SoylentNews is people
SoylentNews
Submitted via IRC for boru
Dear Jeff, Tim, and colleagues, In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing "Encrypted Media Extensions," an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the use of its patent pool, its staff support, and its moral authority to the idea that browsers can and should be designed to cede control over key aspects from users to remote parties.
[...] The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web. The Director decided to personally override every single objection raised by the members, articulating several benefits that EME offered over the DRM that HTML5 had made impossible.
[...] We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they'll be able to ensure no one ever subjects them to the same innovative pressures.
[...] Effective today, EFF is resigning from the W3C.
Thank you,
Cory Doctorow
Advisory Committee Representative to the W3C for the Electronic Frontier Foundation
Source: https://www.eff.org/deeplinks/2017/09/open-letter-w3c-director-ceo-team-and-membership
(Score: 1, Interesting) by Anonymous Coward on Tuesday September 19 2017, @05:13AM (4 children)
It.bloody.well.isn't.
Firstly, the internet is more than the WWW, and the WWW is more than the shit indexed by Google and others.
As to the WWW,
The 'sanctioned' and 'sanitised' World Wide Web as indexed by Google et al and polluted by all those fine 'content providers' may be terminally borked / infested with suits'n'crooks, sure, that's a problem, and there's a lot more 'noise' than 'signal' in search returns nowadays, so if we want to work within the framework of the current system initially we go 'old school' and start putting back up maintained/curated pages of topic related links until we get a distributed search engine in place which works.
Hell, why don't we improve the signal to noise ratio by going one step further, let's fork the WWW.
Pick a new high port number as the standard, mandate encryption, initially keep the current server software unless things get 'blobby' there as well, pick a single browser codebase as standard, fork it, remove any 'cruft', modify it to point to the new high port number and/or recognise only a new URI along the lines of FUWWW://server:port and let's start over and use the new system if for information sharing only, no shopping, no entertainment 'services' etc. we use our normal browsers and the WWW for that.
I'm sorry If I'm going to sound 'elitist' but I no longer really care if your average internet user never gets to use any current or future 'alternative' service born out of the current dissatisfaction with the way the WWW is going, they're happy, so let them keep Google etc.
(Score: 1, Interesting) by Anonymous Coward on Tuesday September 19 2017, @07:47AM (3 children)
So, you'd rather stuff Verisigns coffers than the MAFIAAs?
Unless you propose to make DANE a requirement - the current EME supporting browsers refuse to support DANE, because that would mean we could encrypt without paying Verisign et. al.
(And no, let's encrypt is not an answer unless they redesign their protocol, which has been deliberately designed to be as cumbersome as possible to ensure that anyone who wants a smooth experience still pays their Verisign tax).
(Score: 3, Touché) by TheRaven on Tuesday September 19 2017, @09:09AM (1 child)
You know Verisign hasn't run a CA for about five years, right?
sudo mod me up
(Score: 2) by Pino P on Tuesday September 19 2017, @03:11PM
Verisign doesn't run a CA, but it does run things that CAs check before issuing a certificate. Namely, it runs two root name servers and the authoritative registry for several top-level domains. This means it earns a cut with or without DANE.
In order to get a TLS certificate trusted by browsers, you need to buy a domain and keep it renewed. This is because the CA/Browser Forum's Baseline Requirements specify that hostnames in the subjectAltName field refer to a fully-qualified domain name in the public name servers, not some reserved or made-up TLD such as .local (mDNS), .internal, or .test. DANE wouldn't help either, as even if browsers trusted the DNSSEC root zone signing key, they wouldn't trust the zone signing key associated with a made-up TLD. So anyone who wants to run HTTPS over a home LAN and have it trusted by non-technical visiting friends and family needs to first buy a domain.
(Score: 0) by Anonymous Coward on Tuesday September 19 2017, @09:35AM
FSM No!
If people want to be fleeced royally for a 'chain of mistrust' certificate for encrypted traffic for commerce etc then they stick to the current web and browsers.
What I'm thinking is we fork a browser codebase anyway, strip all the crap out of it, so DANE would be a solution, at least, short term.
The point is, we fork..and end up with (crudely) what is now a commercial WWW and browsers capable of accessing that content, and a forked browser sans DRM etc capable of accessing a seperate non-commercial WWW..same protocol, same html, same server software, different port number. Yes it means running two browsers, but some of us already run more than that thanks to the way content on some sites borks depending on which browser you use. If, after this creation, there's a divergence between the way the commercially driven W3C web develops and the FTW3C web develops, then all the better.
Of course, there is nothing we can do to stop them trying to pollute any new scheme with their crap, nature of the beast I'm afraid.
Tell me about it!, cumbersome isn't the word, don't think there is a word in the english language invested with enough invective to sum up my feelings about the process...
As I've avoided any serious network related jiggery-pokery for a couple of decades now, I think I'll have a trawl through the current browser lists and codebases for inspiration.