Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Firefox DRM Media Mozilla

How Firefox Will Handle DRM In HTML 361

An anonymous reader writes "Last year the W3C approved the inclusion of DRM in future HTML revisions. It's called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, it had the support of several major browser makers, and now Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, 'This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. ... From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. ... Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.'"
This discussion has been archived. No new comments can be posted.

How Firefox Will Handle DRM In HTML

Comments Filter:
  • by lesincompetent ( 2836253 ) on Wednesday May 14, 2014 @02:48PM (#47001701)
    THIS is a good reason to oust a Mozilla CEO.
  • by Lord Kano ( 13027 ) on Wednesday May 14, 2014 @02:52PM (#47001763) Homepage Journal

    Mozilla just ousted their chair over something that screws over far fewer people than this.


  • by Arker ( 91948 ) on Wednesday May 14, 2014 @02:56PM (#47001799) Homepage
    PaleMoon is a Firefox fork that appears to be doing very well. I dont know for sure, but I suspect they will correctly sort this into the unwanted features bucket and skip it.
  • Re:Not relevant (Score:5, Insightful)

    by Jeremiah Cornelius ( 137 ) on Wednesday May 14, 2014 @03:09PM (#47001927) Homepage Journal
    Drop the browser. It's no longer a question if web standards are fucked, and that your arse is what's offered for the fucking.

    Gopher over TOR.

  • by Drethon ( 1445051 ) on Wednesday May 14, 2014 @03:13PM (#47001959)
    How long before someone codes a module to bypass the DRM handling?
  • by Microlith ( 54737 ) on Wednesday May 14, 2014 @03:19PM (#47002021)

    Does Firefox's architecture actually get in the way of users eventually pirating the content?

    I doubt it, but it's likely that the CDM will attempt to check the Firefox binary and assert that the one loading it is signed by Mozilla and refuse to operate otherwise.

    It's the CDM's job to fight off attack attempts against itself, not Firefox's. All Firefox will do is attempt to isolate the (undoubtedly security hole riddled) CDM and protect the end user from it - but given the closed source nature of the CDM this may not be possible.

  • by Microlith ( 54737 ) on Wednesday May 14, 2014 @03:20PM (#47002043)

    It's important that a browser protect me and my rights on my system, not the business model of other DRM-happy corporations.

  • by Anonymous Coward on Wednesday May 14, 2014 @03:26PM (#47002115)

    But this is an open-source browser we're talking about. If we don't want DRM, we can make a build of it without the DRM piece.

    Being open-source has nothing to do with this. The number of people who will use a fork is essentially zero when compared to Firefox's total userbase.

    The problem is that Mozilla has thrown away the power that comes from being able to speak for hundreds of millions of users out of fear of losing some of those users. That's a path to irrelevancy, they've traded the vision that made them popular in the first place for the hope of maintaining marketshare. It is a total MBA move, as if Mozilla should be driven by profits instead of advocacy.

  • by Blue Stone ( 582566 ) on Wednesday May 14, 2014 @03:34PM (#47002211) Homepage Journal

    >Does Firefox's architecture actually get in the way of users eventually pirating the content? Might have to switch browsers if that's the case.

    Remember, DRM doesn't just stop 'piracy', it stops fair use of copyright content too.

  • by bmajik ( 96670 ) <> on Wednesday May 14, 2014 @03:37PM (#47002245) Homepage Journal

    The Hurd isn't a viable alternative because it isn't needed.

    Stallman had a vision of a completely free as in speech computer system. When he started, that meant, OS, tools, and application software.

    It was a radical strawman against the beginnings of an industry of for-profit software with intellectual property laws.

    It turns out that Stallman and his friends created the programmable editor, the compiler suite, the tool chain, the user-space unix tooling..

    and them some Finnish guy and his friends came along and made the OS kernel.

    The point is that now, not only is there a free OS and development tool chain -- more successful than Stallman could have ever managed -- there is an entire philosophy around free-as-in-speech software.

    Stallman has been more influential on how we think about an use computer software than arguably just about anyone. I would at least put him in the same room as a Woz or a Bill Gates.

    The market share of Hurd is the wrong metric. The fact that my company -- Microsoft -- is releasing more and more of our stuff as free-as-in-speech software -- that's the metric.

    Let's objectively look at what Stallman started.

    Let's use this metric: how many Fortune 100 companies have capitulated to _your_ philosophical demands?

