Though week for the tubes - Ars tries to pull a Lazarus on browser EME standards.


I had planned a different type of rant for today, but a couple of pressing issues have taken precedence.

So long story short, this and this happened.

(For the second part of this rant, about Wikileaks being in the process of releasing Vault7, a massive leak detailing the power and scope of CIA’s computer hacking operations, see here.)

For those who have not yet taken the course on link clicking and/or live under a digital rock, ArsTechnica republished an old op-ed about enabling web browsers’ Encrypted Media Extensions, and this time around, highlighting the fact that the EME W3C work group’s charter is about to expire, and how important it is to keep this debate alive.

At this point, it should be beyond clear that nobody cares about DRM in web browsers. That an increasingly irrelevant body such as the W3C is about to see a proposal expire due to inactivity, especially one like this, is not surprising. Ars resurrecting the “supporting view” in the hopes of keeping the zombie from disintegrating is, though.

To quote from Ars’ article:

Last year, the working group asked for such an extension [to the EME group’s charter], but the Advisory Committee could not come to any consensus on whether to grant it. W3C director and inventor of the Web Tim Berners-Lee last week voiced his support for the EME plan, but the future of EME and the working group’s efforts are currently in limbo. Many of the arguments being made today mirror those made in 2013 when the working group first set about developing EME. And in light of this pending decision, we’re resurfacing the op-ed below (from May 2013) that outlines the supporting view.

Which is an elaborate way of saying: “We know no one cares, but can we keep this lobby alive? Pretty please?”

It is worth pointing out that what is being discussed is not the lack of browser support for EME. Firefox has DRM support via Widevine and Primetime. Chrome has recently made it’s EME extension mandatory. W3C’s effort is not about availability, but consensus (i.e. yet another standard).

DRM’d content in browsers is to the web’s relevance as an extra glass of water is to the Pacific: it makes no fucking difference whatsoever.

The web is relevant because it gelled. Even the “enlightened” announcing the end of the web and the dawn (which is more like noon now…) of mobile have to acknowledge the simple truth that mobile is built upon the web. Even if everybody stops using web browsers, the web will still be there as the pipe for the APIs that power everything, from your weekend binge of right swiping to your imported Japanese butane fueled smart toaster oven (now with more analytics and kawaii).

The possibility that content distributors might experiment with DRM-free content if the platform in question offers DRM’d playback capabilities is, at best, a laughable fallacy. Netflix did not succeed because of DRM on its app (or lack thereof). They succeeded, because they managed to provide a service that is good enough for people to prefer forking out the monthly fee rather than trying to find out which domain The Pirate Bay is using this week.

Like Torvalds once said, “the user doesn’t care”. Aunt Sally does not know what DRM is, and if her iPad doesn’t stream the last episode of Gilmore Girls, chances are “what is DRM” is not what she’s going to be googling (if anything at all; she’ll probably just call her niece to figure out the problem for her).

Even for technologically inclined folk such as yours truly, dealing with the hassle of misbehaving plugins when in reality I’m more in the mood for House of Cards does not have good chances of being a pleasant experience. On a personal note, the last time I tried to watch Netflix on an actual web browser the experiment failed miserably, which further confirmed my firm belief that, at the prices gadgets are sold these days, it’s actually better to relegate all the binary blob ridden activities to that one “impure” device that you keep specifically for this purpose.

DRM blobs do not matter for the web’s relevance, period. But they do matter from a security and legal perspective, as clearly pointed out by BoingBoing (in the link above, regarding Google Chrome):

Because of laws like section 1201 of the US Digital Millennium Copyright Act (and Canada’s Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Dozens of W3C members – and hundreds of security professionals – have asked the W3C to amend its policies so that its members can’t use EME to silence security researchers and whistleblowers who want to warn web users that they are in danger from security vulnerabilities in browsers.

In other words, if you want to be a good consumer and binge on the latest offerings from your faithful content provider, you must install this opaque piece of code that you are not allowed to check for correct behavior.

Here’s a fun fact. All DRM is breakable, the old analog way. Because, you know, eyes are not digital. DRM is based on the assumption that, from the perspective of the content provider, your device is more trustworthy than you are. Which, if you think about it, is fundamentally idiotic at all levels.

So no. Thank you. Keep your blobs out of my browser. It’s fine. Especially, after knowing this.