Blog post author here. Since this post, there's now an option available for DRM-enabled Electron. However, it's only available through a single vendor, castLabs [0].
This is a closed source, downstream effort which means no modifications can be made to Electron itself. All changes must make it upstream to show up in this fork. When asked whether they would eventually merge it upstream, they didn't provide a clear answer [1].
I also wrote a followup blog post with more detail on the current state of DRM options on the web [2]. Spoilers: it's not great.
Regardless of all of these problems, I still hold an interest in browser development and have been working towards making Electron a viable option for building a browser [3].
Did you consider to not get a license? You could perhaps download and execute Widevine pretending to be Firefox or Chrome. Is there advanced spying software in Widevine preventing to do that?
Thank you for creating a browser shell, maybe I can bring my browser project out of retirement. I just wish Chromium/Electron wasn't the only flavor (hence one of the main reasons I use Firefox). I had hoped Servo to be an additional option but alas.
Isn't this just how DRM works? It's precisely why so many were concerned about EME being adopted into web standards, and why so many are passionate about DRM-Free media. DRM is designed to put restrictions on where, when, and how media is played, including what software it's used with.
This doesn't invalidate any of the author's points, and they're right to be upset. But the problem isn't Chrome per se, it's DRM-encumbered media.
And that's why I buy audiobooks from Libro.fm†, games from GOG†, and (out of necessity) movies and TV shows from iTunes—which are still DRM'd by default but are at least relatively easy to decrypt.
Strictly speaking, Widevine isn't a standard - the web standards tracks really don't allow for it. Hell, they couldn't even agree on a single baseline video standard. The only part of web standards that even covers DRM is EME, which just specifies a way for JavaScript to negotiate content decryption with a DRM plugin. It specifies no standard DRM, and it can't do that, because DRM by it's very nature is not standardizable - or, more specifically, standardized DRM is ineffective. You can totally write video DRM in JavaScript using Media Source Extensions. You'll just have no actual technical control over where the video goes after it's been decrypted; that's why they want compiled binaries that have to be distributed as browser plugins.
Yes, perhaps the lesson here is that one should do some basic investigation on whether an approach has any fatal flaws before spending 2 years working on it.
Thanks for the link to Libro.fm; it looks like a great initiative. Unfortunately, for a lot of titles I'm interested in, I get this message: "You appear to be accessing the site from a country where this title has restricted rights". Do you know of a similar audiobook provider for the EU?
A more precise wording might be "... Google also blocks anything that's implemented in an embedded framework (e.g. CEF, webviews) and does not use browser-based OAuth authentication."
Sorry to go off-topic slightly, but can any INFOSEC people confirm that this idea below makes any sense? The conventional thinking, as far as I am aware, has always been that JavaScript increases your attack vector and diminishes your security coverage.
> Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in so that we can run a risk assessment whenever credentials are entered on a sign-in page and block the sign-in if we suspect an attack. This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.
Regardless of the discussion, Electron browsers are very insecure and is not a stable foundation to build a browser on. Electron even recommend that you do not try and build a browser using it.
I had the same problem. After a couple of emails, I got completely ghosted. They simply do not respond.
Seems that google pushed hard for EME, under the guise of giving widevine to anyone who wanted it. Of course, as is evident from OPs situation - this isn't the case.
DRM is fundamentally incompatible with open source and free software. DRM is all about restricting what your computer can do (what code it is allowed to run), so it can be trusted by third parties with handling protected information. Content providers want to be able to trust your computer in not allowing you to have full control of what it does.
If users can execute their free software rights (modify software and run modified versions), they can instruct their computers to do anything, thus DRM would not be possible. Binary blobs like Widivine are not complete DRM solutions on systems where users can still modify their display server or kernel. As DRM gets more widespread, content providers will require more strictly locked systems, that's why mobile devices are shipped with locked bootloaders and PCs have secure boot and TPM — most current hardware is ready to support strict DRM.
The only approach to DRM is to boycott its use completely, there is no workaround or compromise.
>> The only approach to DRM is to boycott its use completely, there is no workaround or compromise.
I couldn't agree more.
