EFF resigns from W3C over their Encrypted Media Extension DRM standard
September 18, 2017 12:16 PM   Subscribe

Holy shit. Somewhat expected, since noises were certainly being made about DRM being incompatible with W3C's founding principles. Still. I hope this doesn't have the opposite of the desired effect.
posted by aspersioncast at 12:22 PM on September 18, 2017 [1 favorite]

HTML5 DRM finally makes it as an official W3C Recommendation - 30.8% of W3C members disapproved of the decision. (Peter Bright for Ars Technica, Sept. 18, 2017)
The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining.

EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion.

The development of EME has been contentious. There are broad ideological and legal concerns; some groups, such as the Free Software Foundation, oppose any and all DRM in any context or application. Some do not object to DRM, per se, but are concerned by regulations such as the US' Digital Millennium Copyright Act (DMCA). Under the DMCA, bypassing DRM is outlawed, even if the bypass is intended to enable activities that are otherwise legal. These concerns are particularly acute in the context of the Web; for many the Web should be open, without any kind of technological restrictions on what can be done with Web content. The protection that DRM offers is seen as anathema to this. Moreover, while browsers themselves can be fully open source, CDMs are built using proprietary, secret code with no source available.

The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. While the use of DRM for perpetually licensed music has largely fallen out of favor, DRM protection for subscription services, both audio and video, remains alive and well, and the industry has argued that these services could not exist without some kind of content protection. This gives these groups three options for distributing content: proprietary plugins, such as Flash and Silverlight; proprietary standalone applications in various app stores; or HTML5 video with some kind of DRM system. EME provides this final option.
Peter had more thoughts previously: DRM in HTML5 is a victory for the open Web, not a defeat -- W3C's decision to publish a DRM framework will keep the Web relevant and useful. (March 6, 2017)
Even if W3C decided to drop EME, there are enough important companies working on the spec—including Netflix, Google, and Microsoft—that a common platform will be built. The only difference is whether it happens under the W3C umbrella or merely as a de facto standard assembled by all the interested parties. Keeping it out of W3C might have been a moral victory, but its practical implications would sit between slim and none. It doesn't matter if browsers implement "W3C EME" or "non-W3C EME" if the technology and its capabilities are identical.

These groups are opposed to DRM on principle. The FSF brands systems that support DRM as "defective by design," and insofar as DRM can impede legally protected fair use of media, it has a point. There's a tension between DRM (itself legally protected courtesy of the DMCA) and permissions granted by copyright law.

However, it's not clear that EME does anything to exacerbate that situation. The users of EME—companies like Netflix—are today, right now, already streaming DRM-protected media. It's difficult to imagine that any content distributors that are currently distributing unprotected media are going to start using DRM merely because there's a W3C-approved framework for doing so.
Moreover, a case could be made that EME will make it easier for content distributors to experiment with—and perhaps eventually switch to—DRM-free distribution.

Under the current model, whether it be DRM-capable browser plugins or DRM-capable apps, a content distributor such as Netflix has no reason to experiment with unprotected content. Users of the site's services are already using a DRM-capable platform, and they're unlikely to even notice if one or two videos (for example, one of the Netflix-produced broadcasts like House of Cards or the forthcoming Arrested Development episodes) are unprotected. It wouldn't make a difference to them.

That wouldn't be the case if Netflix used an HTML5 distribution platform built on top of EME. Some users won't have access to EME, either because their browsers don't support the specification at all, or because their platform doesn't have a suitable DRM module available, or because the DRM modules were explicitly disabled. However, every other aspect of the Netflix Web application could work in these browsers.

This kind of Netflix Web app would give Netflix a suitable testing ground for experimenting with unprotected content. This unprotected content would have greater reach and would be accessible to a set of users not normally able to use the protected content. It would provide a testing ground for a company like Netflix to prove that DRM is unnecessary and that by removing DRM, content owners would have greater market access and hence greater potential income. Granted, it might also come with the risk of prolific piracy and unauthorized redistribution, so it might serve only to justify the continued use of DRM.

With plugins and apps, there's no meaningful transition to a DRM-free world. There's no good way for distributors to test the waters and see if unprotected distribution is viable. With EME, there is. EME will keep content out of apps and on the Web, and it creates a stepping stone to a DRM-free world. That's not hurting the open Web—it's working to ensure its continued usefulness and relevance.
Rather a long pull-quote, sorry, but not sure if there's a cleaner break to keep all the ideas together.
posted by filthy light thief at 12:27 PM on September 18, 2017 [6 favorites]

insofar as DRM can impede legally protected fair use of media, it has a point.

