Molly de Blanc writes at that it has been one year since the World Wide Web Consortium (W3C) sold out. It was then they, including Tim Berners-Lee himself, decided to incorporate Encrypted Media Extensions (EME) into web standards signalling an end to the open Web. She covers how it happened, what has transpired during the last year in regards to EME, and what steps can be taken.
Digital Restrictions Management exists all over the world in all sorts of technologies. In addition to media files, like music and film, we can find DRM on the Web and enshrined in Web standards. As a Web standard, its use is recommended by the World Wide Web Consortium (W3C), making it not only easier, but expected for all media files on the Web to be locked down with DRM.
It's been a year since the the W3C voted to bring Encrypted Media Extensions (EME) into Web standards. They claimed to want to "lead the Web to its full potential," but in a secret vote, members of the W3C, with the blessing of Web creator Tim Berners-Lee, agreed to put "the copyright industry in control" of media access. The enshrinement of EME as an official recommendation is not how we envision the "full potential" of the Web at the Free Software Foundation (FSF).
Related Stories
Exclusive: Tim Berners-Lee tells us his radical new plan to upend the World Wide Web
This week, Berners-Lee will launch Inrupt, a startup that he has been building, in stealth mode, for the past nine months. Backed by Glasswing Ventures, its mission is to turbocharge a broader movement afoot, among developers around the world, to decentralize the web and take back power from the forces that have profited from centralizing it. In other words, it's game on for Facebook, Google, Amazon. For years now, Berners-Lee and other internet activists have been dreaming of a digital utopia where individuals control their own data and the internet remains free and open. But for Berners-Lee, the time for dreaming is over.
"We have to do it now," he says, displaying an intensity and urgency that is uncharacteristic for this soft-spoken academic. "It's a historical moment." Ever since revelations emerged that Facebook had allowed people's data to be misused by political operatives, Berners-Lee has felt an imperative to get this digital idyll into the real world. In a post published this weekend, Berners-Lee explains that he is taking a sabbatical from MIT to work full time on Inrupt. The company will be the first major commercial venture built off of Solid, a decentralized web platform he and others at MIT have spent years building.
If all goes as planned, Inrupt will be to Solid what Netscape once was for many first-time users of the web: an easy way in. And like with Netscape, Berners-Lee hopes Inrupt will be just the first of many companies to emerge from Solid.
[...] [On] Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod–which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
How does Solid compare to Tor, I2P, Freenet, IPFS, Diaspora, etc.?
Related: Tim Berners-Lee Proposes an Online Magna Carta
Berners-Lee: World Wide Web is Spy Net
Tim Berners-Lee Just Gave us an Opening to Stop DRM in Web Standards
Sir Tim Berners-Lee Talks about the Web Again
Tim Berners-Lee Approved Web DRM, but W3C Member Organizations Have Two Weeks to Appeal
70+ Internet Luminaries Ring the Alarm on EU Copyright Filtering Proposal
One Year Since the W3C Sold Out the Web with EME
Software developer Drew DeVault has written a post at his blog about the reckless, infinite scope of today's web browsers. His conclusion is that, given decades of feature creep, it is now impossible to build a new web browser due to the obscene complexity of the web.
I conclude that it is impossible to build a new web browser. The complexity of the web is obscene. The creation of a new web browser would be comparable in effort to the Apollo program or the Manhattan project.
It is impossible to:
- Implement the web correctly
- Implement the web securely
- Implement the web at all
Starting a bespoke browser engine with the intention of competing with Google or Mozilla is a fool's errand. The last serious attempt to make a new browser, Servo, has become one part incubator for Firefox refactoring, one part playground for bored Mozilla engineers to mess with technology no one wants, and zero parts viable modern web browser. But WebVR is cool, right? Right?
The consequences of this are obvious. Browsers are the most expensive piece of software a typical consumer computer runs. They're infamous for using all of your RAM, pinning CPU and I/O, draining your battery, etc. Web browsers are responsible for more than 8,000 CVEs.3
The browser duopoly of Firefox and Chrome/Chromium has clearly harmed the World-Wide Web. However, a closer look at the membership of the W3C committes also reveals representation by classic villains which, perhaps coincidentally, showed up around the time the problems noted by Drew began to grow.
