Last Comment Bug 923590 - Pledge never to implement HTML5 DRM
: Pledge never to implement HTML5 DRM
Status: RESOLVED WONTFIX
:
Product: Internet Public Policy
Classification: Other
Component: General (show other bugs)
: unspecified
: All All
: -- normal with 155 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
: 866191 1011803 (view as bug list)
Depends on:
Blocks: useragent
  Show dependency treegraph
 
Reported: 2013-10-03 20:06 PDT by Chris Sherlock
Modified: 2016-02-17 11:29 PST (History)
206 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Chris Sherlock 2013-10-03 20:06:14 PDT
User Agent: Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25

Steps to reproduce:

The Director of the W3C, Tim Berners-Lee, has stated that playback of protected content (i.e. DRM) is in scope for HTML5. [1] This was further confirmed in the charter on 20th September. [2]

According to the Director,

"While the W3C Team do believe that use cases like premium content should be
addressed in the Open Web Platform in order to bring it to its full potential, we're also looking forward for the HTML Working Group to address any technical concerns raised against the EME draft."

1. http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0122
2. http://lists.w3.org/Archives/Public/public-html-admin/2013Sep/0129.html


Actual results:

So what has happened? In short, they broke our soul. How can "protected content" have any part in an Open Web Platform?

Encrypted Media Extensions (EME) form the basis for a whole bunch of silliness, from proposals to prevent us viewing JavaScript source, to not being able to view text because of a font specification.

The EFF have been vocal in their concerns. In an article they published on October 2nd, they make the following points:

"A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the "Web" technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable.
.
.
.
The W3C is now in an unenviable position. It can either limit its "content protection" efforts to the aims of a privileged few, like Hollywood. Or it can let a thousand "content protection systems" bloom, and allow any rightsholder group to chip away at software interoperability and users' control.

EFF is still a W3C member, and we'll do our best to work with other organizations within and without the consortium to help it fight off the worse consequences of accepting DRM. But it's not easy to defend a king who has already invited its attackers across his moat.

Still, even if the W3C has made the wrong decision, that doesn't mean the Web will. The W3C has parted ways with the wider Web before: in the early 2000s, its choice to promote XHTML (an unpopular and restrictive variant of HTML) as the future led to Mozilla, Apple and Opera forming the independent WHATWG. It was WHATWG's vision of a dynamic, application-oriented Web that won—so decisively, in fact, that the W3C later re-adopted it and made it the W3C's own HTML5 deliverable." [3]

3. https://www.eff.org/deeplinks/2013/10/lowering-your-standards


Expected results:

So what to do?

It's very simple. Pledge never to adopt, implement or assist the W3C's EME specification.
Comment 1 Mardeg 2013-10-03 20:13:26 PDT
Should this go on the "mozilla.org" product, "Security Assurance - Applications" component?
Comment 2 Raymond Forbes[:rforbes] 2013-10-03 23:47:57 PDT
security assurance is for security reviews of features.  not really sure where this should go.
Comment 3 mindaslab 2013-10-04 00:52:28 PDT
This is a great thing. It will be a boon to humanity as a whole. I hope DRM fails everywhere. All information or idea one gets is not truly his / her own. Ones experience as he travels throgh time lays the foundation for thought. There are almost no true original ideas and no true thing call copyrightable material.
Comment 4 Richard Soderberg [:atoll] 2013-10-04 00:54:23 PDT
I thought about moving this to a core product component (HTML parser, Gecko, or similar) -- however, no one in their role within product feature teams would necessarily be able to pledge on behalf of the entire company.

Then I found this specific note under one of the governance components, that calls out specifically which team handles official positions, or as the bug description says, "pledges":

"determining if Mozilla should take an official position on a particular public policy issue" [1]

So as this bug specifically requests a "pledge", which is an "official position", I'm moving this over to the Internet Public Policy product. They seem best positioned to either consider this request, or otherwise to triage this bug to a more appropriate component.

[1] https://wiki.mozilla.org/Modules/All#Internet_Public_Policy
Comment 5 Chris Sherlock 2013-10-04 01:39:45 PDT
No disagreement here from me - I wasn't entirely sure what to pit it under. Thanks for fixing the component and product, Richard. :-)
Comment 6 jmsmistral 2013-10-04 01:42:19 PDT
Agree in full.
Comment 7 Florian Bösch 2013-10-04 02:13:25 PDT
On DRM in general
-----------------

DRM is bad for users because it puts up barriers to serving (for producers), implementing (for browser vendors) and consumption (for users).

License issues and technical cludges are an unavoidable consequence of DRMs, which makes supporting them a huge maintenance and legal problem. It is doubtful that Firefox for instance can support EME on legal grounds. Google chromes open source version of chrome (the chromium builds) are not compiled/shipped with EME.

Fair-use and the public domain are not acknowledge in DRM systems and are eminently threatened.

DRM enables vendor lock-ins, monopolies and intentional incompatibility.

Differently-abled persons are often excluded from content that is DRM encumbered.


On EME
------

1) Technology should serve us to enable us to do new things (aka features) and enrich society. The pursuit of enablement is the driver of progress. DRM is an "anti-feature", it is exclusionary and concerned with restriction. To pursue DRM is to pursue technological stagnation. It cannot be the role of an open standard to promote such negative use of technology.

2) EME will open the floodgates for all kinds of DRM nonesense for everything (images, fonts, javascript, resources in general, APIs, HTTP calls and so forth)

3) As an anti-competitive technology, Firefox is disadvantaged by EME, and it cannot be in the interest of Mozilla to promulgate a new browser monopoly.

4) DRM is the penultimate in incompatible file formats. Still in 2013, browsers cannot universally support the same video and audio files. Imagine how bad this will get once the EME standard floodgates open and new DRM-only capabilities are added to browsers. Small web authors will be pushed out of the web and the big content cartels will attempt to landgrab the web and convert it to a consumer only technology. 

5) The W3Cs (and Tim Baner Lees) support of EME shows clearly that once again, the W3C has gone down a blind alley (like with XHTML) and is not interested to serve the real needs of the web. The WhatWG was the result of W3Cs stagnation on addressing real world needs. And once again the W3C is more interested in stagnation than real world needs with EME. It has to be expected that the relevancy of any W3C standard will substantially diminish in the future.
Comment 8 Morgan 2013-10-04 04:13:03 PDT
As a decade+ user of Mozilla products I support this fully however the reality is that this may make Firefox unusable in the future. My suggestion would be to build in support for DRM via either an extension or plugin that is user selectable during the installation. It is sad that the W3C have decided that DRM is needed in this way and we should do all we can to change this decision however we also need to live in the reality that this is the decision they have made at present. I would not like to see DRM as part of the core browser though and feel it should be moved as far out of the core as possible.
Comment 9 Chris Sherlock 2013-10-04 04:17:20 PDT
I would like to also point out a technical reason I'm concerned about this "extension":

If you review the diagram in the draft [1], you will see that it covers playback of certain content. Currently, it is restricted to media files. But you can see that once this is adopted, it would then lower the barriers for media companies and other interested actors to push for encryption mechanisms for individual elements.

Even worse, note that the Content Decryption Module (CDM) is a "part of or add-on to the user agent that provides functionality for one or more Key Systems". In other words, these will probably need to be implemented as binary blobs which are add-ons for browsers. They may need to use specific technologies that are part of particular operating systems.

What does this leave us all with? Well, it leaves us with the promogulation of a bad idea (restrictive DRM) implemented using a variety of browser specific extensions that may need to utilise the specific technologies of a particular operating system. I rather think this goes counter to Mozilla's aims.
Comment 10 Chris Sherlock 2013-10-04 04:18:57 PDT
Sorry, footnote 1. points to https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/stack_overview.png
Comment 11 ko_lo 2013-10-04 04:36:26 PDT
Yesterday I was reading a bit about the Mind behind mozilla, and how it's working etc..  I Land on the Manifesto [1] . I notice this line :
"2. The Internet is a global public resource that must remain open and accessible"
and as far as I know drm isn't something that we could call "open"

also point 5 :
Individuals must have the ability to shape their own experiences on the Internet.
and same drm won't allow you to have your "own" experience

I will end this comment by quoting (again) mozilla :
"Mozilla is a thriving community of intelligent, principled and passionate individuals who build software to preserve choice, openness, and innovation on the Internet."[2]
and I have nothing to add to that.

It seems to me that there is some durty money story behind w3C and that's sad.

perhaps this thread should be better on a forum such as mozilla.general

[1] http://www.mozilla.org/en-US/about/manifesto/
[2] https://careers.mozilla.org/en-US/position/ofzGXfwb
Comment 12 kyle 2013-10-04 07:48:06 PDT
Allowing content providers to apply DRM will have the unfortunate effect of preventing security researchers and security-minded users from being able to inspect elements for malicious code simply by virtue of the malicious code's authors not wanting you to see what they are doing. The web is built on open standards, and the vanguard for that is transparency. If content producers do not want to participate in this way, then they can cling to outdated business models. The W3C is not a rightsholder's consortium nor is it in any way obligated to protect their 20th century business models or maximize their profits at the expense of the public's right to remain informed.
Comment 13 FFUser 2013-10-04 09:03:25 PDT
I am seriously concerned that EME or any other form of DRM will be used to prevent caching and the storage of historical records. Will the media, governments or corporations simply pretend unfavorable things never happened by simply removing content that can not be cached or backed up? Will the future look back at a huge blank spot in the web's history once EME is implmented?

The copyright system in the US has been incrementally perverted to the point of insanity and EME will only be the begining of incremetally worse DRM if it is implemented.
Comment 14 Jay MacDonald 2013-10-04 09:47:37 PDT
HTML5 DRM is required to bring content from Flash to HTML5. If this isn't implemented in HTML5, content creators will create plugins and addons (like Silverlight, iTunes, etc) to implement their own standards.
I don't think this is an issue. I wish we lived in a "we all love each other! let's share everything world", but we don't. Content creators are required to protect their content, and to do this, requires DRM.
All this will do is exempt Mozilla from being able to access sites that implement this (e.g. Netflix probably will, BBC will, etc) and Mozilla user's will be forced to download a plugin or use another browser.
Believe me, Chrome and Internet Explorer will implement this. Opera might not, but Microsoft and Google have corporate interests which mean HTML5 DRM will happen.
Comment 15 Florian Bösch 2013-10-04 10:16:57 PDT
(In reply to Jay MacDonald from comment #14)
> HTML5 DRM is required to bring content from Flash to HTML5. If this isn't
> implemented in HTML5, content creators will create plugins and addons (like
> Silverlight, iTunes, etc) to implement their own standards.
> I don't think this is an issue. I wish we lived in a "we all love each
> other! let's share everything world", but we don't. Content creators are
> required to protect their content, and to do this, requires DRM.
> All this will do is exempt Mozilla from being able to access sites that
> implement this (e.g. Netflix probably will, BBC will, etc) and Mozilla
> user's will be forced to download a plugin or use another browser.
> Believe me, Chrome and Internet Explorer will implement this. Opera might
> not, but Microsoft and Google have corporate interests which mean HTML5 DRM
> will happen.

You don't understand. The EME runtime is a proprietary obfuscated blob. You cannot implement this blob open source. It will have to rootkit the machine it lands on because it cannot allow other programs than the approved browser to operate its API.

