[Bug 20965] EME results in a loss of control over security and privacy.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965

--- Comment #19 from Fred Andrews <fredandw@live.com> ---
(In reply to comment #18)
> (In reply to comment #17)
> > (In reply to comment #13)
> > > (In reply to comment #10)
> 
> > > In any case, persistent storage of licenses gives a person with access to
> > > the computing device information about what sites have been accessed.
> > 
> > This is dependent on how the information is secured on disk. The browser
> > cache seems like a more likely target for snooping though, since the
> > location you downloaded the movie from is probably much more informative. If
> > I have local access to the computing device I can gather information on the
> > user in any number of ways. 
> > 
> > Or is your point that the user can get access to the list when the DRM
> > vendor might not want them to?
> 
> I think the point is that if the CDM has a secret persistent store, then the
> 'clear browsing history' function of the UA might not operate the way the
> user expects.
> 
> But again, I think we have to remember that the browser implementors have
> reputations to protect and privacy experts to help them with that. I expect
> they will make careful decisions as to what CDMs to integrate with based on
> detailed information about what those CDMs do and also about what the UA
> *allows* the CDM to do for the case where the CDM runs in some kind of UA
> sandbox.

My understanding was that EME was a UA interface to the non-UA-CDM and
that the CDM had privileges above and beyond the UA, and thus the UA
has little opportunity to protect the user.  The relationship between
the UA and the CDM needs to be clarified.

Does EME even support the UA identifying the EME in a secure way
that the privileged CDM can not spoof?  If not then the UA has
absolutely not control.

Clearly if the UA is to be able to protect the user from the CDM
then the CDM must be subordinate to the UA, and then the UA is free
to capture the output of the CDM and EME has not value for DRM.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 22 February 2013 22:46:18 UTC