We're not going to let this slip through under the radar. More than 15,800 people have already signed this petition to stop DRM in HTML5. Join them and help us build momentum to reach 50,000 signers by May 3rd, 2013, the International Day Against DRM. We'll drive the message home by delivering your signatures to the W3C (they're right down the street from us!) to make your voices heard.

More info: http://www.defectivebydesign.org/no-drm-in-html5
41
20
Jimmy Latouche's profile photoTodd Empcke's profile photoNaouak Nawak's profile photoMatthew Morrison's profile photo
14 comments
 
How do you protect against people stealing bandwidth without some degree of DRM?
 
if html does not support some level of DRM sites probably will not adopt html5
 
+Matthew Morrison , I was one of the lead engineers at Video Startup, we had 15 million monthly visitors while I was there.  The site had to make serious counter measures to random sites that would use our bandwidth to host their videos.  We would take the videos down, but it's an arms race and you have limited resources.  At some point it was easier to use flash than it was to use html5.

it's a major problem.  if html5 opened up more of the streaming apis related to video, and supported minimal DRM then it would be easier to control the video experience at a number of levels, from optimal stream bandwidth, to protecting media from people who are not watching it on your site.  Video is expensive to deliver and it's tough to pay for that bandwidth unless you can control the experience to some degree.

I really see this as a problem going forwards.
 
+justin kruger thanks for the professional response and insight. Please understand it's with all respect and honesty when I say not every business venture should be successful. Though I do see how these laws could help services like the one you're describing.

Unfortunately, I don't have an answer to how beyond changing your business model in a way that makes this concern obsolete. I disagree with your statement and I'd like to make my own... companies will probably make money and provide excellent services without it, I have no doubt.

 
+justin kruger I don't understand your statement of users 'stealing bandwidth' are you saying they are streaming the videos you post on your server from there website? ... if so, didn't you post them to be viewed? ... if they are restricted access to members only then a simple session check could deny the stream... I'm not arguing with you, I'm trying to better understand the problem so that I can understand how this proposed solution will solve it.
 
+Todd Empcke & +Matthew Morrison , this is a bigger problem that you realize, and there is a balance to strike.  No DRM will likely mean video via many businesses will not be supported on HTML5 video.  Some DRM will likely mean that HTML5 can become a dominant spec like h264, for better or worse.

I am not going to debate the marrits of one startup vs. another, but any startup that tries to chase youtube will have this problem.  if you like data silos, then this doesn't matter.  again it's a balance.

i should not have use the moniker, users, these are people that find a way to upload the video to our service, and then they find a way to host that video on an evil.com site that is showing the video as their own, selling their own ads, and then not paying for the bandwidth that supports the video in the first place.

I know for you guys DRM free video is probably a philosophical principle, but I will argue that everything has it's purpose and can be used for 'good' and for 'bad'.

right now we enjoy a largely 'anonymous' and 'free' web, yes we are tracked and 'yes' we have some limited DRM in plugins like flash, but shifting to a number of these technologies based on principles may have unintended consequences.  some of which will hurt people not at the same scale as google, some will hurt access to open media.

i would suppose that there will always be a way to secure the content, and that trend will likely lead towards people logging in with a social identity, it may also lead to the dissolution of smaller advertisers, and it may lead to people being required to pay for content before the content is released.

if the web does shift to a paid model, the focus going forwards might be on real value vs. attention getting content, but that is another philosophical debate.

i'm just trying to enlighten the conversation, i no longer work at said video company and i don't plan to work in the video space.  however, i do think companies like Netflix offer the internet substantial value, at a great price and i'd like to see other companies stick around like them.  the internet in the end is a better way to fight this battle than it was previously fought via cable networks.

i support a pragmatic approach.
 
perhaps I still dont understand the situation entirely.  but if a company is hosting videos (like youtube or a youtube clone) it is up to that company to secure those videos.  I can use software to download the video and host it on my own site, or I can stream it from youtube, if they permit it (which they do).  so if its a bandwidth issue, that is the problem of the company hosting the video, they need to code in protection for that.  if its a copywrite issue.. after you realize how easy it is to get everything you can get on netflix for free, without paying anything, yet people are still signed up to netflix.  even people who know how easy it is to get for free and have no personal problem with doing so. ... its not possible to prevent people from copying stuff ... that will simply never happen .. be it right.. or be it wrong
 
+Todd Empcke , no its not a copyright issue, or a download the video issue for me.

it's a steal bandwidth issue.  ( trust the guy who has worked in video )

for some companies, people it might be other issues.

if you have a way to secure html5 drm free video from bandwidth theft come find me, we will start a business and sell it very quickly.
 
In truth i know almost nothing about video, however I do know a thing or 2 about security and back end programing.  at the risk of sounding ignorant... weather your using html5 or not, the video on your server is accessed via some kind of source link.  which means your code needs to execute anytime a request is made for that source ... you can easily limit the number of requests for a given file per ip per time period... this is server-side security... html5 is client side markup which depends on the clients interpreter. .. so when you or anyone talks about adding something to HTML5 to prevent bandwidth stealing .. that makes no sense to me at all ... although as i said, i know little about video, or this DRM issue and how it would work exactly.. so i'm not arguing, if i'm simply missing some important point please point it out to me.
 
the ip is the computer viewing the Video and can change between requests on some ISP networks.

mind you this needs to balance nicely with using CDNs so that the video can actually get to the user in a reasonable amount of time/ cost.

this arms race has been going on for a while.  if you actually work on the problem you'll realize that there are not easy solutions.  we had a great solution that worked for a long while in flash, but then we tried to do it in html5, and each browser behaves differently, so then you try to figure out a lowest common denominator solution that works with the CDN as well.

i probably shouldn't disclose any of the tricks, but the basic problem is that if the user can see everything that is going on in HTML then they can see how you are obscuring access to the raw file and then intercept it.  With flash you have a bit more control, and you can send binary data across and have flash compose the video.  You still need to have a few tricks to protect the flash player, but that's easier, because that does not have to load off of your CDN.
 
DRM is not necessarily bad.

You have to put you in the shoes of content creators to understand why it exist.

Like someone said earlier, you may use DRM even on free content because on the web nothing is truly free. When people watch a video through YouTube, the person who posted that video can get a revenue share on the advertisement. If people rip the video and repost it somewhere else, then that revenue is lost for any people seeing the copied version.

DRM is a way to discourage people copying, not truly a way to protect the content as it is not possible to protect a content from screen capture as of today on a computer.

DRM can (note the can) be a good thing for consumers if it is used the right way.

I saw a video service going from DRM to no DRM and they doubled the price of a video because there is no DRM anymore. This wasa huge disappointment for me because if I want to continue use that service I have to pay twice the price because there is some fear of drm .
 
What about a random generated string for a filename which is actually a soft link to the file and provide this link with a TTL, client side they see a link but on server side you can manage it in such ways that you're able to control file access.

I guess this can be achieved with php easily and no need for an html5 solution

I guess this problem with DRM can managed with current technologies and there's no need for yet another layer of problems
 
+Jimmy Latouche this doesn't work at all in real conditions. This is what we call tokenizing the URL and this is very simple to bypass. Open your chrome console and you can save directly any loaded file for example.
Add a comment...