On 2014-05-21, 11:41 PM, Jim wrote:
On 2014-05-21 16:03, Ehsan Akhgari wrote:
On 2014-05-21, 1:30 AM, Jim wrote:
There are very real technical differences in the ability to sandbox a
separate DRM player versus an integrated web based media player.
I'm not sure there are.
It is trivially obvious. It is much easier for people to sandbox a
separate computing device, they can just disconnect it!
Which separate device are you talking about? As far as I understand,
before this email you were arguing that the DRMed content should run
in a different program on the user's machine that is separate from
their web browser, but integrated with the web page in a seamless way.
No, just that it could run on a separate device, a choice that the user
could make. If the user does not care for their security or privacy or
control over their computer then they can accept the use of an
integrated player. If the user wants an air-gap then they can use a
separate device. The proposal gives the user choice. There are a range
of options between these extremes and it creates a market for innovators
to meets the range of user needs.
In contrast the EME demands the use of a web browser and demands the use
of the distributors proprietary web base media player.
I don't think anything in the EME spec technically mandates the video
being rendered inside the web browser process. And I don't really
understand why mandating that would be any better or worse than the
current situation either.
Granted people
could use a separate computer to run a web based media player too, but
it needs to be more capable than a dedicated media decoder, and this
increases the barrier.
If the user indeed wants to run the DRM code on a separate computer
for some reason, they can already do so with what we're planning to
implement: they can refuse to run the CDM on their main machine the
first time we prompt them, and they can open up the page which
triggered the prompt on their other machine.
Sure, and I noted and accept this as one option. But the separate
computer needs to be much more capable, needs to support a web browser,
and the user must use the distributors proprietary web based media
player. It would be much harder to firewall such a flexible device,
whereas if the device had a very narrow definition then it could be
firewalled much more effectively. The EME is not good for the health of
the open web.
I don't really understand your line of reasoning here, sorry. What are
you trying to protect against here? If you're trying to protect the CDM
against violating the user's privacy at least in terms of contacting the
outside network or their security in terms of having access to the
system, the physical disk, etc., then it seems like sandboxing the CDM
which is what we're doing is a great step towards what you care about.
And please do note that the same CDM does currently run in Firefox
inside the Flash player plugin without the protection of a sandbox. So
all of the risks you're worrying about is exactly what currently exists
on the web with or without EME.
But do you really think people are going to want to run such code on a
different machine? Please note that our users are already running DRM
code inside the Firefox process through the Flash and Silverlight
plugins, and I haven't heard of a large number of them moving away to
run the DRM in those plugins (which is not sandboxed today, so it's
much more dangerous than the sandboxed CDM) on a separate machine.
Yes, I can see manufacturers developing computers to meet such needs and
marketing their security and convenience. For example a computer with an
integrated DRM player that is isolated from the main computer, can be
switched of, or even removed. For example, cheap dongles for Linux
users. There would be a market, and innovation would meet user's needs.
I wish that we lived in the world you're describing here. Sadly, I
disagree with you. Most people don't care about running DRM software on
their machines right now, evidenced by the fact that most users are fine
with running Flash and Silverlight plugins both of which include DRM
software.
With a standard that supports a separate media player the user can
choose the tradeoffs between using an integrated player versus a
separate device. With the EME the user has less choice and thus less
control over their security and privacy.
Like I described above, this choice is given to the user through our
prompt before we run the CDM for the first time. Please note that
what other browser engines have implemented thus far doesn't give
their users this choice because they do not show a similar prompt.
The EME spec in itself doesn't specify anything to make it impossible
to implement this prompt and give the choice of running the CDM code
to the user.
It does not give the user the choice to view the content on a device
without a web browser, or in a web browser with JS disabled.
That comes by definition, EME being a Javascript Web spec. :-)
It requires accepting DRM as a part of the open web.
Yes, I agree that it does. And I feel that situation sucks.
At present the content owners have not accepted the Mozilla EME/CDM as
robust so it is not even viable.
I don't know what the content owners think about our plans here, and to
the best of my knowledge nothing has been announced on that front yet,
so until that happens, I find this assertion premature.
Cheers,
Ehsan
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