A pretty strong one, I'd say.
posted by kenko at 12:33 PM on September 18, 2017 [4 favorites]

Importantly, the EFF attempted to negotiate with the W3C to obtain exemptions for important groups, especially security researchers, but the W3C refused. This will make the web significantly less secure since currently users can be dissuaded from installing plugins. That is negligence on the W3C's part.

As an aside, the W3C appears incapable of addressing modern security concerns across many of their current efforts: There is a dangerous amount of personal information like shipping addresses being handled by the browser in their proposed web payment specification, making it a risk vector for identity theft. We should expect their verifiable claims spec to break the browser's cross origin policy, making it harder for users to avoid tracking, and to make it harder to avoid revealing personal information in many contexts.
posted by jeffburdges at 12:33 PM on September 18, 2017 [1 favorite]

EME=See Below
CollapseEncrypted Media Extensions (EME) is a W3C Recommendation

18 September 2017 | Archive

illustration of movies on the Web showing a ticketThe HTML Media Extensions Working Group published Encrypted Media Extensions (EME) as a W3C Recommendation today. Encrypted Media Extensions (EME), which extends the ‘HTMLMediaElement’ element of the HTML specification, is an Application Programming Interface (API) that allows playback of protected content in Web browsers. Combined with W3C’s Recommendation Media Source Extensions (MSE) which provides the API for streaming video, EME is the most common practice today that allows Web developers to stop using plugins to deliver commercial quality video over the Web. Please read more in our Press Release.

There is a lot of word salad to ingest in order to understand this, and I will read through it, but I thought for complete duh!ers such as myself, I would put in some definitions.
posted by Oyéah at 12:35 PM on September 18, 2017 [2 favorites]

Mozilla: "Adobe and the content industry can audit our sandbox (as it is open source) to assure themselves that we respect the restrictions they are imposing on us and users"

Perhaps I'm imagining something between the lines: "this is how it's done, guys, FYI, even if it turns out you're constitutionally incapable of extending the same courtesy."
posted by wildblueyonder at 12:50 PM on September 18, 2017 [1 favorite]

As we well know, lack of DRM has bankrupted the sale of music on iTunes, while proprietary DRM on streaming video has eliminated piracy altogether.
posted by pashdown at 1:17 PM on September 18, 2017 [38 favorites]

This is your friendly reminder that DRM has nothing to do with preventing piracy and is entirely about giving media companies control over software vendors and device manufacturers. DRM does not prevent piracy. DRM does ensure that a movie studio can say what your cell phone or web browser can do. And it ensures you have to buy all your movies again if you bought them on iTunes and want to switch to a Samsung.
posted by zachlipton at 1:23 PM on September 18, 2017 [36 favorites]

This will make the web significantly less secure since currently users can be dissuaded from installing plugins.

Really? People were dissuaded from installing flash? This makes the web more secure, as the actual attack surface for these plugins is much smaller than things like Flash and Silverlight. And two, if this was such a significant security threat for the web, why hasn't it been exploited yet? EME is already a part of Chrome, Safari, Firefox and Edge. This support is not new, it was an informal standard way before it was a standard one. You'd think that having a nice fat target to hack in the current browsers would have led to all manner of vulnerabilities being found in EME.

EFF's stance is that of a two year old huffing that they can't have dessert before dinner. Looking at the mailing list, it's no surprise that Cory Doctorow was arguing for them.
posted by zabuni at 1:36 PM on September 18, 2017 [3 favorites]

Why do I feel like this whole thing is an argument from 2005?
posted by Huffy Puffy at 1:40 PM on September 18, 2017 [1 favorite]

Oyéah: that's a great idea to link to some definitions, but you have the wrong definition of DRM there, the one you want is this one: DRM
posted by idiopath at 1:46 PM on September 18, 2017 [2 favorites]

Yeah, feels like a lot of the same arguments about Trusted Computing, just with HTML scrubbed in where appropriate.
posted by Kyol at 1:47 PM on September 18, 2017

Why do I feel like this whole thing is an argument from 2005?

