Despite our dislike of DRM, we have come to believe Firefox needs to provide a mechanism for people to watch DRM-controlled content. We will do so in a way that protects the interests of individual users as much as possible, given what the rest of the industry has already put into place. We have selected Adobe to provide the key functionality. Adobe has been doing this in Flash for some time, and Adobe has been building the necessary relationships with the content owners. We believe that Adobe is uniquely able to bring new value to the setting.
Talk about being between a rock and a hard place. Don’t include DRM, and see your userbase erode further. Do include DRM, and you go against your organisation’s core values. If you go for the former, and your userbase erodes, you run the risk of not being able to express your core values at all.
and you go against your organisation’s core values
Mozilla lost its core values looong time ago, now, is just another Google product.
I wouldn’t go that far. Still, I dumped them after the latest update that turned it into a slow, broken, bad copy of Chrome. Now I just compile and run open source Chromium across all my computers. It’s blazing fast compared to Firefox, just as secure for what I do with it, and it works on every platform I use except Haiku. I don’t like adding yet another Google project to my workflow, but it’s the best alternative I’ve found.
Oh yeah, just as secure huh? take a look at the recent bruhaha about and the way chromium check whether certs are revoked or not:
https://code.google.com/p/chromium/issues/detail?id=361820
Version 34 still has the option to turn on the half-broken behaviour but later version will just hide the crap under the rug.
Good luck with it!
Edited 2014-05-15 07:00 UTC
And that’s the version I run, I’m not an idiot. Since I compile it from source, it’s not automatically updated by itself or my OS, I’m the one who decides when and how to update it.
It’s still broken man, instead of a hard-fail if OCSP servers don’t reply or time-out they will just let you connect to the site…
What are you going to do when they stop maintaining the 34 version? Will you backport security patches on your own?
That’s a possibility. I might also explore other webkit browsers. But there’s no such thing as a fully secure browser, and if you believe there is you’re not reading enough. Chromium, as compiled from source, is secure enough for what I do with it. When the day comes that I can’t say that, I’ll move on, just as I did from Firefox when I didn’t like its changes.
I’m not sure where your hostility comes from, but I’m not the one you should be pointing it towards.
silviucc,
Yea, I posted my thoughts on it earlier:
http://www.osnews.com/thread?586767
I cannot strictly fault the browsers here because OCSP reliability/performance is not where it needs to be. Even if we were to enforce OCSP 100% of the time, SSL certs would necessarily become untrusted by default until they were authorized by the certificate authority. This effectively nullifies all of the technical benefits of using PKI.
Now that we have the requirement that the CA must be polled periodically for HTTPS websites to function (either directly or via stapling), we might as well replace all these OCSP hacks with a more flexible and more secure system that signs & returns short lived certificates. No changes would be required in web browsers and minimal changes would be required to web servers (just a job to fetch new certs periodically). In order to exploit these certs maliciously, a hacker would have to regularly break into the system to copy the cert, increasing the odds of getting detected. Even if they never get caught, the hacker could loose access once a vulnerable system gets updated.
With OCSP, certificate revocation is reactive, we need to detect/suspect unauthorized copies and report that to the CA before the leaked HTTPS certificate can be revoked. This means that for the most part an unauthorized copy of the certificate can be used fraudulently (ie man in the middle interception) over the long term with fairly little risk since neither the users nor the website owners will suspect anything.
Edited 2014-05-15 14:36 UTC
There ARE other choices ya know. There is IceDragon, Palemoon (I use Palemoon and Comodo Dragon myself, i found its a nice combo), Waterfox, Seamonkey hell you can get away from the whole “Chromium/Gecko based” altogether if you want and go with QTWeb, which is just what it says on the tin, QT framework and Webkit, and its crossplatform with just about every OS supported!
This is one really nice thing that came from the browser wars, no longer is it an “IE VS Moz” fight, now there are easily over a dozen supported browsers out there to pick from. Don’t be afraid to try something “off the radar” as you might find something you really love.
