[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firefox, Adobe, and DRM



Hi David,

I can sympathize with the position that Mozilla has taken concerning W3C EME. I'm left with a related question though:

Suppose that the (necessarily closed-source) DRM component is completely sandboxed and separated from the rest of the code, so that its only inputs are the encrypted stream and some unique key/token, and its only output is a buffer of decrypted frames.

(this illustration by Mozilla paints that picture nicely: https://hacks.mozilla.org/wp-content/uploads/2014/05/CDM-graphic.png )

Then what prevents the open-source Firefox application, that needs to 'render' that framebuffer into a nice window with shiny buttons, from cleanly reading and saving that buffer of decrypted frames to file?

If the answer is "there is no protection", then it seems insane that 'the bad, evil industry' would allow such sandboxing of a DRM component.

This might already have been discussed elsewhere, but I haven't been able to find that discussion. Any pointers would be welcome.

Regards,
Gerard

On 5/15/14 9:27 PM, David Rajchenbach-Teller wrote:
     Hi Paul,

  It's actually more complicated than this. Since pretty much everyone at
Mozilla hates DRM, we took the least evil option that did not involve
project suicide.

Adobe will implement a sandboxed proprietary black box plug-in for
decoding DRM-ed data. We will provide an API to make it work and the
ability for users to download the plug-in (very streamlined, most likely).

The DRM code will *not* be part of Firefox. While the internal API
hasn't been designed or implemented yet, I suspect that toggling a
preference will be sufficient to remove the streamlined mode for
downloading the plug-in. I am pretty sure most Firefox devs will toggle
off that preference – I am certainly planning to.

Alternatively, TorBrowser should be able to use IceWeasel, the entirely
free fork of Firefox. This fork doesn't offer h.264 and will certainly
similarly deactivate the DRM-related code.

Cheers,
  David

P.S.: I haven't heard about money changing hands, although I wouldn't be
surprised if we had to pay Adobe for that. Whether you decide to believe
me is, of course, your choice.

On 15/05/14 20:08, paul@xxxxxxxxx wrote:
I just received a message from the Free Software Foundation
advising me that Mozilla has climbed in bed with Adobe
Corporation and will implement digital rights management,
DRM, in FireFox.  Until now they had not supported DRM.
They claim to take this act to preserve market share, but it
would not surprise me if money changed hands as an
additional encouragement.

TOR is not about DRM, but if TOR continues to use FireFox as
the basis for its browser, then the nose of the DRM camel
will appear under the wall of the tent.  Some of us have
assiduously avoided DRM, and TOR was one way to do so.  Will
it continue to be?

The source code for FireFox is available free and so the DRM
code could be striped out before making it the TOR browser.
doing so, however, will require additional effort; is TOR
prepared to take on this task?

Paul

--
Paul A. Crable.  Portland, Oregon.  U.S.A.
PAUL AT CRABLE DOT US






--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk