Re: I strongly urge all supporters to reconsider the EME proposal. It is not in your best interests!

Sent from my iPhone

On May 19, 2013, at 11:14 AM, "piranna@gmail.com" <piranna@gmail.com> wrote:

> It would certainly be bad if services like Netflix were available only in
Chrome and IE and not in Firefox. What do you think the W3C should do to
help avoid that outcome ?

This is a fairly intelligent question. Honestly, I think W3C should
_nothing_, that's the source of all this debate. I think that an open,
public and free DRM system wouldn't be a bad thing (supossing that thing
exists, that I doubt), but it should be discussed and developed on an
outside organism or consortium, and developed as an external plugin that
users can choose to add or not, and not recommended by a public
organization like W3C. It should abstense and delegate the discussion and
design of such system to others.

I see. One point to be clear about is that noone is proposing that W3C
recommend a particular CDM or DRM. Browsers are free to give users the
ability to disable CDMs (and I hope browsers will do this). If a CDM is
disabled (as in ChromeOS in developer mode) it means that content requiring
that CDM will not play.

This is why it is incorrect to say this proposal 'imposes' anything on
users, or 'forces' anyone to submit to controls with which they do not
agree.

Anyway, you suggest this kind of work should be done outside W3C. Can you
explain a bit more why you think that would lead to a better outcome for
users?

 > As far as I know, POSIX does not specify a media player. But OS APIs
that do provide media playback are a perfectly reasonable place to add DRM
support, for example Windows Media Foundation or Android media APIs. We've
considered proposing something like EME for OpenMAX AL.
>
>From a strategic point they are the perfect places to implement them so you
can filter everything, but just for this reason architecturally it's a
catastrophe since it would be abused. It's a bussiness model thing, so it
should be one or two levels up in the application stack.

> In practice, DRM is often implemented by the platform. On mobile phones
and increasingly on TVs there are Trusted Execution Environments running a
separate OS which provide decryption, decoding and rendering. In these
cases, EME just exposes to the web platform what the (main) OS already
exposes to apps. If you want the Web Platform
> to be a competitive OS, you need parity with the competition.
>
I think they are not playing the same game, and if so, the rules are
inherently bad, so I don't want to play that game. Mobile phones and TVs
are mainly closed platforms, while you can change your browser and also
disable EME on ChromeOS just entering Developer Mode. Do you really think
it wouldn't be dificult to change to a patched one?

Or better than that: supose this goes forward and EME is really efective
and, unluckily, it's severily abused so you need an EME-enabled browser the
same way it was almost mandatory to have Flash installed on your computer,
so almost all audio and video transfers go throught a secure and
priviledges pipeline, and also the ACTION 11 topics are implemented so I
can't be able to download them easily to my harddisk. What prevent to me to
use a patched browser with it disabled? Browser executable checksums? This
start to conflict seriouly with personal rights and intimacy, since I
should be allowed to compile my own browsers and also develop them from
scratch, and the patch would also remove the checking code. Will be the
next movement to require to use signed binaries? Check the signatures to an
external server? Come on guys, this start to gets crazy, it's like the
recently surrealist situation of needing to sign the Linux kernel images by
a Microsoft-owned authentication server just they could boot on secure UEFI
enabled machines...