DRM is a plague that needs to go away. Digital content producers use it in the hopes it'll deter piracy, but the truth, as clearly shown by GOG.com, is that DRM is pointless. If your software and content are reasonably priced and worthwhile in some way, people will buy it.
I recently looked into what it takes to play 4K Blu-ray UHD discs natively, and its fucking laughable. A specific Intel-only CPU, only certain motherboards, certain monitors that support certain specs... OR you could just download an .mkv from some torrent website that plays flawlessly...
Which are people more likely to do? Instead of potentially adding 1.5 billion Windows users to the pool of available 4K UHD Blu-ray customers, they made it so fucking annoying that it practically guarantees piracy. Nice job breaking it, Hero.
"I tried creating a web browser, and Google blocked me"
Title is very missleading, your web browser works and google does not block you, it's all about DRM.
"For the last 2 years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome, won’t allow DRM in an open source project."
This is crap, you should probably have known that before starting the project? As a dev it should be some common sense that you can't just playback 4k video from Netflix with a built-in Browser.
> Title is very missleading, your web browser works and google does not block you, it's all about DRM.
Google, Microsoft, and Apple effectively control access to DRM. They are acting as a cartel to prevent competitors. So, yeah perhaps it would be best to add Microsoft and Apple to the list of offenders, along with the MPA, and heck even Congress (which criminalized breaking DRM even for otherwise legal purposes). But I'd hardly call the title very misleading.
Regarding your second point, it's understandable that he focused on the functionality before the licensing, because Widevine would probably have been even less supportive if he had a working product. Honestly I don't understand your complaint; someone had to make a browser and get screwed over, otherwise the defenders of Google et. al would argue that Widevine could be licensed by competing browsers.
And anyways, these minute arguments completely ignore the overarching point that DRM subverts the premise of the web and prevents disruption and competitive.
The article being from 2019, I highly doubt that DRM was such a common issue in 2017, so much that you had to anticipate for it.
4k wasn't that common either.
For the reference, at the time, I believe Netflix was even using Silverlight.
And Google is the blocking entity here, because they are in charge of delivering licenses for Widevine, which is specifically what you need to play DRMed content.
The thing about titles is that they often give a summary. Of course it does not tell the whole story--but I don't think it's misleading nor do I think it's crap.
I'm no an expert on DRM, but maybe someone here is. What would open source programs using DRM look like? My understanding is that the whole point of DRM is to prevent the software and the user from having arbitrary control over the data, which is fundamentally opposite of open source.
Say that Google desperately wanted to support any reasonable method to accomplish allowing open source tools access to DRM-protected media. Is there some way to allow that? What would it look like?
DRM in hardware is about the only other possibility. Make the GPU do the DRM internally. This is actually relatively feasible since most DRM'd video content has hardware acceleration support and GPUs already support HDCP.
Full DRM in hardware would require a much larger coordination across manufacturers than any DRM to date (HDCP), and with AACS's key distribution problems greatly magnified. Specifically, preventing any software fallback would be required to avoid AACS's player key leaks.
Would we see Intel/Samsung/IBM contribute to the Linux kernel if it wasn't in their self-interest? That's just how business tends to go as a general rule, IMHO. At least, I generally are more surprised to see a company go the extra mile than the opposite.
I’m not claiming the situation is just or should be ignored, but the option the author seems to be ignoring is to launch without Widevine. Sure, a lot won’t work, but a lot will. Having a vocal community can add a lot of pressure.
Yeah, but it's not a browser, it's a glorified media player.
Basically the dev wanted to take Electron (a wrapper of Chromium/v8, the Google maintained FOSS browser engine) + Google's Widevine, smash them together with some glue code and a special-purpose UI, and call it a "broswer".
The point of his browser is to be able to playback Netflix, Hulu, etc. between browsers in sync. That can't be done without DRM, and Widevine is "the only available DRM for a Chromium-based browser, especially so for Electron."
There's a number of reasons, but one of the biggest is that it's impractical for an individual or small group to create a web engine that is capable enough that users will want to use it. This means the only options are to either fork an existing browser (as most Chromium forks are doing) or build a browser around an embeddable engine (as WebKit-based browsers do, and hopefully one day Servo-based browsers will).
