Google have agreed, for a yet-announced sum, to acquire Widevine, a DRM technology provider used widely in web-streaming and set-top solutions like netflix, LOVEFiLM and the DISH network. via Engadget
The Google blog, whilst trying to veil motivations, is still very clear. “With rapidly improving broadband and wireless speeds, more powerful smartphones, and higher resolution screens on devices of all shapes and sizes, it’s becoming easier than ever to watch video wherever you want, whenever you want. […] Content creators and distributors are making huge strides in bringing us content in this way, but to do so, many require high-quality video and audio, secure delivery, and other content protection and video optimization technologies. With these tools in place they can easily and effectively give you access to the rich library of content you want to watch, with the immediacy you’ve come to expect.”
DRM. The name Google dares not speak. Truth is that big content still reigns supreme and that includes current HDTV transmission, delivered over digital pipes, but separate from the Internet. Google are successful because they are largely technology agnostic; it matters not if you use iOS or Android, you still Google.
Google are attempting to break into the TV market with their Google TV product, delivered through parternships with Logitech and Sony. Google TV merges television and the Internet, but no sooner had Google TV launched big content baulked at the scary, new idea of an Internet TV. Hulu, ABC, NBC, CBS and more started blocking Google TV from viewing their video streams, stating that viewing the TV on your computer is not the same as using a PC, even if said PC is plugged into a TV. They want to be charge for the distinction. No, somehow, Google TV is not a PC. A PC with an Intel chip, running Linux, using a wireless keyboard is not a PC. This is how brain-dead big content is, and this is not going to go away any time soon.
Enter DRM, the comfort-blanket of the old bastions. Big content will not allow video to go transmitted without DRM and even all the hype around HTML5 video will not change this. The HTML5 spec does not specify a video codec that must be used, leaving this down to vendors. Now, Google paid $120M for On2 in order to open source the VP8 codec and put it to use in one of the largest video sites on the web: YouTube. Whilst WebM support is available on many videos, it is not present on videos that have adverts, or on paid content.
My prediction is this: Google will implement a DRM layer in the Chrome browser, Chrome OS, and Andriod. This will likely not be open source, but will not affect the open source availability of these projects since the binary that Google ships is never the same as the direct source builds which lack official branding. Open Source, but not open in nature. Because updates to Chrome and Chrome OS are silent and done every 24 hours, market penetration should be near instant to Google’s rapidly growing user base. Chrome browser is making massive in-roads, almost mirroring the early rise of Firefox. I can quite easily see a day when it overtakes Firefox, especially with much, much greater embedded availability (TV, Android, Chrome OS etc.)
With DRM built in Google can easily court big content, get rid of these pesky content-blocks (that amount to nothing more than user-agent sniffing) and thus provide Internet-integrated content that their competitors like Firefox cannot.
This is not to say this is an entirely bad thing. DRM or not, Google can help coax big content providers to see the Internet as one all-encompassing thing, instead of individual devices that must all be licenced separately. For the majority this will mean they can view the content they want, anywhere they want and that simply won’t ever happen without the content producer’s hand being forced. IMO, it’s up to open source to provide something better and more compelling if it doesn’t want to be left out.
Does this mean that we might finally see stuff like Netflix ‘Play Instantly’ on Linux? It’d be about time. I looks like flying monkeys might overtake Manhattan before Microsoft releases a Linux Silverlight port. Moonlight is a lost cause with that regard. I’ll be watching this!
Android and Chrome OS are Linux, and I expect a number of set-top boxes are Linux under the hood too. It’s really up to Google how easily they want to enable this DRM outside of official circles. Even if it’s a binary blog, as long as it has the relevant interfaces, I’m sure a hacker could whip up a wrapper. On the other hand, Google are making Chrome browser for Linux, so it would be odd for that to exclude the same featureset as the Windows / Mac version.
Yes, many set-top boxes are Linux based, also many HD-TVs which will get Webapps and what not buildin (for example look at the Boxee Box also Linux based). Also the WebOS-based phones from Palm. Also, most use WebKit ‘browser’-engine. Many different versions and capabilities, but all the same basic engine nonetheless.
Concerning this step by Google I’m not sure if this is a good or bad thing, I guess we’ll have to see.
The question is, if Google will provide this DRM-blob for many platforms and browsers or even open source it like WebM.
Currently some are Silverlight and others are flash or some specific plugin (rare ?) and if we can get rid of that with just a normal video-tag. That would be really cool. But how something like that would received by Mozilla I don’t know.
