Re: Response from Director to formal objection "Turn off EME by default and activate only with express permission from user"

On Wed, Apr 12, 2017 at 10:50 AM, Harry Halpin <hhalpin@ibiblio.org> wrote:

>
>
> On Wed, Apr 12, 2017 at 5:57 AM, David Singer <singer@apple.com> wrote:
>
>>
>> > On Apr 11, 2017, at 16:01 , Harry Halpin <hhalpin@ibiblio.org> wrote:
>> >
>> >
>> >
>> > On Tue, Apr 11, 2017 at 11:56 AM, David Singer <singer@apple.com>
>> wrote:
>> >
>> > > On Apr 11, 2017, at 15:49 , Harry Halpin <hhalpin@ibiblio.org> wrote:
>> > >
>> > >
>> > >> ​I mean, more explicitly, that Google could clearly gain advantage
>> by having their browser pony up privacy-sensitive tracking information that
>> would enhance their ad targeting and hence their ad sales. Yet users trust
>> them not to do this in a user-hostile way. ​I don't see the situation is
>> any different with DRM, except that the amount of money Google stand to
>> make from DRM is probably insignificant compared to their ad revenue.
>> > >>
>> > > Not so. Thus interest in various ad-blockers, privacy-enhanced
>> browsing, etc.
>> > >
>> >
>> > "The bulk of Google’s $75 billion revenue in 2015 came from its
>> proprietary advertising service, Google AdWords. Of that revenue, over 77%
>> – or just over $52 billion – came from Google’s own websites.
>> >
>> > Read more: The Business of Google (GOOG) | Investopedia
>> http://www.investopedia.com/articles/investing/020515/busine
>> ss-google.asp#ixzz4dz5ukeRu
>> > Follow us: Investopedia on Facebook”
>> >
>> > You must be saying something other than what I understand; all
>> indications I have are that Google does almost all it does in order to sell
>> more advertising, including why they deliver media.
>> >
>> > David, I would suggest you actually read the thread.
>>
>> You could try reading what you wrote, you know, and staying within the
>> bounds of civil discourse.
>>
>
>
> Again, please actually stay on topic.
>
> There is *obviously* a profit motive in DRM. Otherwise, it would not
> exist. There is also an obvious collusion between DRM vendors, large media
> produces such as Hollywood, and (sadly) certain parts of Silicon Valley who
> produces browser vendors. Otherwise, the entire EME/DRM scheme would not
> even exist.
>
> So It's rather obvious Netflix, Apple, and Google are non-profits and the
> latter two control browsers as well as need to sign deals to playback
> content. Thus, self-evidently not true they are neutral. It's also
> self-evidently not true (unless one doesn't understand DRM) that DRM is a
> security vulnerability inflicted on users introduced to continue certain
> (dying IMHO) business models.
>
>>
>> Mark says that the amount of money they make from protected content is
>> insignificant compared to their ad revenue: "the amount of money Google
>> stand to make from DRM is probably insignificant compared to their ad
>> revenue”.  You say “Not so”. I wonder what you mean by that, since all
>> reports are that they make more than 90% of their revenue from ads. You
>> accuse me of being unable to read, when in fact I am reading what you
>> wrote, and asking you to clarify since the meaning of what you appeared to
>> be writing is not in agreement with facts.  Maybe it’s tangential to the
>> discussion, but, heck, you appeared to disagree with what Mark wrote.
>>
>
>
> If you wish to go off topic, please read the link I sent you from the
> authors at Google/MS. In general, DRM-protected content is a source of
> value, either through advertising before the playback of such content or
> via subscription.
>
>
>>
>> > However, I am asking this Working Group to adopt, as per WebRTC, an
>> 'off-by-default' setting for EME, which is clearly, as per Paul Cotton's
>> previous take on this issue, *in scope.*
>>
>> So, let’s work this idea through. I know what “off by default” means for
>> a physical device like a camera, or a user setting. I am less sure what it
>> can mean for an API.  APIs do not have on/off states.
>>
>
>
>>
>> The user visits a site, in their browser, that sells (access to) media
>> content. They read the terms of service, they create an account. Perhaps
>> they are asked to download a DRM module (and their permission is now needed
>> for that). They buy some content, and they ask to play it. Now the browser
>> is supposed to say — after all this — “Playing this content requires
>> Javascript calls to the FritzBarFoo DRM module; are you sure you want to
>> proceed?”. Is that what you are proposing?  If not, what?
>>
>
>
> First, they should be asked before downloading the DRM module if it is not
> pre-installed. This ask can happen simulatenously beofre activaiting EME.
> If EME is already installed, they should be asked once. This is a single
> ask. In that way, it's much less onerous than WebRTC, but not nearly as
> reckless and dangerous as the current spec, which does not ask for user
> permission at all.
>
> WebRTC on smartphones, which are cameras for most normal people, does ask
> for user permission with WebRTC. So that point is moot.
>
> Note that I am not accusing you of being unable to read. I am saying you
> are deliberately going off topic to avoid the actual problem at hand -
> while the rest of the Working Group, i.e. the chair Paul Cotton and the
> editor Mark Watson, accept that this is within scope and a valid requested
> change.
>
> If you disagree with the change, I *am* saying it's because there's a
> conflict of interest, as discussed earlier, between DRM-enabling and
> browser vendors, and browser vendors are therefore *not* neutral in this
> debate.
>

​There are a million ways a browser implementor could compromise user
privacy and security. Amongst those are many where there is arguably a
conflict of interest and I would posit that the largest of those _by far_
are related to ads and the fact that the value of ads is enhanced by
targeting etc.

This fact *does* make us wary in W3C of tracking capabilities and many
specifications include requirements to mitigate this problem, including EME.
​
Clearly, features with an obvious, significant privacy risk require consent
(e.g. WebRTC). This is so obvious that the written words in the spec are
irrelevant: noone would provide sites with silent access to your camera and
survive without extensive and deserved public censure and resulting drop in
market share. There is no conflict here because the financial incentive is
so heavily weighted on the side of privacy.

CDMs are not in that category but neither do they come close to those
tracking risks that are subject to those much greater financial conflicts
(identifiers in EME _are_ covered by mandatory requirements that make them
no different from Cookies without user consent).

So, I still do not buy the contention that CDMs *necessarily* introduce
security risks so severe that consent must be mandatory in all cases.
Neither do I buy the argument that browser implementors are more
compromised by conflict-of-interest of interest in this issue than they are
on the many many other security and privacy problems that they must
balance. Excessive or unclear prompts can *lessen* user security in
practice - so you can't make this decision in a vacuum, without considering
the wider context of the browser implementation and their overall security
and privacy consent policies.

​...Mark​




>
>     cheers,
>         harry
>
>
>
>
>>
>>
>>
>>
>> David Singer
>> Manager, Software Standards, Apple Inc.
>>
>>
>

Received on Wednesday, 12 April 2017 18:15:21 UTC