Linux will not be able to interoperate with EME unless you allow a third party blob onto your machine that rootkits it. Ouya will not be able to operate EME. Firefox OS will not be able to operate EME. Third party browser vendors like Mozilla, Opera and others will be frozen out from EME because it will not allow to be used by those programs.
Comment 16 Florian Bösch 2013-10-04 11:10:31 PDT
(In reply to Jay MacDonald from comment #14)

And btw. just so you can convince yourself that it's all about vendor lock in:

* http://movies.netflix.com/ie11testdrive
* http://ie.microsoft.com/testdrive/html5/eme/

There are *no* other video test pages for EME, and it these don't work on:

* Chrome on Linux
* Firefox on Linux
* Opera on Linux
* Chrome on Windows
* Firefox on Windows
* Opera on Windows
* Chrome on OSX
* Firefox on OSX
* Chromium on Linux
* Chromium on Windows
* Webkit on Linux
* Webkit on Windows
* Chrome on Android
* Firefox on Android
* Opera on Android
* Opera Mini on Android
* iOS Safari
* Opera Mini on Safari
* IE8/9/10 on Windows

And that's intentional.
Comment 17 Jay MacDonald 2013-10-04 11:37:32 PDT
Give it a while, I know(In reply to Florian Bösch from comment #15)
> (In reply to Jay MacDonald from comment #14)
> > HTML5 DRM is required to bring content from Flash to HTML5. If this isn't
> > implemented in HTML5, content creators will create plugins and addons (like
> > Silverlight, iTunes, etc) to implement their own standards.
> > I don't think this is an issue. I wish we lived in a "we all love each
> > other! let's share everything world", but we don't. Content creators are
> > required to protect their content, and to do this, requires DRM.
> > All this will do is exempt Mozilla from being able to access sites that
> > implement this (e.g. Netflix probably will, BBC will, etc) and Mozilla
> > user's will be forced to download a plugin or use another browser.
> > Believe me, Chrome and Internet Explorer will implement this. Opera might
> > not, but Microsoft and Google have corporate interests which mean HTML5 DRM
> > will happen.
> 
> You don't understand. The EME runtime is a proprietary obfuscated blob. You
> cannot implement this blob open source. It will have to rootkit the machine
> it lands on because it cannot allow other programs than the approved browser
> to operate its API.
> 
> Linux will not be able to interoperate with EME unless you allow a third
> party blob onto your machine that rootkits it. Ouya will not be able to
> operate EME. Firefox OS will not be able to operate EME. Third party browser
> vendors like Mozilla, Opera and others will be frozen out from EME because
> it will not allow to be used by those programs.

You just made my point. Third party browsers like Firefox and Opera will be frozen out if they don't allow it.
Comment 18 Florian Bösch 2013-10-04 11:41:00 PDT
(In reply to Jay MacDonald from comment #17)
> You just made my point. Third party browsers like Firefox and Opera will be
> frozen out if they don't allow it.

They will be frozen out regardless. This isn't some cumbaya we all love each other EME. This is a vehicle designed to crush the competition wherever it may arrise by means ensured by stupid laws (the DMCA). You have *no* idea how bad this is.
Comment 19 Jay MacDonald 2013-10-04 11:43:58 PDT
(In reply to Florian Bösch from comment #18)
> (In reply to Jay MacDonald from comment #17)
> > You just made my point. Third party browsers like Firefox and Opera will be
> > frozen out if they don't allow it.
> 
> They will be frozen out regardless. This isn't some cumbaya we all love each
> other EME. This is a vehicle designed to crush the competition wherever it
> may arrise by means ensured by stupid laws (the DMCA). You have *no* idea
> how bad this is.

Then this bug does not matter, regardless. :)
Comment 20 Johannes Mittendorfer 2013-10-04 11:51:51 PDT
Why we`re even discussing about DRM in an open source software?
Comment 21 Florian Bösch 2013-10-04 12:15:49 PDT
(In reply to Jay MacDonald from comment #19)
> Then this bug does not matter, regardless. :)

If you don't think it matters, then you can shutter firefox and linux right now. Because if you don't take a stand while you can, those free (as in freedom) infrastructure will vanish because it will become known as "that OS/browser that doesn't run youtube and facebook". This is the end my friend, once everything (http, js, fonts, audio, video) has been sufficiently DRM infested, the only ones getting to provide you "the full" web experience are the ones who won't let you do it.
Comment 22 Scott Turner 2013-10-04 12:35:24 PDT
This.
Comment 23 headcrabextra 2013-10-04 12:36:27 PDT
+1 to this request.
Comment 24 Esme Cowles 2013-10-04 12:46:52 PDT
+1
Comment 25 Nelson LeDuc 2013-10-04 12:48:23 PDT
+1
Comment 26 Fabrício Matté 2013-10-04 13:00:46 PDT
I'll have to +1 this as well. Since the first glance at DRM making it into the HTML5 scope, sincerely, I couldn't believe W3C would actually go that far against the open web.

The "open" in Open Web Platform must hold its meaning. There is absolutely no place for proprietary DRM locking in the Open Web.

Those who have interest in DRM can surely find an alternative way to deliver their media which does not involve harming the Open Web Platform.
Comment 27 Simonas Kazlauskas [:simukis] 2013-10-04 13:03:47 PDT
Please avoid adding comments like “+1” or “This.” They do not contribute to the issue on hand at all.
Comment 28 headcrabextra 2013-10-04 13:05:26 PDT
(In reply to Simonas Kazlauskas from comment #27)
> Please avoid adding comments like “+1” or “This.” They do not contribute to
> the issue on hand at all.

They allow to see how many people support this.
Comment 29 Tanner Filip [:tanner] 2013-10-04 13:09:05 PDT
Hey everybody,
Please don't add one-word comments like "+1" to this (or any) bug - every time you do, nearly 100 people are emailed about it. I'd suggest you read https://bugzilla.mozilla.org/page.cgi?id=etiquette.html, specifically 1.1. I have to agree that this is a good cause, but emailing all these people multiple times with comments that add nothing to the discussion isn't.
Thanks!

While I'm here...
(In reply to Jay MacDonald from comment #14)
Holy crap, I haven't seen you in about three years. If you still remember me (from SUMO) you should shoot me an email or hop on IRC sometime, I'd love to chat.
Comment 30 Leman Bennett [Omega] 2013-10-04 14:30:52 PDT
(In reply to johannes.mittendorfer from comment #20)
> Why we`re even discussing about DRM in an open source software?

Because, this is the new reality. Open Source to monolithic corporations does not matter. They do not care where the code comes from, just so as long as it furthers an agenda toward more profit.

In my opinion, EME should be allowed to be implemented in Firefox. However, EME Video should be treated as an extreme security risk and all interaction with the browser should be severely limited. As this is not web video, it should not be treated like web video. For example, a simple separated fully sandboxed maximized video window with basic control access, basic access to subtitle options AND clearly labeled "Protected Video". Interaction with anything else such as the full suite of open web technologies should be considered the benefit of normal web video and the privilege to access it would be the absence of EME.

That way, Firefox is still compatible but not acknowledging EME Video as part of the normal web.
Comment 31 Yeuk Hon Wong [:yeukhon] 2013-10-04 14:50:15 PDT
We don't have to implement this. Have we implemented every single HTML5 feature according to the ever-changing spec? 
This EME specification doesn't have to be implemented. Are we going to lose the market because some average users won't be able to appreciate our arguments against DRM? We will just wait. There are days when browsers can't agree on everything and people constantly changing browsers to do things. Back then when everyone seems FF as a savior out of IE and then Chrome's strong adveristment took away a huge market share and now we see FF is still standing strong and growing. 

With more average users understand the importance of security and freedom, we can wait. FF is built better with the support from both the people in the industry and contributors from all over the world. We cannot forget that the power is on us. Rushing is going to be the death of a browser.
Back when silverlight wasn't available to FF or Chrome,we all had to switch to IE. We can still have a good life.
Comment 32 Florian Bösch 2013-10-04 14:58:41 PDT
(In reply to Leman Bennett (Omega X) from comment #30)
> Because, this is the new reality. Open Source to monolithic corporations
> does not matter. They do not care where the code comes from, just so as long
> as it furthers an agenda toward more profit.

That is precisely right, and it is precisely why Mozilla should reject it. Supporting it, means Mozilla digging the grave for Firefox and FirefoxOS themselves.

> In my opinion, EME should be allowed to be implemented in Firefox. However,
> EME Video should be treated as an extreme security risk and all interaction
> with the browser should be severely limited.

EME is designed to work this way, however there are some unfortunate realities I'm going to explain to you in a minute.

> As this is not web video, it
> should not be treated like web video. For example, a simple separated fully
> sandboxed maximized video window with basic control access, basic access to
> subtitle options AND clearly labeled "Protected Video". Interaction with
> anything else such as the full suite of open web technologies should be
> considered the benefit of normal web video and the privilege to access it
> would be the absence of EME. 
> That way, Firefox is still compatible but not acknowledging EME Video as
> part of the normal web.

You see, the purpose of DRM is to make the network stream of the media inaccessible to the user. To achieve this, the stream is encrypted symetrically. The symetric key is negotiated via asymetric encryption. Which means that the user needs to have a private/public key pair to facilitate the symetric key exchange. Obviously DRM can't trust the user and his machine with the management of that keypair, so the code implementing the exchange needs to hide the private key and be obfuscated as to make it difficult to obtain the private key.

But wait a second, this just covers the path up and into the users RAM. How does a DRM system actually display an image? Well to display the image of the media in the browser, it needs to go trough the browsers compositor. This compositor may run in software, or be hardware accelerated, but in the end, it means that the EME runtime needs to supply the browser with a plain picture to composit.

Ooops, but wait, can't then the browser just like, "save movie as" while it streams trough? Why yes, it can. All that pretty encryption for nothing.

Obviously the EME-DRM runtime system can't allow that. But how does the runtime achieve that Firefox can't just dump the movie to disk frame by frame? I mean, even if Mozilla doesn't ship firefox with that capability, anybody can fork firefox and hack it in...

Fear not, DRM has a solution to that too. Firefox will need to prove to the API that it has the right to access it to decrypt the content. How does firefox do that? Obvious solutions is an application runtime signature. In case you're distributing for Winphone, Win8Arm or Android that's no problem. But how do you deal with this issue on Windows XP, or Win8 Desktop or linux? Well, you either ignore it, in which case EME is again completely without teeth, or you install a rootkit on the machine. A rootkit would elegantly solve the problem how the EME runtime can decide which application is allowed to run and which isn't.

You see where this is going. EME is going to become the gatekeeper of who gets to write and distribute a browser and who isn't. Maybe the authors of the EME runtime are going to be nice to Mozilla and allow them. Maybe they aren't (there is microsoft in there after all).

But wait, now the firefox runtime is approved, what if somebody just writes some plugin/extension/greasemonkey script for firefox to dump the video frames to disk? Well obviously you can't have that, firefox will have to restrict all ways you could possibly get access to that API by any kind of scripting, easy right?