I wonder what Netflix will eventually do, if they’ve already build everything else in HTML5:
http://techblog.netflix.com/2010/12/why-we-choose-html5-for-user.ht…
http://blog.us.playstation.com/2010/10/14/netflixps3/
My guess is, they will start with content for Google TV and start from their.
I should add, Webkit should not become the new IE-only-like-world.
That’s like POSIX vs. Linux:
POSIX was single standard, multiple implementations. That model was dropped by most UNIX vendors (ie. POSIX implementers) when they moved to Linux: The implementation is the standard.
HTML vs. webkit is the same: Do you want a single (multivendor) standard, or a single (multivendor) implementation?
I think it was amazing if webkit was the only engine, especially since there are multiple vendors using it.
Yes, this strikes me as the logical conclusion made from this aquisition. However I seriously doubt the would open source this DRM mechanism since DRM by it’s very nature depends on obcsurity, likely it will be as you said, a binary blob that’s available on all major platforms. Still, they would be able to offer DRM together with WebM across all platforms which would allow commercial content providers the possibility to switch to WEBM/vp8 from flash/h264 if they so wish and avoid the licencing costs for h264.
I agree with the rest of your comment but this part is not entirely accurate.
While it is of course true that current DRM schemes deploy obscurity as one of their “technologies”, this is not an inherent necessity.
DRM is an umbrella of different goals and depending which goals one wants to achieve, obscurity might or might not be necessary.
One of the usual goals is to distribute content in a way that ensures that the designated recipient is the only one getting it.
This part has been solved for decades, no obscurity required, as a technique called cryptography. It allows two sides of a content exchange to authenticate each other and transfer any communication in a way that it cannot be (withing reasonable time) interpreted by any third party.
This goal is usually the one brought forward when DRM is sold as feature or requirement, however none (to my knowledge) of currently existing DRM schemes implements this correctly enought to count as secure so they need the extra layer of obscurity to at least reach an acceptable level of security.
Just like with any other form of crypthography, a fully open specification and implementation is achievable, unless one of the other goals of DRM prohibits that.
The most common goal prohibiting an open specification and/or implementation is control of participation.
Meaning that the entities involved with a certain DRM scheme do not want anyone else to be able to provide any part of the delivery chain.
This ensures that content distribution is either controlled by a few or “unprotected”.
That is by far the most major concern of traditional content providers (high threshold entry for new competitors) and also the reason why DRM is almost exclusively discussed in terms of “piracy” or similar, e.g. focusing on the consumer side.
True, but that is not the case here, since the binary blob will hold the decryption key(s), and it will be obscured so that the recipicent can only access the media through said binary blob.
If they were to open source the DRM you would see the decryption key(s) (or more likely the mechanism to generate them from incoming data) and then the providers would not be able to control the access to the media since any programmer could write a program to decrypt the data.
Unlike the case you described DRM is not really there to stop anyone from sniffing out data between A and B, it’s there to make sure that B can only access the data from A at A’s leisure.
Yes, I know. I probably wasn’t clear enough on that, sorry.
What I was trying to say is that securing data flow is a well understood concept and does not require the algorithms or implementations to be unknown to any third party.
The security lies in the knowledge of the key shared between the two involved communication partners.
By embedding the key into the implementation they artificially force it to become unsharable.
Which, as I tried to point out, is the whole purpose of the idea of DRM. Protecting the content, which is usually what they claim to be after, can be done with open specification and implementation as proven by decades of research and praktical use.
There is no harm in third parties being able to implement decryption because, as we have established, the confidentiality of the data is provided by the key.
Secure Key exchange is also a well established concept in computer based crypthography, I am not suggesting they put up all their keys for download.
Whether or not a service provider accepts a key or exchanges a key with any given recipient at any given time is orthogonal to the use of the key as long as it is cleared for access.
Yes and no.
What I attempted to point out is that in contrast to the usual explainations why somebody deploys DRM and what they are actually after.
The given reason is usually something like “making sure the content is only consumed according to given licence”, while it is actually “making sure nobody but themselved can participate in the delivery chain”.
The latter requires to keep internal knowledge secret, the former only requires to establish the eligibility of the recipient for the given time period.
And widely deployed cryptography uses that every single day, without requiring security by obscurity.