For many interested in creating a browser, a new engine is one of the primary reasons for doing so, and so forking or embedding being the only option means that many who would've created a new browser don't, because from their perspective there's no point in a Chrome/Firefox/Safari clone with a slightly different coat of paint.
WebKit at least partially addresses the clone issue, making it easy for developers to write entirely new UI code using their toolkit of choice, but comes with the caveat of not receiving much attention on non-Apple platforms, which is a problem with browser security being so important.
Much of the media playback IP is tied up by the big players. Who wants a browser without media playback?
Aside from that, how do you make money on a web browser? Without some kind of payback, it's pretty unlikely a browser project will get funding. Particularly since there are decent browsers on all platforms already.
Google basically controls the "standards" now, and it has the resources to keep churning them endlessly while spreading propaganda about how much better the new features are and how everyone should use them --- because they're only implemented in its browser.
There are perfectly capable HTML4-level browsers like Dillo, NetSurf, etc. and a bunch of similar projects on GitHub (under elaborate yet non-browser descriptions such as "HTML viewer with CSS support".) If only people would stop drinking the Goog-aid and unnecessarily "app-ifying" sites, maybe we would have more browser diversity... after all, the majority of sites I use are from the "document web" and not the "application web".
Edit: downvoted for talking against Google, interesting...
If we're talking about creating a browser from scratch, it's nearly impossible to implement one without a huge investment of both time and money. Browsers are unbelievably complex, and the new features are being added at such a pace that you need to run twice as fast just to keep up.
If we're talking about forking an existing browser, that is doable. But you still need a huge investment to understand, change and extend that code. Once again, browsers are unbelievably complex beasts.
Because a modern browser is about as complex as an operating system, and moves even faster.
Check out the complexity of ES6. You're gonna need an interpreter for that which performs acceptably well, plus a DOM interface to the rest of the browser. And check out how complex CSS is when it starts interacting with everything. Gotta handle all that too. Along with the basics of HTML structure, and how to interpret horribly broken HTML. And all of those pieces have to work together in realtime for dynamic animation, and do so fast enough for webapps to work and without eating too much of the host system's memory and CPU. And handle the constant addition of new JS APIs and how they have to interact with the host OS. Better be compatible and integrate well with Windows, OS X, and Linux too.
Building a new one from scratch today is pretty comparable to building a new operating system. You'd probably need to coordinate thousands of people working fulltime to get it off the ground. And it's basically impossible to charge any money for it, since all of the tech majors give away fully supported mature browsers for free.
In theory, you can fork an existing browser. But they all move so fast, keeping a fork with any useful changes up to date with the main browser is going to take a significant sized team too.
Microsoft is a tech giant, and even they decided to dump their independent Internet Explorer codebase in favor of using a Chromium fork. Now the only other truly independent browser codebase is Firefox's, and they haven't been doing so great the last few years.
It's probably practically impossible to build a browser that isn't a fork of Chromium these days.
Google has announced that it is cutting off access to the Sync and "other Google Exclusive" APIs from all builds except Google Chrome. This will make the Fedora Chromium build significantly less functional (along with every other distro packaged Chromium).
That seems unlikely. Google is one of many providers in this space, it's unlikely that a sole trader could afford the liability provisions, and anti-trust doesn't really tend to stretch to "you're too small for me to bother trading with you."
Where are the relevant philosophical and legal debates around digital copy?
If we establish some common ground over copy, where balanced legal frameworks can grow, i bet things like DRM would be considered illegal.
It should be not be considered a reasonable legal path to be pursued against copyright infringement (which is a reasonable right).
And while we are at that, i see a lot of people mentioning
feeling betrayed by Firefox, while back in the day, i felt that it was Tim Berners Lee and W3C who stabbed me in the back with this.
Is in time like these that we see how important it is to have a guy like Linus (and all the contributors) behind important projects.
Corporations being pulled by the capitalistic strings are not suppose to look forward higher ethical things as the "common good".
Its not irrational that corporations do this kind of things, its irrational that we expect them not to, knowing the game that is being played here.
I'm curious what the gatekeeping around letting you use Widevine or similar does. As an "approved" entity are you then technically capable of copying DRMed content? Trying to understand if that's why it's so closely guarded.
