I've set DRM to require explicit approval in the browser, and I've seen random web sites that have no obvious reason to do so randomly request the permission.
I don't know what exactly causes this, since it's intermittent (the same web site doesn't always do it) and happens even with various ad and tracking blockers in place.
mjevans 10 hours ago [-]
I detest auto-play videos and in fact am usually happy when some random news site I'm reading an article on gets blocked by not having DRM.
tgsovlerkhgsel 10 hours ago [-]
That's the thing though - I don't think it blocked videos on the site, if there even were any.
__MatrixMan__ 10 hours ago [-]
That has been my experience too. Brave asks me if I want to install widevine, I say no, and then nothing appears broken.
tcoff91 10 hours ago [-]
Sounds like fingerprinting
NooneAtAll3 9 hours ago [-]
I wish it was possible to auto-reject it instead of constant pop-ups
486sx33 11 hours ago [-]
[dead]
jwrallie 12 hours ago [-]
Interestingly, DRM is also being used by Signal for privacy concerns over Windows Recall, as discussed on HN [0] previously.
"Used" is a strong term, they're not really utilizing the DRM codepaths, AFAIK it simply tells the OS that the window is software that does use DRM and thus should be excluded from any screenshots. The existence of DRM and desire of Windows to abide by its rules are what Signal relies on.
AnthonyMouse 12 hours ago [-]
That's more of a double-edged sword hack than "using DRM". The theory of DRM is for the system to restrict the content from the user, i.e. the system is adversarial to the user and vice versa.
What Signal is doing is trying to get the system to restrict the content from the rest of the system. Which might work as a transient hack but doesn't actually work to protect the user when the system is adversarial, because Microsoft (the adversary) has the DRM private keys. Even some hypothetical DRM system which is effective in oppressing the user wouldn't prevent Microsoft from purloining the user's data whenever they want because they're the ones who make the DRM.
bitpush 11 hours ago [-]
Microsoft cant and will not break that trust, because then Netflix and others will stop serving content to Microsoft products.
This is similar to HTTPS certificate chain of trust. The root signing authority needs to be trusted, but once you break that trust there's no going back. It is a self-regulating system.
kevincox 10 hours ago [-]
I believe that they could just ignore the Signal app's request to DRM protect the content. Unless Signal is actually encrypting the whole app content before submitting it to Windows it is just a request.
This is a bit different to encrypted video where it is actually being encrypted off device.
AnthonyMouse 11 hours ago [-]
Why does Netflix care if Microsoft is hoovering up all the user's data? Why would they even care if Microsoft was giving itself access to the Netflix streams? Unlike with Signal there are no real secrets in there.
Plus, what is Netflix even going to do? Stop supporting streaming on Microsoft platforms and then lose a bunch of subscribers for no benefit to themselves?
nemomarx 10 hours ago [-]
In this case, if Recall records the screen constantly then it can get the DRMed video from Netflix, and therefore possibly exfiltrate it to the user for piracy easier? I think they nominally try to prevent you streaming it / recording it to shut that down.
AnthonyMouse 9 hours ago [-]
The expectation is that Microsoft is exfiltrating this data because they want to use it for AI training, ad targeting etc. That doesn't require the user to have access to it, they'd just need some new rationale for exfiltrating it. Insert malware scanning excuse etc.
Also, the issue is that somebody is going to copy a ~30 fps video using screenshots without audio taken at an interval of ~0.2 fps? Nobody is going to do it that way.
SunlitCat 5 hours ago [-]
But the larger issue is, if Microsoft Windows is able to grab DRMed content, there is some path to grab DRMed content at all. Which means that if someone with lots of time, passion and talent on their hand might be able to exploit that path to get more then just a screenshot without audio every 0.2 fps.
The promise of DRMed content at the moment is that (technically) no one is able to do so as there are no backdoors into it, for nobody.
AnthonyMouse 3 hours ago [-]
There is always a path to grab it, because something on the device has to have it in order to display it on the screen.
SunlitCat 3 hours ago [-]
Ideally, the entire path from source to display is secure and inaccessible (even for the operating system), that is the core promise of DRM. Of course the device must render the content somehow, but DRM is specifically designed to ensure that this path can't be intercepted or exploited.
What happens outside of that path, before it's decrypted or after it's displayed, is beyond what DRM is meant to control.
j-bos 10 hours ago [-]
I imagine it wouldn't be Netflix enforcing that decision but rather the hollywood studios.
AnthonyMouse 9 hours ago [-]
So ask the same question of them. Would you expect them to care about invasions of user privacy? To give up money over it?
lyu07282 8 hours ago [-]
But why does Hollywood even care about this DRM in the first place? I don't really understand why all this wasted effort, going so far with HDCP encrypted video signals.. I mean every new release is pirated within hours despite all of these protections anyway, so what exactly is the point? It's even easier and faster to just download a 4K torrent than to get Netflix in 4k working on many system configurations because of these overbearing DRM requirements.
