W3C DRM working group chairman vetoes work on protecting security researchers and competition

drm-og-1

For a year or so, I've been working with the EFF to get the World Wide Web Consortium to take steps to protect security researchers and new market-entrants who run up against the DRM standard they're incorporating into HTML5, the next version of the key web standard. Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

drm-og-1

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

Security researchers: help EFF keep the Web safe for browser research!

fight_for_the_user_by_nostrildarmus-d385u9h

With the Electronic Frontier Foundation, I've been lobbying the World Wide Web Consortium (W3C), which sets the open standards that the Web runs on, to take measures to protect security researchers (and the users they help) from their own bad decision to standarize Digital Rights Management as part of HTML5. Read the rest

Open Source Initiative says standards aren't open unless they protect security researchers and interoperability

osi_standard_logo.png

The Open Source Initiative, a nonprofit that certifies open source licenses, has made an important policy statement about open standards. Read the rest

Will the W3C strike a bargain to save the Web from DRM?

256px-HAL9000.svg

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

IETF approves HTTP error code 451 for Internet censorship

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x910

The 451 HTTP error code, first proposed in 2012 as a tribute to Ray Bradbury's classic novel is now an IETF standard and is the preferred error message for a server to send to a browser when content is blocked for legal reasons. Read the rest

SRSLY, they want to put DRM in JPEGs

jpegdrm

The Joint Photographic Expert Group, which oversees the JPEG format, met in Brussels today to discuss adding DRM to its format, so that there would be images that would be able to force your computer to stop you from uploading pictures to Pintrest or social media. Read the rest

Smart Grid consortium rolled its own crypto, which is always, always a bad idea

When you make up your own crypto, it's only secure against people stupider than you, and there are lots of people smarter than the designers of the Open Smart Grid Protocol, who rolled their own (terrible) crypto rather than availing themselves of the numerous, excellent, free public cryptographic protocols. Read the rest

Youtube ditches Flash, but it hardly matters

A year ago, the news that the world's biggest video site was abandoning proprietary software would have been incredible, but thanks to the World Wide Web Consortium's Netflix-driven DRM work, this changes very little. Read the rest

New emoji for Unicode 8, including "TACO"

The Unicode Consortium is finalizing its plans for version 8, and 37 new emoji are among the candidates for the final release, including "ZIPPER-MOUTH FACE," "MONEY-MOUTH FACE," "SIGN OF THE HORNS" and "TACO". Read the rest

W3C hosting a "Web We Want Magna Carta" drafting session at Internet Governance Forum

The Web I want doesn't have DRM in its standards, because the Web I want doesn't believe it's legitimate to design computers so that strangers over a network can give your computer orders that you aren't allowed to know about or override. Read the rest

IETF declares war on surveillance

The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: "Pervasive Monitoring Is an Attack." It represents the outcome of a long argument about whether the Internet's technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it's legitimate to monitor communications, like prisons: "We don't want an In­ter­net optimized for prisons." Read the rest

ANSI starts to publish standards that have been made into law, in insanely crappy form

Rogue archivist Carl Malamud has been fighting to publish the building and safety codes that have been incorporated into the law, but which you have to pay to see. He's published thousands and thousands of pages' worth of safety codes, and is being sued by some of the standards bodies. Now, he writes: "An announcement from Joe Bhatia, the leader of the American National Standards Institute, says 'A standard that has been incorporated by reference does have the force of law, and it should be available.'" Read the rest

W3C's DRM for HTML5 sets the stage for jailing programmers, gets nothing in return

An excellent editorial by Simon St. Laurent on O'Reilly Programming asks what the open Web has gained from the World Wide Web Consortium's terrible decision to add DRM to Web-standards. As St Laurent points out, the decision means that programmers are now under threat of fines or imprisonment for making and improving Web-browsers in ways that displease Hollywood -- and in return, the W3C has extracted exactly zero promises of a better Web for users or programmers. Read the rest

Public.resource.org explains to the Mississippi Attorney General's Office that a law is only a law if it's published

Rogue archivist Carl Malamud is publishing the world's safety codes. Some governments disapprove. He writes, "Upon receipt of a Certified Letter of Takedown from the Special Assistant Attorney General of Mississippi, Public.Resource.Org prepared a 67-page response, enclosed a Trodart Professional-Grade Self-Inking Rubber Stamp inscribed with a revolutionary saying ('If it isn't public, it isn't a law.'), packed it all up with a Mississippi flag made of crinkle-pak, and dispatched the parcel back to the sender. " Read the rest

Firefox bug: "Pledge never to implement HTML5 DRM"

Chris Sherlock has filed a bug against Firefox in Mozilla's bugzilla bug-tracker, entitled "Pledge never to implement HTML5 DRM." It's an interesting way of using the open/transparent development protest to allow Web developers to voice their opinion on the World Wide Web's terrible, awful decision to standardize DRM for browsers. As the W3C's overseer for HTML5 has written, the only reason for DRM in HTML5 is to prevent legal innovation, not to stop piracy. Read the rest

W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"

Here's the bad news: the World Wide Web Consortium is going ahead with its plan to add DRM to HTML5, setting the stage for browsers that are designed to disobey their owners and to keep secrets from them so they can't be forced to do as they're told. Here's the (much) worse news: the decision to go forward with the project of standardizing DRM for the Web came from Tim Berners-Lee himself, who seems to have bought into the lie that Hollywood will abandon the Web and move somewhere else (AOL?) if they don't get to redesign the open Internet to suit their latest profit-maximization scheme.

Danny O'Brien from the Electronic Frontier Foundation explains the wrangle at the W3C and predicts that, now that it's kosher to contemplate locking up browsers against their owners, we'll see every kind of control-freakery come out of the woodwork, from flags that prevent "View Source" to restricting embedded fonts to preventing image downloading to Javascript that you can't save and run offline. Indeed, some of this stuff is already underway at W3C, spurred into existence by a huge shift in the Web from open platform to a place where DRM-hobbled browsers are "in-scope" for the WC3. Read the rest

More posts