Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Thursday 10 November 2011

HTML Video DRM

Based on the recent Adobe and Microsoft announcements, I expect most Flash and Silverlight Web developers are now thinking about how they'll move to Web standards. This is a good thing, but there are still features in those plugins that are missing from Web standards. One big feature is DRM for video. The problem is that some big content providers insist on onerous DRM that necessarily violates some of our open Web principles (such as Web content being equally usable on any platform, based on royalty-free standards, and those standards being implementable in free software).

We will probably get into a situation where Web video distributors will be desperate for an in-browser strong DRM solution ASAP, and most browser vendors (who don't care all that much about those principles) will step up to give them whatever they want, leaving Mozilla in another difficult position. I wish I could see a reasonable solution, but right now I can't. It seems even harder than the codec problem.

I am curious about what IE10 will do in this area. If Windows 8 Metro IE10 doesn't support Flash or Silverlight (as Microsoft says), and they don't support a strong DRM solution (and I haven't heard they will, yet), how will distributors of expensive HD content satisfy their DRM requirements and play back in Windows 8 Metro IE10?

Comments

Anonymous
A link to a file that opens it up in Windows Media Player? Just saying...
Anonymous
This seems a good solution: http://www.webkitchen.be/2011/01/26/stealing-content-was-never-easier-than-with-html5/comment-page-1/#comment-26043
Anonymous
Anonymous #2, I think a fairly simple workaround for that would be to right click, go to the 'View Page Info' dialogue, and find the video under the 'Media' tab.
Anonymous
If we have the horsepower to decode H264 in JS now, could content streamers just scramble a standard codec stream on the server side, and then descramble in in JS on the client side, pairing each with some sort of private, per-client key?
Anonymous
Netflix is working on creating a streaming video DRM standard: http://techblog.netflix.com/2010/12/html5-and-video-streaming.html I personally don't think DRM belongs on any consumer device. I'm waiting until it dies before I buy download movies from places like Amazon, iTunes etc. (Probably when everyone's on 100Gbps networks).
John London
I think it's a cultural problem more than it is a technical or even a commercial problem. My observation of video consultants is that they regard Web standards with disdain. Here's a choice quote from a recent Streaming Media article: "With regards to the video tag, never has an industry worked so hard to promote a technology that clearly only appeals to either tree-hugging, sandal-wearing standards lovers or the absolute lowest tier of potential users." They seem to consider the Web in general to be something of a cesspool. Even though they build websites out of open royalty-free formats, served from open source servers, delivered over open royalty-free protocols, they nevertheless on a very deep and fundamental level don't understand and simply don't value the Web. Look upon the video consultant set and despair: http://www.streamingmedia.com/ http://www.streaminglearningcenter.com/
Robert
Descrambling in JS is possible. I think we'd even have no trouble natively supporting a stream cipher in the browser. The problem is that that isn't "strong enough" to satisfy some of the big content providers --- they want encryption all the way to the hardware, or at least to some blessed OS kernel.
Asa Dotzler
Robert, if you watch a couple dozen hours of the BUILD videos, you'll see what their answer is. Microsoft's solution in Windows 8 is that what was previously deployed in browsers using Flash or Silverlight will be deployed to the Metro environment as Metro style apps that live stand-alone, outside of the browser. They get pretty desktop launchers with Live Titles and they get to offer themselves up as handlers for various activities and content types. And that's MS's plan for almost everything that's on the Web today -- not just plug-in content. In Metro, the browser is secondary and people write "apps" in Silverlight, Air, HTML+JS, C/C++, etc. There will be plenty of DRM solutions there. The browser is essentially deprecated in Metro. Think of it as Safari on iOS. It's there, but it's not important.
azakai
> If Windows 8 Metro IE10 doesn't support Flash or Silverlight (as Microsoft says), and they don't support a strong DRM solution (and I haven't heard they will, yet), Isn't that the answer? If content providers ask for it, Microsoft will add as strong a DRM solution as they require into the Metro API (WinRT). Metro uses HTML+JS, but it isn't identical to it.
Klemen
The best solution from the very start would be educating all users why anti-features like DRM are so bad for society. But unfortunately instead of educating people why this is as important as freedom to many times we just ignored all those little annoyances and worked arounf them and all the DRM stuff has now become a mass. And by not working hard to eradicate this mass it is only growing larger and more evil and it is becoming increasingly harder to make it go away.
Asa Dotzler
Klemen, DRM is a technology. I don't believe that a technology, per se, is bad for society. Technology systems that allow for content owners to ensure that their content is only accessible to those who pay for it is, IMO, not evil or bad or wrong. Rather than railing against it, I think we should be trying to figure out ways to make it better than it is today.
Anonymous
DRM is a anti-consumer technology. It keeps purchasers from owning their media. The ability to copy and share is a owners right that shouldn't be taken away because of a business model. When I buy something from someone I don't want it dictated to me how I use it. If it's mine I'm not accountable to the merchant or it's creators.
Anonymous
Please, continue to support DRM-free video, and prevent the adoption of any "standardized" DRM system. It won't take that long for content providers to adapt. No DRM system will ever prevent people from capturing the content, and it only takes one to share it with everyone. At some point, the cost of *not* adopting HTML5 video (while all the independent content providers do so) will become higher than the falsely perceived cost of not having DRM. Meanwhile, we need organizations like Mozilla to remain strong in their principles, and ignore demands to add anti-features.
Jon
How's it going to work in W8? My guess is that the supported format for DRM-protected content in the W8 browser will be SmoothStreaming (i.e. fMP4) with PlayReady DRM served with a suitable MIME type; the browser can detect from the MIME type that it's PlayReady/SmoothStreaming content and swings the appropriate decode and adaptive bitrate switching components into action. That way, all the content providers have to do is take their existing closed-GOP H.264 content, remux it and then apply PlayReady protection to it, which is dirt-cheap computationally (esp. when compared to re-encoding in VP8...). Similarly, I expect Google to package the WideVine client in Chrome, so they can say "we don't believe in patent-encumbered codecs in HTML5" while making it trivial for content providers to target premium content at their browser. Then again, I could be a mile wide of the mark.
Taylor Wray
If you named which "big content providers" insisted on onerous DRM requirements, people would be able to focus on them instead of Mozilla.
Robert
Disney, Time Warner, all the big companies that produce TV shows and movies.
Shmerl
@Asa Dotzler: Klemen, DRM is a technology. I don't believe that a technology, per se, is bad for society. This is not true. Some technologies are bad for the society, and DRM is just such example. DRM limits users' freedom, and is akin to a draconian state where you are forced to wear ball and chain all the time "just in case you are going to do something illegal". It's clearly unethical and not acceptable for the open Web.
ferongr
Unless I'm mistaken the encrypted media proposal is going ahead through the W3C standardization process. ``Fun" times are afoot.