But wait, what if firefox gets some exploit, gasp, the horror, people could hack firefox to download video frames to disk until it gets patched? Fear not, the EME runtime thought of that too. The distribution key in the container that allows firefox to play movies back is simply revoked from new streams. So long firefox, and thanks for all the fish...

Really, really that's what you want to defend as "the new reality"? Are you quite sure of that. Because it sounds a lot like you just want to kill Firefox and FirefoxOS right there.
Comment 33 oasisob1 2013-10-04 15:15:02 PDT
+1 (Note that +1 does inform many readers, which is NOT superfluous. It lets readers, especially those in a position to implement or NOT implement the change, know that we DO NOT support the change). So, +1, +1, +1 to the pledge NOT to implement DRM in HTML5 or any other HTML.
Comment 34 Chris Sherlock 2013-10-04 15:25:57 PDT
Seriously, +1 is really unhelpful. Stop doing this please. We love you, but we ask you to respect bugzilla etiquette.
Comment 35 Leon Sorokin 2013-10-04 16:02:25 PDT
well, bugzilla etiquette is to vote on the bug, but for some reason it's not available. does it need to go to "confirmed" before this opens up?
Comment 36 Leman Bennett [Omega] 2013-10-04 16:54:30 PDT
(In reply to Florian Bösch from comment #32)
> 
> That is precisely right, and it is precisely why Mozilla should reject it.
> Supporting it, means Mozilla digging the grave for Firefox and FirefoxOS
> themselves.


NPAPI is already there. You're saying an EME plugin controlled by Mozilla wouldn't work? Because that's what this is essentially.


> 
> however there are some unfortunate realities
>

The unfortunate reality is that Microsoft and Google will implement without anyone else and without any kind of consideration for Open Source ideologies. The common user won't give a damn. They'll just say that Firefox is broken again and use one of the other monolithic corporate browsers.

> 
> Really, really that's what you want to defend as "the new reality"? Are you
> quite sure of that. Because it sounds a lot like you just want to kill
> Firefox and FirefoxOS right there.
>

I like how you proclaim that I'm defending this thing while creating a separate reality in your mind to project. There is only one known reality and you're living in it. I'm making a suggestion that will meet them half way. If Mozilla nor anyone else can stop this thing, then at LEAST an option would be to insulate what Mozilla considers the web from something that's not.

The last time Mozilla waited was H.264 vs WebM. What happened was that Firefox LOST marketshare and the web moved on without them. This is one of those moments. Microsoft and Google are already implementing the current draft and will PUSH it without any consideration toward anyone else. Monolothic Corporations do NOT care. If it means "Making us compatible with our buddy Netflix", that's what they're going to do.
Comment 37 marcos 2013-10-04 17:01:15 PDT
+1
Comment 38 lowest.common.denominator 2013-10-04 17:14:46 PDT
+1 Please do not implement. DRM is not compatible with open standards.
Comment 39 Florian Bösch 2013-10-04 17:17:01 PDT
(In reply to Leman Bennett (Omega X) from comment #36)

You still don't understand. Don't you realize that EME has to guarantee it's working as intended (preventing users from saving a video to disk).

How could EME prevent a user saving a video to disk if the EME runtime allows any program to run its API to obtain the raw frames? You could just create an EME binding for wget and that'd be that.

It can't. That's why any program that's not approved will be locked out from accessing the EME runtime. But how can the EME runtime provider, lock out programs from using its API?

In case of an OS that is not open and has a locked down application distribution mechanism (such as Windows Mobile, WART, iOS, Chromebooks and stock android) you can rely on OS built-in mechanisms to maintain a whitelist of vendor cerified programs that may access the API.

In case of operating systems that are either open or can run non approved programs (Community Android, Ouya, Linux, SteamBox, Windows XP, Windows 7, OSX) the EME can't guarantee that it's not being used by wget. In that case EME runtime will either not be made available for the platform, or it will come bundled with a rootkit that'll allow the EME runtime to refuse to work when talked to by a non approved program.

That means that now the distributor of the EME runtime has the power to decide who can make a browser (that plays video) and who doesn't. And if (as expected) DRM is now going to be pushed for everything under the sun (images, fonts, JS, etc.) then it means that the EME runtime provider now has the power to dictate who can make a browser at all.

If you don't resist EME you may prevent a further slip in marketshare right now. But make no mistake, EME is designed to attack competition and to prevent innovation, which includes Firefox and Linux. Why do you think Microsoft is all over EME like flies on ****?

If you don't resist EME, firefox is dead, and it will have been the last open source browser anybody ever wrote.
Comment 40 Leman Bennett [Omega] 2013-10-04 17:44:18 PDT
(In reply to Florian Bösch from comment #39)
> (In reply to Leman Bennett (Omega X) from comment #36)
> 
> You still don't understand. Don't you realize that EME has to guarantee it's
> working as intended (preventing users from saving a video to disk).
> 
> How could EME prevent a user saving a video to disk if the EME runtime
> allows any program to run its API to obtain the raw frames? You could just
> create an EME binding for wget and that'd be that.
> 
> It can't. That's why any program that's not approved will be locked out from
> accessing the EME runtime. But how can the EME runtime provider, lock out
> programs from using its API?
> 
> In case of an OS that is not open and has a locked down application
> distribution mechanism (such as Windows Mobile, WART, iOS, Chromebooks and
> stock android) you can rely on OS built-in mechanisms to maintain a
> whitelist of vendor cerified programs that may access the API.
> 
> In case of operating systems that are either open or can run non approved
> programs (Community Android, Ouya, Linux, SteamBox, Windows XP, Windows 7,
> OSX) the EME can't guarantee that it's not being used by wget. In that case
> EME runtime will either not be made available for the platform, or it will
> come bundled with a rootkit that'll allow the EME runtime to refuse to work
> when talked to by a non approved program.
> 
> That means that now the distributor of the EME runtime has the power to
> decide who can make a browser (that plays video) and who doesn't. And if (as
> expected) DRM is now going to be pushed for everything under the sun
> (images, fonts, JS, etc.) then it means that the EME runtime provider now
> has the power to dictate who can make a browser at all.
> 
> If you don't resist EME you may prevent a further slip in marketshare right
> now. But make no mistake, EME is designed to attack competition and to
> prevent innovation, which includes Firefox and Linux. Why do you think
> Microsoft is all over EME like flies on ****?
> 
> If you don't resist EME, firefox is dead, and it will have been the last
> open source browser anybody ever wrote.



I understand perfectly despite the apocalyptic doom overtones. Your message is to resist at all costs.

What's the next step? Do you resist an entire standards body? Essentially take the ball and run home back to WHATWG?  The W3C head Tim Berners-Lee himself has allowed this. The EFF motion has been defeated. Despite Mozilla's employees bringing up the big questions in the EME mailing list, it doesn't seem that the group will stop moving for things like actual concern of creating a separate locked down web. Mozilla and Google will continue to implement. Hollywood will just choose what they want in the end and proIP will follow without question. The common user will just choose whomever lets them see the video.
Comment 41 Florian Bösch 2013-10-04 17:58:59 PDT
(In reply to Leman Bennett (Omega X) from comment #40)
> I understand perfectly despite the apocalyptic doom overtones. Your message
> is to resist at all costs.

Yes, that is the message. The only thing that saved the web from the clutches of Microsofts IE6 was firefox. And firefox was only possible because people could go and make a competing product that was better.

But if you codify EME into a standard and put a community seal of approval on it, and big web properties start using it to serve content exclusively, this will never work again. Because it will prevent anybody from making a feasible product at all, lest they're willing to ship their product in defiance of the DMCA.
 
> What's the next step? Do you resist an entire standards body?
Yes. The W3Cs standards are distributed under a non derivative license anyway.

> Essentially take the ball and run home back to WHATWG?
Yes, the WhatWGs standards are distributed under a derivative license, and they do not include EME. I think it is of uttmost importance to develop WhatWG with all vehemence, because you don't want to be where the W3Cs direction takes us, because that future has no firefox in it.

> The W3C head Tim Berners-Lee
> himself has allowed this. The EFF motion has been defeated. Despite
> Mozilla's employees bringing up the big questions in the EME mailing list,
> it doesn't seem that the group will stop moving for things like actual
> concern of creating a separate locked down web.
I think it's quite clear that there's a dire need to reduce W3Cs relevancy yes?

> Mozilla and Google will
> continue to implement. Hollywood will just choose what they want in the end
> and proIP will follow without question. The common user will just choose
> whomever lets them see the video.

The television industry was presented with the same argument, and rejected it. Lo and behold, Hollywood backed down. The music industry tried to peddle DRM on online stores for a long time, yet today you can buy MP3s from iTunes and amazon. The fonts industry tried to push DRM for fonts, but lo and behold, the sky hasn't come crashing down and webfonts are doing just fine, even promoting new and innovative font foundries. And yet, the web, which is so much greater than any of those, bows to the demands of hollywood. It's a complete disgrace.
Comment 42 Florian Bösch 2013-10-04 18:23:50 PDT
Look, google, microsoft, netflix, bbc and the w3c have decided that an open web was fun while it lasted, but that's now enough thank you very much and let's get rid of it. And while they're at it, kill that pesky competition.

Mozilla is in an unenviable position, in that, it is being attacked by a superior force, which is employing dirty tactics to squeeze firefox out of the market, and they are winning.

Clearly the strategy can't be to play that game on their terms, because the endgame of that is no more firefox and no more open web. I don't know what the solution is, but I do know that it isn't going along with EME letting them lead firefox to the slaughterhouse. So until Mozilla figures out a solution, resistance on EME is all you can do.
Comment 43 Fred Andrews 2013-10-04 18:28:52 PDT
Please consider Bug 923749 - Add content access and saving features to an EME interface.
Comment 44 Denis Misiurca 2013-10-04 20:50:53 PDT
Insecure proprietary blobs in my Firefox? Please no!
Comment 45 Johannes Mittendorfer 2013-10-04 23:41:28 PDT
Please note that a Content Decryption Module may not be part of Firefox itself. These more likely are impelemented as an addon or plugin. This also ensures that different content providers or CDNs can stream their content without any need to add their modules to the firefox core.

So the argument of third party blobs in firefox does not count.

Please read the specification for further information: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
Comment 46 Richard Smallman 2013-10-05 00:13:43 PDT
To me it seems like this is a bit of a slippery slope. Sure, right now it's not TOO harmful (it still is) but using things like this a precedent makes me wonder what else is to come of this, if we don't stop it now, when will we? Will it be too late? Lets stop while we're ahead.
Comment 47 Florian Bösch 2013-10-05 03:15:36 PDT
I'd like to point out to the EME proponents that firefox currently can't implement EME. It can't because it's impossible to obtain a CDM and documentation on its ABI (you'll have to get that from widevine, a google owned company).

So the discussion so far is pretty moot anyway, firefox is already frozen out and the only desktop browser currently allowed is IE11.
Comment 48 Michał Gołębiowski [:m_gol] 2013-10-05 05:34:50 PDT
(In reply to Florian Bösch from comment #47)
> I'd like to point out to the EME proponents that firefox currently can't
> implement EME. It can't because it's impossible to obtain a CDM and
> documentation on its ABI (you'll have to get that from widevine, a google
> owned company).
> 
> So the discussion so far is pretty moot anyway, firefox is already frozen
> out and the only desktop browser currently allowed is IE11.

