Each to some degree pushes the "open web" browser further into the background.

    The Windows 8 Start Page makes that explicit.

    If the app becomes your primary source for music, videos, books, newspapers, magazines and games, it isn't much of a stretch to imagine the app becoming your primary source for other content and services as well.

  • And I will switch away from them.

  • I hate DRM like everyone here, but I would rather have the choice to purchase DRMed content than to be completely locked out just because I am not on the 'preferred platform'.

    Hopefully DRM will die a natural death from people voting with their wallets when there are alternatives. In that case the act of having HTML5 DRM just gives DRM more rope to hang itself with.

    • You'll still be locked out, because the proposal involves proprietary binary blobs that perform the actual decryption, which won't exist for your platform.

      The only "standard" part is the browser hooks for those modules to plug into.

  • I'm an old fart who got his first computer in the seventies.
    There were always content protection, copy protection and whatnot.
    And they never worked.
    This won't either.

  • The alternative being a system where open standards should support our freedom rather than bow to a selection of equally oppressive options? No, it's not better than the alternative.
  • If protected content works on Linux, then I can't use the argument that the content providers do not care about the Linux market and its revenues. Then I won't have an excuse for stealing the content and saying that they aren't losing any money from my theft.

    Reality is, I don't care. The vast majority of commercial content is crap, anyway. It's not even worth stealing. I just like arguing against whiny CEOs who want everything to be done for them.

  • Nobody likes DRM. But we've got plenty of experience with DRM provided as part of proprietary software packages.

    It reeks badly. You get root kits, various spy features, ads, you name it.

    If I'm going to have DRM in order to get online delivery of media I sure as the dickens would rather have as part of an open source product that is subject to code review rather than the alternative.

    • The the source it totally open, then it's not DRM. If I can rebuild it (because it's properly open sources), I can modify it and remove DRM-specific features.

  • Fuck. You.

    What I wish Tim Berners Lee^W^W^W W3C understood about DRM. [guardian.co.uk]

    Patent licences are administered by a licensing authority (LA), which creates a standard set of terms for licensing. These terms always include a list of features that the manufacturers may not implement (for example, you may not add a "save to hard drive" feature to a DVD player)

    How long do you think we have until the back button and close window button are disabled for video ads online?

  • I don't have a problem with DRM in HTML 5 Standards, as long as there is also a way to effectively and automatically set one's browser to ignore and not display any DRM content or mechanisms seeking payment for seeing that content. If people want to encrypt their data and not let me see it that's fine with me as long as they don't force me to spend any time what so ever otherwise using the remaining HTML 5 content or navigating around intrusive DRM content.

    DRM content, out of sight, out of mind. Otherwise

  • by HalAtWork ( 926717 ) on Saturday May 11, 2013 @12:04PM (#43695929)
    I don't want binary blobs* to be included in a document for what is supposed to be read on a cross-platform interpreter. The binary blob will not work in this situation anyway (different CPU/OS APIs/etc), so why include it as part of the standard? It might as well be an external app or plugin.

    * The Content Decryption Module (CDM) required to interpret/implement the DRM
  • If you want an open web, then certainly this DRM should also have to open, right?
    I mean, anyone should be able to use it for their own content, it being a part of this open framework and all.
    • They don't need our help; whole businesses have been formed around the lack of DRM from day 1. We can continue just fine without DRM just as we have for decades. Needing Apps or crippled apps in the form of browser plug-ins has been the norm for decades. It creates a hurdle for anybody implementing DRM; which promotes an open web.

      This is the same BS we hear all the time... there would be no film, no plays, no music, no culture if we didn't have copyright - there would be no technology without patents... as

      • Yup, one basket for all those eggs.
        Shame about any master key(s)/source code getting released after widespread adoption.;)
  • I think an HTML5 DRM standard actually would be a good thing. It would create much more competition for streaming video and reduce vendor lock-in.

    Eventually, competition might push Apple to allow streaming iTunes content to other platforms, and to allow Google Movies on iPad.

  • I see this as a victory for content providers (since they have one more distribution channel, and more profit), not for users (who'll slowly get DRM shoved down their throats even more).
    I currently use NOTHING with any form of DRM. Will I have to blacklist firefox in future as well? How's that a victory for me?

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...