That’s a harsh comment. Maybe you’re speaking from emotion, but Firefox is still fighting on a number of fronts for a more open internet. They’ve already backflipped on a number of missteps including ads and the new CEO. Mozilla certainly aren’t perfect but they’re nowhere near as bad as Google.
Moreover, they’ve been fighting against DRM for a long time, including this proposal. But unlike SOPA/PIPA, there were no internet blackouts or outrage to speak of here. The community should’ve been on top of this and they weren’t and that’s why we’re in this mess now. Incidentally all the other browsers are going to implement this as well, take your pick.
Please tell me, how is Mozilla/Firefox fighting for the open web? writing open letters? seminars around the world? making what? because you know, I can do that too, for 300 million dollars looks like a good deal actually, tell me, what are they doing?
Now, I’m not sure they are the ones that should champion for the open web, they have litle sympathy now, they had to remove their rakings from their facebook page, because it was getting so low and people was really pissed at them and if you go to their feedback page you’ll see how the mayority of the users are expressing them selves as sad and dissapointed, go to Twitter and look for the #uninstallfirefox hashtag and look at the results, so, tell me, why is Mozilla even relevant anymore?
Edited 2014-05-15 05:28 UTC
I actually, honestly, can not see the speed difference ‘everybody’ is talking about. And all my computers are mostly quite old and slow by today’s standards. Where and how do you see it?
I have used both chromium and firefox and I always go back to firefox because I can not find anything at all that is better in chromium, speed included, and in my opinion Mozilla’s core values are a LOT better than google’s, however eroded they might have become.
I think it’s Windows users, and people who install 50,000 addons with no concept of what that will do to CPU and memory usage. The only experience I have had with Firefox being slow was on Windows, and on OpenBSD. The OpenBSD port is basically a straight recompilation of the Linux version, so it’s poorly optimized, and the Windows version is still stuck on 32-bit.
That’s pretty much on the money. The speed difference for me is most noticeable on Windows, but it’s measurable on GNU/Linux as well. I tend to stick with one browser unless I’m testing HTML/CSS/JS, so when I decided to go to Chromium it was across the board.
how do you pay 800 people working on firefox?
Selling your principles, clearly.
Mozilla’s core values remain as they’ve always been. Practical (real world) realities and hostile agendas affronting freedom and privacy, demand that they make choices which will keep them as close as possible to those core values, while still being able to soldier on as a (the only) freer alternative browser/OS.
Enabling DRM in Firefox is a value judgement, it’s a free-will choice conveyed onto their users to do with as they will.
Unlike, for instance, Apple, who’s core values are rammed down their user’s throats to the point of turning ownership rights of their iDevices on their heads. iDevices fall under Apple’s unique, Own-To-Rent model. You get all the damage, maintenance and replacement downsides of real effective ownership of these iDevices. But their effective property rights remain that of renting these iDevices.
Seems like Who-Sucks-the-Least Choices, are all that remain.
Not really. Just choose Mozilla.
“Firefox needs to provide a mechanism for people to watch DRM-controlled content.”
is there even any contend that needs EME and CDM?
AFAIK Netflix is implementing it (has implemented it?)… but that’s a red herring, because “all” systems either access Netflix through system-specific apps, or they’re currently supported by Silverlight.
Windows 8 even has a Netflix app, despite supporting Silverlight.
I don’t know of anything else using this nonsense, although I’m sure old media like Disney will jump all over it.
do not watch DRM-controlled content.
Go out and have a coffee or a beer instead, meet real people.
Why not? It’s rather convenient when you want to just plunk down $2.99 for a rental. Most people do this on a set-top box like a Roku, but I’m one of those weird people who like watching movies on my PC
Even if you go out and buy a blu-ray, that’s still drm-controlled content.
As a Firefox user, I’m personally happy that they’re offering an ‘out of the box’ solution for this. I just hope it doesn’t become another Flash thing, where a new platform rolls out, and users are just sitting around waiting for Adobe to port over this new thing so that videos work right.
