- From: Mark Watson <watsonm@netflix.com>
- Date: Mon, 10 Apr 2017 10:18:09 -0700
- To: Harry Halpin <hhalpin@ibiblio.org>
- Cc: "public-html-media@w3.org" <public-html-media@w3.org>
- Message-ID: <CAEnTvdCtTVoZju=D1PiqXPCAUeDr6A2c9d9=65_Fu0Ea28qjbA@mail.gmail.com>
Hi Harry, I agree you should have a response to your objection. You should take a look at the Chrome bug you cited. I believe what happened is that the ability to disable Widevine went away when the ability to disable plugins went away (along, I presume, with the ability to install arbitrary plugins). Chrome have now introduced an explicit setting for disabling protected content. You don't mention the main argument on this issue which is that User Agent implementors are best placed to decide what permissions should be mandatory, considering the security of their whole platform and the relative risks from different components based on their own detailed knowledge of those components. You argue that CDMs are necessarily a greater risk than the rest of the implementation but even if this is true we cannot say that the difference in risk is always sufficient that it justifies mandatory *a priori* consent. Only the UA implementor has the knowledge and broader perspective on their implementation to make that judgement. ...Mark On Mon, Apr 10, 2017 at 9:54 AM, Harry Halpin <hhalpin@ibiblio.org> wrote: > Everyone, > > Perhaps Tim Berners-Lee (the Director) overrode my objection, but I > haven't been updated and see no evidence. Also, as is often, if Tim > Berners-Lee did not actually attend the transition call for Encrypted Media > Extensions but either PLH or Ralph Swick acted as Director, I would like to > know and demand an explicit response to my formal objection, which was > viewed as in-scope by both the editors and the chair of the HME WG. > > Barring a decision I agree with from, I'm going to re-file my formal > objection. Note that recently there has been moves to make EME (and thus, > DRM) not only on-by-default, but mandatory - and hard, if not impossible, > at least to disable by users [1]. This is a blatant violation of the rights > of the user to control what software is on their device, and I'm surprised > this feature was not agreed on by HME WG. > > Furthermore, it is blatantly hypocritical of the W3C to not address this > concern in the Proposed Recommendation, as user control has been enforced > in other specifications such as WebRTC where there are similar concerns for > user fatigue. Indeed, I am stating that a user MUST be informed at least > once and explicitly agree *before* an EME and, if not already pre-installed > in the OS, the black box of CDM is sent to their device. > > The arguments from W3C PR and the HME WG that a 'sandbox' is somehow a > magical solution to user concerns over security and privacy with DRM is > equally incorrect. Browsers, including in particular sandboxes, routinely > have vulnerabilities [2]. There is plenty of evidence that no sandbox is > secure, including those put around CDMs. For an evidence, see the recent > pwn2own results, and we should expect more hacks soon particularly on the > kinds of DRM enabled by EME. > > cheers, > harry > > [1] http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html > [2] https://venturebeat.com/2016/03/18/pwn2own-2016-chrome- > edge-and-safari-hacked-460k-awarded-in-total/ >
Received on Monday, 10 April 2017 17:18:45 UTC