[Bug 20965] EME results in a loss of control over security and privacy. from bugzilla@jessica.w3.org on 2013-02-14 (public-html-bugzilla@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Thu, 14 Feb 2013 19:51:00 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20965-2486-jyw7WpxzBK@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965

Andreas Kuckartz <a.kuckartz@ping.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |blocker

--- Comment #4 from Andreas Kuckartz <a.kuckartz@ping.de> ---
EME is insecure by design because it can not be realisticaly expected that the
specification and/or the source code of practically relevant CDMs will be made
availabe. The security of users therefore depends on the providers of the CDMs.
This is not acceptable for systems connected to the Internet.

It is known that at least one DRM company (Widevine, a Google company) is
offering/promoting "silent monitoring". It also is known that DRM has been used
to install malware on user systems (Sony rootkit).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 14 February 2013 19:51:02 UTC