Google Takes Down Repositories That Circumvent its Widevine DRM
GitHub has removed several repositories that helped to bypass Google's Widevine DRM, which is used by popular streaming services such as Netflix and Amazon. Google requested the code to be removed as it would violate the DMCA. The company also sent a sensitive data takedown request for the associated RSA key which, ironically, remains easy to find through Google.
[...] The code, originally published by security researcher Tomer Hadad, is a proof-of-concept code Chrome extension that shows how easy it is to bypass the low-security ["L3" version of Widevine Digital Rights Management]. Google was aware of this vulnerability and previously informed Krebs on Security that it would address the issue.
[...] Google sees the code, which was explicitly published for educational purposes only, as a circumvention tool. As such, it allegedly violates section 1201 of the DMCA, an allegation that was also made against the youtube-dl code last month.
[...] This 'key controversy' is reminiscent of an issue that was widely debated thirteen years ago. At the time, a hacker leaked the AACS cryptographic key "09 F9" online which prompted the MPAA and AACS LA to issue DMCA takedown requests to sites where it surfaced.
DMCA: Digital Millennium Copyright Act
DRM: Digital Rights Management
AACS: Advanced Access Content System
MPAA: Motion Picture Association of America
AACS: Advanced Access Content System
AACS LA: https://en.wikipedia.org/wiki/AACS_LA
Related Stories
Over at ACM.org Yegor Bugayenko reviews how companies benefit from open source:
'Tis the season to be jolly, and many people around the world are getting those warm, fuzzy holiday feels. One of the things that makes us programmers feel warm and fuzzy is open source software. With open source, you can easily see the code and documentation, and better yet, you can use it too. A lot of companies support open source as well, providing funding, labor power, and code for free.
Why give something away for free? A lot of individuals contribute open source code out of a genuine sense of altruism. Yet when it comes to companies, it's often a strategic choice, and one they expect to benefit from.
[...] Why go through all the trouble? Let's take a look at the tangible benefits of supporting open source, especially from the perspective of tech giants like Google. Let's start by looking at how companies support open source.
The author goes on to list benefits for companies that support open source, citing Google, Microsoft, IBM and Adobe as examples. He also mentions how Red Hat benefited from its acquisition by IBM. He concludes:
So what's the take away for all of this? Open source is a great resource for the community, sure, but it's also a valuable resource for companies. Open source provides sales, influence, branding, retaining and training opportunities, among others, for companies. And for individual programmers, open source projects offer a way to build skills, increase knowledge, and make connections.
Previously:
CentOS Linux 8 Will End in 2021
Open Source's Eric Raymond: Windows 10 Will Soon be Just an Emulation Layer on Linux Kernel
Microsoft Releases Open-Source Process Monitor for Linux
Google Takes Down Repositories that Circumvent its Widevine DRM
(Score: 0, Informative) by Anonymous Coward on Sunday November 15 2020, @02:09AM
I love you, Aunt Jemima.
(Score: 3, Informative) by Zinnia Zirconium on Sunday November 15 2020, @02:09AM
Broadleaf is illegal outside of Trenco because it could be used to make thionite and put you on the wrong side of the proxy war between Civilization and Boskone.
(Score: 3, Insightful) by Anonymous Coward on Sunday November 15 2020, @02:20AM (2 children)
What's to stop someone from hosting it in a country where the DMCA doesn't apply, i.e anywhere outside the USA? Granted there are non-USian lickspittles that roll over for the MPAA and their purchased laws (Hi, NZ! The target might not be an angel, but we still remember what you did in 2012!), but there are bound to be some countries with a little backbone.
(Score: 2, Interesting) by Anonymous Coward on Sunday November 15 2020, @02:38AM
Hosting "it" is not hard. Hosting all of it, i.e. making a DMCA-ignoring GitHub, requires a country that respects freedoms (aka does not give a shit about piracy). New Zealand is compromised, try Russia, Ukraine, or the Netherlands.
(Score: 1, Insightful) by Anonymous Coward on Sunday November 15 2020, @11:51PM
Hosting risk due to fascists. Another reason why we should move a distributed web [ipfs.io]
(Score: 4, Interesting) by Grishnakh on Sunday November 15 2020, @02:56AM (5 children)
The code, originally published by security researcher Tomer Hadad, is a proof-of-concept code Chrome extension that shows how easy it is to bypass the low-security
This guy's last name reminds me of the 1986 movie "The Running Man". "Hadad" was the name of one of the 3 previous "winners" on the previous season the show, whose corpse was found by Arnold and his girlfriend.
Today's reality resembles that movie more and more every day.
(Score: 2) by looorg on Sunday November 15 2020, @03:16AM (4 children)
His name was Haddad, which also then begs the question who Whitman and Price are in this version of reality. But it should have happened alread if I remember the years mentioned already. But still it as a show would still be better then a lot of things currently on TV.
(Score: 3, Informative) by aristarchus on Sunday November 15 2020, @07:50AM (3 children)
Oh, dear, this is like the third time today I have heard imbeciles use this phrase incorrectly! We have been over this many times, do not make this mistake, or I will eggcorn the excrement out of you. First:
https://en.wikipedia.org/wiki/Begging_the_question [wikipedia.org]
Then, from Grammar Girl, https://www.quickanddirtytips.com/education/grammar/begs-the-question [quickanddirtytips.com]
Which raises the question, why do so many use the phrase "begs the question" incorrectly?
