- From: Mark Watson <watsonm@netflix.com>
- Date: Mon, 10 Apr 2017 11:09:16 -0700
- To: Harry Halpin <hhalpin@ibiblio.org>
- Cc: "public-html-media@w3.org" <public-html-media@w3.org>
- Message-ID: <CAEnTvdCPzOvU2oVO6PH5vaPUYE1X-XbjX0yzkgoAn9vUuHUE9w@mail.gmail.com>
On Mon, Apr 10, 2017 at 10:22 AM, Harry Halpin <hhalpin@ibiblio.org> wrote: > > > On Mon, Apr 10, 2017 at 6:18 AM, Mark Watson <watsonm@netflix.com> wrote: > >> Hi Harry, >> >> I agree you should have a response to your objection. >> >> You should take a look at the Chrome bug you cited. I believe what >> happened is that the ability to disable Widevine went away when the ability >> to disable plugins went away (along, I presume, with the ability to install >> arbitrary plugins). Chrome have now introduced an explicit setting for >> disabling protected content. >> >> You don't mention the main argument on this issue which is that User >> Agent implementors are best placed to decide what permissions should be >> mandatory, considering the security of their whole platform and the >> relative risks from different components based on their own detailed >> knowledge of those components. You argue that CDMs are necessarily a >> greater risk than the rest of the implementation but even if this is true >> we cannot say that the difference in risk is always sufficient that it >> justifies mandatory *a priori* consent. Only the UA implementor has the >> knowledge and broader perspective on their implementation to make that >> judgement. >> >> > That is clearly not true, as there is a conflict of interest by UA > implementers who are also trying to make money from DRM-enabled content > (such as Google creates both Chrome and Youtube Red). > Different from their conflict-of-interest when it comes to making money from ads ? If you don't trust the UA vendor with user security and privacy, I think all bets are off. > > Furthermore, UA implementers may not be aware of the security bugs in > their own browsers, and thus the need for independent security research and > audits by neutral third-parties, including end-users. > This is why they do things like pwn2own. > Therefore, due to the bizarre legal framework around DRM and the DMCA, the > *conservative* and safe bet is to believe that the risk MUST justify > mandatory a priori consent. If we did it for WebRTC, I see no reason why it > cannot be done for EME. > We're not arguing about whether it could be done, only whether it should be done. > > > cheers, > harry > > > > >> ...Mark >> >> On Mon, Apr 10, 2017 at 9:54 AM, Harry Halpin <hhalpin@ibiblio.org> >> wrote: >> >>> Everyone, >>> >>> Perhaps Tim Berners-Lee (the Director) overrode my objection, but I >>> haven't been updated and see no evidence. Also, as is often, if Tim >>> Berners-Lee did not actually attend the transition call for Encrypted Media >>> Extensions but either PLH or Ralph Swick acted as Director, I would like to >>> know and demand an explicit response to my formal objection, which was >>> viewed as in-scope by both the editors and the chair of the HME WG. >>> >>> Barring a decision I agree with from, I'm going to re-file my formal >>> objection. Note that recently there has been moves to make EME (and thus, >>> DRM) not only on-by-default, but mandatory - and hard, if not impossible, >>> at least to disable by users [1]. This is a blatant violation of the rights >>> of the user to control what software is on their device, and I'm surprised >>> this feature was not agreed on by HME WG. >>> >>> Furthermore, it is blatantly hypocritical of the W3C to not address this >>> concern in the Proposed Recommendation, as user control has been enforced >>> in other specifications such as WebRTC where there are similar concerns for >>> user fatigue. Indeed, I am stating that a user MUST be informed at least >>> once and explicitly agree *before* an EME and, if not already pre-installed >>> in the OS, the black box of CDM is sent to their device. >>> >>> The arguments from W3C PR and the HME WG that a 'sandbox' is somehow a >>> magical solution to user concerns over security and privacy with DRM is >>> equally incorrect. Browsers, including in particular sandboxes, routinely >>> have vulnerabilities [2]. There is plenty of evidence that no sandbox is >>> secure, including those put around CDMs. For an evidence, see the recent >>> pwn2own results, and we should expect more hacks soon particularly on the >>> kinds of DRM enabled by EME. >>> >>> cheers, >>> harry >>> >>> [1] http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html >>> [2] https://venturebeat.com/2016/03/18/pwn2own-2016-chrome-edge- >>> and-safari-hacked-460k-awarded-in-total/ >>> >> >> >
Received on Monday, 10 April 2017 18:09:51 UTC