To sum that up:
– DRM for the stated reasons of content owners can be done without obscurity
– the fact that this is not done and quite often dismissed as impossible clearly shows that some unstated reason is at stake (it could be a different one than the one I mentioned above, though)
Although WebM is open source from Google, it is distributed under a BSD-style license. Unlike the GPL license, one is not required to provide source code for derived works.
Therefore, DRM-encumbered closed-source versions of WebM are possible.
Indeed, when WebM was announced, Adobe promised a version of their Flash player that could handle either H.264 or WebM. Such a version of Flash could indeed handle DRM-encumbered Flash/WebM.
So, apart from the current choices of HTML5/WebM or Flash/h264, there are also choices of HTML5/h264 (Apple’s solution for having no Flash on iDevices), HTML5/WebM with DRM, or Flash/WebM with or without DRM.
The latter choices are possible, but are not yet available.
My first post was going to be “so, does this mean they’ll make it easy for Netflix to accept a *nix native client?”
I see that idea has already been considered.
Specific to Netflix; the choice to lack *nix support remains theirs. Tivo is a Linux based box as is the Wii (I think) and the PS3 is definitely a Linux based underside; all have Netflix players readily available.
It’s never been a technological problem. They had DRM’d netflix stuff on *nix devices long ago. It’s simply a political choice not to make a native player for the unblessed non-embedded distributions.
Now, my understanding is that Netflix uses Silverlight DRM and front end coding. They’ve had a ton of developers offering to help implement the DRM within Moonlight for general use across distributions. Either netflix continues to ignore that there are any paying customers not using Windows or Microsoft has blessed the DRM on specific embedded *nix builds but won’t allow it for general consumption. I’ll let the conspiracy folk decide which.
If the DRM netflix is using is what Google just purchased then it would be very interesting indeed if they relicensed it. Heck, it could become one of the most effective DRM frameworks if the security nerds are allowed to dig into it and submit improvements.
No need for conspiracy theories for that one:
http://www.mono-project.com/Moonlight/SecurityStatus#Digital_Rights…
Microsoft will not licence PlayReady related IP to anyone working on a PC like environment, thus making their own Silverlight the only PC (including Mac AFAIK) recipient for PlayReady content.
Now, we could come up with some conspiracy theories why they decided to do that. Not that we would need any guessing.
The playstation CAN run Linux, but I don’t think it does with the ‘default install’. The Wii isn’t either as far as I know.
I have a similar theory. I think Google might make a plugin for their DRM technology and bundle it with Chrome and start using it on their Youtube Store and TV Shows. In order to reduce their dependence on Flash for the same thing.
So when they inevitably roll out their HTML5 version of Youtube they wouldn’t be without all the licensed content they’ve been providing.
But it could just be that Widevine has a relationship with Big Content and Google wants in on that. (So they won’t be blocked by them)
Edited 2010-12-05 23:31 UTC
I used to make a big deal about DRM, but honestly, I stopped caring quite a while ago.
I decided to just boycott all non-easily circumventable DRM (e.g. all but DVDs). And I found that I didn’t miss anything. 90% of big content is junk, and the rest is still really just not worth the time.
Maybe some people are different, but if I have half an hour of free time, there are plenty of things that I can do that I will enjoy a heck of a lot more than watching a TV show. For example: ride a bike, read a book, study a foreign language, go for a run, talk to people, write a poem, sleep
, or play a game. I found that I am not bored or unhappy nearly as much as I was before.
I guess this might seem to be a bit of an overreaction to something as simple as one company buying another, but I just think that people in general spend way too much time passively absorbing popular entertainment, and not enough time doing the things that actually make them happy. It’s not like watching TV shows is something that we have to do, like work or school.
I agree with you wholeheartedly — except House, that’s thoughtful entertainment.
That’s is the problem: even you practice a balanced, healthful, enlightening lifestyle, TV is such a ubiquitous medium you’re missing out on something good. If there’s another show like Cosmos, I’d like my (hypothetical) kids to see it and then go to school and talk about it with their friends.
I really HAVE TO watch “The Walking Dead”, even though the season is all over…
Imagine “secure delivery” in the form of traditional mail services. It would probably be something like, you get the envelope out of the mailbox and take it inside. Then when you open it, it blows up in your face. Boom! Secure delivery! Now you are dead and the information is destroyed–so no one knows any top-secret information.
Seriously… f*** DRM. Google loses even more respect in my eyes for this, but I really kind of seen it coming. It’s quickly getting to the point that I want a different search engine, but the other major alternative is Microso–er, Bing. I have yet to hear of one as good as Google/Bing and when I do, it will only be a matter of time before their interests start conflicting with mine, then yet another engine will be needed. An annoying cycle.