Previously:
An Open Letter to Web Developers (2020)
Google Now Bans Some Linux Web Browsers from their Services (2019)
HTML is the Web (2019)
The Future of Browsers (2019)
One Year Since the W3C Sold Out the Web with EME (2018)
(Score: 2, Interesting) by Anonymous Coward on Wednesday September 19 2018, @02:47PM (21 children)
how about we hijack this thread to post how-tos on ... err... how to bring back the right-click menu in all browsers on all embedded media files, especially the right-click-menu entry: "save as..."?
(Score: 2) by RS3 on Wednesday September 19 2018, @03:01PM (9 children)
Simple: use an older browser (in addition to a new one).
Sometimes, because javascript code blocks all kinds of things including "right-click", but the thing you want is pulled in through javascript, you have to do a bit more work.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @04:27PM (8 children)
Using an old browser is a bad idea considering the numerous security holes in browsers of a few years ago.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @05:40PM (7 children)
Using Windows is a bad idea. In a normal OS, one runs browser under a separate user and then hijacking it cannot do squat.
(Score: 3, Interesting) by unauthorized on Wednesday September 19 2018, @06:50PM (5 children)
No idea about OSX or BSD, but running a browser as a different user under Linux is a massive PITA. You cannot run another X program in the same X session without sharing your session key (which is a security hole since X trusts all local applications by default), running it into it's own screen and switching (which is all kinds of inconvenient) or creating a dummy X session for the browser and streaming it somehow.
On the plus side, what Linux does have is apparmor and selinux, which can lock down a browser quite well without account-based isolation, but unfortunately they need to be manually configured for most user-friendly distros.
Not that Windows is any better mind you, at least X has the decency to secure access to itself since it doesn't secure running applications from each other, the win32 API has no internal security whatsoever and doesn't even warn you about the security risks if you try to spawn a GUI application as a different user. No idea if the new toolkit is any better, but knowing modern Microsoft, most security development time has probably gone in securing the toolkit against the user.
(Score: 3, Informative) by maxwell demon on Wednesday September 19 2018, @07:18PM (2 children)
You know that you can also use ssh with another account on your local machine? And that SSH knows how to forward X sessions?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by unauthorized on Wednesday September 19 2018, @08:47PM
Yes, I did allude to remoting into an X session. Did you even read my comment?
This still suffers from all kinds of integration issues such as not getting audio without some pulse voodoo and not having access to downloads by default and a plethora of other discrepancies compared to running it in the same user session. My argument is that it's a PITA and a very atypical user experience, not that it cannot be done.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @11:09PM
You should also investigate firejail [wordpress.com] (namespace sandbox, Linux only) and Xpra [xpra.org] (X11 version of screen/tmux and sandboxing). That way programs should be unable (or have it hard, exploits will always be there) to access unrelated files or poke at other X11 clients.
(Score: 2) by bzipitidoo on Wednesday September 19 2018, @08:38PM (1 child)
It's not that big a pain. This works for me:
user$ sudo xhost+
user$ su otheruser
otheruser$ firefox
It's not 100% secure-- it is possible that instance of firefox can do a screen scrape. But I figure that in combination with making sure nothing sensitive is on any display is good enough to defeat 99.99% of attempts to breach it.
(Score: 4, Informative) by unauthorized on Wednesday September 19 2018, @09:02PM
Never use xhost+, that gives front door access to everything X controls for everyone on your entire network. At least use "xhost +localhost", which still gives access to all input and display devices to every local process, but at least it keeps everything that can reach your local network from doing so.
Either way, ssh tunneling or sharing the X cookie is far safer.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @09:20PM
Eh, funny how you could do this in XP. Guess XP wasn't Windows.
(Score: 2) by ikanreed on Wednesday September 19 2018, @03:30PM (9 children)
well, the trick of it is: what are you trying to save?
The background of current element? The background of an ancestor? The content of ::before selector? The content of an img tag(this one should still be easy)?
Your browser assumes most of that is extraneous and devs exploit that fact to make hard to save web pages. Maybe a "choose media from page" browser extension could be a useful thing to write.
(Score: 5, Informative) by bart9h on Wednesday September 19 2018, @03:54PM
For video, youtube-dl, despite the name, can download from over a thousand different sites [github.io].
(Score: 4, Insightful) by Arik on Wednesday September 19 2018, @03:57PM (7 children)
The browsers have been pushing more and more of their job back on the websites for years, so this is the result. The big companies (and many others) craft malicious webpages and the browsers bend over backwards to assist them. By the time we get to someone that gives a fig for the user, you're talking about an extension developer, who can only use the facilities provided by the browser (and knows that what the brower gives, it can take away.)
