Open Bug 1025421 Opened 10 years ago Updated 7 years ago

(SeaMonkey) Don't support HTML5 DRM

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: kevink9876543, Unassigned)

Details

Mozilla is adding HTML5 DRM support to core code, and it sounds like not only will this mean rootkits on the end users' systems, the browser will also download executable content - of a deliberately obscured nature - onto the end users' computers without their explicit consent.  (See bug 1024763.)  I am not at all comfortable with that sort of behavior from any program on my computer, especially not my web browser (and potentially my email client, too - that would be even worse).

If at all possible, please make sure that SeaMonkey will not include any support for HTML5 DRM, regardless of how Mozilla changes Firefox and shared code.  If that is not technically possible, please completely disable all aspects of HTML5 DRM support by default and keep it that way.
Well, first there has to be some implementation in the Core code before the individual applications can decide how to proceed. There are some hints given in bug 1024763, such as a build-configuration flag and a preference setting to prevent the new API to be included in the build or to run. It certainly needs to be evaluated what the benefits vs. the dangers for the user are when picking the defaults. But as said, this is a bit premature with having only sketches right now how it's supposed to work.

In general, SeaMonkey has a more conservative approach to running web content. For example, you can disable plugins in general by a simple checkbox in Edit > Preferences > Advanced > Scripts & Plugins, which may cover or be explicitly extended for the DRM API once it has been introduced. SeaMonkey certainly has its own mind when it comes to picking defaults, and in the past (and present) has frequently deviated from what Firefox or Thunderbird are doing.

But again, let's wait until the implementation is at least roughly available before figuring out what needs to be done on the SeaMonkey side in the interest of the users.
Is it still premature at this point to discuss this?  A lot of EME-related bugs have landed in Gecko 33 meaning SeaMonkey 2.30 which is now in Aurora.

Also, to note, Gecko 33 and later have a mozconfig option to build the application without HTML5 DRM support (bug 1038031), and I can confirm that (at least on Linux) building SeaMonkey nightlies with ac_add_options --disable-eme does not result in additional issues, either during build or when running the program.

For reference: bug 1015800
SeaMonkey 2.30 is now in comm-beta, any updates?
Well, looks like SeaMonkey 2.30 is about to be released, and no further responses here yet...
Am I jumping the gun / is there not going to be DRM code in SeaMonkey built with Gecko 33?
(According to https://bugzilla.mozilla.org/show_bug.cgi?id=1038031#c11 , it sounds like there is a distinction between *EME* and *DRM components* that could be important to this bug.  I'm OK with non-DRM usage of EME, as long as having that ability doesn't enable the possibility of HTML5 DRM in my browser / mail client.)
Just to update this: the status quo with SeaMonkey is that it does contain EME support, but that only works with ClearKey, which is just a decryption plugin, not DRM: http://forums.mozillazine.org/viewtopic.php?f=4&t=2923385
Sorry for jumping the gun earlier.
However this request still stands given that there may be plans to extend DRM support beyond Firefox.
While self-building SeaMonkey, discovered something worth noting here: apparently as part of bug 1160101, the configure flag --disable-eme has been removed, and replaced by
--enable-eme=[module][,module][...]
(and --enable-eme=no to disable building EME entirely)

It looks like that change might make it possible to explicitly build EME support (for stuff like ClearKey) without building any support for HTML5 DRM.  Is that actually the case?  (If so, that build flag looks perfect for this...)
I have a problem playing DRM content in Seamonkey (version 2.46). A website is recently renewed: https://www.npo.nl/
Maybe the content is not accessible outside the Netherlands. If I try to play some content (by pushing the "nu kijken" button then this message appears (freely translated): "Your system cannot play this video. Install or upgrade Silverlight to version 5 and try again.".

In Firefox I have the same problem. Until I choose to check mark this option: "Play DRM content". Which apparently was checked out. I was helped in Firefox by this support page:
https://support.mozilla.org/en-US/kb/enable-drm?as=u&utm_source=inproduct

The website NPO.nl did not help with any suggestion of changing my DRM options. And in Seamonkey I find no options like "Play DRM content" until I found this bug. I hope that there is an option. And else I hope solving this bug solve my problem.
I don't think we are supporting download of the needed proprietary EME plugins/extensions yet (and this bug suggests to not do so at all in the future).
I don't think this needs a proprietary plugin. I think it needs a solution like in Firefox where whatching video works with the Play DRM content check box.
(In reply to Max from comment #9)
> I don't think this needs a proprietary plugin.
"proprietary plugin" is precisely what HTML5 DRM is.  When you check that box in Firefox, it downloads and installs proprietary plugin(s).

Again, what you are asking is the opposite of this bug.
Ah. Okay. I misunderstood that then. I was under the assumption that it is default functionality of Firefox. But I read the support page again and I (think I) see it now. Here is a quote of that page: 
Playing DRM-controlled content in Firefox

In Firefox version 47 and above, Firefox for desktop supports the Google Widevine CDM for playing DRM-controlled content.

Firefox downloads and enables the Google Widevine CDM on demand, with user permission, to give users a smooth experience on sites that require DRM. The CDM runs in a separate container called a sandbox and you will be notified when a CDM is in use. You can also disable a CDM and opt out of future updates by following the steps below. Once you disable a CDM, however, sites using this type of DRM may not operate properly.

Some sites may use DRM that is not supported by the Google Widevine CDM. Support for viewing this content may require a third-party NPAPI plugin, such as Microsoft Silverlight.
//quote

Apparently Firefox downloads the proprietary plugin (Google Widevine CDM) on the background. And with this bug you state you don't want that. Did I understand it correctly now?

I questioned npo.nl why it is necessary to enable this option in Firefox. And that in Seamonkey I cannot. Lets see what they come up with. As npo.nl is the dutch public television organization, funded with public money. So why do I need to use a proprietary plugin would be my next question (I guess I know what they will answer). I wasn't to happy with silverlight being mentioned and I should have thought a litter better. My apologies and thanks for getting my mind straight.

I have kind of the same principle as stated in your bug report. And now I have to choose watching public television and not wanting proprietary plugins / downloaded obscure executable content. I consider myself warned.
(In reply to Max from comment #11)
> I questioned npo.nl why it is necessary to enable this option in Firefox.
> And that in Seamonkey I cannot. Lets see what they come up with. As npo.nl
> is the dutch public television organization, funded with public money.

The checkbox as such is implemented for SeaMonkey as well (bug 1127784) but hidden in release builds given that CDMs aren't fully supported yet.

The fact that a public TV station is funded with public money doesn't imply that the content they show isn't protected by other's rights, thus them applying DRM makes sense from that perspective to prevent unauthorized copying of that content. SeaMonkey still supports NPAPI plugins and will continue to do so for a while, thus Silverlight should still work.
Thanks for explaining that Seamonkey has a solution, but hidden. 

I understand that someone wants to protect their rights. Especially a public tv station. Surely I don't know enough to do bold statements. But I didn't like the silverlight option because of my believe its proprietary. The NPO probably has chosen the best option available. In the past I experienced that they supported open standards as best as they could. 

So this is a user problem. Google didn't help me easy enough to find how to play DRM content. And I am amazed and very happy with your assistance in my process of understanding.
You need to log in before you can comment on or make changes to this bug.