DRM itself is not good or evil; it just is. The problem is how many choose to implement a DRM framework.
I wouldn’t call Google evil for buying a DRM framework. Let’s wait and see what they do with it. Maybe what they do will actually gain you some respect for them similar to releasing WebM relicensed.
Of course, if they do use the new purchase to limit end user rights then I’m right with you and the pitchforks.
“if they do use the new purchase to limit end user rights then I’m right with you and the pitchforks.”
I’ve not known a DRM scheme that opens rights that weren’t there before by default. Isn’t the purpose of DRM to limit end user rights? What else will Google do with DRM, _other_ than limit rights? It boils down to how rude they are going to be about implementing it. They could shun desktop Linux and cause a ruckus, or embrace it and please Linux users by making Netflix and the like available.
If Google relicensed the source, we may end up with a well designed DRM scheme not limited to a particular OS. As much as I hate the purpose of DRM, I’m more restricted by not having the framework in place to access content. Maybe this could grow to be a competitor the big content recognizes; those “digital copies” that all the BR/DVD bundles now include would be great accept for the current DRM not supporting my OS.
DRM limiting what I can do within fair-use sucks. Lack of support for DRM limiting any use sucks more.
Yes it does.
True again, but I’ll take a file without DRM or no file at all over a file scrambled with it. That includes illegal versions over DRMed garbage.
I honestly don’t care if there is some “open”, cross-platform DRM solution… I still won’t touch it with a ten foot pole. Besides, that would probably be unlikely if not impossible, because if it’s open it could probably be defeated easily. Not that it’s not already, you know, easy enough for someone who wants to strip or bypass DRM to accomplish this task with all the closed options that exist today…
You suggest that the only outcome of open source DRM would be “defeated easily”? DRM is an end user hostile implementation of encryption. Encryption is not considered strong without transparency and peer review; “should be secure with everything known except the key” or “the enemy knows the system” for a shortened re-wording.
Given how FOSS has tackled past encryption (SSH, Truecrypt..), there is potential to deliver a well designed cross platform DRM framework which does not rely on obscurity of the mechanism.
The decryption step is not necessarily the problem. In order to actually see the video on a client system, at some point there must be an un-encrypted version of the data stream present on the end user’s system. This is the output of decryption, if you will.
If that point of a plaintext data stream is within the control of a binary blob, then the end user might still be prohibited from snooping and saving a copy of it. This probably requires co-operation of the OS.
If the plaintext stream is only present on the video card itself, it might feasibly be kept from access by the end user, but this would probably require a closed-source driver for the video card.
Linux distributions are beginning to ship with open source video card drivers.
It would presumably be possible to write an open source decryption algorithm for DRM video, but such an effort would necessarily result in the plaintext video data stream being visible at some point to the open source code. The content owners don’t want that to happen.
When the content owners mention “Digital Rights Management”, after all, they actually mean that their rights are protected, and that your rights as the end user are “managed” (read restricted). As someone else said, DRM is an end-user-hostile implementation of encryption.
FOSS software, OTOH, is all about protecting your rights as the end user / machine owner.
There is a fundamental disconnect here.
Edited 2010-12-07 05:10 UTC
My comment was in reply to this particular thought from UBZ:
”
Besides, that would probably be unlikely if not impossible, because if it’s open it could probably be defeated easily. Not that it’s not already, you know, easy enough for someone who wants to strip or bypass DRM to accomplish this task with all the closed options that exist today…
”
Suggesting that because the mechanism (source coded method) is “open”, it must therefore be defeated easily. My thought is that because the DRM mechanism would be open source, it would stand a chance to mature into a very solid DRM framework.
With your point I agree though because it addresses the inherent weakness of all DRM; it runs on the user’s system and at some point must present cleartext.
Music; stereo out to stereo line in; done.
Video; tap the video cable if pre-hdmi; done.
DVD; wrap the viewer display in a sniffer; done.
In the same way, I don’t think a closed source video driver would be required; again, it’s about a mechanism that remains secure even though the source is readily available. If the system relies on obscurity like a closed binary blob then it may as well be a ROT13 module.
I do get the political angle. FOSS is about enabling the end user. When I have to reboot to Windows or leave my machine to fetch the Apple; I’m not feeling very enabled. When I can get the video file on one of those “blessed” platforms but still can’t copy it to my NAS to feed the TV; I’m not feeling very enabled. When Netflix can’t support a client for general purpose *nix because Microsoft refuses to license it’s DRM to the “unblessed”.. I’m not feeling very enabled.