If laughter is the best medicine, who are the best doctors?
(Score: 4, Insightful) by ikanreed on Wednesday September 19 2018, @04:00PM (1 child)
And really, the only solution is the death of google, facebook, amazon, twitter, reddit, and every other dungheap that just "wraps" the internet's core design in a proprietary, walled-garden cocoon.
And since that's not gonna happen, the misery will continue forever.
(Score: 0) by Anonymous Coward on Saturday September 22 2018, @01:34AM
WTF are you complaining about in terms of twitter and reddit? Both have APIs. Reddit doesn't require an account to read for even its NSFW sections. Both have TBs worth of archives online anyone can download and play around with. They are two of the most open sites online. No one is hosting archives of SoylentNews articles. Here, go download all of Reddit nicely packaged by month: https://files.pushshift.io/reddit/ [pushshift.io] How is that a walled garden?
(Score: 4, Informative) by bzipitidoo on Wednesday September 19 2018, @05:22PM
I've had good results with Video Download Helper plugin in Firefox. Even works with the latest (post 56) versions.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @02:44AM (2 children)
Something tells me you've never used youtube-dl much, or at all? youtube-dl is the king when it comes to saving multimedia from the web. Just keep it up to date, which is simple.
I don't disagree about browsers.
JavaScript should just die already. YouTube requires it. Now Twitter seems to, too, giving you two bullshit error messages if you don't enable it.
(Score: 2) by Arik on Thursday September 20 2018, @03:37AM (1 child)
However I was looking for something more generic.
If laughter is the best medicine, who are the best doctors?
(Score: 2, Touché) by Anonymous Coward on Thursday September 20 2018, @04:48AM
It's not an extension. It is not an addon. It has nothing to do with Firefox.
https://rg3.github.io/youtube-dl/ [github.io]
It is powerful. It can be used with mpv, smplayer, and so on. It's cross platform, it's open source.
AND IT HAS NOTHING TO DO WITH FIREFOX.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @09:14AM
A local News site was running like a dog. Open umatrix. Over 99 cookies being set. More than 50 scripts. Just by the news site without counting third party. Block scripts and xhr and cookies. Page loads in second.
(Score: 3, Informative) by RamiK on Wednesday September 19 2018, @03:55PM
Shift+Right click should work.
compiling...
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @04:12PM (3 children)
why are you such whores, W3C?
(Score: 5, Insightful) by Immerman on Wednesday September 19 2018, @10:15PM (2 children)
Hey now, why are you badmouthing whores? It's an old and honest profession where goods and services are exchanged for the benefit of everyone involved.
This sort of selling out of principles has more in common with politicians.
(Score: 1, Touché) by Anonymous Coward on Wednesday September 19 2018, @11:56PM
Politicians don't really sell out principles, it's diffcult to sell out something you never had in the first place. No, politicans simply lie to the electorate about having principles.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @09:11AM
You say this as if TBL had principles in the first place..
I used to go drinking with the Oxford Particle Physics mob, TBL was, at best, regarded as a 'lazy bastard' (real quote from one of them) and was probably just pipped at the post in the 'cordially disliked' race by Wolfram (though that was more petty Oxford politics than anything else..).
I also knew someone who did occasional work for the W3C (won't say what, as that'd decloak both him and his friend who still works for them), after a couple of years of having to deal with them his opinion of them was, shall we say, less than complimentary? (fuckwits to a man, was the phrase he used in the pub one night to describe them after a trying week)
Yes, I spent a lot of time in pubs, getting drunk....welcome to the IT world British style..
(Score: 1, Insightful) by Anonymous Coward on Wednesday September 19 2018, @07:48PM
Nomsg
(Score: 1, Troll) by realDonaldTrump on Thursday September 20 2018, @12:59AM (1 child)
We get it. Believe me, we get it.
(Score: 0) by Anonymous Coward on Sunday September 23 2018, @11:23PM
Dude this one was crap. You can do better. Try harder next time?
(Score: 1, Insightful) by Anonymous Coward on Thursday September 20 2018, @09:19AM (2 children)
Now you get Netflix in your browser without needing plugins
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @12:07PM (1 child)
No you don't, you get Netflix in the handpicked Netflix approved browsers. Not your browser.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @03:19PM
Sorry, should have wrapped that in sarc tags :(