I've set DRM to require explicit approval in the browser, and I've seen random web sites that have no obvious reason to do so randomly request the permission.
I don't know what exactly causes this, since it's intermittent (the same web site doesn't always do it) and happens even with various ad and tracking blockers in place.
I detest auto-play videos and in fact am usually happy when some random news site I'm reading an article on gets blocked by not having DRM.
That's the thing though - I don't think it blocked videos on the site, if there even were any.
That has been my experience too. Brave asks me if I want to install widevine, I say no, and then nothing appears broken.
Sounds like fingerprinting
I wish it was possible to auto-reject it instead of constant pop-ups
Interestingly, DRM is also being used by Signal for privacy concerns over Windows Recall, as discussed on HN [0] previously.
"Used" is a strong term, they're not really utilizing the DRM codepaths, AFAIK it simply tells the OS that the window is software that does use DRM and thus should be excluded from any screenshots. The existence of DRM and desire of Windows to abide by its rules are what Signal relies on.
That's more of a double-edged sword hack than "using DRM". The theory of DRM is for the system to restrict the content from the user, i.e. the system is adversarial to the user and vice versa.
What Signal is doing is trying to get the system to restrict the content from the rest of the system. Which might work as a transient hack but doesn't actually work to protect the user when the system is adversarial, because Microsoft (the adversary) has the DRM private keys. Even some hypothetical DRM system which is effective in oppressing the user wouldn't prevent Microsoft from purloining the user's data whenever they want because they're the ones who make the DRM.
Microsoft cant and will not break that trust, because then Netflix and others will stop serving content to Microsoft products.
This is similar to HTTPS certificate chain of trust. The root signing authority needs to be trusted, but once you break that trust there's no going back. It is a self-regulating system.
I believe that they could just ignore the Signal app's request to DRM protect the content. Unless Signal is actually encrypting the whole app content before submitting it to Windows it is just a request.
This is a bit different to encrypted video where it is actually being encrypted off device.
Why does Netflix care if Microsoft is hoovering up all the user's data? Why would they even care if Microsoft was giving itself access to the Netflix streams? Unlike with Signal there are no real secrets in there.
Plus, what is Netflix even going to do? Stop supporting streaming on Microsoft platforms and then lose a bunch of subscribers for no benefit to themselves?
In this case, if Recall records the screen constantly then it can get the DRMed video from Netflix, and therefore possibly exfiltrate it to the user for piracy easier? I think they nominally try to prevent you streaming it / recording it to shut that down.
The expectation is that Microsoft is exfiltrating this data because they want to use it for AI training, ad targeting etc. That doesn't require the user to have access to it, they'd just need some new rationale for exfiltrating it. Insert malware scanning excuse etc.
Also, the issue is that somebody is going to copy a ~30 fps video using screenshots without audio taken at an interval of ~0.2 fps? Nobody is going to do it that way.
I imagine it wouldn't be Netflix enforcing that decision but rather the hollywood studios.
So ask the same question of them. Would you expect them to care about invasions of user privacy? To give up money over it?
But why does Hollywood even care about this DRM in the first place? I don't really understand why all this wasted effort, going so far with HDCP encrypted video signals.. I mean every new release is pirated within hours despite all of these protections anyway, so what exactly is the point? It's even easier and faster to just download a 4K torrent than to get Netflix in 4k working on many system configurations because of these overbearing DRM requirements.
Because that's not true. Pirates get very upset that 4K Netflix webrips often take weeks or months as hardware keys have to be burnt.
> because Microsoft (the adversary) has the DRM private keys
Let's be clear here. That's a fine point in the generic sense, but in the Signal situation there are no private keys and it's not really DRM.
It kind of is though?
Suppose a third party app wants to make screen captures. Windows prevents it, because otherwise it could do the same thing to Netflix and capture the video. The thing preventing the app from bypassing that constraint is DRM.
Whereas suppose Microsoft wants to distribute an update to the video rendering code in Windows. It will have access to the data on the screen because it's the thing converting it into pixels, so Microsoft signs the new code with their private keys and distributes it to your PC and it gets access to what's on your screen. Which they could also do with code designed to exfiltrate it.
But Signal is not Netflix. Signal is not managing any digital rights with this toggle, and also the user has full control over the toggle.
Also if Microsoft wanted to bypass it they could just ignore the function call, they wouldn't have to do any clever workarounds.
Popular web browsers way too complex, far too difficult to control.
Simpler software could satisfy web users.
Could reduce potential for surveillance and annoying distractions. Easier to audit and control.