Mindwipe 7 hours ago [-]
Because that's not true. Pirates get very upset that 4K Netflix webrips often take weeks or months as hardware keys have to be burnt.
AnthonyMouse 3 hours ago [-]
The DRM is still completely broken. What they're doing is using some watermarking technology to match the video with a particular device and then ban the device. But then the pirates just buy a device, rip thousands of hours of video using it and then post them all together. Each device can get them everything in the entire catalog that they want because they don't have to post any of it until they've coped all of it and banning the device after the fact is too late. They can even sell the device before the key is banned (or to anyone who won't notice/care) and use the money to buy another one, and then the company is only banning the keys of innocent people who might have been paying customers.
And even that is assuming there is no way to remove the watermark, which there always is because multiple copies of the same video can't each be uniquely identifying without revealing what's different about them.
Meanwhile the inconvenience to paying customers is real when their stuff doesn't work, and every customer who pirates your stuff because the paid offering doesn't work for them is an actual lost sale.
It really does seem like the DRM vendors are taking them for a ride.
Dylan16807 10 hours ago [-]
> because Microsoft (the adversary) has the DRM private keys
Let's be clear here. That's a fine point in the generic sense, but in the Signal situation there are no private keys and it's not really DRM.
AnthonyMouse 9 hours ago [-]
It kind of is though?
Suppose a third party app wants to make screen captures. Windows prevents it, because otherwise it could do the same thing to Netflix and capture the video. The thing preventing the app from bypassing that constraint is DRM.
Whereas suppose Microsoft wants to distribute an update to the video rendering code in Windows. It will have access to the data on the screen because it's the thing converting it into pixels, so Microsoft signs the new code with their private keys and distributes it to your PC and it gets access to what's on your screen. Which they could also do with code designed to exfiltrate it.
Dylan16807 8 hours ago [-]
But Signal is not Netflix. Signal is not managing any digital rights with this toggle, and also the user has full control over the toggle.
Also if Microsoft wanted to bypass it they could just ignore the function call, they wouldn't have to do any clever workarounds.
1vuio0pswjnm7 10 hours ago [-]
Popular web browsers way too complex, far too difficult to control.
Simpler software could satisfy web users.
Could reduce potential for surveillance and annoying distractions. Easier to audit and control.
kbrosnan 8 hours ago [-]
No, simpler software is not accepted by the general public. For a few years Firefox rejected EME/Widevine. When Netflix does not work then they will just use a browser that works.
conception 9 hours ago [-]
We should have stopped with gopher. I’m not even sure I’m joking.
SunlitCat 5 hours ago [-]
Although being too young to be really have seen gopher, i can still remember the (comparatively) simple "Internet" from mid to late 90s.
IRC for chatting, ICQ for instant messaging (which didn't work because my ISP at that time used a strange firewall / proxy setup and IRQ wasn't able to get through), newsgroups as a kind of discussion board, picture viewers for all kind of image formats (like wise video players), real player (Buffering...:D) for streaming....and most importantly web browser(s) when you want to grab information from all around the world (but dang having only a 33.6kbit modem, was really a test of patience sometimes).
Oh! I forgot! WinAmp which can whip the llama's...yeah you surely know what it does whip! ;)
exceptione 14 hours ago [-]
(I had to editorialize to get the title within the limits)
JCattheATM 13 hours ago [-]
I flat out have DRM disabled in my browser. If I really really need it, then that's what VMs and VPNs are for.
kiney 12 hours ago [-]
I'm curious what are those use-cases where you really need it?
I have DRM disabled since forever and never experience any problems that I can relate to that.
Aerroon 12 hours ago [-]
Which really makes you wonder why so many people fought hard to get it into the browser.
phantomathkg 6 hours ago [-]
So they can monetize the consumption of video/audio.
11 hours ago [-]
Groxx 12 hours ago [-]
Music and TV/movie streaming, and that's about it afaict. I've got it disabled too, and I essentially never see issues unless I go to Netflix.
Tijdreiziger 11 hours ago [-]
News videos don’t always work without it either.
gruez 11 hours ago [-]
Maybe I don't visit enough news sites, but I never saw a news website have DRM on their videos.
Groxx 10 hours ago [-]
I think I've seen it on news sites like once? And thanked my settings for stopping something that was surely going to annoy me.