Under DMCA 1201 technical protection measures automatically get legal protection against this sort of thing. There's actually two layers of protection:
1. You can't deprotect the content for a purpose that would violate copyright law (this is the "DMCA exception" process you hear about every 3 years)
2. You can't provide tools that deprotect the content for any purpose
Both provisions give DRM the force of law, though the latter poses specific risks for anyone who merely wants to run DRM content within it's protected bounds. There are loads of well-reasoned exceptions to DMCA 1201, but they're very restrictive and special-cased. You'd never be able to get away with just releasing a Widevine-compatible plugin, even if it did all the validation and security in exactly the same way as Widevine. This means that, practically speaking, the only legal way to actually play Widevine-protected content is to license Widevine and comply with the inevitable litany of restrictions they place upon you for access to that plugin.
WideVine and PlayReady and FairPlay don't exist because tech companies want them, they exist because movie studios want them - or to be more precise, they demand them.
Chrome plays non-DRM video just fine. No studio in the USA will make their films available on a non-DRM encumbered service.
Wait, what is this person trying to do? They're not happy that Google open-sourced Chrome, so they also demand that Google open-source some DRM system so that they can make a media player for Netflix or something? Forgive me for not feeling sorry for someone who wants to make a browser polluted with DRM who complains that someone else is enforcing their copyright.
If your goal is that new browsers should only be able to be made without DRM, then you're effectively saying that we can't have any new mainstream browsers unless they're built by already established companies and commit to not doing anything creative or new that Google doesn't like.
I run Firefox without DRM support on my computers, and I believe that the web would be better today if DRM had never been forced into the standards process. However, ideology aside, if you want to make a browser that ordinary people can use, then it is unacceptable for that browser to not to play Netflix. DRM on its own is a threat to the Open web, but DRM that is only usable by a few big players is an even bigger threat to the Open web.
I would argue that we should be concerned when the largest browser on the market effectively has the power to decide whether or not websites will work on competing browsers. To me, that undermines the entire point of having web standards in the first place.
A bit of rant, but this is something that advocates warned about when DRM was in the process of being added as a web standard. It would be better if we didn't have DRM on the web at all. But at the very least, if we are going to have DRM, then there needs to be a consistent, accessible licensing model that allows any browser to interface with that DRM component. I'm sorry if Netflix has problems with that, but Netflix's current business model is not more important than the platform that literally created and enabled Netflix's currently business model. And companies like Google should not be allowed to decide who can and can't compete with them, it's anticompetitive through and through.
If you want a diverse browser ecosystem, then anyone building a browser should be able to interface with Widevine to play protected content.
The intention was to build a media player based on a Chromium-derived web browser. Functionally it would playback content on Netflix, Hulu, and other DRM-enabled services.
The problem isn't the closed source nature of Widevine CDM, but rather that access to use it is rather difficult to come by.
DRM goes against the concept of an Open Web in which anyone can build a web browser without asking permission.
Yes, someone attempted to build a tool that was interesting to them, and ran into DRM related roadblocks.
Life is not all or nothing. Even GNU is a a matter of free software improving over time rather than a purity test. Do you really think RMS refused to run grep until it was FLOSS?
smaddock|5 years ago
This is a closed source, downstream effort which means no modifications can be made to Electron itself. All changes must make it upstream to show up in this fork. When asked whether they would eventually merge it upstream, they didn't provide a clear answer [1].
I also wrote a followup blog post with more detail on the current state of DRM options on the web [2]. Spoilers: it's not great.
Regardless of all of these problems, I still hold an interest in browser development and have been working towards making Electron a viable option for building a browser [3].
[0] https://github.com/castlabs/electron-releases
[1] https://github.com/castlabs/electron-releases/discussions/24
[2] https://blog.samuelmaddock.com/posts/the-end-of-indie-web-br...
[3] https://github.com/samuelmaddock/electron-browser-shell
speedgoose|5 years ago
NetOpWibby|5 years ago
heinrich5991|5 years ago
DelightOne|5 years ago
It has the MIT license since 2 months ago. Did the closed-source part change or is that only about the non-npm code?
jcelerier|5 years ago
how does that work with the fact that Blink (LGPL) is part of electron ?