No, simpler software is not accepted by the general public. For a few years Firefox rejected EME/Widevine. When Netflix does not work then they will just use a browser that works.
We should have stopped with gopher. I’m not even sure I’m joking.
(I had to editorialize to get the title within the limits)
I flat out have DRM disabled in my browser. If I really really need it, then that's what VMs and VPNs are for.
I'm curious what are those use-cases where you really need it? I have DRM disabled since forever and never experience any problems that I can relate to that.
Music and TV/movie streaming, and that's about it afaict. I've got it disabled too, and I essentially never see issues unless I go to Netflix.
News videos don’t always work without it either.
Maybe I don't visit enough news sites, but I never saw a news website have DRM on their videos.
I think I've seen it on news sites like once? And thanked my settings for stopping something that was surely going to annoy me.
But broadly yeah, same
Which really makes you wonder why so many people fought hard to get it into the browser.
I think spotify doesn't work without it but I switched back to keeping all my music local long ago.
ok, never used that...
Streaming television
Same here. For one interim pragmatic purpose, I do have a dedicated setup that has DRM, which I use only for that purpose. I hope to get rid of the nasty DRM altogether in the future.
(For the browser part of the DRM setup, I use Chrome/Chromium, the violate-me-all-the-ways browser. For all other browser purposes, I use both Firefox, the violate-me-fewer-ways browser, and Tor Browser, the draw-fire-of-state-actors-but-thwart-techbro-actors browser.)
Not surprising at all.
Yeah this feels very much the point of DRM in browsers. I will never understand why Firefox caved. This is 100% the kind of thing they should fight.
They "caved" because it's a browser for humans and lots of humans stream TV. I don't miss the daily "how can I watch Netflix on Ubuntu?" posts in different communities. Users can disable Widevine in FF.
The answer should be "go sail the high seas."
I’d be surprised if close to 100% of those users aren’t using Chrome, not Firefox for any streaming purposes.
You'd be surprised if less-than 99% of Firefox users didn't switch to Chrome to stream television? Am I understanding?
I think the number of people who care about streaming DRM media probably already used Chrome at the time of the EME stuff being added to Firefox.
People do this:
https://news.ycombinator.com/item?id=44294402
So they use Firefox 99% of the time and then if they encounter the rare thing that requires DRM they treat it like toxic waste that has to run in an isolated sandbox, which doesn't need to be the same browser they use for anything else.
The only other sensible option is to get out the reversing toolkit and break the DRM.
It's unlikely we can extrapolate market share and user-base data from individuals who self-select into discussing DRM on Hackernews.
Aren't those the only people who don't already use Chrome? "People who hate privacy-invading stuff like DRM" is pretty much the Firefox user base.
There is absolutely no way I would be able to convince my parents to do streaming that way, and I'm reasonably certain that they're a much more representative set of the community than people who hang around HN.
You absolutely would and it's the default way that normal people actually do it, which is to isolate Netflix into some kind of TV or HDMI stick instead of putting it in a browser on a PC.
This is the point? Not preventing screen capture?
In this day and age I dont understand why there isnt a more successful fork of firefox or a new opensource browser thats more succesful with privacy as a concern. My only speculation is collective lazyness and lack of sex appeal as new technologies have emerged. I’m probably biased as I lived through the browser wars. I guess I’m probably projecting combined with curiosity. I know most of the old greybeards have moved on and those of us left are stuck carrying the torch, but man it sure seems the culture has been eroded significantly. Case in point back in my day it seemed like there was a new browser every few months or so. I’m done ranting, I’ve got kids to yell at to get off my lawn.
Many forks exist like LibreWolf
Brave is such a browser but seeing as it is backed by Thiel's VC money and involves a crypto monetization incentive for the user (which can easily be turned off, btw) it evokes strong emotions in people who are rightly averse to such things. However, it does do pretty much everything privacy advocates ask for as soon as you turn off a few settings. I use it and would recommend it for people who want a anti-tracking, anti-ad browser if you can live with the drama around it.
WebKit seems to be doing at least some of that, rejecting some of the more invasive new web APIs. Why does my browser ever need to know my battery status?
I don't understand why anyone would bother forking Firefox when forking Chromium is available which is more advanced and more modular.
>or a new opensource browser
Brave browser fulfills that role.
> I don't understand why anyone would bother forking Firefox when forking Chromium is available which is more advanced and more modular.
No uBlock is a deal breaker. Chromium is stuck with the neutered uBlock Lite thanks to Manifest V3.
> Brave browser fulfills that role
Sure, and it's also funded by VC money. How long until the vultures start swooping in to get a return on their investiment?