But broadly yeah, same
account42 3 hours ago [-]
That's more of a bonus and not an issue.
msgodel 12 hours ago [-]
I think spotify doesn't work without it but I switched back to keeping all my music local long ago.
kiney 12 hours ago [-]
ok, never used that...
bevr1337 12 hours ago [-]
Streaming television
account42 3 hours ago [-]
Which should never have been a website in the first place.
account42 3 hours ago [-]
> that's what VMs and VPNs are for
To get the content from a different source in a more user-friendly format, right?
neilv 12 hours ago [-]
Same here. For one interim pragmatic purpose, I do have a dedicated setup that has DRM, which I use only for that purpose. I hope to get rid of the nasty DRM altogether in the future.
(For the browser part of the DRM setup, I use Chrome/Chromium, the violate-me-all-the-ways browser. For all other browser purposes, I use both Firefox, the violate-me-fewer-ways browser, and Tor Browser, the draw-fire-of-state-actors-but-thwart-techbro-actors browser.)
account42 3 hours ago [-]
What's preventing you from getting rid of it now?
shmerl 12 hours ago [-]
Not surprising at all.
mattl 12 hours ago [-]
Yeah this feels very much the point of DRM in browsers. I will never understand why Firefox caved. This is 100% the kind of thing they should fight.
bevr1337 12 hours ago [-]
They "caved" because it's a browser for humans and lots of humans stream TV. I don't miss the daily "how can I watch Netflix on Ubuntu?" posts in different communities. Users can disable Widevine in FF.
userbinator 10 hours ago [-]
The answer should be "go sail the high seas."
account42 3 hours ago [-]
Cool story. Except you still can't watch Netflix on Ubuntu unless you are OK being a second class citizen who is only allowed resolutions that may have been acceptable a century ago. So congratulations, FF sold out for nothing.
mattl 12 hours ago [-]
I’d be surprised if close to 100% of those users aren’t using Chrome, not Firefox for any streaming purposes.
bevr1337 12 hours ago [-]
You'd be surprised if less-than 99% of Firefox users didn't switch to Chrome to stream television? Am I understanding?
mattl 11 hours ago [-]
I think the number of people who care about streaming DRM media probably already used Chrome at the time of the EME stuff being added to Firefox.
So they use Firefox 99% of the time and then if they encounter the rare thing that requires DRM they treat it like toxic waste that has to run in an isolated sandbox, which doesn't need to be the same browser they use for anything else.
The only other sensible option is to get out the reversing toolkit and break the DRM.
bevr1337 11 hours ago [-]
It's unlikely we can extrapolate market share and user-base data from individuals who self-select into discussing DRM on Hackernews.
account42 3 hours ago [-]
Better than extrapolating market share from your feelings.
AnthonyMouse 11 hours ago [-]
Aren't those the only people who don't already use Chrome? "People who hate privacy-invading stuff like DRM" is pretty much the Firefox user base.
11 hours ago [-]
tombert 10 hours ago [-]
There is absolutely no way I would be able to convince my parents to do streaming that way, and I'm reasonably certain that they're a much more representative set of the community than people who hang around HN.
AnthonyMouse 9 hours ago [-]
You absolutely would and it's the default way that normal people actually do it, which is to isolate Netflix into some kind of TV or HDMI stick instead of putting it in a browser on a PC.
account42 3 hours ago [-]
Your parents are likely to use the Netflix app on the TV instead of FF anyway.
Dylan16807 10 hours ago [-]
This is the point? Not preventing screen capture?
wizardforhire 12 hours ago [-]
In this day and age I dont understand why there isnt a more successful fork of firefox or a new opensource browser thats more succesful with privacy as a concern. My only speculation is collective lazyness and lack of sex appeal as new technologies have emerged. I’m probably biased as I lived through the browser wars. I guess I’m probably projecting combined with curiosity. I know most of the old greybeards have moved on and those of us left are stuck carrying the torch, but man it sure seems the culture has been eroded significantly. Case in point back in my day it seemed like there was a new browser every few months or so. I’m done ranting, I’ve got kids to yell at to get off my lawn.
MrAlex94 5 hours ago [-]
I’ve been running Waterfox[1] for over 14 years and it’s as popular as ever.
And the first screenshot on that website shows Facebook, Netflix, Spotify, Disney+, etc. Real privacy champions.
ipaddr 11 hours ago [-]
Many forks exist like LibreWolf
account42 3 hours ago [-]
LibreWolf isn't a real fork. It's a patch set on top of firefox, meaning they are still beholden to any design decisions in the upstream project that can't easily be patched out.
mattl 12 hours ago [-]
WebKit seems to be doing at least some of that, rejecting some of the more invasive new web APIs. Why does my browser ever need to know my battery status?