  • by Arker ( 91948 ) on Wednesday May 14, 2014 @03:40PM (#47002281) Homepage
    Obviously you are correct. A UI which exposes control interfaces to the user is bad. The future is to expose control interfaces ONLY to remote ad agencies, and keep the dirty users in their place.

  • by wagnerrp ( 1305589 ) on Wednesday May 14, 2014 @03:40PM (#47002287)

    How are you going to check the binary if you've explicitly isolated the CDM from any access to the system? Either you allow the CDM direct access to the OS so it can perform the check on its own, or you can provide an interface that can be trivially spoofed. If the CDM access the OS directly, aside from the security implications that causes, now your open source OS can attack it in the same exact manner, returning whatever information the CDM wants to see, rather than the reality.

    The simple truth is that you cannot have open source anything anywhere within the code chain from the point the content exits the CDM to the point the content is sent along with wire to your display device. If you are breached anywhere, then your system is insecure, and if your system is insecure, your content will be stolen and freely distributed on the internet. All you've prevented with all this DRM is the typical honest customer from being able to flexibly access the content in the manner they chose. The typical honest customer needs to be taught this, that DRM has nothing to do with stopping piracy, and everything to do with artificially restricting their abilities. Education is the key to fighting all forms of oppression.

  • by bmajik ( 96670 ) <> on Wednesday May 14, 2014 @03:41PM (#47002301) Homepage Journal

    Obviously, because I think she's neither foolish nor hypocritical.

    There's a class of people who respond to Ayn Rand with ad hominem. Which is funny -- She wrote a lot of pages -- more than I care to read in one sitting. In all that, somewhere, you'd think there's be fertile soil for a response more intellectually stimulating than, "she's a crank".

    Fault her for whatever reasons you've faulted her, but to me, nobody has more constancy and conviction in their writing in favor of doing the right things for the right reasons. The importance of principle is central to everything she ever wrote.

    The Mozilla conversation is about principle vs. pragmatism, and I think her quotes on the topic are highly relevant.

  • by marcello_dl ( 667940 ) on Wednesday May 14, 2014 @03:46PM (#47002387) Homepage Journal

    Exactly, this is a bad move no matter what. Because FF should have let third parties write a plugin and waited until it was inevitable before including it, if ever. With this move they threw their weight IN SUPPORT of it, from a practical point of view. Because now people will say: see this scheme is supported by all major vendors, let's go for it.

    That it's a w3c standard, it is not relevant. In fact "we implement only the sane things out of w3c" would have been a marketing bullet point. No, not now: when remote wipings of DRM protected stuff start happening.

  • by Derek Pomery ( 2028 ) on Wednesday May 14, 2014 @04:09PM (#47002673) []

    Well, here you are standing on principles. :)

    You wanted to watch Youtube vids, so you run Google Chrome, which has even more liberal implementation of this DRM.

    You didn't boycott Youtube.

    So, this is why Firefox is implementing it. They no longer have the leverage. Google Chrome is bundled with Flash, with Adobe Acrobat, with Oracle Java. It is pushed on every google website people interact with - Search, Plus, Docs, Youtube, Translate. There's the google app store, ChromeOS, Android...

    I doubt Brendan would have held out against this either. Firefox' choice is to accede to its users, or become even more marginalised.

    I'm glad they are using their limited remaining leverage to try and at least ensure user privacy and security and offer something that is cross-platform, with an open source auditable wrapper and actually works under Linux.

  • by Microlith ( 54737 ) on Wednesday May 14, 2014 @04:11PM (#47002693)

    That's why they are only permitting the DRM module the bare minimum it requires to do it's job. Thus protecting your system from unauthorised access by the DRM module.

    And I don't believe for a moment this is possible. Not by fault of Mozilla, but by what is necessary for the CDM to function and enforce the DRM protections.

    The moment a browser (or OS) tries to put in technological measures to defend against the owner, your computer is not yours.

  • by NotDrWho ( 3543773 ) on Wednesday May 14, 2014 @04:18PM (#47002799)

    90% of Mozilla's income comes from Google.
    Google owns YouTube.
    YouTube uses this DRM.

    'nuff said

  • by lgw ( 121541 ) on Wednesday May 14, 2014 @04:31PM (#47002975) Journal

    No one is forcing you to consume the DRM'd content, if it offends you.

