After 4 months of waiting, that is the response I got from Widevine, Google’s DRM for web browsers. For the last 2 years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome, won’t allow DRM in an open source project.
The web sure seems to be healthy
Frankly it’s just another chrome browser… so not that interesting.
cb88,
That’s not the point though. Every open source browser is affected, and it points to the fact that the web is being partitioned.
Fork the code. Problem Solved.
xeoron,
You couldn’t even be bothered reading the summary?
I coul not agree more.
You live in a land of illusion of you think it has every been any other way in the last 15 years…
This is no surprise, after all locking down platforms is exactly what DRM is designed to do. Open source and DRM don’t mix. Unfortunately, no-name indy developers don’t have the connections or market influence to come to the table and expect DRM vendors like google/widevine to give a crap. If there were money at stake it might be a different story, but let’s be honest, google & widevine aren’t going to loose any money or sleep by denying DRM playback rights to independent software devs – in fact they’ll probably make more.
Surely a lot of money has been spent on widevine DRM obfuscation, it would be entirely counter-productive to give those secrets away to an open source project, it goes against DRM’s reason for existing. Many of us feel that the world would be better off without DRM technology, but it’s one of those things we live with because we don’t have much say. Mozilla protested DRM, but ultimately it couldn’t afford to be left out, so they gave in.
Technically speaking, software based DRM cannot be cryptographically secure because normal users explicitly need the key to playback the content. You can’t block hackers from doing the same things to get the decryption key, the decryption key is necessarily in the hands of hackers. As such, DRM is more an exercise in code/data obfuscation: let’s see how many layers of crap and spaghetti code we can pile into the DRM to make it frustrating to reverse engineer while not making it perform too poorly for end users.
Google’s widevine has already been cracked, I don’t know if it’s been patched, but it will be cracked again…
https://www.pcmag.com/news/365713/report-googles-widevine-l3-drm-cracked
Indy projects like this open source browser could probably get in touch with the same hackers to extract a working decryption key from the chrome browser, but they’d probably feel the wrath of google in court if they did it and google were tipped off about it.
Ehh, because of issues with cinema DRM (~”we’re sorry, the key expired yesterday midnight”) I didn’t watch “Alita Battle Angel” last week and, possibly (reason wasn’t clearly stated, but because the same employee was involved it was possibly the same), “Captain Marvel” today (at least this one will still show for a week+; but I wouldn’t cry for it as much as for “Alita”, which ended showing the day I tried to watch it… )
Clearly in case of Brave this is much more worse problem.
They are after all a competitor of sorts and they are gaining ground.
This actually is in the realm of anti-competitive behavior which might get you fined by the EU (and in theory in the US).
Google embraced the open web. They’re now extending it, in proprietary ways and locking out competitors.
Anyone remember what the next step was again?
New (quicker ?) TCP or HTTP protocol ?
Have you heard of SPDY?
Yeah, but I used HTTP/2 instead.
Embrace, extend, extinguish. Google isn’t even creative, copying failed strategies of former top dogs.
DonFromWyoming,
I wouldn’t call it copying. It is a historical tendency for people/companies who have made it to the top to pull the ladder up behind them.
DonFromWyoming,
I’d agree with kwan_e, it’s not copying so much as enjoying the perks of being a monopoly.
I don’t think it’s a failed strategy either. It worked for microsoft until antitrust & DOJ got in the way.
So for google it all depends on how much they’re going to be held accountable to antitrust. Politics in washington are extremely pro-big-business these days, so today’s giants are unlikely to be sued over the harm they cause smaller competitors in this jurisdiction. However in many ways the EU is stepping up where the US has backed down, which could have an impact in how they conduct business across the global.
https://www.cnn.com/2019/03/20/tech/google-eu-antitrust/index.html
https://www.bloomberg.com/news/articles/2019-03-20/after-google-eu-s-antitrust-sights-may-turn-to-amazon-and-apple
Google playing monopoly again aside, it would have been smarter to ask permission from Google earlier than 1 year and 8 months.
I would like to point out the Chrome is, in fact, not open source (as the article linked implies). Even Chromium utilizes several blackbox binaries, without which it cannot do HTML5 video at all (and apparently a few other things).
I guess it boils down to “can Chromium display DRM content”, and if the answer is “yes”, (being as Chromium is OSS), why can’t the project use the same technique, including the same black box libraries that Chromium might be using.
If the answer is NO, then that’s a different issue entirely.
It can only show DRM using closed source components. It’s like how you can run Mac apps on the open source Mac OS. It just takes components that aren’t open source, even if the core is.
Some licenses don’t allow mixing with black-box proprietary code.
A reliance on black-box proprietary code means your project is less portable
A reliance on black-box proprietary code introduces bugs that are nearly impossible to resolve and can be quite difficult to diagnose.
If Google wants to promote a new web standard, which it seems to be doing with Wildvine, then that standard has to be implemented/implementable with open source code.
Unfortunately, Google can leverage its near-monopoly in the browser space now to push things like this.
There are no serious browsers under such a license (Firefox and Chromium are under more permissive licenses, no other open source browsers even have this capability). Any browser which claims to be GPL and can still play DRM content is either a GPL’ed frontend for WebKit, or is relying on communication with proprietary code. There are also no open source implementations of modern web DRM, that’s why Mozilla has to have a special plugin sandbox for Adobe code, and Google has to ship blackbox binaries.
This was a big deal back in 2014, but apparently no one cares anymore?
Obviously there currently cannot be, partly because the author/owner of the dominant browser, which has massive sway over the market (specifically in the web DRM space in this case), is actively working against it.
In a related issue, Amazon now blocks webbrowsers without DRM from MP3 downloads at music.amazon.com: https://blogbyjoshcogliati.blogspot.com/2019/03/amazon-now-requires-drm-to-download.html I have not seen this reported in any mainstream media.
Let Chrome download the binary blob, move it to your application, and it works.