Eisenstein 11 hours ago [-]
Brave is such a browser but seeing as it is backed by Thiel's VC money and involves a crypto monetization incentive for the user (which can easily be turned off, btw) it evokes strong emotions in people who are rightly averse to such things. However, it does do pretty much everything privacy advocates ask for as soon as you turn off a few settings. I use it and would recommend it for people who want a anti-tracking, anti-ad browser if you can live with the drama around it.
charcircuit 12 hours ago [-]
I don't understand why anyone would bother forking Firefox when forking Chromium is available which is more advanced and more modular.
I don't know what exactly causes this, since it's intermittent (the same web site doesn't always do it) and happens even with various ad and tracking blockers in place.
[0] https://news.ycombinator.com/item?id=44053364
What Signal is doing is trying to get the system to restrict the content from the rest of the system. Which might work as a transient hack but doesn't actually work to protect the user when the system is adversarial, because Microsoft (the adversary) has the DRM private keys. Even some hypothetical DRM system which is effective in oppressing the user wouldn't prevent Microsoft from purloining the user's data whenever they want because they're the ones who make the DRM.
This is similar to HTTPS certificate chain of trust. The root signing authority needs to be trusted, but once you break that trust there's no going back. It is a self-regulating system.
This is a bit different to encrypted video where it is actually being encrypted off device.
Plus, what is Netflix even going to do? Stop supporting streaming on Microsoft platforms and then lose a bunch of subscribers for no benefit to themselves?
Also, the issue is that somebody is going to copy a ~30 fps video using screenshots without audio taken at an interval of ~0.2 fps? Nobody is going to do it that way.
The promise of DRMed content at the moment is that (technically) no one is able to do so as there are no backdoors into it, for nobody.
What happens outside of that path, before it's decrypted or after it's displayed, is beyond what DRM is meant to control.
And even that is assuming there is no way to remove the watermark, which there always is because multiple copies of the same video can't each be uniquely identifying without revealing what's different about them.
Meanwhile the inconvenience to paying customers is real when their stuff doesn't work, and every customer who pirates your stuff because the paid offering doesn't work for them is an actual lost sale.
It really does seem like the DRM vendors are taking them for a ride.
Let's be clear here. That's a fine point in the generic sense, but in the Signal situation there are no private keys and it's not really DRM.
Suppose a third party app wants to make screen captures. Windows prevents it, because otherwise it could do the same thing to Netflix and capture the video. The thing preventing the app from bypassing that constraint is DRM.
Whereas suppose Microsoft wants to distribute an update to the video rendering code in Windows. It will have access to the data on the screen because it's the thing converting it into pixels, so Microsoft signs the new code with their private keys and distributes it to your PC and it gets access to what's on your screen. Which they could also do with code designed to exfiltrate it.
Also if Microsoft wanted to bypass it they could just ignore the function call, they wouldn't have to do any clever workarounds.
Simpler software could satisfy web users.
Could reduce potential for surveillance and annoying distractions. Easier to audit and control.
IRC for chatting, ICQ for instant messaging (which didn't work because my ISP at that time used a strange firewall / proxy setup and IRQ wasn't able to get through), newsgroups as a kind of discussion board, picture viewers for all kind of image formats (like wise video players), real player (Buffering...:D) for streaming....and most importantly web browser(s) when you want to grab information from all around the world (but dang having only a 33.6kbit modem, was really a test of patience sometimes).
Oh! I forgot! WinAmp which can whip the llama's...yeah you surely know what it does whip! ;)
But broadly yeah, same
To get the content from a different source in a more user-friendly format, right?
(For the browser part of the DRM setup, I use Chrome/Chromium, the violate-me-all-the-ways browser. For all other browser purposes, I use both Firefox, the violate-me-fewer-ways browser, and Tor Browser, the draw-fire-of-state-actors-but-thwart-techbro-actors browser.)
https://news.ycombinator.com/item?id=44294402
So they use Firefox 99% of the time and then if they encounter the rare thing that requires DRM they treat it like toxic waste that has to run in an isolated sandbox, which doesn't need to be the same browser they use for anything else.
The only other sensible option is to get out the reversing toolkit and break the DRM.
1: https://www.waterfox.net
>or a new opensource browser
Brave browser fulfills that role.
https://brave.com/compare/firefox-vs-brave/
No uBlock is a deal breaker. Chromium is stuck with the neutered uBlock Lite thanks to Manifest V3.
> Brave browser fulfills that role
Sure, and it's also funded by VC money. How long until the vultures start swooping in to get a return on their investiment?
Why? If a browser is able to performantly and accurately block ads, why should the exact extention matter.
>and it's also funded by VC money
Which allowed them to properly invest into building out the browser and search engine.
>return on their investiment?
Controlling the home page / search of a web browser is extremely valuable.