Sure, but this will change, no doubt about that; W3C and corps will want most popular browsers to implement that.
Comment 49 Michał Gołębiowski [:m_gol] 2013-10-05 05:41:30 PDT
(In reply to Florian Bösch from comment #47)
Since you're clearly informed on the subject very much, could you elaborate the differences between EME-encrypted content and Flash-encrypted one?
Comment 50 Michał Gołębiowski [:m_gol] 2013-10-05 05:41:44 PDT
(In reply to Florian Bösch from comment #47)
Since you're clearly informed on the subject very much, could you elaborate the differences between EME-encrypted content and Flash-encrypted one?
Comment 51 Dave Miller [:justdave] (justdave@bugzilla.org) 2013-10-05 05:49:30 PDT
(In reply to Leon Sorokin from comment #35)
> well, bugzilla etiquette is to vote on the bug, but for some reason it's not
> available. does it need to go to "confirmed" before this opens up?

Voting hadn't been enabled on this product in Bugzilla.  That's been done now, so anyone further who wants to "+1" this, please go vote instead. (click the "vote" link next to "Importance" up at the top).
Comment 52 steve faulkner 2013-10-05 05:54:06 PDT
(In reply to Florian Bösch from comment #41)
> (In reply to Leman Bennett (Omega X) from comment #40)
> > I understand perfectly despite the apocalyptic doom overtones. Your message
> > is to resist at all costs.
> 
> Yes, that is the message. The only thing that saved the web from the
> clutches of Microsofts IE6 was firefox. And firefox was only possible
> because people could go and make a competing product that was better.
> 
> But if you codify EME into a standard and put a community seal of approval
> on it, and big web properties start using it to serve content exclusively,
> this will never work again. Because it will prevent anybody from making a
> feasible product at all, lest they're willing to ship their product in
> defiance of the DMCA.
>  
> > What's the next step? Do you resist an entire standards body?
> Yes. The W3Cs standards are distributed under a non derivative license
> anyway.
> 
> > Essentially take the ball and run home back to WHATWG?
> Yes, the WhatWGs standards are distributed under a derivative license, and
> they do not include EME. I think it is of uttmost importance to develop
> WhatWG with all vehemence, because you don't want to be where the W3Cs
> direction takes us, because that future has no firefox in it.

I think we should be calling for Mozilla to leave the W3C altogether. 


> > The W3C head Tim Berners-Lee
> > himself has allowed this. The EFF motion has been defeated. Despite
> > Mozilla's employees bringing up the big questions in the EME mailing list,
> > it doesn't seem that the group will stop moving for things like actual
> > concern of creating a separate locked down web.
> I think it's quite clear that there's a dire need to reduce W3Cs relevancy
> yes?

see above
Comment 53 gicnmzcgk7mwxba57hon 2013-10-05 05:56:13 PDT
Mozilla is under no obligation what so ever to implement W3C proposals.

The only incentive Mozilla has, is peer pressure and commercial demand.

These are the latest statistics for Browser market-share: http://www.netmarketshare.com/

Firefox owns 20% of the market share. Content distributors will not cut off 20% of potential revenue.
Considering how small the margins are, no content producer will risk locking out so many users.
Especially when they know that anyone with a DVR/screen grab program can upload their content to the pirate bay within the hour.

It's now accepted that content distributors must now compete with pirates in terms of convenience. Asking the user to download a new program or plugin is one step more than most pirate streaming sites. For this reason alone, content distributors wont risk implementing DRM. They need that 20% userbase.

Even if Mozilla is the only one not to implement this DRM system, then content distributors wont use it.

If Mozilla doesn't bother then Opera probably wont either.

If Chrome implements it, all the linux distroes will push their userbase towards Chromium.

Mozilla's resources are limited, there are other, more important features to work on.
Comment 54 Florian Bösch 2013-10-05 05:58:36 PDT
(In reply to Michał Gołębiowski from comment #50)
> (In reply to Florian Bösch from comment #47)
> Since you're clearly informed on the subject very much, could you elaborate
> the differences between EME-encrypted content and Flash-encrypted one?

Flash is a generic virtual machine that can execute code.

EME defines a an API for the browser to inteact with a CDM in the abstract. CDM stands for content decryption module. The CDM has to be supplied either by the operating system or be bundled with the browser. It is implemented by a third party as a binary blob and it is not open source.

(In reply to Michał Gołębiowski from comment #48)
> Sure, but this will change, no doubt about that; W3C and corps will want
> most popular browsers to implement that.

I have repeatedly pounded at the W3C that they should make documentation and a CDM accessible to test, and my request have been ignored as uneccessary and I've been thrown out of the ML for the EME-WG.

So no, I don't think that a CDM and documentation will be forthcoming so that mozilla could even attempt to implement EME.

EME is currently implemented on only two platforms: IE11 and Chromebooks. It is telling that it isn't implemented in Google Chrome (the CDM distributor is worried somebody would just rip out the CDM and use it to decrypt content).

The CDM by my prediction will not be offered to third parties where there is a possiblity that it could easily be used to decrypt content to plain.

The only avenue for Firefox in that scenario is to implement their own CDM, and then attempt to convince every streaming provider (Netflix, Amazon etc.) to support it, which they may and may not do.

Even if that was a viable path, it's a complete mess for everybody, as you'll end up with dozens of proprietary blobs, one for each flavor of CDM supplied by dozens of parties. It's fairly obvious that that's a security disaster, bad for accessability and an incredible cludge to maintain for streaming providers.
Comment 55 Florian Bösch 2013-10-05 06:03:04 PDT
(In reply to gicnmzcgk7mwxba57hon from comment #53)
> The only incentive Mozilla has, is peer pressure and commercial demand.
> Mozilla's resources are limited, there are other, more important features to
> work on.

I agree, but I'd like to repeat, I believe it is at the current time technically impossible for Mozilla to even attempt to support EME, because nobody is going to supply a CDM and documentation to Mozilla. Reverse engineering an existing CDM is also out of the question, because then for instance Microsoft or Google could just DMCA-takedown the firefox d/l link.
Comment 56 Pander 2013-10-05 06:54:33 PDT
Nevertheless, could someone create a bug like this at Google for Chromium and at Microsoft for Internet Explorer?
Either way, the issue will get more attention and postition or policy from these two companies on their web browsers will be clarifeid.

Furthermore, distributions such as Debian and Ubuntu could ship open source browsers rebuild without DRM support. Would be worthwhile to also include them in this initiative. That is, also make general bug reports in Ubuntu's Launchpad etc.
Comment 57 xyz 2013-10-05 07:43:11 PDT
Do not like and use Firefox anymore because of Mozilla's desperate attempt to create a Chrome Clone, but i seriously hope that Mozilla does not include that user non friendly **** inside!

It may be true that movies and commercial music should be have some kind of copyright protection, but to lock down the free internet too in the same breath... Seriously, that is the biggest madness i have heared in a long time.

Free legal stuff should stay free and NOT forbidden, innovation is free and should NOT be forbidden! - In that case, DRM which also restricts free and legal stuff... This can clearly SHOULD go to hell!
Comment 58 xyz 2013-10-05 07:43:35 PDT
Do not like and use Firefox anymore because of Mozilla's desperate attempt to create a Chrome Clone, but i seriously hope that Mozilla does not include that user non friendly **** inside!

It may be true that movies and commercial music should be have some kind of copyright protection, but to lock down the free internet too in the same breath... Seriously, that is the biggest madness i have heared in a long time.

Free legal stuff should stay free and NOT forbidden, innovation is free and should NOT be forbidden! - In that case, DRM which also restricts free and legal stuff... This can clearly SHOULD go to hell!
Comment 59 blackflag420 2013-10-05 08:19:17 PDT
HTML5 DRM could be developed as a plugin, rather than crippling the firefox browser itself.
Comment 60 Thaddee Tyl [:espadrine] 2013-10-05 08:34:41 PDT
(In reply to saphirjd from comment #57)
> Do not like and use Firefox anymore because of Mozilla's desperate attempt
> to create a Chrome Clone, but i seriously hope that Mozilla does not include
> that user non friendly **** inside!

I am saddened by that, and I wish you'd give this great software another try.

> It may be true that movies and commercial music should be have some kind of
> copyright protection, but to lock down the free internet too in the same
> breath... Seriously, that is the biggest madness i have heared in a long
> time.

EME doesn't lock down the free Internet. It has a valid W3C working draft,
which was publicly discussed. EME alone only provides an encryption
capability. It isn't the first encryption system built into the Web,
and it probably won't be the last.

> Free legal stuff should stay free and NOT forbidden, innovation is free and
> should NOT be forbidden! - In that case, DRM which also restricts free and
> legal stuff... This can clearly SHOULD go to hell!

Those are the wrong reasons to hate EME! Forbidding access to "free legal stuff"
is an ok thing to do for a company, when it has legal ownership.
All companies involved in this hullabaloo follow the law. (Some make it.)
This issue isn't about the law, price, or freedom.

The issue is that the user has no say in the negotiation surrounding
the creation of the CDM that "some company" can bless. That power over Mozilla
deprived of counter-power facilitates a propensity for abuse. That postulated
future abuse (backed by past abuses surrounding DVD restrictions such as
a censored sequence of hex numbers[0], regional lockout, unskippable content
and awkward and escalating laws on sharing) is the only reason EME is wrong.

[0]: http://en.wikipedia.org/wiki/AACS_encryption_key_controversy
Comment 61 dbsnurr 2013-10-05 08:36:34 PDT
This would be devastating for the open web. Please notify the W3C about your displeasure with this direction for HTML standards.
Comment 62 Andrew Ducker 2013-10-05 08:41:12 PDT
My understanding is that currently, for playing DRM video, companies use plugins for _everything_ in the display process.

EME would mean that all of that chain is replaced with standard HTML5, except for the DRM/encryption part.

Surely this is a step in the right direction?  It removes the need for 95% of the plugin, replacing it with a much smaller one, only covering this tiny amount of functionality.

What would be a _reasonable_ end-state would be if the CDMs were standardised and could be downloaded on demand by users.  So if they go to play a video on Netflix, rather than it saying "You need Silverlight", it said "You need the Netflix encryption module to play this content, click here to install it."

There is, after all, no particular reason why the CDM would have to be different for Firefox, IE, and Chrome - and if users are willing to install a plugin to play content then Mozilla should be ensuring that said plugin is the smallest, least intrusive, plugin possible.
Comment 63 Andrew Davis 2013-10-05 08:45:14 PDT
yes, notify the w3c, but please don't email the listserv yourself.  

start a petition, sign a petition, or vote for this bug.

emails to the w3c just make eme proponents angrier and more stubborn, and there are already representatives from mozilla and eff making excellent arguments there.  let's not get in the way of finding a real solution.
Comment 64 Pander 2013-10-05 08:49:37 PDT
Petition is here: http://www.defectivebydesign.org/
Comment 65 xyz 2013-10-05 09:50:00 PDT
As long as Mozilla tries to create a cheap Chrome Clone.. i never use any official Mozilla Product anymore. In fact, i am going that far to use Chromium which i am using right now.

If i have the choice between a slower Clone which supports not as much html5 support as Chromium and the original which never had an identity crisis, i always choose the original.

