The W3C, DRM, and future of the open web

JM Porup's long, thoughtful article on the W3C's entry into the DRM standardization game gives a sense of the different forces that are pushing one of the open web's staunchest allies into a disastrous compromise: the competition that siloed apps present to open-web browsers, the debts of the W3C, the relentless pressure from the entertainment industry to redesign browsers to do a corporation's bidding, rather than the user's. Read the rest

The World Wide Web Consortium wants to give companies a veto over warnings about browser defects

Since 2013, when the W3C decided to standardize DRM for web videos, activists, security researchers and disabled rights advocates have been asking the organization what it plans on doing about the laws that make it illegal to bypass DRM, even to add features to help blind people, or to improve on browsers, or just to point out the defects in browsers that put billions of web users at risk. Read the rest

This dump of Iphone-cracking tools shows how keeping software defects secret makes everyone less secure

Last month, a hacker took 900GB of data from Cellebrite, an Israeli cyber-arms dealer that was revealed to be selling surveillance and hacking tools to Russia, the UAE, and Turkey. Read the rest

Google quietly makes "optional" web DRM mandatory in Chrome

The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Read the rest

PWC threatens to sue security firm for disclosing embarrassing, dangerous defects in its software

ESNC, a German security research firm, discovered a critical flaw in PWC's enterprise software, which would allow attackers to hack into PWC customers' systems; when ESNC gave PWC notice of its intent to publish an advisory in 90 days, PWC promptly threatened to sue them if they did. Read the rest

W3C at a crossroads: technology standards setter or legal arms-dealer?

The World Wide Web Consortium (W3C) is an amazing, long-running open standards body that has been largely responsible for the web's growth and vibrancy, creating open standards that lets anyone make web technology and become part of the internet ecosystem. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM

The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

Podcast: How we'll kill all the DRM in the world, forever

I'm keynoting the O'Reilly Security Conference in New York in Oct/Nov, so I stopped by the O'Reilly Security Podcast (MP3) to explain EFF's Apollo 1201 project, which aims to kill all the DRM in the world within a decade. Read the rest

Australian media accessibility group raises red flag about DRM in web standards

Media Access Australia is the only Australian nonprofit that advocates for making media accessible to people with disabilities -- and they're also a member of the World Wide Web Consortium (W3C), an open standards body that disappointed its supporters when it bowed to the big entertainment and browser companies and agreed to make a DRM system for online video. Read the rest

As browsers decline in relevance, they're becoming DRM timebombs

My op-ed in today's issue of The Tech, MIT's leading newspaper, describes how browser vendors and the W3C, a standards body that's housed at MIT, are collaborating to make DRM part of the core standards for future browsers, and how their unwillingness to take even the most minimal steps to protect academics and innovators from the DMCA will put the MIT community in the crosshairs of corporate lawyers and government prosecutors. Read the rest

I'm profiled in the Globe and Mail Report on Business magazine

The monthly Report on Business magazine in the Canadian national paper The Globe and Mail profiled my work on DRM reform, as well as my science fiction writing and my work on Boing Boing. Read the rest

Google's version of the W3C's video DRM has been cracked

Since 2013, the World Wide Web Consortium (W3C) has been working with the major browser companies, Netflix, the MPAA, and a few other stakeholders to standardize "Encrypted Media Extensions" (EME), which attempts to control web users' behavior by adding code to browsers that refuses to obey user instructions where they conflict with the instructions sent by video services. Read the rest

Video: Guarding the Decentralized Web from its founders' human frailty

Earlier this month, I gave the afternoon keynote at the Internet Archive's Decentralized Web Summit, speaking about how the people who are building a new kind of decentralized web can guard against their own future moments of weakness and prevent themselves from rationalizing away the kinds of compromises that led to the centralization of today's web. Read the rest

W3C DRM working group chairman vetoes work on protecting security researchers and competition

For a year or so, I've been working with the EFF to get the World Wide Web Consortium to take steps to protect security researchers and new market-entrants who run up against the DRM standard they're incorporating into HTML5, the next version of the key web standard. Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

Save Firefox: The W3C's plan for worldwide DRM would have killed Mozilla before it could start

The World Wide Web Consortium has been co-opted into standardizing a DRM scheme for letting entertainment companies control your browser; what's more, they've rejected even basic safeguards for competition, changing the browser landscape in a way that threatens the kind of disruptive innovation that gave us the Mozilla project and the Firefox browser. Read the rest

Save iTunes: how the W3C's argument for web-wide DRM would have killed iTunes

The World Wide Web Consortium's plan to standardize web-wide digital rights management is based on the idea that if an entertainment company doesn't like a new technology, it should have the right to prevent that technology from coming into being. Read the rest

More posts