You mean, kinda like how the Netflix site works on Chrome on ChromeOS (Widevine DRM module on Linux) but doesn’t work on Chrome on generic Linux, even though Widevine DRM module is available?
Or how Netflix works on Android, but doesn’t work on generic Linux?
Or how Netflix still uses craptastic, unsupported, Silverlight in all browsers on Windows?
I mean, the support for running Netflix using DRM’d HTML5 is present, and working, and in-the-wild…but it only works with one specific DRM+OS setup.
Well, Netflix supports HTML5 on IE11/Win8.1 combo (bizarrely, not win7 with IE11).
But, giving the benefit of doubt to Netflix, i will not be impressed to know that the movie industry has some kind of weird certification process to allow streaming of their content, and this is actually forcing Netflix to stick with Silverlight on most of platforms just because this is the “stack” that are approved to be used on Windows versions older than 8.1.
Why i say that? Because here in Brazil there is several online streaming services competing against Netflix, and all are using either silverlight or flash as well on Windows.
Even to Google Play Movies still uses flash player on Windows AFAIK.
As of right now, Netflix delivers content a few different ways:
1. Silverlight (Desktop Browser Plugin)
2. Playready CAM (on iOS, possible some other devices)
3. Widevine (Google’s DRM scheme – on Android/ChromeOS)
4. HTML5 WebCrypto (MSE/EME)
Silverlight is used across all desktop browsers. This is why it doesn’t work on Linux, because on Linux Netflix doesn’t currently deliver their content using Widevine or HTML5 WebCrypto.
On Android and ChromeOS, generically speaking, they use Widevine. But again, widevine isn’t supported by Netflix for general “desktop” use – so Linux users would have to have a silverlight compatible plugin supporting Playready in order for Netflix to work currently.
They are actually using using Silverlight (i.e. playready) on ALL desktop browsers, not just all browsers on Windows…
Yep. As far as I know it is only implemented on certain ARM based Samsung Chrome books. But it is not completely native yet, as they were still using a custom plugin to implement WebCrypto (Chrome’s implementation of WebCrypto was not feature complete yet, or at least it wasn’t a few months ago). They could be using this in other places now too, I don’t know – they tend to roll out stuff like this rapidly.
Anyway, I think the point is to reduce their delivery methods to a single technology, i.e. HTML5 MSE/EME WebCrypto, and get rid of the rest. But the browsers all have to be there first.
I’m totally against DRM, but the war in standards committee was lost long ago. At this point there is no longer any use arguing about it – it is part of the standard. There is nothing anyone can do about it at this point except not use it – and I’m afraid there are way more people that don’t give a shit than do… Mozilla had to do this – they didn’t have a choice really (other than to be viewed as the obstructionist, and I don’t think that does them any good in the long run).
To be fair, on a technical level the standard is well done imo – it puts the DRM parts in their own little world and they don’t really bleed into anything else. If we had to have DRM creep into things it could have been alot worse than it turned out to be…
EDIT: For Linux users wanting their Netflix fix, there is now this:
http://www.makeuseof.com/tag/easily-enable-silverlight-watch-netfli…
https://launchpad.net/pipelight
I have not tried it, but it reportedly works great.
Edited 2014-05-15 00:52 UTC
Thank you for this. I just gave it a go on Crunchbang Linux 64-bit and it worked great using the instructions for Debian Wheezy. I had to add a user agent switcher to Chromium but that’s no big deal.
It’s definitely still a hack, but definitely better than the old hack of running an outdated version of the Windows build of Firefox via Wine. Compared to that, Pipelight is nearly seamless once installed.
Here in the US, the vast majority of public libraries use DRM for ebooks (Adobe) and (Overdrive media console) for audiobooks. http://omc.overdrive.com/. While some of the available audiobooks are available in MP3 format, most are in Microsoft’s DRM’d WMA format. It’s unlikely to change anytime soon without some common DRM standard.
Mozilla is taking the only (lesser of two evils) position that they reasonably can in this matter.
