249/365 - QuestionHTML5 is great.  In the old days when the web was dominated by plugins like Adobe Flash, you had to put up with frequent security updates to plug gaping holes in its defences; frequent plugin crashes and if you used a non-Windows platform, a plugin that was…lets face it, abysmal.

The mobile revolution we are seeing now has all but kicked Flash into the history books, but the old giants of the entertainment industry are not happy about this change.

You see, at the moment, Digital Rights Management (DRM) and HTML5 are not good bedfellows.  There isn’t a “baked in” solution for securing premium content in the HTML5 specification and this has meant that premium content from the major networks and streaming services are invariably delivered through an app on an iOS or Android device and through Flash in your web browser.

Encrypted Media Extensions

Now, there is a new specification being worked on by W3C (World Wide Web Consortium), but the Electronic Frontier Foundation is rather unhappy about it, as it could, at least in theory, allow the locking-down of everything on a web page.

He said it could produce a “web where images and pages cannot be saved or searched, ads cannot be blocked, and innovative new browsers cannot compete without explicit permission from big content companies”. – Danny O’Brien, EFF (BBC link)

So, with DRM, we get to have premium content in our web browsers without the need of a Flash plugin.  The downside is that it could lead to completely locked-down websites with unavoidable ads, unsearchable text and a reliance on approval for alternative web browsers, just like we had with Flash and with ActiveX controls in IE6.

The EME specification does not specify a DRM scheme in the specification, rather it explains the architecture for a DRM plug-in mechanism. This will lead to plug-in proliferation on the Web. —Manu.sporny.org

Content Decryption Modules

As the quote above alludes to, there is no “standard” DRM scheme in the new draft specification for these Encrypted Media Extensions (EME’s), it merely opens the door for a variety of new “Content Decryption Modules”, or CDMs for short.

A CDM is a browser extension that handles the decryption of the streamed content so that it can be viewed in your browser.

These CDMs are not set in stone either.  You can have (in theory) open source CDMs and proprietary ones, but if a company like Netflix were to insist on a particular CDM and that only worked reliably on one platform or browser, we end up back in the bad old days again.  Happy to be corrected if I read into that bit wrong.  It appears that all we are doing is exchanging a proprietary plugin for a potential smorgasbord of proprietary browser extensions.

Yet if the client can’t prove it’s running the particular proprietary thing the site demands, and hence doesn’t have an approved CDM, it can’t render the site’s content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place. W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. —Techdirt.com

Essentially, we could potentially see the return of messages like “you need to be using IE10 in Windows” or words to that effect.  If you want to view content in Linux or UNIX using a fork of Firefox or Chromium, you may end up out of luck.  We lose the platform-agnostic benefits that we can enjoy now.

The promise of premium content in HTML5 and the “true interoperability” the W3C craves is being used as a carrot to weasel DRM into what is currently the most level playing field the internet has seen for some time.  Unfortunately, the reality will most likely be a more fragmented and problematic internet for everyone, especially those who dare stray from the browsers and platforms with the biggest marketshare.

The entertainment industrys threats to impose control remain the same: if you don’t do as we say, you won’t get our premium content, and your technology will be rendered irrelevant. As we’ve seen with both music, and digital TV, the threat is empty.

via Why the HTML5 Standard Fight Matters | Electronic Frontier Foundation.