Open Bug 1696497 Opened 3 years ago Updated 3 years ago

Click to play should be an option for the Widevine DRM plugin

Categories

(Core :: Audio/Video: Playback, enhancement, P5)

Product:
Core
Component:
Audio/Video: Playback
Version:
Firefox 87
Type:
enhancement

Tracking

()

People

(Reporter: code, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0

Steps to reproduce:

  1. I have Widevine enabled to play video on certain sites - Netflix, etc
  2. I went to a news site and noted that DRM was enabled and in use.
  3. I want it to ask me first before turning on DRM to other sites.
  4. Go to Plugins, but I can't set Widevine to "Ask to activate"

Actual results:

I have to turn Widevine/DRM off across the browser as opposed to per site or per choice.

There may be privacy implications and there certainly are negative consumer protection issues if more sites start feeling they should use DRM.

Expected results:

I should be able to make it "Ask to activate"

I noted CTP is being considered for removal in https://phabricator.services.mozilla.com/D107154 . It may be easier to just re-implement specific to DRM as it doesn't work today.

The Bugbug bot thinks this bug should belong to the 'Core::Audio/Video: Playback' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Audio/Video: Playback
Product: Firefox → Core

Bryce, is there a reason this isn't an option for Widevine? I couldn't find any existing bugs on it.

Severity: -- → N/A
Type: defect → enhancement
Flags: needinfo?(bvandyk)
Priority: -- → P5
Status: UNCONFIRMED → NEW
Ever confirmed: true

(In reply to Jon Bauman [:jbauman:] from comment #3)

Bryce, is there a reason this isn't an option for Widevine? I couldn't find any existing bugs on it.

I would be technically feasible to do this and would be a matter of engineering and UX time. We could take browser wide DRM blocking behaviour and sit it behind a site specific list. We'd then need some UX to modify that list.

Because we block DRM by failing the JS API calls that begin the process, we'd need to reload pages if the configuration changes.

I can't speak as much to the UX piece, there will no doubt be challenges there -- my understanding is that prompting for each site generally proves to not be scalable. So if we did something like that we wouldn't have it on by default.

I'm not opposed to such a change, but again, it would be getting engineering and UX time to do so.

Re the privacy concerns in comment 0, the architecture used for the DMR plugins is specifically setup to ensure sites do leak any information to other sites -- each plugin is isolated in its own process. I can still see the benefit in having a per site activation, but want to make clear that the current implementation takes into consideration privacy.

Flags: needinfo?(bvandyk)

Got an example. This page https://taxfoundation.org/carbon-tax-economic-recovery/ afaict works fine without the DRM. I believe Spotify is what tries to enable it.

I wonder how necessary it is for DRM to be embedded?

You need to log in before you can comment on or make changes to this bug.