zlacker

I mean Firefox caved to support EME. This isn't the early days of the web anymore either, the enthusiasts are a small minority of global web traffic that this will probably succeed even with a large scale boycott.

>>tapoxi+(OP)
I still remember the controversy surrounding EME, a LOT of people came out against it (including the EFF[0]); despite that, they still triumphed on[1].

[0]: https://www.eff.org/press/releases/eff-makes-formal-objectio... [1]: https://github.com/w3c/encrypted-media

>>tentac+51
And thank god for that, otherwise we'd still need to support flash to use most popular websites.

>>ahahah+S1
EME is for DRM'ing media. I don't see how that pertains to Flash.

WebAssembly exists as a replacement now, too.

>>tapoxi+(OP)
I think in this case Firefox is in a different position: if it didn't support EME netflix wouldn't work.

But in this case it could report "sure, this is a real user alright" by being its own attester, can't it?

>>tentac+h2
If browsers didn't natively support DRM then they would have to come up with external extensions (such as Flash) to support DRM.

DRM isn't going away.

>>tentac+h2
Back in the days before the <video> tag, Web sites were using Flash to play video. Flash was also the main way to play DRMed video before EME.

>>ahahah+S1
Good. DRM should be external to the browser, not integrated into it.

DRM is mostly security theater anyway. Until a few years ago, the Spotify client just left unencrypted mp3s cached locally. And they stopped DRMing music over a decade ago. People are willing to pay a reasonable price for first party content.

If a company insist on DRM, then they should be on their own.

If we make it too easy, then they will just use it everywhere.

>>riffra+I2
So what if Netflix doesn't work?? That is the choice of Netflix. Big content will always want more control. Firefox will never be able to keep up. They will just do a mediocre job of working against their users.

Microsoft and Real Player pushed hard for an integrated ActiveX based DRM ecosystem over a decade ago. I'm so glad that Mozilla flatly refused to entertain such idiocy. I sure wish that Mozilla still existed.

Mozilla is now just a "pick me" [1] organization to big content. They should own being a browser that caters to users, not platforms. Because they will end up with nothing.

[1]: https://www.urbandictionary.com/define.php?term=Pick%20me

>>aposta+Go
Spotify will not load in a browser without a DRM plugin

>>veave+V2
DRM should be inconvenient and expensive. There have always been ways to implement DRM security theater for the comfort of content providers in board rooms.

The media ecosystem is not going to be enhanced by making DRM more restrictive. Netflix could completely deactivate all DRM today, and it would change nothing.

Apple completely abandoned their "FairPlay" iTunes music DRM because it became evident that it was not needed.

>>flango+kq
Yes, but that is fairly recent! Did anyone even notice? For years, you could siphon every song you listened to and save it locally. But did it affect anything? I did it for a little while, but then found it wasn't worth the trouble.

>>riffra+I2
That depends on how the attestation is done.

If done correctly, TPMs on every computer would be preloaded with signing keys (probably microsoft). The web browerser would then ask the TPM to sign the Platform Configuration Registers, which are a hash of a challenge nonce, the system firmware/kernel/configuration/etc. This signature is then sent (along with a description of the system configuration) to an external attester. This external attester validates that:

A) the claimed configuration is "secure" (trusted kernel, bootloader, browser, etc) and

B) The TPM's signature attests to the configuration.

The validator then generates its own signed message that can be sent to the server.

In practice, I think this is logistically unworkable in todays computing environment. But with enough big players pushing for it, I don't see anything fundamentally impossible.

>>riffra+I2
If Firefox lies, sites will refuse to load in Firefox.

>>aposta+Yp
The problem is, back then most people on the Internet were techies. They knew their shit.

Today? Guess who Grandma's gonna call with "my Netflix isn't working"? And she won't care why, all she cares about is Netflix.

>>aposta+Mq
Every single Netflix show is available on the pirate bay, but Netflix still insists on using DRM.

>>gizmo6+du
Right, until someone exploits the kernel and it just attests whatever it wants.

>>Hideou+X61
Because Hollywood mandates that legal distribution have DRM.

>>aposta+Mq
Apple in no way abandoned FairPlay. Every file on Apple Music, and iTunes Match is protected with it. And those greatly outnumber transactional sales through the iTunes store, by an order of magnitude. The customer picked the DRMed version, every time.

>>aposta+ar
It affected Spotify enough to engineer a solution to stop it.

And five years isn't "fairly recent".

One would also note Spotify is a failing business, and it was failing even harder then.

>>riffra+I2
Sites will just stop trusting that as an attester.

Anyone can write their own EME plug in that writes the files to disk. But it won't have the keys of any trusted module, because the reason sites trust them is because they don't do that. So it won't get accepted by anyone. Same here.

>>wmf+lv
Of course, but if Google did that it would allow Firefox to complain about Google's abuse of monopoly power. I'm not sure that is a path they'd risk going through.

>>Mindwi+FC1
But they address this in the spec (kinda), suggesting that whitelisting attesters should not be possible.

Presumably this is because if it was, it would open Google to abuse of dominant position claims.

>>Mindwi+6C1
Because everyone else pirated to great effect.

>>aposta+ar
Recent? I signed up 4 years ago and this has always been the case.

>>Mindwi+hC1
The majority of Spotify's lifetime there was NO DRM, and ripping it was easy.

The majority of users had no idea and it didn't affect them at all. Nor is there any evidence that it had any impact on Spotify's business.