Re: Technical Review of EME (DRM in HTML5)

Mays, David:
> What do you hope to accomplish by calling
> the spec writers dishonest with your "red herring" comment,

I did not call them dishonest. Do not put words in my mouth.

And "Clear Key" was used as a red herring. I have followed the
discussion last year when that was introduced.

> referring to EME as "evil"

I was referring to Widevine and "silent monitoring" as evil.

> and calling it an "attack on Open Source operating systems"?

Because it is. In practice it is incompatible with Open Source.

Just one example: Widevine is only offered for closed source operating
systems. Otherwise they likely would not be able to offer silent monitoring.

> The statement that "EME is a Trojan Horse which would enable privacy
> violations" can be applied to many other key web technologies,

In contrast to most (all?) other web technologies EME would make no real
sense without CDMs implemented as binary executables to be run on client
computers. And one of the authoring companies explicitly promoted
"silent monitoring". And I draw my conclusions from those two facts.

> What do you think "silent monitoring" means, and how do you think it
> is actually implemented? (Perhaps someone from Google can provide
> some facts about this vague terminology.)

The semantics are precise enough for me to reject this as evil.

But I used Google to search for "silent monitoring" and looked up the
top three results and appended some quotes below.

> From my experience with DRM systems, this kind of "monitoring" means
> ... The application may then take whatever action its writers deem
> appropriate.

"whatever action its writers deem appropriate"... Exactly, and I call
that evil and it would not be that easily possible with Open Source


silent monitoring

"Upon installation, a completely hidden and untraceable monitoring will
start and every keystroke will be recorded. Our powerful monitoring
software will record email activity, keystrokes, chats, instant
messages, visited websites, screenshots, passwords, and more... ALL
computer and Internet activities that occur on a monitored computer will
be recorded and a detailed report will be sent to your email address."

"Silent monitoring refers to the practice of call center managers or
senior agents listening to the interaction between an incoming caller
and an agent. ... the agent often will not know if the interaction is
being monitored or not.

"While less common, silent monitoring can also refer to the practice of
secretly tracking the Internet use of children, prison inmates or users
of public Internet terminals, as in libraries. While controversial and
potentially damaging to familial relationships due to the perceived
betrayal of privacy, silent monitoring in this context can discourage or
eliminate peer-to-peer (P2P) file sharing of copyrighted material,
access to pornographic Web sites or other activities that are
undesirable to the owner of an Internet access point. A keylogger, in
this context, is a silent monitoring device."

"Upon installation the Silent Monitoring software will start taking a
snap shot of your PC screen every few seconds, so you could know exactly
what is going on with your PC, which Web sites were surfed, with whom
they corresponded and what applications were activated. In addition the
software tracks visited Web sites and enables recording the keystroke
hits, tracing suspected words and controlling chats and instant
messaging applications. At the end of the process a detailed report is
presented or sent to your email. The Silent Monitoring software is
completely hidden, untraceable and does not leave any footprints."

Received on Wednesday, 30 January 2013 21:20:27 UTC