Encrypted Media Extensions
Encrypted Media Extensions (EME) is a W3C specification for providing a communication channel between web browsers and the Content Decryption Module (CDM) software which implements digital rights management (DRM).[1] This allows the use of HTML5 video to play back DRM-wrapped content such as streaming video services without the use of heavy third-party media plugins like Adobe Flash or Microsoft Silverlight. The use of a third-party key management system may be required, depending on whether the publisher chooses to scramble the keys.
EME is based on the HTML5 Media Source Extensions (MSE) specification,[2] which enables adaptive bitrate streaming in HTML5 using e.g. MPEG-DASH with MPEG-CENC protected content.[3][4]
EME has been highly controversial because it places a necessarily proprietary, closed decryption component which requires per-browser licensing fees into what might otherwise be an entirely open and free software ecosystem.[5][6] On July 6, 2017, W3C publicly announced its intention to publish an EME web standard,[7] and did so on September 18.[1] On the same day, the Electronic Frontier Foundation, who joined in 2014 to participate in the decision making,[8] published an open letter resigning from W3C.[9]
Support
In April 2013, on the Samsung Chromebook, Netflix became the first company to offer HTML5 video using EME.[10]
As of 2016, the Encrypted Media Extensions interface has been implemented in the Google Chrome,[11] Internet Explorer,[12] Safari,[13] Firefox,[14] and Microsoft Edge[15] browsers.
While backers and the developers of the Firefox web browser were hesitant in implementing the protocol for ethical reasons due to its dependency on proprietary code,[16] Firefox introduced EME support on Windows platforms in May 2015, originally using Adobe's Primetime DRM library, later replaced with the Widevine library. Firefox's implementation of EME uses an open-source sandbox to load the proprietary DRM modules, which are treated as plug-ins that are loaded when EME-encrypted content is requested. The sandbox was also designed to frustrate the ability for services and the DRM to uniquely track and identify devices.[14][17] Additionally, it is always possible to disable DRM in Firefox, which then not only disables EME, but also uninstalls the Widevine DRM libraries.[18]
Netflix supports HTML5 video using EME with a supported web browser: Chrome, Firefox,[19] Microsoft Edge, Internet Explorer (on Windows 8.1 or newer[20]), or Safari (on OS X Yosemite or newer[21]). YouTube supports the HTML5 MSE.[22] Available players supporting MPEG-DASH using the HTML5 MSE and EME are NexPlayer,[23] THEOplayer[24] by OpenTelly, the bitdash MPEG-DASH player,[25][26] dash.js[27] by DASH-IF or rx-player.[28]
Note that certainly in Firefox and Chrome, EME does not work unless the media is supplied via Media Source Extensions.
Version 4.3 and subsequent versions of Android support EME.[29]
Content Decryption Modules
- Adobe Primetime CDM (used by old Firefox versions 47 to 51)[18]
- Widevine (used in Chrome, Firefox, and Opera among others)[30]
- PlayReady (used in Microsoft Edge or Internet Explorer 11 for Windows 8.1)[30]
- FairPlay (used in Safari since OS X Yosemite)
Criticism
EME has faced strong criticism from both inside[31][32] and outside W3C.[33][34] The major issues for criticism are implementation issues for open-source browsers, entry barriers for new browsers, lack of interoperability,[35] concerns about security, privacy and accessibility, and possibility of legal trouble in the United States due to Chapter 12[36] of the DMCA.[37][38][39][40]
There are potentially security issues introduced by running any form of DRM software, which would be obscured by the fact that all implementations are proprietary.
Exposing DRM modules that cannot be properly audited to web content, which is untrustworthy, may result in such software being abused and/or attacked by any website the user visits with the DRM software enabled. While Firefox does attempt to prevent malicious code from escaping its sandbox, there is no guarantee that the sandbox will work.
In July 2020, Reddit started running a javascript program that launches a fingerprinting attack (which makes it possible to persistently track individuals around the web) against the user's web browser. Part of the script attempts to load every possible DRM module that browsers can support, and logs what ends up loading as part of the data collected. Users noticed this when Firefox began alerting them that Reddit "required" them to load DRM software to play media, although none of the media on the page actually needed it.[41]
As of 2020, the ways in which EME interferes with open source have become concrete. None of the widely used CDMs is being licensed to independent open-source browser providers without paying a per-browser licensing fee.[5]
See also
References
- "Encrypted Media Extensions W3C Recommendation". W3C. 18 September 2017. Retrieved 18 September 2017.
- "Media Source Extensions™". w3c.github.io. Retrieved 2020-08-18.
- David Dorwin. "ISO Common Encryption EME Stream Format and Initialization Data". W3C. Archived from the original on 2015-02-19.
