Re: "Enclosed shops" Re: HTML5 and DRM - A Middle Path? from Matt Ivie on 2013-08-17 (public-restrictedmedia@w3.org from August 2013)

From: Matt Ivie <matt.ivie@gmail.com>
Date: Fri, 16 Aug 2013 20:44:21 -0600
To: public-restrictedmedia@w3.org
Message-ID: <1376707461.16513.3.camel@stingray>

On Fri, 2013-08-16 at 09:09 -0700, Mark Watson wrote:
> 
> 
> 
> 
> On Fri, Aug 16, 2013 at 8:40 AM, cobaco <cobaco@freemen.be> wrote:
>         On 2013-08-16 07:49 Mark Watson wrote:
>         > If a browser integrates a specific CDM, what makes you think
>         that they
>         > will pay less attention to user security and privacy with
>         respect to
>         > that part of the browser compared to the attention they pay
>         to the
>         > rest of the browser ?
>         
>         
>         CDM's in general are in the EME spec as black boxes,
>         consequently EME-implementors can't make sure they respect the
>         user's privacy
>         or security, as they don't have the access needed to verify
>         that
> 
> 
> They are black boxes as far as the specification is concerned, yes,
> but not necessarily as far as the browser implementor has concerned.
> For the two that have shipped the browser implementor also owns the
> source code of the CDM, so again I am wondering why you think they
> would pay less attention to security/privacy for the CDM than for the
> rest of the browser ? We can explicitly ask in the EME Security and
> Privacy Consideration that they pay equal attention, if that helps.
> 
> 
> If a browser uses a third-party CDM, I would expect the browser
> implementor to get some assurances from the third-party, in whatever
> form they deem necessary to maintain the integrity of the promises
> they make to users. If they can't get that, they could refuse to
> support the CDM or they could cover it with user warnings, disable it
> by default etc. - whatever they deemed appropriate.
> 
> 
> ...Mark
> 
> 
>  
>         --
>         Cheers
>         
>         
        That is of course assuming that the browser implementor can be
        trusted and that is also assuming a browser that has no standard
        of being and including only free software. It's all nice if you
        assume everyone wants to play the proprietary software game with
        you but a lot of people don't. And for those that don't you have
        to consider how these implementations can be done. No one
        avoiding proprietary software is going to want the "black box"
        CDM scenario you just described.
        
        Free Software users aren't second-class citizens either, in
        spite of the fact that they get treated as such by large
        companies that want to control the user's computer/media
        streaming/media downloading/you name it activities.
> 
> 


-- 
/* Free software is a matter of liberty, not price.
   Visit GNU.org * FSF.org * Trisquel.info */

Received on Saturday, 17 August 2013 02:44:50 UTC