Firefox without built in Basic Customization is useless and i do not support such an ugly switch from a customizable Browser in the direction of just becoming another form of "Chrome"

(In reply to Thaddee Tyl [:espadrine] from comment #60)
> (In reply to saphirjd from comment #57)
> > Do not like and use Firefox anymore because of Mozilla's desperate attempt
> > to create a Chrome Clone, but i seriously hope that Mozilla does not include
> > that user non friendly **** inside!
> 
> I am saddened by that, and I wish you'd give this great software another try.
> 
> > It may be true that movies and commercial music should be have some kind of
> > copyright protection, but to lock down the free internet too in the same
> > breath... Seriously, that is the biggest madness i have heared in a long
> > time.
> 
> EME doesn't lock down the free Internet. It has a valid W3C working draft,
> which was publicly discussed. EME alone only provides an encryption
> capability. It isn't the first encryption system built into the Web,
> and it probably won't be the last.
> 
> > Free legal stuff should stay free and NOT forbidden, innovation is free and
> > should NOT be forbidden! - In that case, DRM which also restricts free and
> > legal stuff... This can clearly SHOULD go to hell!
> 
> Those are the wrong reasons to hate EME! Forbidding access to "free legal
> stuff"
> is an ok thing to do for a company, when it has legal ownership.
> All companies involved in this hullabaloo follow the law. (Some make it.)
> This issue isn't about the law, price, or freedom.
> 
> The issue is that the user has no say in the negotiation surrounding
> the creation of the CDM that "some company" can bless. That power over
> Mozilla
> deprived of counter-power facilitates a propensity for abuse. That postulated
> future abuse (backed by past abuses surrounding DVD restrictions such as
> a censored sequence of hex numbers[0], regional lockout, unskippable content
> and awkward and escalating laws on sharing) is the only reason EME is wrong.
> 
> [0]: http://en.wikipedia.org/wiki/AACS_encryption_key_controversy
Comment 66 Adam Hirst 2013-10-05 10:53:32 PDT
Can we not go off the topic of "HTML5 DRM", or descend into Firefox vs. Chrome(ium) shitposting?
(In reply to saphirjd from comment #65)
> As long as Mozilla tries to create a cheap Chrome Clone.. i never use any
> official Mozilla Product anymore. In fact, i am going that far to use
> Chromium which i am using right now.
> 
> If i have the choice between a slower Clone which supports not as much html5
> support as Chromium and the original which never had an identity crisis, i
> always choose the original.
> 
> Firefox without built in Basic Customization is useless and i do not support
> such an ugly switch from a customizable Browser in the direction of just
> becoming another form of "Chrome"
Comment 67 xyz 2013-10-05 11:23:02 PDT
I agree. i just answered because someone wanted more or less a reason WHY i am not using Mozilla products anymore. Back to the HTML5 DRM Topic. I did not at all want to start an off topic round, sorry for that.
Comment 68 Paul [pwd] 2013-10-05 11:30:05 PDT
From a non-technical standpoint, DRM is a very real part of the internet. iPlayer, Virgin Anywhere, Sky Go, etc. While my initial thoughts would be "Frig yeah, never implement DRM!". Continuing on with that non-technical standpoint, I'd much prefer an elegant solution which allows for my browser to access all of the internet. Mozilla will have to cater to the needs of users, if the services switch to HTML5 media, then Mozilla can either support the services or lose market-share to competitors that will.

As an aside, I find it cheeky that there's people in here saying "I don't use Firefox but I'm going to demand they do what I say".
Comment 69 Florian Bösch 2013-10-05 11:40:59 PDT
(In reply to blackflag420 from comment #59)
> HTML5 DRM could be developed as a plugin, rather than crippling the firefox
> browser itself.

The CDM is intended as a plugin or an OS API. But due to the way that browsers work, it means that only "authorized" programs may access that plugin/API. This excludes firefox. So even if Mozilla wanted to implement EME, there is no way to do it because nobody is coughing up a CDM/documentation.
Comment 70 Florian Bösch 2013-10-05 11:42:45 PDT
(In reply to Thaddee Tyl [:espadrine] from comment #60) 
> EME doesn't lock down the free Internet. It has a valid W3C working draft,
> which was publicly discussed. EME alone only provides an encryption
> capability. It isn't the first encryption system built into the Web,
> and it probably won't be the last.

EME does lock down the free internet because Firefox won't be able to use the CDM and before long no open source browser will be able to serve "the internet".
Comment 71 Florian Bösch 2013-10-05 11:45:36 PDT
(In reply to Andrew Ducker from comment #62)
> My understanding is that currently, for playing DRM video, companies use
> Surely this is a step in the right direction?  It removes the need for 95%
> of the plugin, replacing it with a much smaller one, only covering this tiny
> amount of functionality.
> 
> What would be a _reasonable_ end-state would be if the CDMs were
> standardised and could be downloaded on demand by users.  So if they go to
> play a video on Netflix, rather than it saying "You need Silverlight", it
> said "You need the Netflix encryption module to play this content, click
> here to install it."
> 
> There is, after all, no particular reason why the CDM would have to be
> different for Firefox, IE, and Chrome - and if users are willing to install
> a plugin to play content then Mozilla should be ensuring that said plugin is
> the smallest, least intrusive, plugin possible.

Firefox won't be able to talk to the CDM just like any other program like wget, because that'd include the possiblity of decrypting the content and dumping it to disk. EME is bad because it introduces DRM (in the form of CDM). DRM is bad because it means free/open programs (like firefox) will be barred from interoperating with the DRM system. Hence the era of "open" web/browsers comes to a definitive end, forever.
Comment 72 Florian Bösch 2013-10-05 11:47:40 PDT
(In reply to Paul [sabret00the] from comment #68)
> From a non-technical standpoint, DRM is a very real part of the internet.
> iPlayer, Virgin Anywhere, Sky Go, etc. While my initial thoughts would be
> "Frig yeah, never implement DRM!". Continuing on with that non-technical
> standpoint, I'd much prefer an elegant solution which allows for my browser
> to access all of the internet. Mozilla will have to cater to the needs of
> users, if the services switch to HTML5 media, then Mozilla can either
> support the services or lose market-share to competitors that will.

Mozilla/Firefox won't be able to "cater to users" because it will be barred by way of the DMCA to support a CDM, the CDM vendor can't make available to mozilla because then it could just be used to dump the encryped media to disk in plain by any program.
Comment 73 Andrew Ducker 2013-10-05 11:53:35 PDT
Florian, your main contribution here seems to be to say that Firefox _cannot_ implement the DRM.  As the discussion is over whether it _should_, it seems rather like you've made your point.  Responding to multiple people with essentially the same response isn't adding anything to the discussion.
Comment 74 Florian Bösch 2013-10-05 11:56:46 PDT
(In reply to Andrew Ducker from comment #73)
> Florian, your main contribution here seems to be to say that Firefox
> _cannot_ implement the DRM.  As the discussion is over whether it _should_,
> it seems rather like you've made your point.  Responding to multiple people
> with essentially the same response isn't adding anything to the discussion.

I'm going to keep responding that for as long as there's a missconception that mozilla could somehow choose to "do it". Which I think it can't, technically impossible. The necessary precondition is not granted. As in, even if we all wanted to, you're barred. I've told the W3C that this is a problem, long ago, and didn't get them to produce deliverables in the form of a CDM and documentation to test. That onus is now on Mozilla.

If you want to have a discussion if "you should", you should first figure out if "you can". Because the "should we" discussion is entirely irrelevant if "you can't".
Comment 75 Andrew Ducker 2013-10-05 11:58:08 PDT
(In reply to Florian Bösch from comment #74)
> I've told the W3C that this is a problem, long ago

What was their response?
Comment 76 Florian Bösch 2013-10-05 11:59:25 PDT
(In reply to Andrew Ducker from comment #75)
> What was their response?

After I insisted long enough that the CDM isn't made available and isn't documented, they threw me off their ML.
Comment 77 Florian Bösch 2013-10-05 12:00:24 PDT
(In reply to Florian Bösch from comment #76)
> (In reply to Andrew Ducker from comment #75)
> > What was their response?
> 
> After I insisted long enough that the CDM isn't made available and isn't
> documented, they threw me off their ML.

I might note, without making the CDM/documentation available, to date.
Comment 78 Al Billings [:abillings] 2013-10-05 12:45:51 PDT
Bugzilla isn't really a place for policy discussions. I suggest going to dev.planning and actually discussing it, not using a bug as a discussion forum. 

http://www.mozilla.org/about/forums/
Comment 79 dewi 2013-10-05 15:40:02 PDT
DRM would damage market share; I would not be alone in switching to whichever FF fork that lacks DRM, or to Chrome, if it rejects DRM.

There is precedent for this. Firefox cannot run Windows Update, either. Everyone running FF on Windows keeps IE around for that. Using IE for DRM stuff if absolutely necessary is no larger burden for users than is Windows Update.

But sites will be less prone to using DRM if the majority browsers do not support it. And those that use it will be less successful, because it will add that small hurdle of switching to the less-preferred browser to view.
Comment 80 Muhammad Hussein Fattahizadeh 2013-10-05 16:50:16 PDT
We love Mozilla. We love Firefox. Cause made by people for people no such as **** companies like them made by smart asses for money.
We support mozilla, mozilla support freedom. Freedom is ours.
Mozilla must be reference of the web. We followed
Comment 81 dedurac 2013-10-05 19:12:50 PDT
Hey Mozilla, why don't you simply ask all those Hollywood corps to built their own native application with DRM included?
For example if I want to watch a movie on Netflix, I need to download their special crafted app with DRM.
That would satisfy their need for cash and our need for open WWW.
Comment 82 dedurac 2013-10-05 19:17:40 PDT
(In reply to Al Billings [:abillings] from comment #78)
> Bugzilla isn't really a place for policy discussions. I suggest going to
> dev.planning and actually discussing it, not using a bug as a discussion
> forum. 
> 
> http://www.mozilla.org/about/forums/

Well, we already started, and moving already sparked discussion around won't solve the problem
Comment 83 Fred Andrews 2013-10-05 21:05:37 PDT
(In reply to Thaddee Tyl [:espadrine] from comment #60)
...
> EME doesn't lock down the free Internet. It has a valid W3C working draft,
> which was publicly discussed. EME alone only provides an encryption
> capability. It isn't the first encryption system built into the Web,
> and it probably won't be the last.

It may well make it illegal to add features to a standard HTML interface, such as mechanisms to save content - it's a land grab on the web.  We are not talking about the 'Internet' in general, and some of us would be quite happy to just see DRM implemented in non-standard Internet apps.  Selling the EME as a 'valid publicly discussed standard' is just propaganda - and this is probably the only reason that the proponents took this to the W3C, to parallel the EME with other open standards and exploit the good will of the open web.
Comment 84 Fred Andrews 2013-10-05 21:11:24 PDT
(In reply to dedurac from comment #81)
> Hey Mozilla, why don't you simply ask all those Hollywood corps to built
> their own native application with DRM included?
> For example if I want to watch a movie on Netflix, I need to download their
> special crafted app with DRM.
> That would satisfy their need for cash and our need for open WWW.

