Re: Trust

> > The web is 'the place' for standards-compliant content that is
> > accessible with anyone with the wherewithal to implement a
> > standards-compliant client.  It is not a place for DRM-restricted
> > content.
> 
> This is your *opinion*.

No, it's the position of the W3C as stated on their website.  Perhaps
what is necessary is for them to adjust their mission and goals, but
currently, that's the way it stands.
 
> I am still waiting for you to get down to details;  I gave a list of
> pluses and minuses, do you really have nothing to add?  If not, this
> debate will stay vague and high-level, and probably have no effect at
> all.

Here's what I wrote originally about this on the W3C blog in reply to
Jeff Jaffe (
http://www.w3.org/blog/2013/05/perspectives-on-encrypted-medi/#comment-13470
):

=====
 > Duncan, lots of questions, let's see if I can do them all justice.

Thanks :) And I appreciate the job of moderation here too - there's a
very high signal to noise ratio which I hadn't expected for an issue
this contentious.

> You ask about how content protection relates to the objective of ensuring
> the long-term growth of the Web. Of primary importance to me is that 
> people can get access to content - and that we don't have a situation of
> certain content becoming a walled garden on the web or available only
> through apps. So that is why we think it is important to address content protection.

DRM is software that is designed to restrict a user from playing content
on certain devices, in certain ways, and in certain locations. I think
that is the very definition of a walled garden. I genuinely do not
understand how you believe that supporting DRM will elminate walled
gardens.

In the best case we will have moved from an ad-hoc collection of walled
gardens, to an ad-hoc collection of walled gardens with the support and
moral endorsement of the W3C.

If your concern is genuinely to eliminate the need for apps, and the
enclosue of content in walled gardens, why not use your considerable
influence in opposition of DRM altogether?

> Frankly, I don't understand the question about insisting that compliant
> implementation respect geographic location. As a general rule, we don't provide 
> conformance testing and have no way of insisting what people implement.

That was my point :). The W3Cs mission states that:

    "One of W3C's primary goals is to make these benefits available to
    all people, whatever their hardware, software, network
    infrastructure, native language, culture, geographical location, or
    physical or mental ability."

Breaking down that list, we see that DRM is inimical to several goals:

 * hardware: DRM implementations are known for being hardware-locked;
 Netflix is the most prominent recent example, re. the ARM-based
 Chromebook
 * software: existing DRM implementations are tied to specific browsers
 and operating systems
 * geographical location: many (most?) DRM implementations implement
 geographical segregation (a.k.a. region encoding)

That is, by lending support to DRM, the W3C is helping to ensure that at
least some web content is restricted by hardware, software, and
geopgraphical location. This is in direct opposition to several of your
stated goals.

> I also don't understand your question about trust. We have a great deal of 
> work in security, for example; much of which is necessary because we cannot
> rely on trusting that everyone always does the right thing. Every time that we have 
> less security it actually causes less trust. Your question seems to imply that by 
> the ideal system is totally trusting, but truthfully a totally trusting system gets 
> hacked all the time and reduces trust.

It was poorly expressed, my apologies :(

To put it a different way: DRM removes control of certain aspects of a
device that I own, and places it in the hands of another. It does so in
a manner that could not be less trustworthy: most DRM solutions are
proprietary, closed-source applications.

This means that I can't rely on others to audit it for me (as with FOSS)
and I can't audit it myself.

Some DRM implementations in the past have been so aggressive in their
usurpation of control that they have qualified as malware; the Sony
rootkit is a particularly egregious example of this.

DRM actively reduces the trustworthiness and security of all machines on
which it is installed. It has to by design: its stated purpose is to
restrict the capabilities of a general purpose computer.
=====

-- 
Duncan Bayne
ph: +61 420817082 | web: http://duncan-bayne.github.com/ | skype:
duncan_bayne

I usually check my mail every 24 - 48 hours.  If there's something
urgent going on, please send me an SMS or call me.

Received on Wednesday, 16 October 2013 23:31:10 UTC