Skip to main content

IP-SKEPTIC: Mozilla is implementing an EME-compliant DRM module, and that's terrible.

Submitted by kmeisthax on Thu, 05/15/2014 - 20:39 in Rants

As complained about previously on Fantranslation.org, the HTML5 Encrypted Media Extensions are a "standard" way of getting a DRM-laden video to play on a DRM-laden browser. The technical details are unimportant (it's shit), the main issue is that it represents, on a political level, acquiesence and surrender to large multinational media conglomerates whose CEOs wet themselves at night and need a security blanket that makes us all radically more insecure. However, the last holdout and only browser vendor to actually protest against EME, has decided to license and implement an Adobe-provided DRM plugin - in a sense, a surrender, but with more generous terms.

First - the good bits. Mozilla is going to sandbox this thing as much as possible, and it will not be installed by default. The CDM is wrapped inside a strict sandbox that ensures that the only thing it can do is decrypt video frames and recieve a (required by Adobe) tracking ID. The tracking ID will be randomized per site, which is better for privacy than other DRM implementations available. The sandbox wrapper source code will also be available under normal license terms, specifically as a nothing-up-my-sleeve tactic. Finally, you will be able to watch Netflix on Linux, as the smaller CDM is easier to port than a Flash plugin that targets Chrome-specific plugin APIs.

Now the bad bits. The sandbox is not modifiable due to technical restrictions. While you are legally allowed to modify it, one of the requirements of the CDM license is that the DRM module is able to verify the sandbox. That means only builds authorized by Adobe will actually play video. In fact, it means that you can't compile the code yourself anyway, since Mozilla builds are not yet deterministic, so the nothing-up-my-sleeve tactic is currently ineffective at actually making me feel secure.

Speaking of security, if the CDM does turn out to have some exploitable bug, it will not be fixed until it is already being exploited in the wild. The DMCA explicitly prohibits security research on DRM systems except for a very small handful of cases. I'm not even talking out of my butt here - this already happened, back in the last decade where Sony was putting DRM on ordinary CDs. If you put them in a computer, unless you were careful to disable the CD autoplay, it would go straight to executing a program which would install a program on your machine to prevent you from ripping the disc. Thing is, that program was also a rootkit that made it really easy to hide malware in an ostensibly non-threatening place.

Security researchers were already aware of the issue. But nobody spoke up, because the process of merely researching the DRM system is itself illegal. There are plenty of hostile vendors who would love nothing more than for security researchers to just go away and stop hacking their systems. Normally, however, they can just go pound sand if they don't want to fix their devices, and watch as everyone moves away from their insecure technology. If what they are vending is DRM plugins, however, they have a nice club to gag and beat the researcher with, called the DMCA anticircumvention laws. (Other jurisdictions have similar restrictions.) I do not trust Adobe to write a secure CDM the first time, nor do I trust them to work with security researchers outside of very specific, NDA-laden circumstances. Nor does any other security researcher have that level of trust with Adobe.

We also have the risk of encouraging other industries to request similar "standards" for obfuscating and DRMing other parts of the web experience. We could have eBook vendors wanting to obfuscate parts of HTML markup (because book publishers hate blind people). Stock image vendors would love the ability to have images in DRM that can be viewed but not saved without paying the license fee. Game developers would love the ability to package a NaCl or asm.js program inside an obfuscating DRM package. Etc. We need to, as an industry as well as individuals, stand now to prevent further encroachment of DRM restrictions on the web platform.

Long term, we risk having to hold off on useful standards if they pose problems for the security of restricted content. As the web platform transitions into a viable applications platform, we need to start adding capabilities which allow for more low and mid level access to the DOM. I would love to have, say, a way to define custom drawing filters to be applied to arbitrary elements via CSS. This would be great - except that we also not only have to worry about information leaks via insecure iframe usage, but we now have to ensure that users can't abuse it to decrypt protected video and dump it. This takes additional engineering time and has consequences for browser vendors if it gets screwed up, beyond merely having to ship a security update. Eventually, some features are going to have to be foregoed or limited in scope to prevent protected video from being compromised.

This also affects extensions today, as they have more access to the browser than normal pages. I don't know what will happen to, say, a screenshot extension if it's used on a page that loads in the Adobe CDM. Does Firefox just keep all extensions from touching that page? Does the screenshot extension get a black screen instead of video? Or are certain extensions just going to be banned from being installed alongside the CDM? This is an important question as it affects how much of the browser the user is actually allowed to control.

The fact is, while the Mozilla DRM deal is a surrender with generous terms, it is still a surrender, which came in relative secrecy for an otherwise transparency and rights obsessed organization. The only upside is that Mozilla Firefox will still be a non-profit browser with relevance, where they can at least fight another day on an issue of similar import. However, as a user, I would recommend that you switch to Mozilla Firefox today. Not for any particular technical benefit, but for the political benefit of having the closest thing to a user advocate in this industry.

Tags
copyright law
web development
web platform
DRM
DMCA