Yes, this is the obvious path to take, and it could be integrated well with web browsers by using a web-actions or web-intents style process to invoke the DRM player app. or device.  Unfortunately the proponents of the EME do not accept this option.
Comment 85 olivier 2013-10-06 04:57:01 PDT
To be perfectly honest, I don't use firefox anymore for years, so I'm not sure to be entitled to comment this. The reason for my switch for chromium was superior developer tools and (at the time) superior performances.

But this was a time where all that matters was features and performances.

This issue with w3c is very concerning and plain unacceptable. I'm now switching from comfort mode to fight mode, and will carefully observe each vendor way to handle this issue. I will of course give my preference to those who do not implement drm (or eme, or whatever specious name they give it), and warn my friends about others. Bonus point to solve this peacefully without destroying w3c.

This was just to let mozilla know that even people like me who tends to prefer features on total openness are concerned about this very specific issue.
Comment 86 Al Billings [:abillings] 2013-10-06 09:06:57 PDT
(In reply to dedurac from comment #82)
> (In reply to Al Billings [:abillings] from comment #78)
> > Bugzilla isn't really a place for policy discussions. I suggest going to
> > dev.planning and actually discussing it, not using a bug as a discussion
> > forum. 
> > 
> > http://www.mozilla.org/about/forums/
> 
> Well, we already started, and moving already sparked discussion around won't
> solve the problem

Well, if you don't actually want to engage with the Mozilla community and want to be yelling in an ignored bug, sure. Have at it.
Comment 87 xannax.prozaxx 2013-10-06 09:17:50 PDT
I can't believe the **** that w3c is doing. In my view, it is mind boggingly stupid, for a number of reasons others here have expressed better than I can. I +1 this bug very vehemently.
Comment 88 simon 2013-10-06 11:08:08 PDT
(In reply to Florian Bösch from comment #32)

Thank you for in depth explanations Florian !

So basically content providers want a "unbreakable" security down the throat of the Web, even if :
1/ it costs freedom (every browser has to get a seal from a central entity),
2/ it costs progress (maintaining such a mammoth kills progress), 
3/ only them need this, 
4/ they can develop their own native applications to do DRM,
5/ Multiple DRM free providers are successful.
6/ in the end there is always a way to hack anything.

I hope Mozilla community will not lose its precious time on this stuff.
Comment 89 piranna 2013-10-06 11:14:38 PDT
(In reply to simon from comment #88)
> I hope Mozilla community will not lose its precious time on this stuff.

Point is not only Mozilla community don't waste their precious time on developing this stuff, but also on don't accepting any patch from third party developers (probably mayors media developers) enabling this functionality.
Comment 90 Masatoshi Kimura [:emk] 2013-10-07 01:39:42 PDT

*** This bug has been marked as a duplicate of bug 866191 ***
Comment 91 Paul [pwd] 2013-10-07 03:58:53 PDT
Masatoshi Kimura :emk, this bug has 150 recipients and 150 votes. While it's best practice to dupe to the oldest bug, if a newer bug has all of the activity, it's then considered best to dupe to the older bug to the newer bug. Please reverse the dupe.
Comment 92 Masatoshi Kimura [:emk] 2013-10-07 04:17:58 PDT
(In reply to Paul [sabret00the] from comment #91)
> While it's
> best practice to dupe to the oldest bug, if a newer bug has all of the
> activity, it's then considered best to dupe to the older bug to the newer
> bug.

Unless the activities are full of "+1", advocates, and discussions should have made on newsgroups.
Luckily I found a (still) clean bug, so I duped to it.
Comment 93 Gervase Markham [:gerv] 2013-10-07 05:21:28 PDT
Masatoshi: while in general you are right, in this case I think the opposite is the right course of action. While some of the contributions here may be out of place, not all are.

Gerv
Comment 94 Gervase Markham [:gerv] 2013-10-07 05:22:47 PDT
*** Bug 866191 has been marked as a duplicate of this bug. ***
Comment 95 Alberto Salvia Novella 2013-10-07 07:25:16 PDT
This bug is now downstream at https://bugs.launchpad.net/firefox/+bug/1236389
Comment 96 Chris 2013-10-08 21:07:07 PDT
Why is the default reaction of so many FF devs to sneer at users? (emk, abillings, I'm talking to you). Why listen to concerned users or pay attention to cogent arguments (mixed in with +1s, the horror!)? If only they'd filled out the proper forms, waited in the correct lines, maybe you'd care.

I add my +1 to this bug out of spite.
Comment 97 Jay MacDonald 2013-10-09 07:03:15 PDT
(In reply to Alberto Salvia Novella from comment #95)
> This bug is now downstream at https://bugs.launchpad.net/firefox/+bug/1236389

And swiftly removed.
Comment 98 [:Aleksej] 2013-10-09 08:03:14 PDT
(In reply to Andrew Ducker from comment #62)
> My understanding is that currently, for playing DRM video, companies use
> plugins for _everything_ in the display process.

Which can serve as an indicator that the page might be an unnecessary proprietary blob that you cannot do anything with.

> EME would mean that all of that chain is replaced with standard HTML5,
> except for the DRM/encryption part.

…making it easier to disguise and advertise a proprietary blob as a piece of open Web.
Comment 99 Florian Bösch 2013-10-09 08:08:42 PDT
(In reply to Aleksej [:Aleksej] from comment #98)
> > EME would mean that all of that chain is replaced with standard HTML5,
> > except for the DRM/encryption part.
> 
> …making it easier to disguise and advertise a proprietary blob as a piece of
> open Web.

The proprietary blob will need to provide the browser with raw frames/timings of frames so that the browsers compositor can do its job.

How is the proprietary blob going to prevent firefox from dumping the content on disk frame by frame? How is it going to prevent any arbitrary program (like say wget) from simply fetching the stream and dumping it to disk?

Answer: The proprietary blob is fundamentally incompatible with non proprietary software. Which is the reason it hasn't landed in the google chrome source, and will never land there. It'll be a patchset google uses to tack onto their official release, that chromium builds will not get. How is it expected exactly that mozilla handle this?
Comment 100 Al Billings [:abillings] 2013-10-09 13:15:36 PDT
(In reply to Chris from comment #96)
> Why is the default reaction of so many FF devs to sneer at users? (emk,
> abillings, I'm talking to you). Why listen to concerned users or pay
> attention to cogent arguments (mixed in with +1s, the horror!)? If only
> they'd filled out the proper forms, waited in the correct lines, maybe you'd
> care.

FWIW, I'm not a developer. I'm a security program manager.

This isn't about forms. Discussions go in discussion groups. Bugs are not discussion groups. Policy isn't going to be debated or decided in this bug by the folks involved in the Mozilla Community in making decisions. So +1 away but know that you are not actually doing anything to help resolve the issues raised. That would require going to dev.planning and actually talking to people. You've been told how to do so. It is your choice whether you bother.
Comment 101 Patrick Martin 2013-10-09 13:38:32 PDT
Submitted issue to chrome bug tracker as well: https://code.google.com/p/chromium/issues/detail?id=305776
Comment 102 Jay MacDonald 2013-10-09 13:56:02 PDT
(In reply to Patrick Martin from comment #101)
> Submitted issue to chrome bug tracker as well:
> https://code.google.com/p/chromium/issues/detail?id=305776

That's chromium, not Chrome. Google would probably implement this in their proprietary software parts.
Unlike Mozilla, their decisions are based on business interest, so there's not even a point to your report there.
Comment 103 Patrick Martin 2013-10-09 15:00:32 PDT
(In reply to Jay MacDonald from comment #102)
> (In reply to Patrick Martin from comment #101)
> > Submitted issue to chrome bug tracker as well:
> > https://code.google.com/p/chromium/issues/detail?id=305776
> 
> That's chromium, not Chrome. Google would probably implement this in their
> proprietary software parts.
> Unlike Mozilla, their decisions are based on business interest, so there's
> not even a point to your report there.

I agree, but it least it shows google that they do not have the support of the community on this, unfortunately google no longer follows it's motto of "First do no harm".
Comment 104 Tomasz Sobczyk 2013-10-09 23:02:44 PDT
Er, what I find weird in the dicussions condering EME is that I think people are forgetting something. It does not matter what the specification is, whether a feature is implemented in a browser or not. What matters is what will the website makers and developers do. I, for one, will never put any ‘protected content’ on my website, even if every browser out there would allow me to put it in there.

It seems to me that people for some reason assume that ‘the open web will be over’ once EME exists on the web. Where are you people coming from? Why do you think people using open web would stop using open web? Because of some EME? It will still be there, the same as it is today. EME will be something no one cares about in the open community.

W3C and other companies clearly show that they have no interest in any open web. They want money, control, prestige. Just ingore them and live your own life. Why do people care so much for some W3C? Let them become an insignificant organization. They seem to no longer care about their initial goals. When I learned that HTML was WHATWG's effort and ‘HTML5’ spec is just because they want a ‘final spec’, I started reading the WHATWG version.

It seems like you think that that WWW is governed by those big companies. Yes, in fact, they are in control and dictate the terms. They might have ties to ISPs and hardware manufacturers. But from what I know about people, no one want this EME but the companies that push for it. They’re alone in that. They’re the minority here, not us. What the community needs to do is inform the general public about the issue. The public will be against it. This is a political issue here. You need to spread the word.
Comment 105 piranna 2013-10-10 00:22:34 PDT
(In reply to Tomasz Sobczyk from comment #104)
> Er, what I find weird in the dicussions condering EME is that I think people
> are forgetting something. It does not matter what the specification is,
> whether a feature is implemented in a browser or not. What matters is what
> will the website makers and developers do. I, for one, will never put any
> ‘protected content’ on my website, even if every browser out there would
> allow me to put it in there.
> 
> It seems to me that people for some reason assume that ‘the open web will be
> over’ once EME exists on the web. Where are you people coming from? Why do
> you think people using open web would stop using open web? Because of some
> EME? It will still be there, the same as it is today. EME will be something
> no one cares about in the open community.
> 
> W3C and other companies clearly show that they have no interest in any open
> web. They want money, control, prestige. Just ingore them and live your own
> life. Why do people care so much for some W3C? Let them become an
> insignificant organization. They seem to no longer care about their initial
> goals. When I learned that HTML was WHATWG's effort and ‘HTML5’ spec is just
> because they want a ‘final spec’, I started reading the WHATWG version.
> 
> It seems like you think that that WWW is governed by those big companies.
> Yes, in fact, they are in control and dictate the terms. They might have
> ties to ISPs and hardware manufacturers. But from what I know about people,
> no one want this EME but the companies that push for it. They’re alone in
> that. They’re the minority here, not us. What the community needs to do is
> inform the general public about the issue. The public will be against it.
> This is a political issue here. You need to spread the word.

Problem is, that you and I and the community would never need nor want to use EME & CDM on our developments, but big content producers companies (Netflix, Adobe...) will do, so their product will be only available on the browsers that implement it, making a de-facto "priviledged web" only accesible by that browsers. The only solution here is that everybody play with the same rules, and for this being feasable this only can be done without any browser capable to use any DRM mechanism now or ever in the future.
Comment 106 olivier 2013-10-10 00:51:48 PDT
(In reply to Tomasz Sobczyk from comment #104)

I tend to consider (quite ideologically, I admit) that the power of
internet is its mass and that the mass effect is to let emerge
exceptionally good things in a see of garbage. Certainly, well designed
websites will not use EME, but which amount of the internet will that
cover ?