Wowfunhappy|5 years ago
This doesn't invalidate any of the author's points, and they're right to be upset. But the problem isn't Chrome per se, it's DRM-encumbered media.
And that's why I buy audiobooks from Libro.fm†, games from GOG†, and (out of necessity) movies and TV shows from iTunes—which are still DRM'd by default but are at least relatively easy to decrypt.
----------
† Among others, I don't use any one source.
kmeisthax|5 years ago
jonas21|5 years ago
Anthony-G|5 years ago
Minor49er|5 years ago
mr_toad|5 years ago
atarian|5 years ago
https://security.googleblog.com/2019/04/better-protection-ag...
eivarv|5 years ago
judge2020|5 years ago
https://news.ycombinator.com/item?id=25717156
See the comments for a summary and why the submission was flagged.
AndrewUnmuted|5 years ago
> Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in so that we can run a risk assessment whenever credentials are entered on a sign-in page and block the sign-in if we suspect an attack. This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.
Havelock|5 years ago
eivarv|5 years ago
Also, it kind of makes sense: You'd effectively be implementing a browser (or the GUI thereof) in a browser.
supermatt|5 years ago
Seems that google pushed hard for EME, under the guise of giving widevine to anyone who wanted it. Of course, as is evident from OPs situation - this isn't the case.
There is an ongoing EC investigation.
zucker42|5 years ago
Fice|5 years ago
If users can execute their free software rights (modify software and run modified versions), they can instruct their computers to do anything, thus DRM would not be possible. Binary blobs like Widivine are not complete DRM solutions on systems where users can still modify their display server or kernel. As DRM gets more widespread, content providers will require more strictly locked systems, that's why mobile devices are shipped with locked bootloaders and PCs have secure boot and TPM — most current hardware is ready to support strict DRM.
The only approach to DRM is to boycott its use completely, there is no workaround or compromise.
cbozeman|5 years ago
I couldn't agree more.
DRM is a plague that needs to go away. Digital content producers use it in the hopes it'll deter piracy, but the truth, as clearly shown by GOG.com, is that DRM is pointless. If your software and content are reasonably priced and worthwhile in some way, people will buy it.
I recently looked into what it takes to play 4K Blu-ray UHD discs natively, and its fucking laughable. A specific Intel-only CPU, only certain motherboards, certain monitors that support certain specs... OR you could just download an .mkv from some torrent website that plays flawlessly...
Which are people more likely to do? Instead of potentially adding 1.5 billion Windows users to the pool of available 4K UHD Blu-ray customers, they made it so fucking annoying that it practically guarantees piracy. Nice job breaking it, Hero.
Thaxll|5 years ago
Title is very missleading, your web browser works and google does not block you, it's all about DRM.
"For the last 2 years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome, won’t allow DRM in an open source project."
This is crap, you should probably have known that before starting the project? As a dev it should be some common sense that you can't just playback 4k video from Netflix with a built-in Browser.
zucker42|5 years ago
Google, Microsoft, and Apple effectively control access to DRM. They are acting as a cartel to prevent competitors. So, yeah perhaps it would be best to add Microsoft and Apple to the list of offenders, along with the MPA, and heck even Congress (which criminalized breaking DRM even for otherwise legal purposes). But I'd hardly call the title very misleading.
Regarding your second point, it's understandable that he focused on the functionality before the licensing, because Widevine would probably have been even less supportive if he had a working product. Honestly I don't understand your complaint; someone had to make a browser and get screwed over, otherwise the defenders of Google et. al would argue that Widevine could be licensed by competing browsers.
And anyways, these minute arguments completely ignore the overarching point that DRM subverts the premise of the web and prevents disruption and competitive.
eecks|5 years ago
why not?
coryfklein|5 years ago
NeekGerd|5 years ago
4k wasn't that common either. For the reference, at the time, I believe Netflix was even using Silverlight.
And Google is the blocking entity here, because they are in charge of delivering licenses for Widevine, which is specifically what you need to play DRMed content.
Not so misleading IMO.
