Back in 2017, the World Wide Web Consortium (W3C) approved the most controversial standard in its long history: Encrypted Media Extensions, or EME, which enabled Netflix and other big media companies to use DRM despite changes to browsers extensions that eliminated the kinds of deep hooks that DRM requires.
Read the rest
In my latest podcast (MP3), I read my essay Adblocking: How About Nah?, published last week on EFF's Deeplinks; it's the latest installment in my series about "adversarial interoperability," and the role it has historically played in keeping tech open and competitive, and how that role is changing now that yesterday's scrappy startups have become today's bloated incumbents, determined to prevent anyone from disrupting them they way they disrupted tech in their early days.
At the height of the pop-up wars, it seemed like there was no end in sight: the future of the Web would be one where humans adapted to pop-ups, then pop-ups found new, obnoxious ways to command humans' attention, which would wane, until pop-ups got even more obnoxious.
But that's not how it happened. Instead, browser vendors (beginning with Opera) started to ship on-by-default pop-up blockers. What's more, users—who hated pop-up ads—started to choose browsers that blocked pop-ups, marginalizing holdouts like Microsoft's Internet Explorer, until they, too, added pop-up blockers.
Chances are, those blockers are in your browser today. But here's a funny thing: if you turn them off, you won't see a million pop-up ads that have been lurking unseen for all these years.
Because once pop-up ads became invisible by default to an ever-larger swathe of Internet users, advertisers stopped demanding that publishers serve pop-up ads. The point of pop-ups was to get people's attention, but something that is never seen in the first place can't possibly do that.
Read the rest
A year ago, Benjamin "Mako" Hill gave a groundbreaking lecture explaining how Big Tech companies had managed to monopolize all the benefits of free software licenses, using a combination of dirty tricks to ensure that the tools that were nominally owned by no one and licensed under free and open terms nevertheless remained under their control, so that the contributions that software developers made to "open" projects ended up benefiting big companies without big companies having to return the favor.
Read the rest
The bitter, yearslong debate at the World Wide Web Consortium over a proposal to standardize DRM for web browsers included frequent assurances by the pro-DRM side (notably Google, whose Widevine DRM was in line to be the principal beneficiary) that this wouldn't affect the ability of free/open source authors to implement the standard.
Read the rest
Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves.
Read the rest
Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords.
Read the rest
On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest
Every three years, the US Copyright Office has to ask America about all the ways in which Section 1201 of the Digital Millennium Copyright Act (which bans bypassing DRM, even for legitimate reasons) interferes with our lives, and then it grants limited exemptions based on the results. Read the rest
The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest
Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common -- and serious -- security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords. Read the rest
The International Federation of Library Associations and Institutions is the respected global body representing libraries all over the world; in an open letter to the World Wide Web Consortium, the organization says the recent decision to standardize DRM for the web has undermined the web's openness and the ability of libraries and other public institutions to fulfill their important social role. Read the rest
Yesterday's smashing Net Neutrality campaign showed that people have finally woken up to the risks of the highly concentrated telcoms sector using its commercial muscle to decide what kinds of services can flourish in the online world -- but Big Internet doesn't confine its efforts to control the future to playing around with packets. Read the rest
[[Update, July 13: After consultation with W3C CEO Jeff Jaffe on timing, we've temporarily withdrawn this appeal, for one week, for purely logistical purposes. I am teaching a workshop all next week at UC San Diego and will re-file the objection at the end of the week, so that I will be able to devote undivided attention to garnering the necessary support from other W3C members. -Cory]]
Five days ago, the World Wide Web Consortium announced that it would go ahead with its project of making DRM for web-video, and that the Director, Tim Berners-Lee had overruled or decided not to act further on all objections about the dangers this posed to legitimate and important activities including security audits, accessibility adaptation and competition. Read the rest
It's the Day Against DRM, and EFF is celebrating by publishing the first public look at How Much Do Consumers Value Interoperability? Evidence from the Price of DVD Players, a scholarly economics paper that uses clever techniques to reveal some eye-popping number on the strangled market for DRM-free gadgets. Read the rest
It's been nearly four months since the W3C held the most controversial vote in its decades-long history of standards-setting: a vote where accessibility groups, security experts, browser startups, public interest groups, human rights groups, archivists, research institutions and other worthies went up against trillions of dollars' worth of corporate muscle: the world's largest electronics, web, and content companies in a battle for the soul of the open web. Read the rest
Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse. Read the rest
Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web. Read the rest