Sometime like 5-10 years ago, developers concerned about openness agreed
that flash and java applets should be avoided as much as possible. But
even a few years after, I was quite impossible to browse the net with a
flash/java free browser without noticing it. Problem is : the see of
garbage is not uniform, there are a lot of shades, with many websites
having good or necessary content with very poor design (think of
administrative websites). If you wanted to be part of the world and not
miss crucial information or services, you had to comply with those
defects and install flash and java. If EME are supported in browsers,
you *will* have to use it, even if not as a developer.

As for why we care about w3c, I have a single word : IE6. It was so bad
not only because it was buggy, but also because it does not care about
how other browsers did their thing. And as other browsers did indeed
care about others, IE6 appears like some kind of UFO wasting our time.
Today, things are much less a problem : we tend to only develop web
frontend in one browser, then quickly check it's ok with a few we have
at hand. There are still problem with IE, but a lot less and are often
quick fix (or we just discard browser, since it has lesser market share
anyway).

W3c did not only helped us wasting less time in browser support, it also
was a champion of openness, pushing standardized audio and video tag,
enhanced communication using javascript and all cool stuff that
deprecated flash. I think that's an important part of why people are so
disappointed today. And there's a difficult dilemna : we obviously must
not implement those specs, but if we begin to opiniatedly reject specs,
where do we stop (aggreed, specs have never been implemented in their
whole, but never it was a problem of the specs being considered bad) ?
There are other standards, but w3c ones are the "standard standards".
The w3c push the choice between an open web and browser compatibility
nightmare. So yes, that's a problem.
Comment 107 Florian Bösch 2013-10-10 01:34:24 PDT
(In reply to Tomasz Sobczyk from comment #104)
> It seems to me that people for some reason assume that ‘the open web will be
> over’ once EME exists on the web. Where are you people coming from? Why do
> you think people using open web would stop using open web? Because of some
> EME? It will still be there, the same as it is today. EME will be something
> no one cares about in the open community.

As I've demonstrated numerous times, Open Source browsers (like Firefox, Chromium, Webkit, Khtml etc.) will not be able to support EME. The reason is that the CDM (content decryption module) would have to deliver plain bytes to the browser for purpose of compositing a web page together. That would allow the browser (or any program) to dump the plain content to disk, exactly what EME is designed to make impossible. The CDM will have to ensure only to be operated by programs that use it in the fashion intended, i.e. proprietary browsers.

With EME in existence big web properties like netflix, amazon, pandora, vimeo, dailymotion, facebook, bbc, etc. might be compelled for one reason (wanting to get content from the MPAA/RIAA) or another (being coreced by DMCA demands) to implement EME across their entire property.

That means that only proprietary browsers (IE11, Chrome etc.) will be able to server "the full web" and Open Source/community browsers are relegated to "those browsers that don't work right". But this also means that Open Source/community browsers will loose market share and won't be able to recover it, because there is no technical/legal way for them to support EME/CDMs.

As a result a new proprietary browser monopoly will emerge and one or two companies will control the entire browser landscape (btw. have you noticed how eager Microsoft is to get EME trough at all costs as soon as possible, ever wondered why that was? a-ha-ha-killmenowplease). Innovation on the Web will cease because the community holds no power anymore.

Here's a list of things that would not have happened in the future that the W3C is engineering.

- Firefox (community browser)
- Khtml (community browser)
- Webkit (community browser based on khtml)
- Safari (based on webkit)
- Chrome (based on webkit)
- Chromium (community browser)
- HTML5 (WhatWG alternative to the doomed W3C XHTML, enthusiastically picked up by community browsers)
- W3C (would be dead by now because of XHTML)
- CSS2/3 (only got underway once there was sufficient community browser momentum)
- WebGL
- XHR2
- CORS
- web fonts
- flexbox

In effect, you'd still be using the IE6.something web. Do you really want an IE6 2.0 web? The W3C seems to want it for reasons I can only attribute to boundless idiocy and corruption at the highest levels.
Comment 108 Peter Kahl 2013-10-10 21:05:12 PDT
DRM has no place in an Open Web Platform!
Comment 109 mintforsmead 2013-10-11 11:04:53 PDT
Please do not include DRM in open source products. This is the wrong message, future, etc.
Comment 110 Allen Williams 2013-10-11 13:57:44 PDT
I don't like DRM, but there are reasons as to why its needed. For example at some point netflix plans on switching to HTML5. They said it would only happen if DRM was approved and implemented. If IE, and Safari support it, then you may be forced to use one of them to use it. I suspect google would probably cave if that were to happen and chrome would support it. If that were to happen then firefox would be the only browser not capable of going to netflix. 

I don't like it, but DRM may be needed in the future. I say keep your eyes open on this and don't support it unless you need to. It might be a good idea to work on it, but keep it permanently disabled. After all keep in mind what they are trying to do. They want HTML5 to completely 100% replace plugins. The only way that can happen is with DRM.
Comment 111 Florian Bösch 2013-10-11 14:13:48 PDT
(In reply to Allen Williams from comment #110)
> firefox would be the only browser not capable of going
> to netflix. 

Can somebody, anybody, please provide a credible argument that Firefox can actually support EME/CDMs.

The last I know is that the only CDM supported by Netflix is the one from Widevine, a subsidiary of google. Widevine does not sell it's DRM solution. It lets "integration partners" sell it. I asked the W3C, Widevine and integration partners repeatedly to provide a CDM, Documentation and an encoder so an implementation of the use can be attempted. I was ridiculed and rebuffed every step of the way and no CDM, Documentation or encoder was forthcoming.

I posit the following: Firefox cannot implement EME because of an evident lack of a Netflix supported CDM that Firefox could talk to, because the provider of that CDM, isn't providing it. And Firefox cannot reverse engineer whatever CDM is in use at IE11 and on Chromebooks, because that constitutes a DMCA DRM anti-circumvention violation.

A proof that Firefox can actually implement EME will have to take the form of:

- A CDM that works with netflix that Firefox could use
- A testpage that uses that DRM to deliver content

I don't believe such a deliverable to be ever forthcoming and I would like to stand corrected.
Comment 112 Evan G 2013-10-11 15:39:58 PDT
Simple. make it a closed part of the build process. only Firefox binaries from the Mozilla website have EME/CDM support. not a good idea, but it can be done.
Comment 113 David Bruant 2013-10-11 15:49:33 PDT
Most of my reply will be attempts to be super-accurate. These discussions require setting some points very straight as it's easy to make mistakes from the misinformation we're often bombarded with.

(In reply to Allen Williams from comment #110)
> I don't like DRM, but there are reasons as to why its needed.
No. What's needed is content protection. DRM is one solution. Watermarking is another one. There are probably others.
On watermarking, there is this promising post: https://brendaneich.com/2013/05/today-i-saw-the-future/ This all run with JS and WebGL which are open technologies, widely implemented.
Of course, it would require adoption from content providers.

> For example at
> some point netflix plans on switching to HTML5. They said it would only
> happen if DRM was approved
Approved by whom? W3C? It's a restaurant http://longtermlaziness.wordpress.com/2013/10/08/the-w3c-is-a-restaurant/ Its opinion is of no importance. Tim Berners-Lee said so too recently in his own words:
"W3C does not and cannot dictate what browsers or content distributors can do."
http://www.w3.org/blog/2013/10/on-encrypted-video-and-the-open-web/

> and implemented
IE11 announcement: http://blogs.msdn.com/b/ie/archive/2013/09/05/online-professional-quality-video-premium-media-experiences-without-plug-ins-in-internet-explorer-11.aspx
It's already in ChromeOS http://www.muktware.com/2013/03/html5-drm-comes-to-all-chrome-os-devices/3962
I follow Chromium EME commits. About once a day now. Shouldn't take too long before it's in Chrome.
It's happening. There is no "if", only a "when".

> If IE, and Safari support it,
Do you have infos on Safari? I haven't found anything yet.

> then you may be forced to use one of them to use it. I suspect google would
> probably cave if that were to happen and chrome would support it. If that
> were to happen then firefox would be the only browser not capable of going
> to netflix.
Florian Bösch said it all. CDMs are proprietary. Firefox doesn't seem to have to access to one that would allow running Netflix content. Do you have a CDM to run Netflix content?

 
> After all keep in mind
> what they are trying to do. They want HTML5 to completely 100% replace
> plugins.
Be careful with marketing verbiage. CDMs are plugins. It's not because they're wrapped-but-purposefully-left-undefined in the EME spec that they are "HTML5".
EME is a JS API to communicate with an unspecified blackbox. Not your usual "HTML5" feature at all.

> The only way that can happen is with DRM.
The only way that can happen is with protected content. DRM is just one option.
Comment 114 David Bruant 2013-10-11 15:56:52 PDT
(In reply to Evan G from comment #112)
> Simple.
There are a bunch of very smart people at Mozilla, you know. I can only imagine your idea has been thought of already.

> make it a closed part of the build process. only Firefox binaries
> from the Mozilla website have EME/CDM support. not a good idea, but it can
> be done.
As Florian Bösch repeated multiple times, Mozilla doesn't have its hand on a CDM to run Netflix content and for all we know can't put its hand on one. Do you have access to such a CDM yourself and the ability to hand it to Mozilla? That would make things simple indeed. If the answer is "no", don't bother replying, this thread is long enough. Thanks.
Comment 115 Yajo 2013-10-12 22:45:45 PDT
(In reply to Al Billings [:abillings] from comment #100)
> (In reply to Chris from comment #96)
> This isn't about forms. Discussions go in discussion groups. Bugs are not
> discussion groups. Policy isn't going to be debated or decided in this bug
> by the folks involved in the Mozilla Community in making decisions. So +1
> away but know that you are not actually doing anything to help resolve the
> issues raised. That would require going to dev.planning and actually talking
> to people. You've been told how to do so. It is your choice whether you
> bother.

This was already reported even before this bug born [1]. 0 comments, though, so what's next?

If Mozilla don't want this to be a bug, then please close it. However, I am wondering if this discussion is even necessary...

I mean, according to comment #11 and comment #74, the choice is already done, so tell us officially that you are not going to do it (just to tranquilize us), close the bug, and continue with this great product.

If it matters, I will say that I always loved Mozilla products because of their philosophy. This reminds me to the Native Client stuff. No doubt Mozilla's ASM.js was the best choice. Please don't betray these principles just because of market share.

The web has existed free for many years, and DRM content has existed there for many years too (flash, silverlight...), so if something works, why fix it? Let it go this way. If somebody wants to see DRM videos on the browser, let him install Flash (or any fancy new netflix-specific plugin) and see them. If not, let us have our good old DRM-free web.

Specific plugins for specific situations arise. Remember Google Gears? We never needed to add that blob by default to any open source browser; but if somebody wanted it, they installed it. Nowadays, with HTML5 open alternatives, it is not necessary, and it's deprecated. We already have the open alternative for images and videos, so why bother? If they want it, let them use it (for example, YouTube, where probably more people see videos than in Netflix, is moving towards HTML5); if they don't, let them deploy a DRM-restricted app or plugin, like always has been done. Probably most of the web will follow the Google Gears pattern and drop the need of Flash, but it doesn't mean it has to disappear entirely.