- Lederer, Stefan (February 2, 2015). "Why YouTube & Netflix use MPEG-DASH in HTML5". Bitmovin.
- "Three years after the W3C approved a DRM standard, it's no longer possible to make a functional indie browser". Boing Boing. 2020-01-08. Retrieved 2020-08-18.
- Lucian Constantin (24 February 2012). "Proposed Encrypted Media Support in HTML5 Sparks DRM Debate on W3C Mailing List". IT World. IDG News Service. Retrieved 12 October 2015.
- "W3C Announcement". Retrieved 12 July 2017.
- Harcourt, Alison. Global Standard Setting in Internet Governance. Christou, George, 1973-, Simpson, Seamus. (First ed.). Oxford. p. 96. ISBN 978-0-19-257859-4. OCLC 1140150076.
- Doctorow, Cory (18 September 2017). "An open letter to the W3C Director, CEO, team and membership". Electronic Frontier Foundation. Retrieved 18 September 2017.
- Anthony Park and Mark Watson (April 15, 2013). "HTML5 Video at Netflix". Netflix.
- Weinstein, Rafael (26 February 2013). "Chrome 26 Beta: Template Element & Unprefixed CSS Transitions". Chromium Blog. Retrieved 31 August 2014.
- "Supporting Encrypted Media Extensions with Microsoft PlayReady DRM in web browsers". Windows app development. Retrieved 31 August 2014.
- Protalinski, Emil (3 June 2014). "Netflix ditches Silverlight for HTML5 on Macs too: Available today in Safari on OS X Yosemite beta". The Next Web. Retrieved 16 October 2014.
- "Firefox 38 arrives with contentious closed-source DRM integrated by default". PC World. IDG. 13 May 2015. Retrieved 12 August 2015.
- Mohrland, Jesse; Smith, Jerry (October 27, 2015). "Using Encrypted Media Extensions for interoperable protected media". Microsoft.
- Mozilla begrudgingly brings Netflix support to Linux with DRM in Firefox
- Jeremy Kirk (May 15, 2014). "Mozilla hates it, but streaming video DRM is coming to Firefox". PCWorld.
- "Firefox 52: Adobe Primetime CDM removal - gHacks Tech News". www.ghacks.net. Retrieved 2019-05-31.
- Netflix system requirements for HTML5 Player and Silverlight
- Anthony Park and Mark Watson (26 June 2013). "HTML5 Video in IE 11 on Windows 8.1". Netflix.
- Anthony Park and Mark Watson (3 June 2014). "HTML5 Video in Safari on OS X Yosemite". Netflix.
- "The Status of MPEG-DASH today, and why Youtube & Netflix use it in HTML5". bitmovin GmbH. 2 Feb 2015.
- NexPlayer: Passion for High Quality Video Services
- THEOplayer by OpenTelly: HLS and MPEG-DASH player for HTML5 MSE and EME
- bitdash MPEG-DASH player for HTML5 MSE and EME
- bitdash HTML5 EME DRM demo area
- dash.js
- rx-player
-
Ozer, Jan (July–August 2015). "HTML5 Comes of Age: It's Finally Time to Tell Flash Good-bye". Streaming Media Magazine. StreamingMedia.com. Retrieved 2016-01-12.
In mobile markets [...] Android has supported MSE since version 4.1, and EME since version 4.3.
- "THEOplayer Supports All Platforms". theoplayer.com. 2017.
Note that IE10 and IE11 on Windows 7 do not have the MSE/EME API available which is required to playback DRM protected video content in HTML5. As a consequence, it is technically not possible for any HTML5-based video player to playback DRM protected content on these browsers in Windows 7.
- "Boris Zabrasky opposing EME". Retrieved 10 June 2016.
- "Ian Hickson opposing EME". Retrieved 10 June 2016.
- "Richard Stallman Braved a Winter Storm Last Night to March Against DRM". 21 March 2016. Retrieved 10 June 2016.
- Stallman, Richard (Nov 18, 2016). "Can you trust your computer?". Free Software, Free Society. GNU. Retrieved 2018-02-08.
- "4K Netflix arrives on Windows 10, but probably not for your PC". 21 November 2016. Retrieved 26 November 2016.
- "Title 17, Circular 92, Chapter 12 - Copyright.gov". Retrieved 25 July 2016.
- "EFF's Formal Objection to EME". 29 May 2013. Retrieved 10 June 2016.
- "Save Firefox". 11 May 2016. Retrieved 10 June 2016.
- "Open Letter to W3C". 12 May 2016. Retrieved 10 June 2016.
- "Interoperability and the W3C: Defending the Future from the Present". 30 March 2016. Retrieved 10 June 2016.
- "Reddit's website uses DRM for fingerprinting". smitop.com. Retrieved 2020-07-12.