    I think this will end up with the ideal solution: DRM good enough to make the content providers happy, but constrained enough that, well, the impossibility of the underlying task will be revealed in certain circles.

    Remember, Netflix doesn't actually care whether anyone pirates their streams. They care that they have fulfilled their contractual obligations to protect their streams. The way I see this playing out, everyone wins except perhaps the IP owners. Utility maximized.

  • Sad seeing this (Score:4, Insightful)

    by sasparillascott ( 1267058 ) on Wednesday May 14, 2014 @05:47PM (#47003839)
    It's sad seeing this, but its also good to keep in mind - this standard was pushed by Microsoft, Google and others. As such its already "live" in Chrome (as of Release 25 if memory serves, current Chrome release is 29 I believe) as its in WebKit (so ad Safari and Opera as well). Microsoft will add it to IE if they haven't already - leaving Firefox and its slowly dwindling user base. Since 75% of the PC web and nearly all of the mobile web will be making use of this - it'd be a market share death sentence for Mozilla to take a stand and say we just won't implement these "standards" in Firefox - (JMHO, but most general users would notice that what they want using this cgap works with Chrome, IE etc. and not with Firefox and just stop using Firefox making the Firefox user base melt away faster). I don't like Mozilla doing this, but I can easily understand why they are.
  • by bzipitidoo ( 647217 ) <> on Wednesday May 14, 2014 @06:32PM (#47004315) Journal

    Much of this conversation is beside the point. You talk like DRM is an acceptable tool for a desirable motive. It is neither.

    Not only is DRM an unsound idea that simply does not work, it and the idea of intellectual property it's meant to protect are immoral. That's right, immoral. Our very ability to communicate with each other, and share valuable ideas and information, is at the core of our intelligence, and is what put us on top of the animal kingdom. Sharing is a natural right. To give that up, voluntarily give that up, is to embrace a new status making us no better than sheep, fit only to be fleeced repeatedly. These scumbags in the content industries have misunderstood, perhaps deliberately, the differences between ownership and authorship, and the material and scarce vs the immaterial. Authorship does not mean the power to deny all usage and derivate work, until they get around to individually approving each proposal and only if they please. They are out to control all communications, stifling that which they can't manage, which by necessity would be the bulk of all communication as they haven't the means to handle the sheer quantity, by asserting that they should be compensated every time people share anything they were in any way involved in, and that the only fair way to accomplish this is by controlling all copying so every single occurrence of it can be taxed. And of course to do that requires extreme control of the sort necessary to make DRM actually function somewhat.

    If there are risks in fighting DRM, it is our civic duty to take those risks, to preserve the freedoms our ancestors fought so hard to win for us. The risks are in any case little enough. The control freaks who want to monopolize and monetize all content do not have the power to go after everyone. There are other ways to compensate artists. Big Media still doesn't want to be bothered trying them, and admitting that they might work. Instead they have the gall to ask the rest of us to make the truly insane sacrifices it would take to really make their horrible vision work, and act as if they aren't asking much, putting on this hurt and baffled attitude and crying that artists will surely starve. We are NOT going to give up the Internet, flash drives, cell phones, home movie theaters, or even public libraries and used book stores. We are not going to turn the clock back to the 1980s, and artists will not starve and art will still be created.

    This ramming of DRM down our collective throats and into the HTML standard is at best a waste of effort that will have no effect. At worst, it will harm the Internet, slowing it down and blocking some things. If, somehow, it kills the Internet, Big Media would celebrate. That's the kind of trolls they are. But it won't accomplish the destruction of the Internet or the elimination of piracy. I think the only reason the DRM was allowed is that we knew it would be ineffective and only slightly damaging if that, and so we could afford to humor them in this matter. And they problably bribed key people, maybe tried some threats too.

  • by exomondo ( 1725132 ) on Thursday May 15, 2014 @12:22AM (#47006291)

    It's important that a browser protect me and my rights on my system, not the business model of other DRM-happy corporations.

    And you can have that because this is open source software. Mozilla doesn't have to do what you feel is important. The whole advocacy of free software is such that the user can change/remove things he/she does not want and even to fork it if they don't like the developers' ideology.

    The solution is there, it's the solution you have been advocating for so stop bitching that Mozilla isn't catering to your specific needs in every way you demand them to and use it, it's Free Software!

In less than a century, computers will be making substantial progress on ... the overriding problem of war and peace. -- James Slagle