More like 2012, but still, yeah, this has been a long ongoing thing.
posted by zabuni at 1:51 PM on September 18, 2017

I liked the WWW a whole lot more before it was commercialized. It only took a few decades, but I've been ground down enough to no longer care. I'll just live down here in the cracks where folks still serve text, HTTPS is overkill, and lynx is perfectly cromulent.
posted by Fezboy! at 1:56 PM on September 18, 2017 [12 favorites]

I sure wish that someone other than Corey Doctorow was leading the EFF here. I am VERY aligned with the EFF's mission but I don't trust his judgement one bit.
posted by n9 at 2:01 PM on September 18, 2017 [8 favorites]

Is this DRM going to like existing DRM on Netflix and other streaming content? Because that stuff gets pirated within a few hours of release.

I suspect this will only affect legitimate users, and not, for example, me.
posted by ryanrs at 3:36 PM on September 18, 2017 [3 favorites]

It is what Netflix uses. The code is already in the browsers.
posted by zabuni at 4:21 PM on September 18, 2017 [1 favorite]

This makes the web more secure, as the actual attack surface for these plugins is much smaller than things like Flash and Silverlight.

Damning with faint praise, eh?

When the day comes that plugins are just done, this is a somewhat reasonable point.

But it depends on the chain of reasoning that says DRM is a business necessity and so if there's not web-native DRM the business cannot be done web-native so either plugins or web-native DRM or business cannot be done. And there are some reasonable challenges to that. I don't think it's at all clear DRM *is* either necessary to make a content-oriented service run effectively or sufficient to guarantee the incentives work.

Meanwhile, sure, if our only choice is to swap complete runtime plugins for encrypted media extensions, I suppose that on a practical level the net effect is likely better security. The problem is that it also establishes a lower ceiling for that security via a mechanism that may be legally inauditable and baking that in. There's room for debate about whether that's a reasonable tradeoff even if you accept the premise that DRM is necessary. If you think that premise is questionable, then of course you're cranky about it, because the world you can see involves both the end of plugins AND legally opaque content control schemes.
posted by wildblueyonder at 4:21 PM on September 18, 2017 [1 favorite]

The lack of an exemption for security researchers is the potentially catastrophic bit.
posted by phooky at 5:35 PM on September 18, 2017 [4 favorites]

I don't think it's at all clear DRM *is* either necessary to make a content-oriented service run effectively or sufficient to guarantee the incentives work.

Netflix disagrees, and they may know more than you about making a content oriented service. And one of the big issues about this whole thing is that no one ever made that argument to Netflix. I mean, there is this, but seriously. Even Doctorow's BoingBoing, has, in between his complaints, posts about trailers for upcoming Netflix originals.

And it's very telling that one of the major proponents on w3c's mailing list for EME was one Mark Watson, grand high boobah of streaming standards for Netflix. And I could see no real engagement with him on a personal level by the EFF. As Netflix went, so went Mozilla, and so went the standard.

EFF lost this fight years ago.

Bonus: if you want to see it from Netflix's side, this is a pretty good summary made in 2013 by Watson. It's a reply to someone else, and his parts are prepended with MW>.
posted by zabuni at 6:05 PM on September 18, 2017 [1 favorite]

It's depressing that some people on here apparently think giving Netflix and Youtube more power over devices that you theoretically own is a good thing. But it's not at all surprising.
posted by adrienneleigh at 6:55 PM on September 18, 2017 [4 favorites]

adrienneleigh: how is it giving them more power? This only applies to web browsers and in every case the system in use is the one designed by the device's manufacturer: Google's DRM on Android/Chrome, Apple's on iOS, and Microsoft's on Edge (earlier this was Adobe or Microsoft via plugins). Netflix never had direct control over the device except as a customer licensing those playback systems. The W3C has no control over that and since it already shipped a long time ago this is basically acknowledging the web as it exists in 2017 rather than some hypothetical future scenario which can be stopped.

The main thing which the Doctorow side of this debate tends to lose track of amongst all of the nerd-rage is that consumers really like Netflix and have overwhelmingly voted with their money. There was no option where the content people want was available without DRM, and few people stopped paying long enough to make a point.

This was killing Firefox until Mozilla gave up trying to fight this solo. I don't see how we make any progress without changing the game: close to 90% of users use a browser made by a DRM vendor — and Apple/Google run content stores as well — the W3C is basically irrelevant. Barring a major change like regulation mandating user control or Firefox starting to see a big uptick in usage it just doesn't seem like there's much chance to do something other than lose a battle most people don't care about.
posted by adamsc at 7:26 PM on September 18, 2017 [3 favorites]

There's a bunch the W3C could have stood up for here even if they insisted on moving forward. At a minimum, the W3C could have not dismissed out of hand the objections of those concerned about the lack of a covenant regarding anti-circumvention regulations. The best they did was "recommend" that companies not have security researchers thrown in jail over their spec.