Mozilla of late have done some pretty disturbing things, this isn’t one of them.
DRMed content should not be protected by copyright. DRMed content is nothing but an mess of bits without the decryption key, and you can’t claim a copyright on a mess of bits that don’t represent music, pictures, sounds etc
As long as DRMed content is protected by copyright, copyright holders can impose any closed standard they want by defacto by embargoing open standards.
Don’t blame Mozilla.
It’s the users who have (or haven’t) voted with their feet.
If users truly felt DRM was a bad thing, they’d boycott any DRM controlled content. It then wouldn’t need to be implemented in any browser or viewer.
My view is that the media companies are betting on public ignorane and apathy. That’s why they keep trying new schemes on us. We didn’t revolt when DVDs where region controlled…..
Exactly.
I actually just saw another blog post pop up on Planet Mozilla which said something along those lines.
http://www.benmoskowitz.com/?p=982
They have been. BitTorrent usage has been growing. It’s just that the movie & television executives, who still haven’t learned from the music industry, still insist on an outdated distribution and licensing model which requires them to “protect” their content. Meanwhile users continue to access media in a format that suits them. DRM in web browsers isn’t going to change that and more than the ridiculous “UltraViolet” scheme for DVDs & BluRay killed unauthorised copying.
I’m going to have to point out that you’re jumping to conclusions here — correlation does not equal causation, as the saying goes; have you considered that e.g. BitTorrent-usage is increasing because people are still learning about it and how to use it?
Why would they bother to learn about it and how to use to use it if the legal alternatives offered them what they already wanted?
As for correlation, music piracy rates have plummeted since places like iTunes and Amazon made music available in formats that users wanted at a fair price. It’s less hassle, and just as effective, to purchase your music (like for like assuming what you’re looking for is available to purchase).
Removing crap like DRM from music has actually helped the market and reduced piracy. Once day the film & television industry might just catch up.
There will always be people who can’t either afford to use legal services, don’t want to wait even a single day to get something and people who simply do not want to pay when something can be gotten for free.
Online-bought music has also come down in price and the services have gotten easier to use even for total novices. You can’t just attribute everything to the removal of DRM.
Also, compared to mp3-files movies and the likes tend to be quite a bit bigger files and so, with that in mind, I’m going to argue that one of the reasons for why their piracy has gone up is because access to higher bandwidth has increased.
While it would probably reduce piracy somewhat I really doubt it would reduce piracy as much as it did with online music. Why? Well, because movies and TV-shows are so much more expensive. Buying a few songs at $0.79/pop is low enough for many people not to bother with torrenting, but movies and TV-shows? They won’t be sold at such prices and that means there will always be an incentive for torrenting them instead.
You can claim anything you like, but I do not believe for a second that DRM is the biggest reason for people torrenting the stuff.
Oh I’m not claiming it is the biggest or only reason, I’m just saying it is a reason. Specifically, the reason is access to media in a format the user can consume.
One of biggest drivers is timely access to media; when a show is broadcast in one market, users who are accustomed to instant access to information via. the internet are no longer willing to sit and wait for it to be broadcast in their part of the world. Why should they, when they can just go get the latest episode of their favourite show within minutes?
As it happens market segmentation and staggered releases are also one of the drivers behind DRM adoption by media companies. They want to try to maintain their old business model of segmented markets in a global market age. Once the companies figure this one out, they might start to realise that DRM isn’t quite as critical as they think it is, and maybe some sanity can return.
We have selected Adobe to provide the key functionality
Welp, time to abandon the ship.
I do NOT want this shit. And from all possible providers they went to Adobe, known from their bad security history.
With this move Mozilla 1. endorses closed source 2. endorses DRM. Before anyone jumps in their defense with “but users asked for it”, the users who can need it, they can install a plugin by themselves.
