Re: Response from Director to formal objection "Turn off EME by default and activate only with express permission from user"

On Wed, Apr 12, 2017 at 5:57 AM, David Singer <singer@apple.com> wrote:

>
> > On Apr 11, 2017, at 16:01 , Harry Halpin <hhalpin@ibiblio.org> wrote:
> >
> >
> >
> > On Tue, Apr 11, 2017 at 11:56 AM, David Singer <singer@apple.com> wrote:
> >
> > > On Apr 11, 2017, at 15:49 , Harry Halpin <hhalpin@ibiblio.org> wrote:
> > >
> > >
> > >> ​I mean, more explicitly, that Google could clearly gain advantage by
> having their browser pony up privacy-sensitive tracking information that
> would enhance their ad targeting and hence their ad sales. Yet users trust
> them not to do this in a user-hostile way. ​I don't see the situation is
> any different with DRM, except that the amount of money Google stand to
> make from DRM is probably insignificant compared to their ad revenue.
> > >>
> > > Not so. Thus interest in various ad-blockers, privacy-enhanced
> browsing, etc.
> > >
> >
> > "The bulk of Google’s $75 billion revenue in 2015 came from its
> proprietary advertising service, Google AdWords. Of that revenue, over 77%
> – or just over $52 billion – came from Google’s own websites.
> >
> > Read more: The Business of Google (GOOG) | Investopedia
> http://www.investopedia.com/articles/investing/020515/business-google.asp#
> ixzz4dz5ukeRu
> > Follow us: Investopedia on Facebook”
> >
> > You must be saying something other than what I understand; all
> indications I have are that Google does almost all it does in order to sell
> more advertising, including why they deliver media.
> >
> > David, I would suggest you actually read the thread.
>
> You could try reading what you wrote, you know, and staying within the
> bounds of civil discourse.
>


Again, please actually stay on topic.

There is *obviously* a profit motive in DRM. Otherwise, it would not exist.
There is also an obvious collusion between DRM vendors, large media
produces such as Hollywood, and (sadly) certain parts of Silicon Valley who
produces browser vendors. Otherwise, the entire EME/DRM scheme would not
even exist.

So It's rather obvious Netflix, Apple, and Google are non-profits and the
latter two control browsers as well as need to sign deals to playback
content. Thus, self-evidently not true they are neutral. It's also
self-evidently not true (unless one doesn't understand DRM) that DRM is a
security vulnerability inflicted on users introduced to continue certain
(dying IMHO) business models.

>
> Mark says that the amount of money they make from protected content is
> insignificant compared to their ad revenue: "the amount of money Google
> stand to make from DRM is probably insignificant compared to their ad
> revenue”.  You say “Not so”. I wonder what you mean by that, since all
> reports are that they make more than 90% of their revenue from ads. You
> accuse me of being unable to read, when in fact I am reading what you
> wrote, and asking you to clarify since the meaning of what you appeared to
> be writing is not in agreement with facts.  Maybe it’s tangential to the
> discussion, but, heck, you appeared to disagree with what Mark wrote.
>


If you wish to go off topic, please read the link I sent you from the
authors at Google/MS. In general, DRM-protected content is a source of
value, either through advertising before the playback of such content or
via subscription.


>
> > However, I am asking this Working Group to adopt, as per WebRTC, an
> 'off-by-default' setting for EME, which is clearly, as per Paul Cotton's
> previous take on this issue, *in scope.*
>
> So, let’s work this idea through. I know what “off by default” means for a
> physical device like a camera, or a user setting. I am less sure what it
> can mean for an API.  APIs do not have on/off states.
>


>
> The user visits a site, in their browser, that sells (access to) media
> content. They read the terms of service, they create an account. Perhaps
> they are asked to download a DRM module (and their permission is now needed
> for that). They buy some content, and they ask to play it. Now the browser
> is supposed to say — after all this — “Playing this content requires
> Javascript calls to the FritzBarFoo DRM module; are you sure you want to
> proceed?”. Is that what you are proposing?  If not, what?
>


First, they should be asked before downloading the DRM module if it is not
pre-installed. This ask can happen simulatenously beofre activaiting EME.
If EME is already installed, they should be asked once. This is a single
ask. In that way, it's much less onerous than WebRTC, but not nearly as
reckless and dangerous as the current spec, which does not ask for user
permission at all.

WebRTC on smartphones, which are cameras for most normal people, does ask
for user permission with WebRTC. So that point is moot.

Note that I am not accusing you of being unable to read. I am saying you
are deliberately going off topic to avoid the actual problem at hand -
while the rest of the Working Group, i.e. the chair Paul Cotton and the
editor Mark Watson, accept that this is within scope and a valid requested
change.

If you disagree with the change, I *am* saying it's because there's a
conflict of interest, as discussed earlier, between DRM-enabling and
browser vendors, and browser vendors are therefore *not* neutral in this
debate.

    cheers,
        harry




>
>
>
>
> David Singer
> Manager, Software Standards, Apple Inc.
>
>

Received on Wednesday, 12 April 2017 17:51:25 UTC