[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4484



File: 1488441265667.png (706.97 KB, 300x300, Showtime_Selfie_01.jpg)

No.4484

https://www.w3.org/blog/2017/02/on-eme-in-html5/

It worries me when the top dog in W3C takes on the roll of a powerless proponent of DRM.

>Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited.


Holy soykaf u dense fuarrrks at W3C, the reason you exist is to advocate AGAINST this soykaf. There is no bureaucratic pressure for W3C to roll over, they just put out guidelines. The fuarrrk.

  No.4485

File: 1488457448380.png (8.4 KB, 191x200, 1457699866128-1.jpg)

TL;DR for general public

Working DRM is mathematically impossible.

Entertainment industry tries to "solve" this "problem" by lobbing DMCA-like laws. DMCA-like laws make it illegal to find bugs in software that has "digital locks" because any such bug potentially allows dumping of DRM encryption keys.

This makes everything that has DRM in it broken by design as security researchers can't disclose vulnerabilities in software with "digital locks".

W3C pushes DRM into web.

This will make disclosing security flaws in web browsers into a criminal offense.

Crackers/hackers, spooks and perverts are gonna be happy, everyone else is going have their security fuarrrked up to please Hollywood lobby.

See Cory Doctorow's talks on Youtube and show them to normal people.

Btw, scientists said this soykaf would happen in 2002: http://dblp.uni-trier.de/db/conf/ccs/ccsdrm2002.html

>>4484

Personally, I sincerely hope they get back to their senses.

On the flip side, you can simply ignore most this soykaf. Stop watching Netflix. Use TorBrowser. Teach yourself to torrent with I2P, then teach your friends and neighbors to do the same.

Links:

* Recommended: TorBrowser https://www.torproject.org/projects/torbrowser.html.en

* Recommended: I2P all-in-one official router https://geti2p.net/en/download
(in Java, has torrent client builtin)

* If you hate all-in-one soykaf and Java and want something that feels more like UNIX there's also I2Pd router daemon https://github.com/PurpleI2P/i2pd/releases (in C++) and I2P-Transmission https://github.com/l-n-s/transmission-i2p (in C++)

fuarrrk Hollywood, fuarrrk Netflix, fuarrrk all that soykaf.

  No.4491

We have the Russians. They don't care for your puny USA laws.

  No.4493

ReplyAll just did a podcast trying to simplify the issue. It may be worth sharing to folks who wouldn't otherwise get it: https://gimletmedia.com/episode/90-matt-lieber-goes-to-dinner/

  No.4494

This is a problem of the combination of capitalism, liberal law-making and the server-client architecture, which is the computer-based extension of the aforementioned.

Arguably a gradual, collaboratively planned mass-migration of users towards distributed architecture (hardware- as well as software-wise) specifically involving the mesh-net topology, end-to-end cryptography, anonymization and user-friendly security-by-design.

With projects like coreboot the software dimension of peer-reviewability is becoming complete. The next struggle will be that of hardware. It will involve collaborative design of components, a shift toward ecological materials (and therefore gradually easier manufacturing for organizations and individuals without access to billions of dollars as well as rare-earth market monopolization) and co-operative businesses, finally catching up organizationally with the way the general free software movement has organized itself from the beginning (with exceptions to the rule of course also existing).

  No.4504

>>4485
also: more people need to use i2p. It provides stronger anonymity guarantees than tor but there's not enough traffic right now for those guarantees to mean much.

  No.4509

>>4504
It also has the enormous feature of built-in torrent-support.

The only thing that needs to be done is to re-design it's interface past 2002.

  No.4518

>>4484
The article seems to get one point very wrong:
>Do we worry that having put movies on the web, then content providers will want to switch also to use it for other media such as music and books? For music, I don’t think so, because we have seen industry move consciously from a DRM-based model to an unencrypted model, where often the buyer’s email address may be put in a watermark, but there is no DRM.
All those music streaming sites most certainly would move to using DRM like this if it existed, and the RIAA will be pushing for that in the future now that EME is being accepted.

>>4485
>This will make disclosing security flaws in web browsers into a criminal offense.
No, EME is just a framework for using DRM. The DRM is still a separate plugin and not an integral part of the browser.

>Working DRM is mathematically impossible.

It depends on what you consider to be "working". Due to the plugin approach that EME uses, companies can update their DRM plugin whenever people manage to break the key used. This means that companies anticipating the keys for their DRM eventually being broken can have updated versions of their DRM plugin ready to push out to users as an update the moment their previous version was broken, and after a few cycles of their DRM keys being broken would be able to anticipate the time it takes and preemptively update their DRM plugin. This is the future people chose when they started replacing local media with streaming.

>>4504
People use Tor over I2P because I2P doesn't allow you to visit clearnet websites. Most people don't use software like Tor or I2P for accessing hidden services, so I2P's extra security is meaningless when they can't access the information they want over it. The ability to more securely torrent using I2P is really the only thing I can think of that I2P has going for it to attract more people, though most people are probably happier with faster download speeds at the cost of privacy/security.

  No.4522

>>4518
The point of i2p is not to be an out proxy and never will be. But I think that all hidden services would do better to switch over to i2p to provide stronger anonymity for both users and providers.