The spec sets standards for what a CDM should do to protect users, but they're merely "should" recommendations rather than requirements. Other requirements for CDMs are normative, but if someone who peeks behind the curtain to find out what the software is actually doing, whether it even conforms to the spec's requirements for user privacy, is risking criminal charges under the DMCA. That's not a battle most people care about, no, but it's one the responsible standards organization ought to care about.

W3C didn't have to bless this either. They could have said "this is not the web; we're a web standards organization and want no part of something that hurts the open web" and made people go standardize it someplace else.
posted by zachlipton at 8:10 PM on September 18, 2017 [9 favorites]

boy the w3c really messed up bad by getting the EFF to resign, the EFF Browser is used by many people and now they're going to go off and do their own thing
posted by indubitable at 8:13 PM on September 18, 2017 [5 favorites]

The main thing which the Doctorow side of this debate tends to lose track of amongst all of the nerd-rage is that consumers really like Netflix and have overwhelmingly voted with their money. There was no option where the content people want was available without DRM, and few people stopped paying long enough to make a point.

I'm not sure how much your second sentence here works in favor your first (which is not to take a position on the right strategic choice on the EME thing.)
posted by atoxyl at 8:52 PM on September 18, 2017 [2 favorites]

Move along, fair use people, there's nothing to see here.

No, literally, there's nothing to see here.
posted by xigxag at 10:26 PM on September 18, 2017 [1 favorite]

Netflix disagrees, and they may know more than you about making a content oriented service.

I don't see that Netflix has an argument to the effect that DRM is necessary or sufficient. From what you linked, the primary reason they care at all about this issue (and probably the only reason) is because the rightsholders care. No argument is advanced for why the rightsholders care. As far as I can tell, the answer might well be "because they can" as anything else.

And Netflix doesn't seem to have lived out the counterfactual of a world where no DRM exists on the web and the rightsholders they work with have to choose to negotiate their contracts with services on a DRM-free platform or leave that enterprise open to people who don't care about their rights and negotiating at all.

On the other hand, as others have pointed out, we *do* know that there are other content-oriented sectors where people have just ditched DRM and been fine. Non-DRM mp3s have been the basic commodity for retailed digital recordings for the last decade and streaming is absolutely trivial to capture audio from, but revenues are still growing. Likely because fundamentally, most of the population falls into the category where either they're motivated to act reciprocally when they receive something they perceive as valuable or the category convenience is as good a backup motivator as a lock. Probably both.

If either you or Netflix fundamentally so much more about the whole enterprise than everybody else, as you implied earlier, perhaps it would be straightforward to make an argument that clearly refutes these points.

Bright's argument quoted upthread is the closest thing I can see, and it really doesn't actually refute these points, it just says that they're less relevant as long as key rightsholders don't care and aren't under force of some external policy to understand them.

The main thing which the Doctorow side of this debate tends to lose track of amongst all of the nerd-rage is that consumers really like Netflix and have overwhelmingly voted with their money. There was no option where the content people want was available without DRM

On top of the problem atoxyl pointed out with these two sentences, it's a pretty astounding claim that you can infer a clear signal of consumer support for unauditable code of any kind and digital rights management through consumer purchases. *I* pay Netflix, but it sure isn't because they use DRM. I'm almost as indifferent to it from a consumer perspective as I suspect most consumers are, but it doesn't mean I'm indifferent to it at a policy level, and unless you're a staunch libertarian who thinks those are and should always be the same thing because markets are magic that way, I don't know why you'd conflate the two.

And dysphemisms like "nerd-rage"... just don't. I'm open to pragmatic arguments about balance for tensions like Peter Bright's, but there's a due owed to the freedom side of the argument.
posted by wildblueyonder at 10:31 PM on September 18, 2017 [3 favorites]

I found John Gruber's post on Daring Fireball elucidating:

Cory Doctorow, in an open letter from the EFF to the W3C:
In our campaigning on this issue, we have spoken to many, many members’ representatives who privately confided their belief that the EME was a terrible idea (generally they used stronger language) and their sincere desire that their employer wasn’t on the wrong side of this issue. This is unsurprising. You have to search long and hard to find an independent technologist who believes that DRM is possible, let alone a good idea. Yet, somewhere along the way, the business values of those outside the web got important enough, and the values of technologists who built it got disposable enough, that even the wise elders who make our standards voted for something they know to be a fool’s errand.
I’m no fan of DRM. Who is? But I am a fan of practicality, and there are practical reasons why web browsers should be able to play DRM-protected content without using proprietary plugins. Netflix, for example, is never going to serve video without DRM. Or perhaps better put, movie and TV studios wouldn’t allow Netflix to do that. Nor would professional sports leagues or the Olympics.