Don’t watch DRMed content and you won’t “get this shit”. The ability to load modules will be there but there won’t be any modules…
Of course I don’t watch DRM’ed content, the issue is this should be ‘opt-in’, not ‘opt-out’. For now Mozilla says:
– Free and Open Source Software does not matter, we will ship closed and proprietary stuff which is OK;
– DRM on the web is a good thing, we endorse and make use of it;
– sites should DRM their content, we will help them in reaching as many users as possible;
– Adobe is a reliable provider (cough! Flash cough! Reader, cough! cough! cough!)
To me, all those are bad, if not even evil.
Actually that is the opposite of what they say, but I see that getting on a bandwagon is something that a lot of people can’t resist the urge to do.
And yes, software, of any sort is irrelevant if there’s not a significant mass of people/machines/organizations making use of it.
Average Joe will try to watch netflix on his firefox browser, see that it does not work and discard it as a POS. He won’t dig any further to see why netflix did not actually work…
While tech savvy people remain a minority, this kind of thing will *always* happen. Everybody caters to the needs of majorities and the majority of people does not give a shit.
Edited 2014-05-15 07:43 UTC
Mozilla’s mission (see http://www.mozilla.org/en-US/mission/) is ‘to promote openness, innovation & opportunity on the Web.’ Making DRM video available to ‘average Joes’ is not part of it.
Really? Ask average joe how he feels about that… also, the full quote is:
“Our mission is to promote openness, innovation & opportunity on the Web”
Becoming irrelevant is not there nor does it help their efforts.
Edited 2014-05-15 09:07 UTC
I have to disagree. Firefox is still open-source and they promote pretty much all open things, it won’t suddenly stop being open-source or stop doing that if they add a DRM-module to the browser. If Mozilla didn’t do that, rolled over to obscurity like e.g. Opera and let Internet Explorer and Safari take over then it would be doing the exact opposite of promoting openness and innovation — by insisting on staying relevant they keep Microsoft and Apple on their toes.
So… they’re completely ignoring the official W3C spec Encrypted Media Extensions?
https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encry…
— and flying in the face of the HTML 5-tard “Flash is evil” idiocy going to Adobe for theirs?!?
I grasp the ‘desire’ for DRM and it’s practical application — there’s a reason neither Hulu or Netflix will touch the currently deployable HTML 5 video with a 50 foot cattle prod — that’s what the (complained about by freetards everywhere) EME exists for — even as ignorant halfwits go “What was TBL thinking” as if he has anything to do with W3C determinations at this point.
Am I missing something, or is this EXACTLY what I meant by HTML 5 video and audio sending formats, encoding and deployment back to the worst of the old WMP vs. QuickTime vs. Realplayer wars?
Or are they talking DRM for non-media content like plaintext or something?
Leave it to Mozilla to pretend it’s 1997, go do their own thing and to hell with participating in standards; shades of Nyetscape 4.
— EDIT — WAIT, is this EME or not? They talk about it like it isn’t and is at the same time in the article… Piss poor writing skills? Marketing bullshit? Trying to decipher that page and… damn.
Edited 2014-05-15 13:52 UTC
It wastes time to argue that a copyrighted work loses protection because it was encrypted for transmission to the legitimate customers of a digital download, rental or subscription service.
Legal issues of that sort have been hashed out in court beginning with the invention of the telegraph and were pretty much settled with the commercialization of radio in the 1920s.
Disney posted Let It Go in HD to YouTube on December 6th of last year. 3.28 seconds 226 million views. Best guess for all things Frozen on YouTube, 500-550 million views.
Firefox lives and dies by the add click. It can’t toss off a billion page views globally, which is, realistically, what licensed content from Disney can give you.
“Despite our dislike of DRM, we have come to believe”
= They are changing their beliefs.
“We will do so in a way that protects the interests of individual users as much as possible”
= They admit it harms the interests of users.
“given what the rest of the industry has already put into place”
= They have become followers, not leaders.
“We have selected Adobe to provide the key functionality.”
Adobe’s flash is a plague of proprietary software that has been proven to spy on you.
“We believe that Adobe is uniquely able to bring new value to the setting.”
Value? For who?