Re: Mozilla blog: DRM and the Challenge of Serving Users

On Fri, May 16, 2014 at 11:55 AM, cobaco <cobaco@freemen.be> wrote:

> On 2014-05-16 09:04 Mark Watson wrote:
> > On Fri, May 16, 2014 at 8:08 AM, cobaco <cobaco@freemen.be> wrote:
> > > they want DRM because in concert with laws like the DMCA it gives them
> the
> > > leverage to force the (legal) distribution channels into idiotic things
> > > like
> > > region locks and non-skippable adds for 'soon in a theater near you'
> > > (years
> > > after that statement was true)
> >
> > ​EME, at least, doesn't support either of these things, so I don't think
> > your contention is correct for the technology we are considering here.
>
> EME by itself does only 1 thing 'talk to CDMs'  It's the CDM's that do the
> enforcing, either is useless without the other.


> Existing Hollywood DRM like the one on DVD's and the one on Bluerays tries
> to
> enforce region locks. Given how much effort Hollywood has expanded on them
> they
> clearly wants region locks, and want them badly
>
> Given that the entire point of DRM is to technically enforce the random
> conditions Hollywood wants, why would they exempt those desired region
> locks
> from that enforcement? That makes absolutely no sense.
>
> And since by their own admission distributors (like netflix and apple) and
>  the
> software makers (like Mozilla) are only adding DRM because their arm is
> being
> twisted by the content owners (they don't like DRM either we keep getting
> told). There is no credible reason to assume they would suddenly grow a
> backbone and say 'no' to Hollywood region-locking when that gets demanded.
> After all it's only a very small additional demand compared to aiding and
> abetting DRM in the first place.
>
> (same reasoning goes for other absurd conditions like unskippable adds)
>
> > You will be able to look at Mozilla's open-source sandbox to verify that
> > the CDM does not have access to geographic information. Nor does the CDM
> > have the power to block the operation of the controls on the <video>
> > element. You will also be able to verify this in Mozilla's
> implementation.
>
> uhuh, pull the other one.
>

As I said, you do not have to take ​my word for it. You will be able to see
Mozilla's sandbox implementation and they have said they are working on
deterministic builds so you may be able to build it yourself from source.
You should read their blog posts. The whole point of a sandbox is to
constrain what the "sandboxed" code can and cannot do and what information
is does and does not have access to. There is no reason, as far as I am
aware, for the CDM to have access to any kind of reliable geographic
information. But you will be able to see for yourself in due course.

Of course, the service you are accessing may impose geographic
restrictions, but as far as I know noone is using DRM for this.


>
> we've been over this on the list:
>
> In order for CDM's to work as intended they *need* to have acces to the
> hardware or to pre-approved signed and verified OS components that do.
> That's
> why the CDM's are either platform specific black boxes, or talk to platform
> specific black boxes like e.g. Microsofts PlayReady DRM system.
>
> There's no way for Mozilla to know what information those components share
> with the CDM, let along any possibility of Mozilla preventing any sharing
>
> Mozilla *has* *to* allow this for the DRM to meet Hollywood requirements,
> and
> thus cannot stop the CDM from deciding "nope, not happy with where I think
> you
> are, not letting you see this"


> The CDM might not have the power to block the controls BUT it *does* have
> the
> power to override them:
> e.g you can press skip forward all you want in Firefox, which will duly
> pass
> it on to the CDM, but if the CDM decides to ignore that and send firefox
> back a
> non-skipped decrypted stream (potentially while lying about the timestamp)
> there's nothing you can do about that
> (because in order to circumvent/prevent that you'd need to buffer/cache the
> unencrypted stream and if that's allowed the DRM is broken to begin with)
>

​Again, you will be able to see the CDM API yourself and thereby determine
whether it has the power to do this.

...Mark



> --
> Cheers
>
>

Received on Friday, 16 May 2014 21:11:01 UTC