The answer? Illiteracy, or marginal functioning literacy, as with our deal loorg, or the much more marginally literate Runaway1956.
https://en.wikipedia.org/wiki/Eggcorn [wikipedia.org]
For example, if I were to say that this usage is very punny, that is an intentional and lame attempt at humor. If I were to say that after narrowly escaping Trump being erected, I have a new leash on life, that is an eggcorn. Because it appears I have heard the phrase "new lease on life" but did not really comprehend it, and so I substituted my doggie control device, which sounds like it.
Behold:
So let us have no more of this question begging nonsense. While it is true that every question begged is in effect a tautology, and therefore by its very semantic form, a true statement, not every question raised has the same perogatives, and so we best distinguish them. M'kay?
(Score: -1, Offtopic) by Anonymous Coward on Sunday November 15 2020, @09:45PM (2 children)
Feel better now, attempting to belittle something you have no place to judge?
(Score: 3, Touché) by khallow on Sunday November 15 2020, @10:03PM
(Score: 2) by aristarchus on Monday November 16 2020, @12:08AM
Actually, I did an entire journal on the question of question-begging: Questions be a-begging [soylentnews.org]. If you really need it, I can send you a list of my Credentials. I have a place to judge. Ipse Dixit.
(Score: 4, Interesting) by Runaway1956 on Sunday November 15 2020, @03:07AM (4 children)
Goog and other tech companies are under investigation for monopolistic conduct, and more. Why does Google choose to exercise their muscle now? Are they so very confident that they can buy off the necessary congress critters and judges?
US Senate: Hey, Goog, you have too much power.
Google: Oh yeah? Look how big a muscle I can make!
US Senate: Thanks for showing us Google. It helps us to understand just how much power you do have!
Google: Yes, yes, we are very proud of our power! And, you're all invited to our campus for hookers and blow!
(Score: 4, Insightful) by Anonymous Coward on Sunday November 15 2020, @03:19AM
The US Senate wouldn't know Widevine from Weedmilk. And they wouldn't care since they support MAFIAA.
(Score: 0) by Anonymous Coward on Sunday November 15 2020, @01:52PM
washington is bought off. ain't shit gonna happen them.
(Score: 2) by rigrig on Sunday November 15 2020, @04:13PM
How about this: Google doesn't like DRM. They just want everybody to use their services.
Right now they need to have DRM, because otherwise the streaming industry would come up with their own scheme and leave Google out of the loop.
So they get to keep their customers happy by sending takedown requests like this, and they really don't care if they push the line far enough for people to actually take another look at the DMCA.
(Which might even keep the politicians happy with Google, as Amazon and Disney might be inclined to donate a bit more during times of trouble like this)
No one remembers the singer.
(Score: 0) by Anonymous Coward on Sunday November 15 2020, @11:57PM
If anything, Goog is probably "flexing their muscle" now because they have to kow tow to their new masters the MAFIAA - who has now officially made them their beotch via their paid shills in the government through this "monopolistic conduct".
(Score: 3, Interesting) by Mojibake Tengu on Sunday November 15 2020, @07:05AM (2 children)
As we can remember, AACS key was popularized (and transferred, too) as printed on T-shirts.
That brings up an idea of using tattoo for both offline recording, conservation and proliferation of important code.
Putting tattoo on a messenger for critical message transfer is not new concept, it was used since ancient times.
Or at least we will truly see if inviolability of person/body is still higher value in liberal democracy than digital rights appropriated by oligarchy.
Volunteers?
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by TrentDavey on Sunday November 15 2020, @04:55PM
Or they get tattooed voluntarily ala Prison Break -
"... his genius scheme: install himself in the same prison by holding up a bank and, as the final month ticks away, launch the escape plan step-by-step to break the both of them out, with his full-body tattoo acting as his guide; a tattoo which hides the layout of the prison facility and necessary clues vital to the escape. Written by filipfilipovich@hotmail.com"
(Score: 2) by rob_on_earth on Monday November 16 2020, @12:33PM
There were numerous instances of people singing or in other ways performing the long HEX string.
Steganography also had a big boost from people hiding the key and sharing the images. Not to mention images that had the key "rendered".
A number of people were looking for ways to represent the AACS key in mathematical formulas, which would have been the best result as none of the AACS key is being transferred when the information was shared.
Of course, I also remember having to copy and paste the damn key just to watch my own paid for DVDs in Linux.
(Score: 2) by hendrikboom on Monday November 16 2020, @06:15PM
Looks like youtube-dl to come back, with support from the FSF and github.
https://www.zdnet.com/article/github-reinstates-youtube-dl-library-after-eff-intervention/ [zdnet.com]
-- hendrik
(Score: 0) by Anonymous Coward on Monday November 16 2020, @06:49PM
Let's stop discussing DMCA and free software and instead get to the elephant in the room: M$
People need to start getting off fucking Github. It's dead. M$ made it so.
End of transmission.