Gunax|5 years ago
Tepix|5 years ago
CobrastanJorji|5 years ago
Say that Google desperately wanted to support any reasonable method to accomplish allowing open source tools access to DRM-protected media. Is there some way to allow that? What would it look like?
benlivengood|5 years ago
Full DRM in hardware would require a much larger coordination across manufacturers than any DRM to date (HDCP), and with AACS's key distribution problems greatly magnified. Specifically, preventing any software fallback would be required to avoid AACS's player key leaks.
eivarv|5 years ago
teclordphrack2|5 years ago
varispeed|5 years ago
gu5|5 years ago
Edit: Title changed from "I tried creating..." to "Someone tried creating..."
pwinnski|5 years ago
folkrav|5 years ago
adamc|5 years ago
jsnell|5 years ago
tracedddd|5 years ago
coldtea|5 years ago
Basically the dev wanted to take Electron (a wrapper of Chromium/v8, the Google maintained FOSS browser engine) + Google's Widevine, smash them together with some glue code and a special-purpose UI, and call it a "broswer".
hirundo|5 years ago
sneak|5 years ago
You don't really need Google for this.
underseacables|5 years ago
kitsunesoba|5 years ago
For many interested in creating a browser, a new engine is one of the primary reasons for doing so, and so forking or embedding being the only option means that many who would've created a new browser don't, because from their perspective there's no point in a Chrome/Firefox/Safari clone with a slightly different coat of paint.
WebKit at least partially addresses the clone issue, making it easy for developers to write entirely new UI code using their toolkit of choice, but comes with the caveat of not receiving much attention on non-Apple platforms, which is a problem with browser security being so important.
ogre_codes|5 years ago
Aside from that, how do you make money on a web browser? Without some kind of payback, it's pretty unlikely a browser project will get funding. Particularly since there are decent browsers on all platforms already.
skrowl|5 years ago
It's nearly impossible to create one that isn't. Firefox (and Tor) is basically the only one.
https://alternativeto.net/software/google-chrome/
userbinator|5 years ago
There are perfectly capable HTML4-level browsers like Dillo, NetSurf, etc. and a bunch of similar projects on GitHub (under elaborate yet non-browser descriptions such as "HTML viewer with CSS support".) If only people would stop drinking the Goog-aid and unnecessarily "app-ifying" sites, maybe we would have more browser diversity... after all, the majority of sites I use are from the "document web" and not the "application web".
Edit: downvoted for talking against Google, interesting...
ttt0|5 years ago
Sometimes I wonder if the web standards aren't designed specifically to prevent any meaningful competition.
dmitriid|5 years ago
If we're talking about forking an existing browser, that is doable. But you still need a huge investment to understand, change and extend that code. Once again, browsers are unbelievably complex beasts.
ufmace|5 years ago
Check out the complexity of ES6. You're gonna need an interpreter for that which performs acceptably well, plus a DOM interface to the rest of the browser. And check out how complex CSS is when it starts interacting with everything. Gotta handle all that too. Along with the basics of HTML structure, and how to interpret horribly broken HTML. And all of those pieces have to work together in realtime for dynamic animation, and do so fast enough for webapps to work and without eating too much of the host system's memory and CPU. And handle the constant addition of new JS APIs and how they have to interact with the host OS. Better be compatible and integrate well with Windows, OS X, and Linux too.
Building a new one from scratch today is pretty comparable to building a new operating system. You'd probably need to coordinate thousands of people working fulltime to get it off the ground. And it's basically impossible to charge any money for it, since all of the tech majors give away fully supported mature browsers for free.
In theory, you can fork an existing browser. But they all move so fast, keeping a fork with any useful changes up to date with the main browser is going to take a significant sized team too.
Microsoft is a tech giant, and even they decided to dump their independent Internet Explorer codebase in favor of using a Chromium fork. Now the only other truly independent browser codebase is Firefox's, and they haven't been doing so great the last few years.
It's probably practically impossible to build a browser that isn't a fork of Chromium these days.
varispeed|5 years ago
KirillPanov|5 years ago
https://drewdevault.com/2020/03/18/Reckless-limitless-scope....