[1] https://groups.google.com/d/msg/mozilla.dev.planning/4-svns_uEjA/dTOHjBZLiiIJ
Comment 116 Al Billings [:abillings] 2013-10-13 09:16:51 PDT
(In reply to Yajo from comment #115) 
> This was already reported even before this bug born [1]. 0 comments, though,
> so what's next?

Ask again in dev.planning. You realize almost no one is reading this bug and that people aren't going to debate the issues here, right?

This bug *was* closed and then a community member reopened it. It can sit here for years, open, but that doesn't mean that anyone will pay attention to it.

Go engage the Mozilla community, especially the part that plans the actual work of implementing things, where it actually discusses things. People see a bug full of over 100 polemic comments, their eyes glaze over, and they move on. This bug isn't how you're going to affect policy.

To my knowledge, Mozilla has not determined entirely what it is going to do about HTML5 DRM. If you want to discuss it, go to dev.planning. Not a single person from this bug has bothered so far.
Comment 117 Yajo 2013-10-14 00:16:40 PDT
(In reply to Al Billings [:abillings] from comment #116)
> Ask again in dev.planning. You realize almost no one is reading this bug and
> that people aren't going to debate the issues here, right?

Done. Same thread: https://groups.google.com/d/msg/mozilla.dev.planning/4-svns_uEjA/484XS9mUo30J

> To my knowledge, Mozilla has not determined entirely what it is going to do
> about HTML5 DRM. If you want to discuss it, go to dev.planning. Not a single
> person from this bug has bothered so far.

Happy to be the first then.

Please everyone continue in that thread. Thanks.
Comment 118 Asa Dotzler [:asa] 2013-10-14 10:29:35 PDT
(In reply to Andrew Ducker from comment #62)
> My understanding is that currently, for playing DRM video, companies use
> plugins for _everything_ in the display process.
> 
> EME would mean that all of that chain is replaced with standard HTML5,
> except for the DRM/encryption part.
> 
> Surely this is a step in the right direction?  It removes the need for 95%
> of the plugin, replacing it with a much smaller one, only covering this tiny
> amount of functionality.
> 
> What would be a _reasonable_ end-state would be if the CDMs were
> standardised and could be downloaded on demand by users.  So if they go to
> play a video on Netflix, rather than it saying "You need Silverlight", it
> said "You need the Netflix encryption module to play this content, click
> here to install it."
> 
> There is, after all, no particular reason why the CDM would have to be
> different for Firefox, IE, and Chrome - and if users are willing to install
> a plugin to play content then Mozilla should be ensuring that said plugin is
> the smallest, least intrusive, plugin possible.
Comment 119 Asa Dotzler [:asa] 2013-10-14 10:58:52 PDT
> (In reply to dedurac from comment #81)
> > Hey Mozilla, why don't you simply ask all those Hollywood corps to built
> > their own native application with DRM included?
> > For example if I want to watch a movie on Netflix, I need to download their
> > special crafted app with DRM.
> > That would satisfy their need for cash and our need for open WWW. 

You are proposing that Netflix and other Hollywood content distributors abandon the Web in favor of native app platforms.  

This is precisely what has been happening with content and service providers over the last several years - native platforms like iOS, Windows, and Android offer them what they want and the Web does not so they are increasingly moving their users and content off of the Web we all care about and into the native app silos that are *disrupting the Web* with *far better user experiences*.


They can and do already do this. You're calling for more of this. How does that make the Web better?
Comment 120 Shmerl 2013-10-14 11:01:11 PDT
It makes the Web cleaner fro the DRM garbage, obviously delineating the DRM world, and the open Web. For those who don't seriously care about open Web this is obviously not better.
Comment 121 Asa Dotzler [:asa] 2013-10-14 11:05:03 PDT
BTW, a tip for all those getting slammed by email on this bug.  There's a nice little checkbox up in the right hand corner of Bugzilla that say "Ignore Bug Mail" and you can check that to never receive email from this bug.

Also, Alexandre Folle de Menezes 2013-10-09 12:30:54 PDT set Blocks: 802882

I don't think that EME is anywhere in HTML5test.com so I'm removing that wrong blocker.
Comment 122 dedurac 2013-10-14 11:19:57 PDT
(In reply to Asa Dotzler [:asa] from comment #119)
> > (In reply to dedurac from comment #81)
> > > Hey Mozilla, why don't you simply ask all those Hollywood corps to built
> > > their own native application with DRM included?
> > > For example if I want to watch a movie on Netflix, I need to download their
> > > special crafted app with DRM.
> > > That would satisfy their need for cash and our need for open WWW. 
> 
> You are proposing that Netflix and other Hollywood content distributors
> abandon the Web in favor of native app platforms.  
> 
> This is precisely what has been happening with content and service providers
> over the last several years - native platforms like iOS, Windows, and
> Android offer them what they want and the Web does not so they are
> increasingly moving their users and content off of the Web we all care about
> and into the native app silos that are *disrupting the Web* with *far better
> user experiences*.
> 
> 
> They can and do already do this. You're calling for more of this. How does
> that make the Web better?

Well, actually your attitude against `free web, distinct from native DRM` is a call for, what you've marked as, "more of this".
According to your comment, the solution is to implement DRM into FF in order to keep users from moving.
I'll be the to move from FF if/when DRM is/will be implemented.
At least, if I use a proprietary browser, I would use the one from proprietary corp. 

BTW, not all users are using browsers to play/read Netflix and similar.
And HTML5 is meant to have native capabilities as well (FirefoxOS)
Comment 123 Justin Clift 2013-10-14 11:26:38 PDT
@dedurac, @Shmerl, and anyone else commenting on *policy* here:

Knock it off.

Stop being lazy (if that's the reason), and go join in the conversation at the appropriate place:

  https://groups.google.com/forum/#!msg/mozilla.dev.planning/4-svns_uEjA/484XS9mUo30J
Comment 124 Ben Bucksch (:BenB) 2013-10-21 09:06:51 PDT Comment hidden (off-topic)
Comment 125 Ian Sullivan 2013-10-21 11:02:16 PDT
(In reply to Al Billings [:abillings] from comment #116)
> (In reply to Yajo from comment #115) 
> > This was already reported even before this bug born [1]. 0 comments, though,
> > so what's next?
> 
> Ask again in dev.planning. You realize almost no one is reading this bug and
> that people aren't going to debate the issues here, right?
> 
> This bug *was* closed and then a community member reopened it. It can sit
> here for years, open, but that doesn't mean that anyone will pay attention
> to it.
> 
> Go engage the Mozilla community, especially the part that plans the actual
> work of implementing things, where it actually discusses things. People see
> a bug full of over 100 polemic comments, their eyes glaze over, and they
> move on. This bug isn't how you're going to affect policy.
> 
> To my knowledge, Mozilla has not determined entirely what it is going to do
> about HTML5 DRM. If you want to discuss it, go to dev.planning. Not a single
> person from this bug has bothered so far.

Thanks for the link Al. Can you also provide any link explaining why that particular google group is the canonical place to discuss this issue rather than the "Internet Public Policy" product listed in bugzilla? I am perfectly willing to switch venues for this discussion. However, if the only way to argue against the creep of proprietary technologies into the web is by first registering for a google account, I would like to know how that decision is made.
Comment 126 Al Billings [:abillings] 2013-10-21 11:11:50 PDT
(In reply to Ian Sullivan from comment #125)

> Thanks for the link Al. Can you also provide any link explaining why that
> particular google group is the canonical place to discuss this issue rather
> than the "Internet Public Policy" product listed in bugzilla? 

Because Bugzilla is not a discussion forum. It is a bug tracker. People who discuss policy don't discuss it in bugzilla.

You don't need a google group to participate in the group. The google group is just a face on the email list. I gave the link since most people have google accounts. You can subscribe to the entire list at https://lists.mozilla.org/listinfo/dev-planning.
Comment 128 Justin Dolske [:Dolske] 2013-10-21 15:09:43 PDT
(Abusive troll comments hidden.)

As a reminder:

https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
http://www.mozilla.org/en-US/about/governance/policies/participation/
Comment 129 Justin Dolske [:Dolske] 2013-11-02 19:44:57 PDT
Due to repeated profanity-filled abusive comments, I'm limiting further comments on this bug for now. Only users with editbugs privileges can comment, sorry.

Note that Brendan has commented on the DRM issue on his blog:

https://brendaneich.com/2013/10/the-bridge-of-khazad-drm/
Comment 131 Hubert Figuiere [:hub] 2014-05-14 10:57:53 PDT
Today's announcement gave a resolution to that bug.
Comment 132 Gervase Markham [:gerv] 2014-05-14 11:28:01 PDT
Yeah, so... perhaps closing this bug right now was not the most tactful timing. But yes, we sadly won't be making this pledge. :-|

Gerv
Comment 133 Ben Bucksch (:BenB) 2014-05-15 04:53:39 PDT
I wonder why we make Firefox at all when we give up the core values and principles we are here to protect: open-source, user freedom, user power, creativity. DRM goes against any one of these values. If we are just another browser, and do not defend these core principles, then we can just as well pack it in and all use Chrome.

It's not clear who would win this battle. *We* won the mp3 battle, I can now buy MP3s of musik from all major labels, without DRM. It did take 10 years, but we won the MP3 battle eventually. And we (both developers and consumer) won it by consistently refusing DRM-ridden content. The video battle is the same in blue. If we make it easy to watch DRM-ridden content, convenience will win.
Comment 134 Ben Bucksch (:BenB) 2014-05-15 05:28:31 PDT
If all major browsers support it, there's nothing stopping the music industry from demanding from YouTube to deliver music videos (or anything that contains music, including *cough* the NASA Mars Rover) with DRM enabled. Ditto with all the other video providers. If we do not support DRM, then YouTube will think hard before locking out all Firefox users. Switching them back to Flash isn't a long-term option for YouTube, because the blog post says Flash goes away soon.

If DRM is transparent for the end user, many HTML5 video sites will start to use DRM, even if they are free now.

As for me, I use Firefox *only* because it's free. A lot of Firefox users in Europe (our largest userbase by far) feel the same, this is why they stick to Firefox and don't go to Google Chrome.
In this question, Firefox is between a rock and a hard place, no doubt, but we need to stick to our values. There is no other way to survive against Google. We don't have Google's power in developers, influence, advertizing, we need to win with values.

In the real world, I use a tiny dedicated $100 device (called "AppleTV") to watch movies on my TV. On the tablet, I use a separate app. There are other options and there's no urgent need to compromise.

We need to stay clear from such non-free stuff, that's our very reason for existence. This is why I started with Mozilla: I wanted a completely free system. Today, I have that. Don't take it away. It took thousands of voluntary developers 20 years to get where we (as open-source ecosystem) are.
Comment 135 Ben Bucksch (:BenB) 2014-05-15 06:23:53 PDT
Somebody (not me) made a petition:
http://www.change.org/de/Petitionen/mozilla-remove-drm-from-firefox
Comment 136 Kohei Yoshino [:kohei] 2014-05-16 17:54:20 PDT
*** Bug 1011803 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.