Re: Video copy protection from Maciej Stachowiak on 2010-02-09 (public-html@w3.org from February 2010)

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 08 Feb 2010 16:10:51 -0800
To: Kornel Lesinski <kornel@geekhood.net>
Cc: "public-html@w3.org" <public-html@w3.org>
Message-id: <AD399FA9-1D76-4731-BCEA-E01BF2E2E338@apple.com>

On Feb 8, 2010, at 12:41 PM, Kornel Lesinski wrote:

> 
> Firefox has "Save As" and "Copy Video Location" options in available in context menu of <video>. I'm afraid that easy availability of these options may be seen as disadvantage of <video> by content publishers.
> 
> I think HTML5 should let content publishers decide whether UA is allowed to let user download video or not. The use cases are:
> 
> • Ensuring that video is seen alongside ads and only via site's branded player. "Copy Video Location" option lets users share direct link to the raw video stream.
> 
> • Services that have license to play videos, but not redistribute them in any other way (e.g. pay-per-view).
> 
> 
> I understand that any DRM is doomed to fail, but I'm under impression that important content publishers do not. And there's big difference between users casually clicking "Save as" and users sniffing network traffic and reverse-engineering obfuscated JavaScript.
> 
> I'm afraid that if HTML5 doesn't give enough control, publishers will either ignore <video> (and keep using Flash which gives them that control) or try to protect it themselves, using shady HTTP/CSS/JS tricks that have negative side-effects for legitimate users.
> 
> The protection could be as simple as boolean attribute that disables "Save as" functionality. It might also be microdata/microformat that defines video license and indirectly controls UI for saving of the video.

Safari makes it pretty easy to apply "Save as" to video or audio files embedded in Flash, via the "Activity Viewer" window, which lets you see all URLs that got fetched and double-click to load them in their own windows. My impression is that content publishers are not hugely concerned about this, because in cases where they truly care about protecting the content, they use streaming (to avoid the whole resource being loaded at once) and crypto-based DRM (to make it difficult to play the content without authorization even if you do play it). But I could be wrong, and maybe "Save as" specifically is a big concern.

Regards,
Maciej

Received on Tuesday, 9 February 2010 00:11:27 UTC