Summary quote:
unknown|5 years ago
[deleted]
gspr|5 years ago
annoyingnoob|5 years ago
dredmorbius|5 years ago
Google has announced that it is cutting off access to the Sync and "other Google Exclusive" APIs from all builds except Google Chrome. This will make the Fedora Chromium build significantly less functional (along with every other distro packaged Chromium).
https://threadreaderapp.com/thread/1351624743510827015.html
julienfr112|5 years ago
Mindwipe|5 years ago
oscargrouch|5 years ago
Where are the relevant philosophical and legal debates around digital copy?
If we establish some common ground over copy, where balanced legal frameworks can grow, i bet things like DRM would be considered illegal.
It should be not be considered a reasonable legal path to be pursued against copyright infringement (which is a reasonable right).
And while we are at that, i see a lot of people mentioning feeling betrayed by Firefox, while back in the day, i felt that it was Tim Berners Lee and W3C who stabbed me in the back with this.
Is in time like these that we see how important it is to have a guy like Linus (and all the contributors) behind important projects.
Corporations being pulled by the capitalistic strings are not suppose to look forward higher ethical things as the "common good".
Its not irrational that corporations do this kind of things, its irrational that we expect them not to, knowing the game that is being played here.
kuharich|5 years ago
tyingq|5 years ago
kmeisthax|5 years ago
1. You can't deprotect the content for a purpose that would violate copyright law (this is the "DMCA exception" process you hear about every 3 years)
2. You can't provide tools that deprotect the content for any purpose
Both provisions give DRM the force of law, though the latter poses specific risks for anyone who merely wants to run DRM content within it's protected bounds. There are loads of well-reasoned exceptions to DMCA 1201, but they're very restrictive and special-cased. You'd never be able to get away with just releasing a Widevine-compatible plugin, even if it did all the validation and security in exactly the same way as Widevine. This means that, practically speaking, the only legal way to actually play Widevine-protected content is to license Widevine and comply with the inevitable litany of restrictions they place upon you for access to that plugin.
dang|5 years ago
oscargrouch|5 years ago
commandlinefan|5 years ago
1vuio0pswjnm7|5 years ago
We need more "web browsers" that just browse HTML.
fctorial|5 years ago
fctorial|5 years ago
smaddock|5 years ago
https://www.w3.org/TR/encrypted-media/
SubiculumCode|5 years ago
guyzero|5 years ago
WideVine and PlayReady and FairPlay don't exist because tech companies want them, they exist because movie studios want them - or to be more precise, they demand them.
Chrome plays non-DRM video just fine. No studio in the USA will make their films available on a non-DRM encumbered service.
SubiculumCode|5 years ago
Hnsuz|5 years ago
[deleted]
TeeMassive|5 years ago
[deleted]
paultopia|5 years ago
danShumway|5 years ago
I run Firefox without DRM support on my computers, and I believe that the web would be better today if DRM had never been forced into the standards process. However, ideology aside, if you want to make a browser that ordinary people can use, then it is unacceptable for that browser to not to play Netflix. DRM on its own is a threat to the Open web, but DRM that is only usable by a few big players is an even bigger threat to the Open web.
I would argue that we should be concerned when the largest browser on the market effectively has the power to decide whether or not websites will work on competing browsers. To me, that undermines the entire point of having web standards in the first place.
A bit of rant, but this is something that advocates warned about when DRM was in the process of being added as a web standard. It would be better if we didn't have DRM on the web at all. But at the very least, if we are going to have DRM, then there needs to be a consistent, accessible licensing model that allows any browser to interface with that DRM component. I'm sorry if Netflix has problems with that, but Netflix's current business model is not more important than the platform that literally created and enabled Netflix's currently business model. And companies like Google should not be allowed to decide who can and can't compete with them, it's anticompetitive through and through.
If you want a diverse browser ecosystem, then anyone building a browser should be able to interface with Widevine to play protected content.
smaddock|5 years ago
The problem isn't the closed source nature of Widevine CDM, but rather that access to use it is rather difficult to come by.
DRM goes against the concept of an Open Web in which anyone can build a web browser without asking permission.
codemac|5 years ago
Yes, someone attempted to build a tool that was interesting to them, and ran into DRM related roadblocks.
Life is not all or nothing. Even GNU is a a matter of free software improving over time rather than a purity test. Do you really think RMS refused to run grep until it was FLOSS?