So either you can watch Netflix in a web browser or you can’t. If your web browser doesn’t support DRM natively, then you have to use plugins. And plugins are rapidly going the way of the dodo bird, because they suck. Even Flash’s end-of-life has been announced. iOS and Android don’t even support browser plugins anymore — and together they dominate real-world usage.

I love the EFF and will continue to support them, but I’d rather see a world where Netflix and all the other DRM-protected streaming services still work in standards-based web browsers than a world where they don’t but where the W3C can claim a moral victory. If you think the open web is losing ground to native app-based platforms now, think about how bad it would be if you couldn’t watch Netflix or live sports.

I also think it’s silly to say DRM doesn’t work. It’s not perfect, and can be worked around, but it’s harder to pirate DRM-protected content than it is non-DRM-protected content. Just making it harder is “working” to at least some degree.

UPDATE: In a series of tweets, Doctorow clarifies that it was the W3C’s refusal to seek compromises over the DMCA, not support for DRM in general, that led to the EFF’s decision to leave:
Significantly, refusal from DRM advocates to promise not to use the DMCA against security researchers, accessibility workers, archivists […] is an ominous sign that they want to reserve the right to execute exactly that power. Publishing EME after the refusal to deal on this is recklessness embodied: when someone tells you they plan to use the power you’re giving them, you should believe them.
I’ll leave the original post as-is, because I think it expresses well my thoughts on why the W3C should support DRM, but this DMCA issue is important, and now I’m uncertain how to feel about the EFF’s decision to leave. The DMCA is an odious — and I think unconstitutional — law. DRM should be protected by its encryption and longstanding copyright law. Anything that’s “fair use” under copyright law should be “fair use” with DRM content if the DRM can be circumvented.

posted by fairmettle at 10:38 PM on September 18, 2017

I think the EFF's letter written made it clear the W3C violated their own process for reaching compromise in order to side with Netflix, etc. I've heard the W3C ran low on money because TBL wastes so much on stupid semantic web retread projects, so he needed the cash Netflix, etc. were paying the W3C for this gift.

There is no way the DMCA will prevent all "security researchers" from breaking EME CDMs or their sandboxes, just the honest ones. As a rule, media software stacks are a flock of zero days flying in formation, so the only way to be secure will be not to run any EME CDM.

If you use Chrome, you'll likely need to migrate to their open source Chromium branch. If you use FireFox then you merely need to not allow installation of this plugin. Avoid Apple's Safari browser and obviously Microsoft's browsers. You could use another insecure machine for EME video, but don't do anything like check your email or make financial transactions from it.
posted by jeffburdges at 2:06 AM on September 19, 2017 [2 favorites]

atoxyl: the idea I was trying to get at was that most people don't have a problem with this. They get to watch what they like, it's convenient, and it doesn't cost much – far less than a single movie ticket, not to mention what the cable company charges for much worse service. That puts a cap on how much public support there is for any opposition.

The thing which makes that work is selection, and that's the other angle: the major rights holders demand DRM so while it's true that we've never had a DRM-free online store I think most people see the progression as “I used to have to drive out to a store and pay more, now I just hit play” rather than some loss of capabilities which they [on average] never used. While I'd prefer getting a non-DRM copy that was built-in to every available purchase option – even VHS tapes had macrovision – and the cost now is lower than it was in the 90s even before adjusting for inflation.

To wildblueyonder's comment, I strongly agree that the pro-freedom position is valid but the way some of the more strident voices (e.g. Corey Doctorow) approach it is leaving me fatigued because the DRM debate has being going on for decades with little progress. The internet has tons of angry comments, blog posts, etc. (I've written my share and donated to the EFF since DeCSS was what I used to play DVDs on BeOS, so don't think I haven't picked a side) and I'm increasingly skeptical that continuing that process will suddenly start producing better results after 2 decades of not doing so.

