- From: Mark Watson <watsonm@netflix.com>
- Date: Fri, 16 Aug 2013 11:23:38 -0700
- To: Andreas Kuckartz <a.kuckartz@ping.de>
- Cc: David Singer <singer@apple.com>, "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
- Message-ID: <CAEnTvdCBzi9Q5FE_=w10bjMxHLYtrzmjN8-bb2K0aOR5+Zro3Q@mail.gmail.com>
On Fri, Aug 16, 2013 at 10:38 AM, Andreas Kuckartz <a.kuckartz@ping.de>wrote: > Mark Watson: > >> Would Netflix inform the public or shut down its operations when it > >> receives a secret order to participate in surveillance by using a > >> backdoor contained in a CDM which is already installed on a users > >> computer? (After the shutdown of lavabit.com this unfortunately is > >> not a rhetorical question.) > >> > > > > That question is somewhat above my pay grade, > > You could ask someone who can answer the question. A positive reply > would definitely be widely acknowledged. > > > but my point is that it is no more likely that a browser-integrated > > CDM contains such a back door than that the browser itself contains > > the same thing. > > That seems to be true for proprietary browsers (and is a good reason not > to use them), but it is not true for Open Source browsers because it is > possible to verify that binaries and source code are related. > > > And equally, it is no more likely that an OS-integrated CDM contains > > such a back door than the OS itself contains it. > > For the same reasons as given above this is not true for Open Source > operating systems. > Obviously. I am talking about users who already have access to the content in question today. If you are unwilling to install code you have not compiled yourself from source, then you are not using Flash or Silverlight today and nothing in this discussion affects you at all. You either lose access to any content nor gain access to any content. I'm sorry that EME doesn't make the content in question newly available to you, but that's not a problem amenable to a technical solution. > > > So, EME and DRM are completely irrelevant to your > > concerns. > > As we have already discussed for several months now (and we seem to > agree) it is unlikely that the most relevant CDMs will be made available > as Open Source. EME and DRM therefore are more relevant for my concerns > than virtually all other components of an operating system. EME is the > only specification discussed within the W3C which has such issues. > In the respects we are discussing here then EME is clearly an improvement over <object>. > And to repeat: I am not aware of *any* operating system or *any* browser > explicitly claiming to enable "silent monitoring". That is a feature DRM > only shares with (other) spyware. > Well, the browser vendors will need to decide whether such a feature, whatever it is, is compatible with the privacy/security promises they make to their users. Again, that approach is an advantage of EME compared to the existing situation where the browser vendors have limited control over what proprietary plugins do and certainly browsers are not making any promises to users about what plugins do. ...Mark > > Cheers, > Andreas >
Received on Friday, 16 August 2013 18:24:05 UTC