On 2014-05-21 16:03, Ehsan Akhgari wrote:
On 2014-05-21, 1:30 AM, Jim wrote:
There are very real technical differences in the ability to sandbox
a
separate DRM player versus an integrated web based media player.
I'm not sure there are.
It is trivially obvious. It is much easier for people to sandbox a
separate computing device, they can just disconnect it!
Which separate device are you talking about? As far as I understand,
before this email you were arguing that the DRMed content should run
in a different program on the user's machine that is separate from
their web browser, but integrated with the web page in a seamless way.
No, just that it could run on a separate device, a choice that the user
could make. If the user does not care for their security or privacy or
control over their computer then they can accept the use of an
integrated player. If the user wants an air-gap then they can use a
separate device. The proposal gives the user choice. There are a range
of options between these extremes and it creates a market for innovators
to meets the range of user needs.
In contrast the EME demands the use of a web browser and demands the use
of the distributors proprietary web base media player.
Granted people
could use a separate computer to run a web based media player too, but
it needs to be more capable than a dedicated media decoder, and this
increases the barrier.
If the user indeed wants to run the DRM code on a separate computer
for some reason, they can already do so with what we're planning to
implement: they can refuse to run the CDM on their main machine the
first time we prompt them, and they can open up the page which
triggered the prompt on their other machine.
Sure, and I noted and accept this as one option. But the separate
computer needs to be much more capable, needs to support a web browser,
and the user must use the distributors proprietary web based media
player. It would be much harder to firewall such a flexible device,
whereas if the device had a very narrow definition then it could be
firewalled much more effectively. The EME is not good for the health of
the open web.
But do you really think people are going to want to run such code on a
different machine? Please note that our users are already running DRM
code inside the Firefox process through the Flash and Silverlight
plugins, and I haven't heard of a large number of them moving away to
run the DRM in those plugins (which is not sandboxed today, so it's
much more dangerous than the sandboxed CDM) on a separate machine.
Yes, I can see manufacturers developing computers to meet such needs and
marketing their security and convenience. For example a computer with an
integrated DRM player that is isolated from the main computer, can be
switched of, or even removed. For example, cheap dongles for Linux
users. There would be a market, and innovation would meet user's needs.
With a standard that supports a separate media player the user can
choose the tradeoffs between using an integrated player versus a
separate device. With the EME the user has less choice and thus less
control over their security and privacy.
Like I described above, this choice is given to the user through our
prompt before we run the CDM for the first time. Please note that
what other browser engines have implemented thus far doesn't give
their users this choice because they do not show a similar prompt.
The EME spec in itself doesn't specify anything to make it impossible
to implement this prompt and give the choice of running the CDM code
to the user.
It does not give the user the choice to view the content on a device
without a web browser, or in a web browser with JS disabled.
It requires accepting DRM as a part of the open web.
At present the content owners have not accepted the Mozilla EME/CDM as
robust so it is not even viable.
Jim
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
