Saturday, May 17, 2014

DRM? No biggie

On the 14th of May, Mozilla made a controversial announcement. It will soon start implementing the EME spec, which implies that Firefox users might soon be able to watch DRM protected video content.

The announcement comes as a blog post by Mitchell Baker with the title DRM and the Challenge of Serving Users. It is accompanied by Andreas Gal's post on Mozilla Hacks in which he further explains the decision and sheds some light on the technical details of the implementation.

I have recently read many good articles about it: The Guardian, Leo McArdle, Stuard Langridge and many others. I have also previously blogged about this topic: My views on DRM in HTML.

Here is my reaction to the announcement.

I am strongly opposed to DRM. It is a flawed concept. It's easily crackable. It's more of a hassle for people who pay for their content, because otherwise you don't have to deal with it. It can't be implemented with open source. It's just a stupid idea in general.

I am however optimistic about Mozilla's plans to implement this. How is that possible? Well, the plans for the implementation are really good. This isn't going to be your regular DRM, a piece of binary code that has full control over your system while you have no idea what it's doing. The Content Decryption Module (CDM) will only be able to do that: Decrypt content.

Let's go over the architecture a little. After you first install Firefox, it will download Adobe's CDM binary. It will be saved somewhere without being enabled or even executable. The first time the user accesses a website with DRMed content, he will be asked if he wants to enable the module. If he grants permission, then from that point he will be able to watch encrypted video.

As I said, the CDM has no access to your system. It will be running in a sandbox which restricts its capabilities, and all it will do will be to get encrypted data from Firefox and pass it back decrypted video content. Moreover, Firefox will protect your privacy. While most DRM implementations provide the content distributor with a device ID, allowing it to follow you across the web. Firefox will generate different IDs for every website, thus protecting your privacy.
Also, the sandbox will be open source and auditable by security experts. The NPAPI plugin architecture we have at the moment is much less secure than that. If everything is implemented properly, all of the privacy and security concerns anyone might have will be rendered null.

Some of the people against this plan point out that DRM in HTML is against all of the principles Mozilla stands for. It's true, DRM is a concept that stands against openness, but that ship has sailed. With the support of Google, Apple and Microsoft, EME is going to be part of the web whatever Mozilla does. H264 was the exact same story. We held out as long as we could, but in the end the users are the ones calling the shots. The users want to see video, and if they can't do it with Firefox, they will switch. Instead of a petition calling for Mozilla to not implement EME, how about a petition saying people will only watch DRM-less video. If 200K people sign that petition, I'd say the war is over and we won.

A lot of people see this as Mozilla loosing the fight and surrendering. I see it as Mozilla joining the war. It means that we are finally willing to play the content industry's game and see how far that takes us. It means our users will use our platform to watch content. It means we can push studios into new technologies and have the data to back it up.

So, if you ever want to watch Netflix, this is your safest choice. If you are completely against EME, that's also OK, because you don't ever have to use it, and no closed-source code will ever run on your PC. And if you don't agree, don't be a troll, but try to think of new ways of how we can avoid DRM. We are in this together.

Keep rocking the open web.