I’m also very curious to see what kind of DRM framework comes out of FOSS and Cryptography development values. It’s the security nerd in me; OpenSSH is pretty solid because of the development method.
Doesn’t the Linux kernel use DRM for code signing? That kind of demonstrates that it’s about how it’s used more than being evil in and of itself.
(And me suggesting the use of DRM let along improved and effective DRM.. now that’s just all kinds of world turned up side down. Maybe it’s having kids not yet old enough for the “content creation rights” talk.)
No, DRM has nothing to do with generating hashes for validating that something hasn’t been tampered with. DRM (Digital Rights Management) is about restricting what the end user does with something. It’s entirely up to me if I want to verify that the kernel binary I’ve downloaded is genuine, there’s nothing stopping me from installing another non-signed kernel. DRM on the other hand exists to prevent the user to do something the provider doesn’t allow.
If we look at content delivery through DRM, which is the case here within this article, the DRM is there to prevent the streamed/fully downloaded content to be accessed through any other means than allowed by the providers. In order to ensure this the media must be encrypted (whether as a complete file on the harddrive or as buffered data while streaming) and only decrypted partially through a DRM module of sorts so as to be viewable by the recipient.
Therefore DRM relies on obscurity, should the DRM module be open sourced it would be trivial to understand the mechanism in which the decryption keys are recieved/generated/hidden and thus it would be trivial to decrypt the data entirely for any use.
SSH which you mentioned is also not DRM, it’s about protecting data when it’s traveling between A and B, both A and B are allowed to fully access the data.
DRM is DRM. I view it a firmly in the “evil” territory. Yeah, some things are neither good or evil, but sorry–DRM is NOT one of those things. It is practically never used for “good” reasons (from the perspective of the user, the recipient of audio/video/document in question). Only for corporate greed and control by mega entertainment corporations (which already have too much control to begin with).
Also, it’s not just the DRM thing that is pissing me off. It’s also their love of collecting data, which can be used for tracking Google search users. And the fact that Google themselves have stated that they would have no qualms about giving such data to, say, the government if they asked for it. By now it’s obvious who Google is trying to please…. advertisers, media companies, themselves (obviously), governments, etc. Everyone but their general users.
Not to mention that it’s just dumb; yeah, give the user the key to unlock the file, but forbid them from finding the key or unlocking it without *THEIR* direct permission and on the devices and operating systems that THEY say you can. Oh, after being forced to use *THEIR software to watch/listen/view the file. That is not neutral; it is evil. Plain and simple.
Why do people hate DRM so much? The originators of the material have a RIGHT to control how their content is distributed. The only genuine reason to complain is because it makes it harder to steal content, hardly a valid reason to be angry. Instead of complaining, people ought to work closer to ensure DRM is available on all platforms as currently most Linux distros don’t ship anything for accessing this material legally.
That being said, I don’t think DRM should require any license in and of itself. It should only be used to ensure people have paid fair price for other material. That way, open source projects could still empower their users to not be left behind in content.
How it is distributed, sure. But they have no right to control how I use that content once it is distributed to me. I am perfectly within my Fair Use rights to make a backup copy, transcode it to play on my portable device, burn it to a DVD to watch on the TV, etc.
Where DRM fails is that all the vendors try to control how I use the content once I have it in my possession. And by making it illegal for me to exercise my Fair Use rights (via the DMCA).
No, DRM makes it harder for legitimate customers to do legitimate things with their legitimately purchased content.
Buy a Disney movie on DVD but want to rip it to your media server so that you can watch it on any PC/HTPC/TV in your house? Sorry, their DRM won’t let you. Want to make a backup copy so that your 6-year old doesn’t scratch up the original? Sorry, that’s illegal under the DMCA. Want to do anything with your legally purchased copy? Too bad, not allowed.
It’s now easier to do a Google search, download a torrent, and use that, then to use the legally purchased DVD/Blu-Ray. And when that happens, DRM has lost all meaning or purpose.
I go and buy a BluRay disc…. I don’t run Windows… I can’t play a disc I just purchased. FAIL. So I’ll steal the ripped content. The content creators created this retarded situation. Oh well. Fuck them.
BTW, I might consider DRM if it was completely open source otherwise its not coming anywhere near my system.