[tor-talk] Firefox, Adobe, and DRM

[Gerardus Hendricks]

Hi David,

I can sympathize with the position that Mozilla has taken concerning W3C 
EME. I'm left with a related question though:

Suppose that the (necessarily closed-source) DRM component is completely 
sandboxed and separated from the rest of the code, so that its only 
inputs are the encrypted stream and some unique key/token, and its only 
output is a buffer of decrypted frames.

(this illustration by Mozilla paints that picture nicely: 
https://hacks.mozilla.org/wp-content/uploads/2014/05/CDM-graphic.png )

Then what prevents the open-source Firefox application, that needs to 
'render' that framebuffer into a nice window with shiny buttons, from 
cleanly reading and saving that buffer of decrypted frames to file?

If the answer is "there is no protection", then it seems insane that 
'the bad, evil industry' would allow such sandboxing of a DRM component.

This might already have been discussed elsewhere, but I haven't been 
able to find that discussion. Any pointers would be welcome.

Regards,
Gerard

On 5/15/14 9:27 PM, David Rajchenbach-Teller wrote:
>      Hi Paul,
>
>   It's actually more complicated than this. Since pretty much everyone at
> Mozilla hates DRM, we took the least evil option that did not involve
> project suicide.
>
> Adobe will implement a sandboxed proprietary black box plug-in for
> decoding DRM-ed data. We will provide an API to make it work and the
> ability for users to download the plug-in (very streamlined, most likely).
>
> The DRM code will *not* be part of Firefox. While the internal API
> hasn't been designed or implemented yet, I suspect that toggling a
> preference will be sufficient to remove the streamlined mode for
> downloading the plug-in. I am pretty sure most Firefox devs will toggle
> off that preference – I am certainly planning to.
>
> Alternatively, TorBrowser should be able to use IceWeasel, the entirely
> free fork of Firefox. This fork doesn't offer h.264 and will certainly
> similarly deactivate the DRM-related code.
>
> Cheers,
>   David
>
> P.S.: I haven't heard about money changing hands, although I wouldn't be
> surprised if we had to pay Adobe for that. Whether you decide to believe
> me is, of course, your choice.
>
> On 15/05/14 20:08, paul at crable.us wrote:
>> I just received a message from the Free Software Foundation
>> advising me that Mozilla has climbed in bed with Adobe
>> Corporation and will implement digital rights management,
>> DRM, in FireFox.  Until now they had not supported DRM.
>> They claim to take this act to preserve market share, but it
>> would not surprise me if money changed hands as an
>> additional encouragement.
>>
>> TOR is not about DRM, but if TOR continues to use FireFox as
>> the basis for its browser, then the nose of the DRM camel
>> will appear under the wall of the tent.  Some of us have
>> assiduously avoided DRM, and TOR was one way to do so.  Will
>> it continue to be?
>>
>> The source code for FireFox is available free and so the DRM
>> code could be striped out before making it the TOR browser.
>> doing so, however, will require additional effort; is TOR
>> prepared to take on this task?
>>
>> Paul
>>
>> --
>> Paul A. Crable.  Portland, Oregon.  U.S.A.
>> PAUL AT CRABLE DOT US
>>
>
>
>
>