- From: Henri Sivonen <hsivonen@hsivonen.fi>
- Date: Mon, 28 Oct 2013 11:38:51 +0200
- To: Tim Berners-Lee <timbl@w3.org>
- Cc: "L. David Baron" <dbaron@dbaron.org>, www-tag <www-tag@w3.org>
On Sun, Oct 27, 2013 at 8:27 PM, Tim Berners-Lee <timbl@w3.org> wrote: > Can we imagine or design a EME system which instead > as usable by anyone as a publisher? I find it *very* distressing that you are talking about making DRM egalitarian in this sense rather than talking about making DRM egalitarian in the sense of allowing anyone to implement and ship the client technology stack royalty-free and without having to get keys signed by a particular gatekeeper or talking about making DRM egalitarian in the sense of different suppliers of the non-DRM parts of the stack having a level playing field when it comes to integrating with the DRM part as opposed to DRM component supply getting coupled with the supply of the rest of the client stack. The reason the W3C is even talking about DRM is that the major Hollywood studios have decided to require DRM and users want to see movies from Hollywood majors so badly that the studios can get away with their DRM requirements. That sort of situation doesn't apply to all publishers. Not all publishers want to impose DRM and many that do aren't publishing content that is in enough demand for people to tolerate DRM on that content. From a health-of-the-Web perspective, there's no need to make DRM egalitarian in terms of making it readily available to all publishers. Any copyright holder is free to participate on the Web already if they don't self-impose DRM. As far as publishing goes, DRM indeed isn't egalitarian in terms of applying it to content, but the W3C would *totally* be missing the point by being uncomfortable with *that* non-egalitarian aspect of DRM. That's like observing that some countries have software patents and some don't and making it egalitarian my making all countries have them. However, even if there is only a little DRMed content that is in broad demand on the Web, whether DRM is egalitarian as far as implementing and shipping the client technology stack matters for the health of the Web. Similar to patents being a problem in term of implementing and shipping the client stack even if patents only apply in some countries. DRM client implementation hasn't been egalitarian previously in the sense that the DRM parts of Flash Player and Silverlight aren't independently interoperable implementable (as evidenced by Gnash and Moonlight not having the DRM parts), but at least within the confines of each operating system for which Flash Player and/or Silverlight has been available, the playing field has been level between browsers in the sense of browsers being free to independently interoperably implement an NPAPI host. So far, it looks like EME is changing that dynamic and making DRM less egalitarian in that sense. > (Clearly, you might think, this won't work as for a system to be so highly > used by both consumers and receivers it would be cracked instantly. > But actually DRM is cracked anyway -- you can play anything over an HDMI cable > and crack the HDMI cable.[1] So we are not talking about an uncrackable system > anyway. Just one where people will be more inclined to pay for the stream > and less inclined to record it.) Please see the part about HDCP in http://lists.w3.org/Archives/Public/public-html-media/2013Mar/0066.html . > Can you imagine a system in which there is some protected code > but it is is sandboxed so the open source operating system can talk to it? Such a system is *imaginable*, sure. > Can we while we are at it build a DRM system which is sandboxed so it can't > call home, or is prevented from reading any data bout me from my system? Technically possible. However, it seems that so far, when robustness requirements and privacy concerns have been at odds, robustness requirements have had a tendency to win. That is, at least so far DRM vendors have had stronger incentives to address robustness concerns than to address privacy concerns. Please see the part about DRM running on a higher CPU privilege level than even the browser-visible kernel in https://groups.google.com/forum/#!msg/mozilla.dev.planning/4-svns_uEjA/Hc-eaIfAtUoJ . > One of the things I am worried about is that once we allow a EME vendor > to install their own unreadable code, then that code could report on my media-watching activity, With or without DRM, the streaming service gets to log your media watching activity. Even if you managed to use Netflix through Tor to hide the IP address your HTTP requests are coming from and used a fake email address for the account registration, you'd still need a credit card associated with the user account and credit cards are distinctly not anonymous. To solve the problem of media watching you, you need not only anonymous networking but anonymous payment, too, or a model where the user doesn't need to pay and doesn't need to be identified for other purposes (such as targeting ads), either. -- Henri Sivonen hsivonen@hsivonen.fi http://hsivonen.fi/
Received on Monday, 28 October 2013 09:39:19 UTC