Closed Bug 1011459 Opened 11 years ago Closed 11 years ago

Please do not support EME, do not allow new proprietary CDM code in the browser

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
29 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: Martin, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 Iceweasel/29.0.1 (Beta/Release) Build ID: 20140511072244 Steps to reproduce: I read several sources about plans to integrate EME/CDM into Firefox desktop browsers[1][2][3][4]. [1] Mitchell Baker, DRM and the Challenge of Serving Users, 14th May 2014: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/ [2] Cory Doctorow, Firefox’s adoption of closed-source DRM breaks my heart, theguardian.com, Wednesday 14 May 2014 18.00 BST: http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm-video-browser-cory-doctorow [3] FSF condemns partnership between Mozilla and Adobe to support Digital Restrictions Management by Free Software Foundation — Published on May 14, 2014 05:23 PM: http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management [4] Andreas Gal, Reconciling Mozilla’s Mission and W3C EME, May 14, 2014: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/ Actual results: Mozilla Foundation plans to support EME and to load an CDM plugin by Adobe into the desktop browser on Linux, Windows and Mac OS X. It plans to load this plugin into the browser by user consent, wrapped by an open source sandbox which is supposed to protect the user´s privacy against fringer printing. Expected results: Mozilla Foundation refuses to implement any support for EME and its CDM plugins and continues to stay true to its mission to stand up for an Open Web. Its a pity that Adobe Flash is still so widely spread within the web. And Microsoft introduces Silverlight. But to see that Mozilla Foundation whose mission it is to support an open web actively spends energy to develop a sandbox to run proprietary code within a browser instead of encouraging the content industry to finally arrive in the 21th century and respect the rights of the users it serves. Why is this a bug in my eyes? Mozilla implements a potential security hole within the browser by adding another way to run proprietary code in it instead of getting rid of Adobe Flash and other closed plugins. If Debian Mozilla packagers will not remove or at least disable the sandbox code from Iceweasel builds I will find myself another browser like Icecat[5]. [5] Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds http://bugs.debian.org/748342
Hi, Bugzilla is not a discussion forum. It is a bug tracker. So closing as invalid Maybe newsgroups are better places to discuss this like https://groups.google.com/forum/#!forum/mozilla.dev.planning Note: You don't need a google group to participate in the group. The google group is just a face on the email list. You can subscribe to the entire list at https://lists.mozilla.org/listinfo/dev-planning.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Well, if the following is true, introducing a EME sandbox for CDM plugins is a security bug in that comment with applicable law hides code away from security researcher who do not want to put themselves at legal risk due to US Digital Millennium Copyright Act, the European EUCD, Canada’s C-11. Your sandbox tries to protect from this partly, yet, if it has a bug, security researchers may need to analyse proprietary code protected by these laws in order to determine whether the CDM plugins made use of the security hole. http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm-video-browser-cory-doctorow
in that in combination with
(In reply to Martin Steigerwald from comment #2) > Well, if the following is true, introducing a EME sandbox for CDM plugins is > a security bug in that comment with applicable law hides code away from > security researcher who do not want to put themselves at legal risk due to > US Digital Millennium Copyright Act, the European EUCD, Canada’s C-11. > > Your sandbox tries to protect from this partly, yet, if it has a bug, > security researchers may need to analyse proprietary code protected by these > laws in order to determine whether the CDM plugins made use of the security > hole. > > http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm- > video-browser-cory-doctorow While I also find the threat of lawsuits against security researchers despicable, that does not mean this is a bug. It will still be possible to figure out if the security wrapper has a bug without legal ramifications. Even if figuring out if the CDM exploits that particular hypothetical security bug isn't legal, that won't be software we create, and so this isn't the right place to file a bug; you should talk to Adobe, much like you would if investigating flash player, which equally already has DRM capabilities that would presumably also be subject to these laws - so it's not like the wrapper changes anything in that domain. Separately, it seems odd to say that local laws create bugs in otherwise correctly functioning software. (but really, take this to the relevant fora when an implementation is ready)
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.