One idea I've been considering is that the focus should be economic: rather than telling people that DRM is evil even if they personally don't feel wronged, work with the trend that Netflix, Spotify, etc. started of thinking of DRMed content as cheap rentals rather than something you own. I've heard a ton of parents comment that they stopped buying DVD/BluRay because the discs cost $60 and you have to pay full price if your kids scratch them, whereas Netflix is $10/month. Figuring out a way to get dynamics like that working in our favor seems like a key tactic.
posted by adamsc at 5:59 AM on September 19, 2017

(Wait, what's this EFF Browser?)
posted by XtinaS at 7:06 AM on September 19, 2017

> (Wait, what's this EFF Browser?)

It's a joke, I believe.
posted by RedOrGreen at 8:53 AM on September 19, 2017

Oh thank goodness, I thought I was really missing something there.
posted by XtinaS at 9:11 AM on September 19, 2017

I detest the media companies for creating this security nightmare for which they'll never be held responsible.

We need unlimited liability for security vulnerabilities in software protected by the DMCA or even all closed source software, but our ignorant politicians would effectively outlaw all software development if they ever tried to pass such a law.

I suppose the realistic scheme would be convincing the world that the NSA is behind EME, Netflix, etc., which may partially be true.
posted by jeffburdges at 11:13 AM on September 19, 2017 [1 favorite]

I suppose the realistic scheme would be convincing the world that the NSA is behind EME, Netflix, etc., which may partially be true.

This is conspiracy mongering. I haven't heard anything about the NSA from anywhere on this matter until you mentioned it. Why would the NSA want to move away from a general purpose flash plugin with more holes than a gopher colony to a smaller attack surface.
posted by zabuni at 12:40 PM on September 19, 2017 [1 favorite]

We know these CDMs will be full of exploits because all media software is full of exploits. Worse, these CDMs were written by nimrods like Adobe with abysmal security records.

Right now, there is no shortage of blow back against plugins like Flash due to their exploit ridden past, so they do not come preinstalled on sane browsers and people are warned against installing them.

EME should be viewed, not so much as a security improvement, but as merely a rebranded and preinstalled insecure media plugin, ala Flash once upon a time, but now with the DMCA to ensure that only blackhats discover the exploits.

Yes, we've slightly more advanced defenses now, so the bug doors might not be quite so trivial, but actually we discover bugs even faster today because many of those same defenses help create exploits. EME creates a perfect storm of insecurity where the bad guys find every exploit first.

There are two browser choices that likely avoid EME and its dangerous CDMs : FireFox with EME disabled. And Google's open source Chromium version of Chrome.

Also, we established that the NSA compromises any American companies via the Snowden revelations, even if said companies do not recognize the compromise, so really all closed source binary blobs should be assumed to be compromised.
posted by jeffburdges at 4:25 AM on September 22, 2017 [3 favorites]

You really want to trust these guys to catch and plug all their buffer overflows? lol
posted by jeffburdges at 3:34 PM on September 22, 2017 [1 favorite]

jeffburdges: that argument is based on fundamental misunderstandings of the technology and security. CDMs are a huge security improvement because they’re so much more limited — Flash exposes a huge range of general purpose features which expose a wide range of hardware, driver, and OS interfaces; in contrast, a CDM has no code execution features, doesn’t include the traditionally error-prone media decoding logic, networking, etc. Browsers like Firefox sandbox that process far more heavily because it just doesn’t need to do as much and that’s always a win. A large part of that design was recognizing that plugin authors just weren’t at the same level as browser vendors when it comes to defense in depth and the CDM providers are explicitly not trusted anywhere near as much by so sharply restricting the interfaces to their code.

The other thing to remember is that unlike your hypothetical concerns, large numbers of internet users were compromised by Flash exploits every day. Doing security for real requires making trade offs to protect normal people and EME was a key part of being able to make a major change in the defense landscape — without it, the first browser which disabled plugins would just lose users to the rest, as the Mozilla developers have frequently reminded the more ardent opponents to H.264, EME, etc.

This is the same flaw in your fearmongering about binary blobs: unless you’re auditing every line of code before running it through your own compiler to run on your homemade CPU you’re in the same boat as everyone else, only with more posturing. In fact, that position is likely worse because nobody else is auditing it whereas mainstream code for something like a browser gets a lot of attention from around the world and it’s a highly unique situation which is very easy to pick out from the crowd compared to, say, someone using the same iPad or Chrome build as a billion other people.
posted by adamsc at 6:13 AM on September 23, 2017 [2 favorites]

« Older These are truths. Guard them, because you worked...   |   California v. Johnson Newer »

This thread has been archived and is closed to new comments